commit 465ce92c27883dee7904f82a3db531b0b2bdacbf
parent b06c48566e39e1e33f9e461fe6e335e0cf47ce2e
Author: Katja (zaphyra) <git@ctu.cx>
Date: Sat, 24 May 2025 11:45:04 +0200
parent b06c48566e39e1e33f9e461fe6e335e0cf47ce2e
Author: Katja (zaphyra) <git@ctu.cx>
Date: Sat, 24 May 2025 11:45:04 +0200
config/nixos/modules/websites: add `bikemap.zaphyra.eu` (and enable on host `morio`)
5 files changed, 171 insertions(+), 2 deletions(-)
A
|
142
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff --git a/config/nixos/modules/websites/bikemap.zaphyra.eu.nix b/config/nixos/modules/websites/bikemap.zaphyra.eu.nix @@ -0,0 +1,142 @@ +{ + povSelf, + hostConfig, + config, + pkgs, + lib, + ... +}: + +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + +in +{ + + options = { + enable = { + type = types.bool; + default = false; + }; + domain = { + type = types.str; + default = "zaphyra.eu"; + }; + subdomain = { + type = types.str; + default = "bikemap"; + }; + }; + + config = lib.mkIf cfg.enable ( + let + deployScript = pkgs.writeShellScript "deployBikemap" '' + systemctl start deployBikemap; + systemctl status deployBikemap; + ''; + + in + { + assertions = [ + { + assertion = config.modules.services.gitolite.enable == true; + message = "The option 'modules.services.gitolite.enable' must be enabled in order to use this module."; + } + ]; + + dns.zones."${cfg.domain}".subdomains."${cfg.subdomain}".CNAME = [ "${config.networking.fqdn}." ]; + + users.users."bikemap" = { + isSystemUser = true; + group = config.modules.services.gitolite.group; + createHome = true; + homeMode = "755"; + home = "/var/lib/bikemap"; + }; + + security.sudo.extraRules = [ + { + users = [ "git" ]; + commands = [ + { + command = "${deployScript}"; + options = [ + "SETENV" + "NOPASSWD" + ]; + } + ]; + } + ]; + + systemd.services.deployBikemap = { + script = '' + # strict mode + set -euo pipefail + IFS=$'\n\t' + + TMP_DIR=$(mktemp -d) + trap "{ rm -rf "$TMP_DIR"; }" SIGINT SIGTERM ERR EXIT + + ${pkgs.git}/bin/git config --global --add safe.directory ${config.modules.services.gitolite.dataDir}/repositories/biketracks.git + ${pkgs.git}/bin/git clone ${config.modules.services.gitolite.dataDir}/repositories/biketracks.git $TMP_DIR/tracks + + mkdir $TMP_DIR/tiles + + ${pkgs.generateTilesFromGPX}/bin/generateTilesFromGPX $TMP_DIR/tracks $TMP_DIR/tiles + + rm -rf ~/*; + + ln -sf ${pkgs.gpx-map}/index.html ~/index.html + ln -sf ${pkgs.gpx-map}/bundle.js ~/bundle.js + mv $TMP_DIR/tiles ~/tiles; + echo "{\"lastUpdated\":\"$(date +"%Y-%m-%d %H:%M")\"}" > ~/lastUpdated.json + ''; + + serviceConfig = { + Type = "oneshot"; + + User = "bikemap"; + Group = config.modules.services.gitolite.group; + + WorkingDirectory = "~"; + StateDirectory = "bikemap"; + StateDirectoryMode = "755"; + + NoNewPrivileges = true; + PrivateTmp = true; + PrivateDevices = true; + + RestrictAddressFamilies = "none"; + RestrictNamespaces = true; + RestrictRealtime = true; + + ProtectSystem = "full"; + ProtectControlGroups = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + + DevicePolicy = "closed"; + LockPersonality = true; + }; + }; + + modules.services.gitolite.commonHooks.post-receive = '' + #deploy bikemap + [ "$GL_REPO" == "biketracks" ] && sudo ${deployScript} + ''; + + services.nginx = { + enable = true; + virtualHosts."${cfg.subdomain}.${cfg.domain}" = { + useACMEHost = "${config.networking.fqdn}"; + forceSSL = true; + kTLS = true; + root = "/var/lib/bikemap/"; + }; + }; + } + ); + +}
diff --git a/config/nixos/modules/websites/git.zaphyra.eu.nix b/config/nixos/modules/websites/git.zaphyra.eu.nix @@ -4,7 +4,6 @@ config, lib, pkgs, - dnsNix, ... }: @@ -41,6 +40,7 @@ in default = [ "nix" "etc" + "javascript" "nimlang" ]; };
diff --git a/flake.lock b/flake.lock @@ -271,6 +271,26 @@ "type": "github" } }, + "gpxMap": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1741208528, + "narHash": "sha256-HDgOvxva+fOZ8fmtJpwG64oRQSXVlGRTmH6LtEknXJc=", + "ref": "refs/heads/master", + "rev": "368358b4facb8bc55311250926eef78b0328b9a0", + "revCount": 6, + "type": "git", + "url": "https://git.zaphyra.eu/gpx-map" + }, + "original": { + "type": "git", + "url": "https://git.zaphyra.eu/gpx-map" + } + }, "haumea": { "inputs": { "nixpkgs": [ @@ -538,6 +558,7 @@ "flakeUtils": "flakeUtils", "flakeyProfile": "flakeyProfile", "flauschehornSexy": "flauschehornSexy", + "gpxMap": "gpxMap", "haumea": "haumea", "homeManager": "homeManager", "homeManagerUnstable": "homeManagerUnstable",
diff --git a/flake.nix b/flake.nix @@ -81,6 +81,7 @@ inputs.ctucxWebsite.overlays.default inputs.stagit.overlays.default inputs.flauschehornSexy.overlays.default + inputs.gpxMap.overlays.default ]; } @@ -190,6 +191,9 @@ flauschehornSexy.url = "git+https://git.zaphyra.eu/flauschehorn.sexy"; flauschehornSexy.inputs.nixpkgs.follows = "nixpkgs"; + gpxMap.url = "git+https://git.zaphyra.eu/gpx-map"; + gpxMap.inputs.nixpkgs.follows = "nixpkgs"; + firefoxGnomeTheme.flake = false; firefoxGnomeTheme.url = "github:rafaelmardojai/firefox-gnome-theme/v137"; };
diff --git a/hosts/morio/default.nix b/hosts/morio/default.nix @@ -74,9 +74,11 @@ }; websites = { - "git.zaphyra.eu".enable = true; "prometheus.infra.zaphyra.eu".enable = true; "grafana.infra.zaphyra.eu".enable = true; + + "git.zaphyra.eu".enable = true; + "bikemap.zaphyra.eu".enable = true; }; users.katja.enable = true;