From 9073f45dc344813ecedc0aa9157d3816b0e63f09 Mon Sep 17 00:00:00 2001 From: lew Date: Tue, 7 Apr 2026 12:33:00 +0100 Subject: [PATCH 1/2] feat: enables HTTP_GIT for Forgejo for public users pulling --- hosts/lab/forgejo.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/lab/forgejo.nix b/hosts/lab/forgejo.nix index 1fcf379..982b571 100644 --- a/hosts/lab/forgejo.nix +++ b/hosts/lab/forgejo.nix @@ -29,7 +29,7 @@ in START_SSH_SERVER = true; SSH_PORT = 4201; SSH_LISTEN_PORT = 4201; - DISABLE_HTTP_GIT = true; + DISABLE_HTTP_GIT = false; }; service = { DISABLE_REGISTRATION = true; From 1276e9b5f7fd204865da60c8b40721e15840708a Mon Sep 17 00:00:00 2001 From: lew Date: Tue, 7 Apr 2026 12:35:15 +0100 Subject: [PATCH 2/2] feat: attempts to implement continuous builds via Forgejo trigger --- hosts/lab/wynne.nix | 65 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 64 insertions(+), 1 deletion(-) diff --git a/hosts/lab/wynne.nix b/hosts/lab/wynne.nix index 5a276a8..cd5e9a4 100644 --- a/hosts/lab/wynne.nix +++ b/hosts/lab/wynne.nix @@ -2,6 +2,7 @@ let port = 4322; dataDir = "/srv/wynne"; + repo = "https://git.ily.rs/lew/wynne"; in { services.caddy.virtualHosts."wynne.rs" = { @@ -19,7 +20,8 @@ in systemd.services.wynne = { description = "wynne.rs"; - after = [ "network.target" ]; + after = [ "wynne-rebuild.service" ]; + wants = [ "wynne-rebuild.service" ]; wantedBy = [ "multi-user.target" ]; environment = { HOST = "127.0.0.1"; @@ -37,6 +39,67 @@ in }; }; + # Always rebuilds because wynne bakes DB content (guestbook) into pages at build time + systemd.services.wynne-rebuild = { + description = "Clone/pull and build wynne.rs"; + after = [ "network-online.target" ]; + wants = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = false; + ExecStart = pkgs.writeShellScript "rebuild-wynne" '' + set -euo pipefail + if [ ! -d ${dataDir}/repo/.git ]; then + mkdir -p ${dataDir} + ${pkgs.git}/bin/git clone ${repo} ${dataDir}/repo + fi + mkdir -p ${dataDir}/data + cd ${dataDir}/repo + ${pkgs.git}/bin/git fetch origin + ${pkgs.git}/bin/git reset --hard origin/main + ${pkgs.pnpm}/bin/pnpm install --frozen-lockfile + ${pkgs.pnpm}/bin/pnpm build + ''; + # + prefix runs this line as root (wynne user can't restart services) + ExecStartPost = "+/run/current-system/sw/bin/systemctl restart wynne"; + User = "wynne"; + Group = "wynne"; + ReadWritePaths = [ dataDir ]; + }; + }; + + # Watches a trigger file, starts wynne-rebuild when touched + systemd.paths.wynne-rebuild-trigger = { + description = "Watch for wynne rebuild trigger"; + wantedBy = [ "multi-user.target" ]; + pathConfig = { + PathModified = "${dataDir}/trigger"; + Unit = "wynne-rebuild.service"; + }; + }; + + systemd.services.wynne-webhook = { + description = "Webhook listener for wynne.rs"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "simple"; + ExecStart = let + hooks = pkgs.writeText "wynne-hooks.json" (builtins.toJSON [{ + id = "wynne-rebuild"; + execute-command = "/run/current-system/sw/bin/touch"; + pass-arguments-to-command = [ + { source = "string"; name = "${dataDir}/trigger"; } + ]; + }]); + in "${pkgs.webhook}/bin/webhook -hooks ${hooks} -port ${toString (port + 1)} -verbose"; + Restart = "always"; + User = "wynne"; + Group = "wynne"; + }; + }; + users.users.wynne = { isSystemUser = true; group = "wynne";