From 876c9ee88de2761b2a3606b8ab4ecfaa131e0b81 Mon Sep 17 00:00:00 2001 From: Jurn Wubben Date: Tue, 30 Sep 2025 18:48:03 +0200 Subject: [PATCH 01/10] Started on implementing derek's site --- hosts/lapserv/hardware-configuration.nix | 48 +++++++------- secrets/default.nix | 4 ++ secrets/derek-site.age | Bin 0 -> 995 bytes secrets/secrets.nix | 1 + system/server/default.nix | 1 + system/server/derek-site.nix | 77 +++++++++++++++++++++++ system/server/lib/extractWebOptions.nix | 4 +- 7 files changed, 112 insertions(+), 23 deletions(-) create mode 100644 secrets/derek-site.age create mode 100644 system/server/derek-site.nix diff --git a/hosts/lapserv/hardware-configuration.nix b/hosts/lapserv/hardware-configuration.nix index 282444c..5692d9f 100644 --- a/hosts/lapserv/hardware-configuration.nix +++ b/hosts/lapserv/hardware-configuration.nix @@ -1,17 +1,23 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + boot = { + initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "sd_mod"]; + initrd.kernelModules = []; + kernelModules = ["kvm-intel"]; + extraModulePackages = []; + }; # fileSystems."/" = # { device = "/dev/disk/by-uuid/33b7e681-d92a-40db-a172-b797591a1e2e"; @@ -24,20 +30,20 @@ # options = [ "fmask=0022" "dmask=0022" ]; # }; - fileSystems."/" = - { device = "/dev/disk/by-uuid/2ce4b2b1-0083-43b2-bd8d-0e8cd21b1ef6"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/2ce4b2b1-0083-43b2-bd8d-0e8cd21b1ef6"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/AE71-FD70"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/AE71-FD70"; + fsType = "vfat"; + options = ["fmask=0022" "dmask=0022"]; + }; - swapDevices = - [ { device = "/dev/disk/by-uuid/f5af06e8-e285-4565-abc3-fdd0ddde4736"; } - ]; + swapDevices = [ + {device = "/dev/disk/by-uuid/f5af06e8-e285-4565-abc3-fdd0ddde4736";} + ]; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/secrets/default.nix b/secrets/default.nix index c1cafa6..ebb6d1c 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -22,6 +22,10 @@ in { file = ./derek-bot.age; owner = "derek-bot"; }; + derek-site = isEnabled "derek-site" { + file = ./derek-bot.age; + owner = "derek-site"; + }; # matrix-registration = isEnabled "matrix" { # file = ./matrix-registration.age; # owner = abstrServiceUser "matrix-continuwuity"; diff --git a/secrets/derek-site.age b/secrets/derek-site.age new file mode 100644 index 0000000000000000000000000000000000000000..bab4b4e3d1afd3708a965883cfc91512b76e8c85 GIT binary patch literal 995 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCT453Gs|cT^~f$SHO< z$|@-ga7xcBGph{BD=Diia7^+@$uuy{it_d>2`SKbPPA}xb>&J8bW3wFO|2^M&@Xff zD|N3hG|3G&2rG68F>xzREp*PvsdRR9$@Px#u|T)YH!a9K%u&I@EUF|T+&Hw*-y_Mw zC&D?{xirPoG$hl{!pkCDyG-B9SwF|ntjaUW#gi*2Lf;}HFvKV~ATzZr*sr7@%S78T zC(y^)BDo|eqom9z(lpt;&?v~jH4xo4?c}nckaPtjegAMv7c>1_eJ9_D^73F;7n4+@ z%=FBxtODnd3jJJ1L(hO@!_p!**K#hGQtiA@Uw@a3qRfcGvMfViU&Bi0>_X#|44DlaM5&rUTmtH=lo zO3pUXuSn)9D=AB_D$a}yjL7it$PL!cHH*x4ED9-b^~*9a@N!KL^)N{@&h|@mPAW#X zEiACo%pg!9-O@Osw9v)ZUB93t)v_SBEYQ(6CE2{PP~XL^JUGqNvm{Nwve+>*G1P!7 zHNV&^+sG}*ve?yEJ3ZAj&#Wpe)x03j#NX3WKhVV~H#FQg&&SonHP3`gS65fTBgrMK z#5px0sNA%;sG!I@H9RA-s9fJ8G|D(Qved%EJF%iNKQXK{J1U=x+3kywUuNVK$L{v> zb&r^sneWs2M#Q{#L9ke`kJjZt(+fUUsHQg6dGE-i($3U37&SZ zeyuOhp7VAeu{B$LHiz$4Rm$ttC#UrFSuUH_G;huO-kzXCI>#5QUbfAXYA!kRAT7=E z|K0;XqV|5^V$r?bU&3YkjrslFihq(P&ZyJ|_m=MOoVVV)W{c}WCizn~6FGI}E8jg3 z{bc&Q2XB`Cd6~-d^vUlFsjO$)6??kfrm`@FZHajvn$6&z;rH#W80*^1H_d_uRcmz0 zAUp MnqQ+7PE-p503K#-QUCw| literal 0 HcmV?d00001 diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 66e90da..1fd8855 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -16,6 +16,7 @@ in { "password.age".publicKeys = keys; "jsw-bot.age".publicKeys = keys; "derek-bot.age".publicKeys = keys; + "derek-site.age".publicKeys = keys; "matrix-registration.age".publicKeys = keys; "mail-admin.age".publicKeys = keys; "zitadel-key.age".publicKeys = keys; diff --git a/system/server/default.nix b/system/server/default.nix index 920d92c..06ef7b9 100644 --- a/system/server/default.nix +++ b/system/server/default.nix @@ -7,6 +7,7 @@ in { ./jsw-bot.nix ./caddy.nix ./derek-bot.nix + ./derek-site.nix ./forgejo.nix ./immich.nix ./index diff --git a/system/server/derek-site.nix b/system/server/derek-site.nix new file mode 100644 index 0000000..97f6d43 --- /dev/null +++ b/system/server/derek-site.nix @@ -0,0 +1,77 @@ +{ + config, + pkgs, + lib, + ... +}: let + name = "derek-site"; + cfg = config.niksos.server.${name}.enable; + + userGroup = name; + gitRepo = "https://github.com/Definitely-Not-A-Dolphin/Geen-Dolfijn"; + + inherit (lib) getExe mkEnableOption mkIf; + bash = getExe pkgs.bash; + + varLib = "/var/lib/"; + mainDir = "${varLib}${userGroup}"; + programDir = "${mainDir}/program"; + denoDir = "${mainDir}/deno"; + + path = builtins.concatStringsSep ":" (map (x: "${x}/bin/") [pkgs.coreutils pkgs.deno pkgs.git]); + run = pkgs.writeShellScriptBin "geen-dolfijn" '' + cd "${programDir}" + export $(grep -v '^#' "${config.age.secrets.${userGroup}.path}" | xargs) + + deno run preview + ''; +in { + options.niksos.server.${name}.enable = mkEnableOption name; + + config = mkIf cfg { + systemd.services.${userGroup} = { + enable = true; + after = ["network.target"]; + wantedBy = ["default.target"]; + description = userGroup; + + environment = { + "DENO_DIR" = denoDir; + "PATH" = lib.mkForce path; + }; + + preStart = '' + export PATH=${path} + + cd "${mainDir}" + chown -R ${userGroup}:${userGroup} ${mainDir}/* || echo + + if [ ! -d "${programDir}" ]; then + git clone "${gitRepo}" "${programDir}" + fi + chmod -R 750 ${mainDir}/* || echo + + cd "${programDir}" + git fetch + git reset --hard origin/HEAD + + DENO_DIR=${denoDir} deno i + ''; + + serviceConfig = { + StateDirectory = userGroup; + ExecStart = getExe run; + User = userGroup; + Group = userGroup; + Restart = "always"; + RuntimeMaxSec = 1 * 60 * 60; # 1h * 60min * 60s + }; + }; + + users.groups.${userGroup} = {}; + users.users.${userGroup} = { + group = userGroup; + isSystemUser = true; + }; + }; +} diff --git a/system/server/lib/extractWebOptions.nix b/system/server/lib/extractWebOptions.nix index 805fea1..cf84dd2 100644 --- a/system/server/lib/extractWebOptions.nix +++ b/system/server/lib/extractWebOptions.nix @@ -11,8 +11,8 @@ then "" else "${cfg.subDomain}."; in - cfg // - { + cfg + // { domain = "${subDomain}${baseDomain}"; inherit baseDomain subDomain; } From a94b2c9387379ad8f413c076d4e460ea0ad93ec9 Mon Sep 17 00:00:00 2001 From: Jurn Wubben Date: Tue, 30 Sep 2025 19:24:49 +0200 Subject: [PATCH 02/10] Updated path for derek-site start service --- system/server/derek-site.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/system/server/derek-site.nix b/system/server/derek-site.nix index 97f6d43..dbb77b9 100644 --- a/system/server/derek-site.nix +++ b/system/server/derek-site.nix @@ -20,9 +20,10 @@ path = builtins.concatStringsSep ":" (map (x: "${x}/bin/") [pkgs.coreutils pkgs.deno pkgs.git]); run = pkgs.writeShellScriptBin "geen-dolfijn" '' - cd "${programDir}" + export PATH="${path}" export $(grep -v '^#' "${config.age.secrets.${userGroup}.path}" | xargs) + cd "${programDir}" deno run preview ''; in { From ffa8959679f79086bf907d847896d5998fe32dd9 Mon Sep 17 00:00:00 2001 From: Jurn Wubben Date: Tue, 30 Sep 2025 19:37:44 +0200 Subject: [PATCH 03/10] derek-site added build command --- system/server/derek-site.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/system/server/derek-site.nix b/system/server/derek-site.nix index dbb77b9..1893d28 100644 --- a/system/server/derek-site.nix +++ b/system/server/derek-site.nix @@ -56,7 +56,8 @@ in { git fetch git reset --hard origin/HEAD - DENO_DIR=${denoDir} deno i + DENO_DIR=${denoDir} deno i --allow-scripts=npm:workerd,npm:sharp + DENO_DIR=${denoDir} deno run build ''; serviceConfig = { From ba1a84fb7bf6904234782de21ff94eb284781ccd Mon Sep 17 00:00:00 2001 From: Jurn Wubben Date: Tue, 30 Sep 2025 20:00:51 +0200 Subject: [PATCH 04/10] Updated secret management for derek-site --- system/server/derek-site.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/system/server/derek-site.nix b/system/server/derek-site.nix index 1893d28..4322d65 100644 --- a/system/server/derek-site.nix +++ b/system/server/derek-site.nix @@ -56,13 +56,15 @@ in { git fetch git reset --hard origin/HEAD + cp "${config.age.secrets.${userGroup}.path}" "./src/lib/secretData.json" + DENO_DIR=${denoDir} deno i --allow-scripts=npm:workerd,npm:sharp DENO_DIR=${denoDir} deno run build ''; serviceConfig = { StateDirectory = userGroup; - ExecStart = getExe run; + ExecStart = "${bash} -c 'cd ${programDir} && deno run previw'"; User = userGroup; Group = userGroup; Restart = "always"; From 84a91f87f672393022e3ff3f7f4b1ef1ef3ace47 Mon Sep 17 00:00:00 2001 From: Jurn Wubben Date: Tue, 30 Sep 2025 20:27:02 +0200 Subject: [PATCH 05/10] Updated PATH and secret path for derek site --- system/server/derek-site.nix | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/system/server/derek-site.nix b/system/server/derek-site.nix index 4322d65..b6d709a 100644 --- a/system/server/derek-site.nix +++ b/system/server/derek-site.nix @@ -18,14 +18,7 @@ programDir = "${mainDir}/program"; denoDir = "${mainDir}/deno"; - path = builtins.concatStringsSep ":" (map (x: "${x}/bin/") [pkgs.coreutils pkgs.deno pkgs.git]); - run = pkgs.writeShellScriptBin "geen-dolfijn" '' - export PATH="${path}" - export $(grep -v '^#' "${config.age.secrets.${userGroup}.path}" | xargs) - - cd "${programDir}" - deno run preview - ''; + path = builtins.concatStringsSep ":" (map (x: "${x}/bin/") [pkgs.coreutils pkgs.deno pkgs.git pkgs.nodejs]); in { options.niksos.server.${name}.enable = mkEnableOption name; @@ -56,15 +49,15 @@ in { git fetch git reset --hard origin/HEAD - cp "${config.age.secrets.${userGroup}.path}" "./src/lib/secretData.json" + cp "${config.age.secrets.${userGroup}.path}" "./src/lib/secrets.json" DENO_DIR=${denoDir} deno i --allow-scripts=npm:workerd,npm:sharp - DENO_DIR=${denoDir} deno run build + DENO_DIR=${denoDir} deno run build || echo oopsie woopsie error ''; serviceConfig = { StateDirectory = userGroup; - ExecStart = "${bash} -c 'cd ${programDir} && deno run previw'"; + ExecStart = "${bash} -c 'cd ${programDir} && deno run preview --port 9010'"; User = userGroup; Group = userGroup; Restart = "always"; From 97e86550fedee2d9fd13f733c9059427473732b0 Mon Sep 17 00:00:00 2001 From: Jurn Wubben Date: Tue, 30 Sep 2025 20:58:14 +0200 Subject: [PATCH 06/10] Updated derek-site secrets --- secrets/derek-site.age | Bin 995 -> 1022 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/secrets/derek-site.age b/secrets/derek-site.age index bab4b4e3d1afd3708a965883cfc91512b76e8c85..83a3e347746bb18030263b07ddd0338154e025d6 100644 GIT binary patch delta 935 zcmaFN{*QfvPQ7`uWl?yjyHk~=V_K$uibrXBRzQ@ePiAOQzOSKKMY3y3gt51Yc3wn! zIag?2K~YdujzO@GWllzswwGT~gno{Xxo2ugs!wIGzIV7!j=pI?QGi#n1(&X!LUD11 zZfc5=si~o*f^S-od6=Vuv$IobiMLa3s0CZVO7+7&5*`QB+Jekp!gK>?|u6+VVxA+83K;~B-ny?pci{L71r ze5=end@a*WiZZpG!pw`EQ?tzt%ZelQO^Z`g-1AGK!YV?!oE?KovP$z^Q`5{XtF%2L z9FsC#0zw+_hj$L zKu=SnT*K6yLKBai(vpzOY_3f0@^W*da8KV-qmT&yfU1;mvnnjQq5G%Rp28vgC+}^dyT6pRAIs9FL-6-=N&Q z;ACH83ohFSN`;pb7FO2RI9&_r{CevDmB*JZtA1{1+^!w`Ojy*NXL?-xJ-f5g%qKd6 zb0-L#nxrWZ)6VyFU&nQ)_ne~H5g$&!z3=Gt(R`b>!>)?OHxkP%bD3q1|CiQ3#Z$R^ z?TR#CwkcN@apsj9Eqb`ps&oan$}WjTGp`E&mIzt5bN-UcjkjK!-0oAD^RWJ)V^CG7 zLEUndr*cNCKg$-}{xI!_!W0?vbBfg_3g(LatEMoAR2uB=YA`Wc8r_mQfxDdB{gkW{=RX!xNU~krE6`KdI#*8;*Ebj=C^sfHvhWurEj5Z4xZUmS z6Y6}JWHE0CkNS6)+A~{hlfF1x`n(m9>#aTSIxWA_B%n&}*|zhO57oZC?3KwPzE9Xg I?$~T&005?2F#rGn delta 908 zcmeyz{+NA&PJK~CPO-C5R!L!iQ+i&RS!GaONm*rqW0FTorh#czl(%O|NP)g{qJ@*I zD_3fuTbhe$YE^-UexXxXse6T?Np847Sg}ipiCbxEp>sw~rL&_;u6Klw1(&X!LUD11 zZfc5=si~o*f^S-od6=Vug;`WdM7VKip}$9xg-?WYu$yyfil=Evrk{nEMYwjEzL&Fp zj-gqVXOxR4S5Sn$MMPkTQEotHYFV&fNkNv0wqs79kF!N`Nl->fnNg%^vU#CVkb!I9 z#E;_PM*9BYmM&)cx%y7N5#{B6;&NYk7b}R}haP`YF zFz|9s5A`rfGtTx)bWSQpkAbkjN;88%g>*~fh|)qAUw8e2l2prr+_L&WN8glW^U6Yf z7q{}@G*i!#H2unA$IQe~1FqEkVy|o?w;;=6S6}V)RMR}Os<2e^f;JzH7hr=UjHR15;;Z`f0ZxII!pvEBn3aYqr+3 za(;Y$P3=WdXlVH^hSfqRc-p=CwZ1%i&f9&&)@=3J9KKssDX&+boYL24xold~yfyE8 zdx8$>9AB(@*)~tAx#Y})v^2~Adk_4G+WUcvMfY}p3773R=J$Im{z;xVqf%cR+*`W8 zbKZLInk}vindDE|Oyty=uYC7F^polH9=uul=VdC-( Date: Tue, 30 Sep 2025 20:59:58 +0200 Subject: [PATCH 07/10] Updated derek site port and changed to normal user temporarily --- hosts/lapserv/default.nix | 1 + secrets/default.nix | 2 +- system/server/derek-site.nix | 5 +++-- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/hosts/lapserv/default.nix b/hosts/lapserv/default.nix index 4f334ec..0ef1e8c 100644 --- a/hosts/lapserv/default.nix +++ b/hosts/lapserv/default.nix @@ -10,6 +10,7 @@ server = { baseDomain = "jsw.tf"; derek-bot.enable = true; + derek-site.enable = true; forgejo = { enable = true; subDomain = "git"; diff --git a/secrets/default.nix b/secrets/default.nix index ebb6d1c..1c8f789 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -23,7 +23,7 @@ in { owner = "derek-bot"; }; derek-site = isEnabled "derek-site" { - file = ./derek-bot.age; + file = ./derek-site.age; owner = "derek-site"; }; # matrix-registration = isEnabled "matrix" { diff --git a/system/server/derek-site.nix b/system/server/derek-site.nix index b6d709a..da9b058 100644 --- a/system/server/derek-site.nix +++ b/system/server/derek-site.nix @@ -48,6 +48,7 @@ in { cd "${programDir}" git fetch git reset --hard origin/HEAD + rm -rf build || echo no build here lol cp "${config.age.secrets.${userGroup}.path}" "./src/lib/secrets.json" @@ -57,7 +58,7 @@ in { serviceConfig = { StateDirectory = userGroup; - ExecStart = "${bash} -c 'cd ${programDir} && deno run preview --port 9010'"; + ExecStart = "${bash} -c 'cd ${programDir} && deno run preview --host --port 9010'"; User = userGroup; Group = userGroup; Restart = "always"; @@ -68,7 +69,7 @@ in { users.groups.${userGroup} = {}; users.users.${userGroup} = { group = userGroup; - isSystemUser = true; + isNormalUser = true; }; }; } From 5bbb29bbab16bdeeaf895fbe47789880fdfa5dc6 Mon Sep 17 00:00:00 2001 From: Jurn Wubben Date: Tue, 30 Sep 2025 21:25:06 +0200 Subject: [PATCH 08/10] Added caddy to derek-site --- system/server/derek-site.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/system/server/derek-site.nix b/system/server/derek-site.nix index da9b058..c98deb9 100644 --- a/system/server/derek-site.nix +++ b/system/server/derek-site.nix @@ -23,6 +23,9 @@ in { options.niksos.server.${name}.enable = mkEnableOption name; config = mkIf cfg { + services.caddy.virtualHosts."geen-dolfijn.nl".extraConfig = '' + reverse_proxy http://127.0.0.1:9010 + ''; systemd.services.${userGroup} = { enable = true; after = ["network.target"]; From 30e06f058f80c3bd630b13fffdb2027a84dc4b07 Mon Sep 17 00:00:00 2001 From: Jurn Wubben Date: Tue, 30 Sep 2025 21:28:17 +0200 Subject: [PATCH 09/10] Derek site remove maxruntime --- system/server/derek-site.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/system/server/derek-site.nix b/system/server/derek-site.nix index c98deb9..377fdc2 100644 --- a/system/server/derek-site.nix +++ b/system/server/derek-site.nix @@ -65,7 +65,6 @@ in { User = userGroup; Group = userGroup; Restart = "always"; - RuntimeMaxSec = 1 * 60 * 60; # 1h * 60min * 60s }; }; From 359185697acc24d34a2494d5524ba3f639a0c49b Mon Sep 17 00:00:00 2001 From: Jurn Wubben Date: Sun, 5 Oct 2025 22:42:16 +0200 Subject: [PATCH 10/10] derek-site: now switched to dotenv secrets --- secrets/derek-site.age | 29 +++++++++++++++-------------- system/server/derek-site.nix | 18 ++++++++++++++---- 2 files changed, 29 insertions(+), 18 deletions(-) diff --git a/secrets/derek-site.age b/secrets/derek-site.age index 83a3e34..33f7d7c 100644 --- a/secrets/derek-site.age +++ b/secrets/derek-site.age @@ -1,15 +1,16 @@ age-encryption.org/v1 --> ssh-ed25519 GQzYWA 7c9rWUGBz9Afi/dHugjPZILiUroM16xcEdX3K4+nXgw -UnprRzl0SL9lhr+JNrX/lL7IeteLyS/KWLl/5PrPJc8 --> ssh-ed25519 MfR7VA CCBetKBme+NCER4WgM04FRl90FyWWQxyMnGHudjBPjk -Wlt/MmnXPEHhRLf/MFW5FdIyf7enS/590yR3U0sdb1I --> ssh-ed25519 +cvRTg 5xu0W2NHT1o+1D4AvHZixoKnljKeRT/vQeozUEF7XxU -pNEPbQtR7QuNQA7J4Uui+xdQoKf4NdNjRPeUxL1VTE0 --> ssh-ed25519 WCPLrA JMoNOwsrMz6HM9g4ri+BV7sCek71vsY/5sedGotZVxU -CARtjuoEef79z+HXAbiDPjDHHMCb42I3BPPRb70XahY --> ssh-ed25519 7/ziYw Mc5votCCX19H5aZk3VROGbP7WBzxisgxknxXPsVDES0 -kmnG3AzZdKPuBlDF13GCtCnFddZ8KpYYlP670qUAGGA --> ssh-ed25519 VQy60Q i1IkE2METtILHoHA0GHFJUGcKYQI52m1elq4HlutTik -i+ww72WIMu2TXOPzdW6jISHtAefwk4PLfs7Vb2jbdPk ---- ZJhIIlk909hofo9Q5/vcXXgb8hLjtjlHrsMRmnScM38 -="q`y|BT%󀁷+SG ^_>ȈSmʒ)\很B kXAJ7+@xav9m/ yfMԢ nw2:u $TӁ4ێ ARzU0~$2p 7!{4 7!Ty042[e w ?=eJ[DѶ*ֆy.?_3 ssh-ed25519 GQzYWA GkqfPf+tdDEQa8RWdEX+OhEB0/p0PpFudx4NGpR5Cik +CSxbatcY8s3JX0Wj2B7XKU9cO+kQAL2eg9eX0ukA21I +-> ssh-ed25519 MfR7VA SHjQ3YY3z5JdbZCmct4prjXBug9JnYC/daluw4q0dwQ +2AYJSI0jhRB/qDSBvzWQRpbyUNIrf1khjy83r1TARGI +-> ssh-ed25519 +cvRTg j2DV+BM4VXYhgC91GE9mqHnxJX/6DexDYLDdB3/dMF4 +sfYe2TL8ksQ6zBKMwBJQSqZBHKPlUW3255qZf/FwS0A +-> ssh-ed25519 WCPLrA nJHlAidKTa8xFLOIYXvG8MP3bbj2e62MRwkMkgsztEA +jzPf28wYo5FgOB+uiI7r/xdhakXXBmRp0zjW0m5nPJ4 +-> ssh-ed25519 7/ziYw luRZzFqdT+xOtuqPIILhfNQQ//IOb3CewrMIrkYuijQ +QiuNNcYK7i0/mVDkcmEJiSiFy7ydT4asFnLlFGmzV/o +-> ssh-ed25519 VQy60Q raBea0oINduk69QI1UzDs3z0Rld32sHMofFSkRQHdU0 +cyifYZSbV/sEbeWHb6VrAWf1kRJP5FGKzez/LQt3ahs +--- OgztbV5bq/R2LAcjgGFdxYm55U8fle/EB/+L9v6vuRY +L޷?{vgح]fpg&h~dpre~}|nM$_ +ywA8D'RjD&_)hD]jBW[qƔf/usQc-%E뾦@)`2${{\E8oPBnEG_Z]HQŰŤ&EErwNA63ITѦ\gyʹޑF;L_sTކ LAD `2U/c \ No newline at end of file diff --git a/system/server/derek-site.nix b/system/server/derek-site.nix index 377fdc2..66e770c 100644 --- a/system/server/derek-site.nix +++ b/system/server/derek-site.nix @@ -18,7 +18,16 @@ programDir = "${mainDir}/program"; denoDir = "${mainDir}/deno"; - path = builtins.concatStringsSep ":" (map (x: "${x}/bin/") [pkgs.coreutils pkgs.deno pkgs.git pkgs.nodejs]); + path = builtins.concatStringsSep ":" (map (x: "${x}/bin/") [pkgs.coreutils pkgs.gnugrep pkgs.findutils pkgs.deno pkgs.git pkgs.nodejs]); + runScript = pkgs.writeShellScriptBin "geen-dolfijn" '' + export PATH='${path}' + set -a + . ${config.age.secrets.${userGroup}.path} + set +a + + cd ${programDir} + deno run preview --host --port 9010 + ''; in { options.niksos.server.${name}.enable = mkEnableOption name; @@ -39,6 +48,9 @@ in { preStart = '' export PATH=${path} + set -a + . ${config.age.secrets.${userGroup}.path} + set +a cd "${mainDir}" chown -R ${userGroup}:${userGroup} ${mainDir}/* || echo @@ -53,15 +65,13 @@ in { git reset --hard origin/HEAD rm -rf build || echo no build here lol - cp "${config.age.secrets.${userGroup}.path}" "./src/lib/secrets.json" - DENO_DIR=${denoDir} deno i --allow-scripts=npm:workerd,npm:sharp DENO_DIR=${denoDir} deno run build || echo oopsie woopsie error ''; serviceConfig = { StateDirectory = userGroup; - ExecStart = "${bash} -c 'cd ${programDir} && deno run preview --host --port 9010'"; + ExecStart = getExe runScript; User = userGroup; Group = userGroup; Restart = "always";