Started on implementing derek's site

2025-09-30 18:48:03 +02:00 · 2025-09-30 18:48:03 +02:00 · f74e384ead
commit f74e384ead
parent 3e07bd2b22
7 changed files with 112 additions and 23 deletions
--- a/hosts/lapserv/hardware-configuration.nix
+++ b/hosts/lapserv/hardware-configuration.nix
@ -1,17 +1,23 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
-  imports =
+  config,
-    [ (modulesPath + "/installer/scan/not-detected.nix")
+  lib,
  pkgs,
  modulesPath,
  ...
 }: {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "sd_mod" ];
+  boot = {
-  boot.initrd.kernelModules = [ ];
+    initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "sd_mod"];
-  boot.kernelModules = [ "kvm-intel" ];
+    initrd.kernelModules = [];
-  boot.extraModulePackages = [ ];
+    kernelModules = ["kvm-intel"];
    extraModulePackages = [];
  };
  # fileSystems."/" =
  #   { device = "/dev/disk/by-uuid/33b7e681-d92a-40db-a172-b797591a1e2e";
@ -24,19 +30,19 @@
  #     options = [ "fmask=0022" "dmask=0022" ];
  #   };
-  fileSystems."/" =
+  fileSystems."/" = {
-    { device = "/dev/disk/by-uuid/2ce4b2b1-0083-43b2-bd8d-0e8cd21b1ef6";
+    device = "/dev/disk/by-uuid/2ce4b2b1-0083-43b2-bd8d-0e8cd21b1ef6";
    fsType = "ext4";
  };
-  fileSystems."/boot" =
+  fileSystems."/boot" = {
-    { device = "/dev/disk/by-uuid/AE71-FD70";
+    device = "/dev/disk/by-uuid/AE71-FD70";
    fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
+    options = ["fmask=0022" "dmask=0022"];
  };
-  swapDevices =
+  swapDevices = [
-    [ { device = "/dev/disk/by-uuid/f5af06e8-e285-4565-abc3-fdd0ddde4736"; }
+    {device = "/dev/disk/by-uuid/f5af06e8-e285-4565-abc3-fdd0ddde4736";}
  ];
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
--- a/secrets/default.nix
+++ b/secrets/default.nix
@ -22,6 +22,10 @@ in {
      file = ./derek-bot.age;
      owner = "derek-bot";
    };
    derek-site = isEnabled "derek-site" {
      file = ./derek-bot.age;
      owner = "derek-site";
    };
    # matrix-registration = isEnabled "matrix" {
    #   file = ./matrix-registration.age;
    #   owner = abstrServiceUser "matrix-continuwuity";
--- a/secrets/derek-site.age
+++ b/secrets/derek-site.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -16,6 +16,7 @@ in {
  "password.age".publicKeys = keys;
  "jsw-bot.age".publicKeys = keys;
  "derek-bot.age".publicKeys = keys;
  "derek-site.age".publicKeys = keys;
  "matrix-registration.age".publicKeys = keys;
  "mail-admin.age".publicKeys = keys;
  "zitadel-key.age".publicKeys = keys;
--- a/system/server/default.nix
+++ b/system/server/default.nix
@ -7,6 +7,7 @@ in {
    ./jsw-bot.nix
    ./caddy.nix
    ./derek-bot.nix
    ./derek-site.nix
    ./forgejo.nix
    ./immich.nix
    ./index
--- a/system/server/derek-site.nix
+++ b/system/server/derek-site.nix
@ -0,0 +1,77 @@
 {
  config,
  pkgs,
  lib,
  ...
 }: let
  name = "derek-site";
  cfg = config.niksos.server.${name}.enable;
  userGroup = name;
  gitRepo = "https://github.com/Definitely-Not-A-Dolphin/Geen-Dolfijn";
  inherit (lib) getExe mkEnableOption mkIf;
  bash = getExe pkgs.bash;
  varLib = "/var/lib/";
  mainDir = "${varLib}${userGroup}";
  programDir = "${mainDir}/program";
  denoDir = "${mainDir}/deno";
  path = builtins.concatStringsSep ":" (map (x: "${x}/bin/") [pkgs.coreutils pkgs.deno pkgs.git]);
  run = pkgs.writeShellScriptBin "geen-dolfijn" ''
    cd "${programDir}"
    export $(grep -v '^#' "${config.age.secrets.${userGroup}.path}" | xargs)
    deno run preview
  '';
 in {
  options.niksos.server.${name}.enable = mkEnableOption name;
  config = mkIf cfg {
    systemd.services.${userGroup} = {
      enable = true;
      after = ["network.target"];
      wantedBy = ["default.target"];
      description = userGroup;
      environment = {
        "DENO_DIR" = denoDir;
        "PATH" = lib.mkForce path;
      };
      preStart = ''
        export PATH=${path}
        cd "${mainDir}"
        chown -R ${userGroup}:${userGroup} ${mainDir}/* || echo
        if [ ! -d "${programDir}" ]; then
          git clone "${gitRepo}" "${programDir}"
        fi
        chmod -R 750 ${mainDir}/* || echo
        cd "${programDir}"
        git fetch
        git reset --hard origin/HEAD
        DENO_DIR=${denoDir} deno i
      '';
      serviceConfig = {
        StateDirectory = userGroup;
        ExecStart = getExe run;
        User = userGroup;
        Group = userGroup;
        Restart = "always";
        RuntimeMaxSec = 1 * 60 * 60; # 1h * 60min * 60s
      };
    };
    users.groups.${userGroup} = {};
    users.users.${userGroup} = {
      group = userGroup;
      isSystemUser = true;
    };
  };
 }
--- a/system/server/lib/extractWebOptions.nix
+++ b/system/server/lib/extractWebOptions.nix
@ -11,8 +11,8 @@
    then ""
    else "${cfg.subDomain}.";
 in
-  cfg // 
+  cfg
-  {
+  // {
    domain = "${subDomain}${baseDomain}";
    inherit baseDomain subDomain;
  }