diff options
| author | Xe Iaso <me@xeiaso.net> | 2025-04-18 06:20:51 -0400 |
|---|---|---|
| committer | Xe Iaso <me@xeiaso.net> | 2025-04-18 18:19:45 -0400 |
| commit | b1c21aca4d294694fc586dccc0071fc1896a2657 (patch) | |
| tree | 4de1c5c20b0581c7cc8686e570c816de88e0a887 | |
| parent | 01d4314a2628cda62a8f54f1f0ff558adb9ab3a8 (diff) | |
| download | xesite-b1c21aca4d294694fc586dccc0071fc1896a2657.tar.xz xesite-b1c21aca4d294694fc586dccc0071fc1896a2657.zip | |
nix nix
Signed-off-by: Xe Iaso <me@xeiaso.net>
| -rw-r--r-- | flake.lock | 344 | ||||
| -rw-r--r-- | flake.nix | 202 | ||||
| -rw-r--r-- | xesite.nix | 153 |
3 files changed, 0 insertions, 699 deletions
diff --git a/flake.lock b/flake.lock deleted file mode 100644 index 30c27a4..0000000 --- a/flake.lock +++ /dev/null @@ -1,344 +0,0 @@ -{ - "nodes": { - "alpineLinux": { - "flake": false, - "locked": { - "narHash": "sha256-5GM+4nNrWrE3idQiWlAq7bghb7IE6j/JncEfG1qM4jM=", - "type": "file", - "url": "https://cdn.xeiaso.net/file/christine-static/hack/alpine-amd64-3.19.0-1.tar" - }, - "original": { - "type": "file", - "url": "https://cdn.xeiaso.net/file/christine-static/hack/alpine-amd64-3.19.0-1.tar" - } - }, - "crane": { - "inputs": { - "nixpkgs": [ - "typst", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1698166613, - "narHash": "sha256-y4rdN4flxRiROqNi1waMYIZj/Fs7L2OrszFk/1ry9vU=", - "owner": "ipetkov", - "repo": "crane", - "rev": "b7db46f0f1751f7b1d1911f6be7daf568ad5bc65", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, - "deno2nix": { - "inputs": { - "devshell": "devshell", - "flake-compat": "flake-compat", - "flake-utils": [ - "flake-utils" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1670562741, - "narHash": "sha256-13PVEXOYrbsGn05bIp/WWhG6lREgfcQtRTQU9Jd4g8w=", - "owner": "Xe", - "repo": "deno2nix", - "rev": "db3563f20f74eab34e2c268e2a159325df315085", - "type": "github" - }, - "original": { - "owner": "Xe", - "repo": "deno2nix", - "type": "github" - } - }, - "devshell": { - "inputs": { - "flake-utils": [ - "deno2nix", - "flake-utils" - ], - "nixpkgs": [ - "deno2nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1667210711, - "narHash": "sha256-IoErjXZAkzYWHEpQqwu/DeRNJGFdR7X2OGbkhMqMrpw=", - "owner": "numtide", - "repo": "devshell", - "rev": "96a9dd12b8a447840cc246e17a47b81a4268bba7", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "devshell", - "type": "github" - } - }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1668681692, - "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "009399224d5e398d03b22badca40a37ac85412a1", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib" - }, - "locked": { - "lastModified": 1696343447, - "narHash": "sha256-B2xAZKLkkeRFG5XcHHSXXcP7To9Xzr59KXeZiRf4vdQ=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "c9afaba3dfa4085dbd2ccb38dfade5141e33d9d4", - "type": "github" - }, - "original": { - "id": "flake-parts", - "type": "indirect" - } - }, - "flake-utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "gomod2nix": { - "inputs": { - "flake-utils": [ - "flake-utils" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1716202913, - "narHash": "sha256-zjPNXI4DWBOrPsrK8u/XTsm5Q36quONQvz0jhAKHEeg=", - "owner": "nix-community", - "repo": "gomod2nix", - "rev": "4702caff8e201f4c98fe3583637a930d253447c8", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "gomod2nix", - "type": "github" - } - }, - "iosevka": { - "inputs": { - "nixpkgs": "nixpkgs", - "utils": "utils" - }, - "locked": { - "lastModified": 1698939764, - "narHash": "sha256-CH68pMKscwAxi/N5xbRlZ5i2NNzMZx6fjzcQkPN3bSw=", - "owner": "Xe", - "repo": "iosevka", - "rev": "faa4a6ed96820a85790244f9b65c4b0f4604ae2d", - "type": "github" - }, - "original": { - "owner": "Xe", - "repo": "iosevka", - "type": "github" - } - }, - "nixpkgs": { - "locked": { - "lastModified": 1698611440, - "narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-unstable", - "type": "indirect" - } - }, - "nixpkgs-lib": { - "locked": { - "dir": "lib", - "lastModified": 1696019113, - "narHash": "sha256-X3+DKYWJm93DRSdC5M6K5hLqzSya9BjibtBsuARoPco=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "f5892ddac112a1e9b3612c39af1b72987ee5783a", - "type": "github" - }, - "original": { - "dir": "lib", - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1716330097, - "narHash": "sha256-8BO3B7e3BiyIDsaKA0tY8O88rClYRTjvAp66y+VBUeU=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "5710852ba686cc1fd0d3b8e22b3117d43ba374c2", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-unstable", - "type": "indirect" - } - }, - "root": { - "inputs": { - "alpineLinux": "alpineLinux", - "deno2nix": "deno2nix", - "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils", - "gomod2nix": "gomod2nix", - "iosevka": "iosevka", - "nixpkgs": "nixpkgs_2", - "typst": "typst" - } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "typst": { - "inputs": { - "crane": "crane", - "flake-parts": "flake-parts", - "nixpkgs": [ - "nixpkgs" - ], - "systems": "systems_3" - }, - "locked": { - "lastModified": 1716584994, - "narHash": "sha256-4Y8zxWYpa8nD5ivHz9My5xu892XqqRS3mDzD5kTlMgo=", - "owner": "typst", - "repo": "typst", - "rev": "ea4c64a7997556871934e20be7415cba8ec275a5", - "type": "github" - }, - "original": { - "owner": "typst", - "repo": "typst", - "type": "github" - } - }, - "utils": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/flake.nix b/flake.nix deleted file mode 100644 index 6ee432a..0000000 --- a/flake.nix +++ /dev/null @@ -1,202 +0,0 @@ -{ - description = "A very basic flake"; - - inputs = { - nixpkgs.url = "nixpkgs/nixos-unstable"; - flake-utils.url = "github:numtide/flake-utils"; - - flake-compat = { - url = "github:edolstra/flake-compat"; - flake = false; - }; - - deno2nix = { - url = "github:Xe/deno2nix"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-utils.follows = "flake-utils"; - }; - - gomod2nix = { - url = "github:nix-community/gomod2nix"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-utils.follows = "flake-utils"; - }; - - # Explicitly pulling from that version of nixpkgs to avoid font duplication. - iosevka.url = "github:Xe/iosevka"; - - typst.url = "github:typst/typst"; - typst.inputs.nixpkgs.follows = "nixpkgs"; - - alpineLinux = { - flake = false; - url = - "file+https://cdn.xeiaso.net/file/christine-static/hack/alpine-amd64-3.19.0-1.tar"; - }; - }; - - outputs = { self, nixpkgs, flake-utils, deno2nix, iosevka, typst, gomod2nix - , alpineLinux, ... }: - flake-utils.lib.eachSystem [ - "x86_64-linux" - "aarch64-linux" - "aarch64-darwin" - ] (system: - let - graft = pkgs: pkg: - pkg.override { buildGoModule = pkgs.buildGo122Module; }; - pkgs = import nixpkgs { - inherit system; - overlays = [ - deno2nix.overlays.default - typst.overlays.default - (final: prev: { - go = prev.go_1_22; - go-tools = graft prev prev.go-tools; - gotools = graft prev prev.gotools; - gopls = graft prev prev.gopls; - }) - gomod2nix.overlays.default - ]; - }; - src = ./.; - lib = pkgs.lib; - - fontsConf = pkgs.symlinkJoin { - name = "typst-fonts"; - paths = [ "${self.packages.${system}.iosevka}/static/css/iosevka" ]; - }; - - typstWithIosevka = pkgs.writeShellApplication { - name = "typst"; - text = '' - ${pkgs.typst-dev}/bin/typst \ - compile \ - --font-path ${fontsConf} \ - "$@" - ''; - runtimeInputs = [ ]; - }; - - # Generate a user-friendly version number. - version = builtins.substring 0 8 self.lastModifiedDate; - in rec { - packages = rec { - bin = pkgs.buildGoApplication { - pname = "xesite_v4"; - inherit version; - src = ./.; - modules = ./gomod2nix.toml; - subPackages = [ "cmd/xesite" ]; - }; - - patreon-bin = pkgs.buildGoApplication { - pname = "patreon-saasproxy"; - inherit version; - src = ./.; - modules = ./gomod2nix.toml; - subPackages = [ "cmd/patreon-saasproxy" ]; - }; - - iosevka = pkgs.stdenvNoCC.mkDerivation { - name = "xesite-iosevka"; - buildInputs = with pkgs; [ - python311Packages.brotli - python311Packages.fonttools - ]; - dontUnpack = true; - buildPhase = '' - mkdir -p out - ${pkgs.unzip}/bin/unzip ${ - self.inputs.iosevka.packages.${system}.default - }/ttf.zip - for ttf in ttf/*.ttf; do - cp $ttf out - name=`basename -s .ttf $ttf` - pyftsubset \ - $ttf \ - --output-file=out/"$name".woff2 \ - --flavor=woff2 \ - --layout-features=* \ - --no-hinting \ - --desubroutinize \ - --unicodes="U+0000-0170,U+00D7,U+00F7,U+2000-206F,U+2074,U+20AC,U+2122,U+2190-21BB,U+2212,U+2215,U+F8FF,U+FEFF,U+FFFD,U+00E8" - done - ''; - installPhase = '' - mkdir -p $out/static/css/iosevka - cp out/* $out/static/css/iosevka - ''; - }; - - docker = pkgs.dockerTools.buildLayeredImage { - name = "ghcr.io/xe/site/bin"; - tag = "latest"; - fromImage = alpineLinux; - contents = with pkgs; [ cacert typst-dev dhall-json deno git ]; - config = { - Cmd = [ "${bin}/bin/xesite" "--data-dir=/data" ]; - Env = [ - "HOME=/data" - "DHALL_PRELUDE=${pkgs.dhallPackages.Prelude}" - "TYPST_FONT_PATHS=${fontsConf}" - ]; - Volumes."/data" = { }; - }; - }; - - patreon-docker = pkgs.dockerTools.buildLayeredImage { - name = "ghcr.io/xe/site/patreon"; - tag = "latest"; - contents = with pkgs; [ cacert ]; - config = { - Cmd = [ "${patreon-bin}/bin/patreon-saasproxy" ]; - Env = [ "HOME=/data" ]; - Volumes."/data" = { }; - }; - }; - }; - - devShell = pkgs.mkShell { - buildInputs = with pkgs; [ - # Go - go - go-tools - gotools - gopls - gomod2nix.packages.${system}.default - - # dhall - dhall - dhall-json - typst-dev - pagefind - - # frontend - deno - nodePackages.uglify-js - esbuild - zig - nodejs - - protobuf - protoc-gen-go - protoc-gen-twirp - - jq - jo - - earthly - - # tools - ispell - pandoc - python311Packages.fonttools - ]; - - DHALL_PRELUDE = "${pkgs.dhallPackages.Prelude}"; - TYPST_FONT_PATHS = "${fontsConf}"; - FLY_REGION = "dev"; - }; - }); -} diff --git a/xesite.nix b/xesite.nix deleted file mode 100644 index a6d0156..0000000 --- a/xesite.nix +++ /dev/null @@ -1,153 +0,0 @@ -self: -{ config, lib, ... }: -with lib; -let cfg = config.xeserv.services.xesite; -in { - options.xeserv.services.xesite = { - enable = mkEnableOption "Activates my personal website"; - useACME = mkEnableOption "Enables ACME for cert stuff"; - - port = mkOption { - type = types.port; - default = 32837; - example = 9001; - description = "The port number xesite should listen on for HTTP traffic"; - }; - - domain = mkOption { - type = types.str; - default = "${config.networking.hostName}.shark-harmonic.ts.net"; - example = "xeiaso.net"; - description = - "The domain name that nginx should check against for HTTP hostnames"; - }; - - sockPath = mkOption rec { - type = types.str; - default = "/srv/within/run/xesite.sock"; - example = default; - description = "The unix domain socket that xesite should listen on"; - }; - }; - - config = mkIf cfg.enable { - users.users.xesite = { - createHome = true; - description = "github.com/Xe/site"; - isSystemUser = true; - group = "within"; - home = "/srv/within/xesite"; - extraGroups = [ "keys" ]; - }; - - systemd.services.xesite = { - wantedBy = [ "multi-user.target" ]; - - serviceConfig = { - User = "xesite"; - Group = "within"; - Restart = "on-failure"; - WorkingDirectory = "/srv/within/xesite"; - RestartSec = "30s"; - Type = "notify"; - - # Security - CapabilityBoundingSet = ""; - DeviceAllow = [ ]; - NoNewPrivileges = "true"; - ProtectControlGroups = "true"; - ProtectClock = "true"; - PrivateDevices = "true"; - PrivateUsers = "true"; - ProtectHome = "true"; - ProtectHostname = "true"; - ProtectKernelLogs = "true"; - ProtectKernelModules = "true"; - ProtectKernelTunables = "true"; - ProtectSystem = "true"; - ProtectProc = "invisible"; - RemoveIPC = "true"; - RestrictSUIDSGID = "true"; - RestrictRealtime = "true"; - SystemCallArchitectures = "native"; - SystemCallFilter = [ - "~@reboot" - "~@module" - "~@mount" - "~@swap" - "~@resources" - "~@cpu-emulation" - "~@obsolete" - "~@debug" - "~@privileged" - ]; - UMask = "007"; - }; - - script = let site = self.packages.${system}.default; - in '' - [ -f /srv/within/xesite/.env ] && export $(cat /srv/within/xesite/.env | xargs) - export SOCKPATH=${cfg.sockPath} - export DOMAIN=${toString cfg.domain} - cd ${site} - exec ${site}/bin/xesite - ''; - }; - - services.nginx.virtualHosts."xelaso.net" = let - proxyOld = { - proxyPass = "http://unix:${toString cfg.sockPath}"; - proxyWebsockets = true; - }; - in { - locations."/jsonfeed" = proxyOld; - locations."/.within/health" = proxyOld; - locations."/.within/website.within.xesite/new_post" = proxyOld; - locations."/blog.rss" = proxyOld; - locations."/blog.atom" = proxyOld; - locations."/blog.json" = proxyOld; - locations."/".extraConfig = '' - return 301 https://xeiaso.net$request_uri; - ''; - forceSSL = cfg.useACME; - useACMEHost = "xeiaso.net"; - extraConfig = '' - access_log /var/log/nginx/xesite_old.access.log; - ''; - }; - - services.nginx.virtualHosts."christine.website" = let - proxyOld = { - proxyPass = "http://unix:${toString cfg.sockPath}"; - proxyWebsockets = true; - }; - in { - locations."/jsonfeed" = proxyOld; - locations."/.within/health" = proxyOld; - locations."/.within/website.within.xesite/new_post" = proxyOld; - locations."/blog.rss" = proxyOld; - locations."/blog.atom" = proxyOld; - locations."/blog.json" = proxyOld; - locations."/".extraConfig = '' - return 301 https://xeiaso.net$request_uri; - ''; - forceSSL = cfg.useACME; - useACMEHost = "christine.website"; - extraConfig = '' - access_log /var/log/nginx/xesite_old.access.log; - ''; - }; - - services.nginx.virtualHosts."xeiaso.net" = { - locations."/" = { - proxyPass = "http://unix:${toString cfg.sockPath}"; - proxyWebsockets = true; - }; - forceSSL = cfg.useACME; - useACMEHost = "xeiaso.net"; - extraConfig = '' - access_log /var/log/nginx/xesite.access.log; - ''; - }; - }; -} |