lew/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: lew:cbac00966728cac2512a7ab1723cb06d4b6b28d1
Branches Tags
lew:main
...
compare: lew:1276e9b5f7fd204865da60c8b40721e15840708a
Branches Tags
lew:main

2 commits
cbac009667 ... 1276e9b5f7

Author SHA1 Message Date
lew
1276e9b5f7 feat: attempts to implement continuous builds via Forgejo trigger 2026-04-07 12:35:15 +01:00
lew
9073f45dc3 feat: enables HTTP_GIT for Forgejo for public users pulling 2026-04-07 12:33:00 +01:00
2 changed files with 65 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
hosts/lab/forgejo.nix
View file

@ -29,7 +29,7 @@ in
START_SSH_SERVER = true; START_SSH_SERVER = true;
SSH_PORT = 4201; SSH_PORT = 4201;
SSH_LISTEN_PORT = 4201; SSH_LISTEN_PORT = 4201;
DISABLE_HTTP_GIT = true; DISABLE_HTTP_GIT = false;
}; };
service = { service = {
DISABLE_REGISTRATION = true; DISABLE_REGISTRATION = true;

65
hosts/lab/wynne.nix
View file

@ -2,6 +2,7 @@
let let
port = 4322; port = 4322;
dataDir = "/srv/wynne"; dataDir = "/srv/wynne";
repo = "https://git.ily.rs/lew/wynne";
in in
{ {
services.caddy.virtualHosts."wynne.rs" = { services.caddy.virtualHosts."wynne.rs" = {
@ -19,7 +20,8 @@ in
systemd.services.wynne = { systemd.services.wynne = {
description = "wynne.rs"; description = "wynne.rs";
after = [ "network.target" ]; after = [ "wynne-rebuild.service" ];
wants = [ "wynne-rebuild.service" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
environment = { environment = {
HOST = "127.0.0.1"; HOST = "127.0.0.1";
@ -37,6 +39,67 @@ in
}; };
}; };
# Always rebuilds because wynne bakes DB content (guestbook) into pages at build time
systemd.services.wynne-rebuild = {
description = "Clone/pull and build wynne.rs";
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = false;
ExecStart = pkgs.writeShellScript "rebuild-wynne" ''
set -euo pipefail
if [ ! -d ${dataDir}/repo/.git ]; then
mkdir -p ${dataDir}
${pkgs.git}/bin/git clone ${repo} ${dataDir}/repo
fi
mkdir -p ${dataDir}/data
cd ${dataDir}/repo
${pkgs.git}/bin/git fetch origin
${pkgs.git}/bin/git reset --hard origin/main
${pkgs.pnpm}/bin/pnpm install --frozen-lockfile
${pkgs.pnpm}/bin/pnpm build
'';
# + prefix runs this line as root (wynne user can't restart services)
ExecStartPost = "+/run/current-system/sw/bin/systemctl restart wynne";
User = "wynne";
Group = "wynne";
ReadWritePaths = [ dataDir ];
};
};
# Watches a trigger file, starts wynne-rebuild when touched
systemd.paths.wynne-rebuild-trigger = {
description = "Watch for wynne rebuild trigger";
wantedBy = [ "multi-user.target" ];
pathConfig = {
PathModified = "${dataDir}/trigger";
Unit = "wynne-rebuild.service";
};
};
systemd.services.wynne-webhook = {
description = "Webhook listener for wynne.rs";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
ExecStart = let
hooks = pkgs.writeText "wynne-hooks.json" (builtins.toJSON [{
id = "wynne-rebuild";
execute-command = "/run/current-system/sw/bin/touch";
pass-arguments-to-command = [
{ source = "string"; name = "${dataDir}/trigger"; }
];
}]);
in "${pkgs.webhook}/bin/webhook -hooks ${hooks} -port ${toString (port + 1)} -verbose";
Restart = "always";
User = "wynne";
Group = "wynne";
};
};
users.users.wynne = { users.users.wynne = {
isSystemUser = true; isSystemUser = true;
group = "wynne"; group = "wynne";