Noratrieb/vps
1
0
Fork 0
mirror of https://github.com/Noratrieb/vps.git synced 2026-03-15 13:46:08 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: Noratrieb:db714febbfb76a97d29015d660178210e05b9931
Branches Tags
Noratrieb:main
Noratrieb:dynamic-dns-updates
Noratrieb:ipv6
Noratrieb:mail
Noratrieb:nixos
Noratrieb:email
..
compare: Noratrieb:71b4ca1448684ecd8b3ba3003e21a855af13354b
Branches Tags
Noratrieb:main
Noratrieb:dynamic-dns-updates
Noratrieb:ipv6
Noratrieb:mail
Noratrieb:nixos
Noratrieb:email

No commits in common. "db714febbfb76a97d29015d660178210e05b9931" and "71b4ca1448684ecd8b3ba3003e21a855af13354b" have entirely different histories.
db714febbf ... 71b4ca1448

25 changed files with 295 additions and 466 deletions
Download patch file Download diff file Expand all files Collapse all files

14
nix/apps/does-it-build/default.nix
View file

@ -1,21 +1,11 @@
{ pkgs, lib, my-projects-versions, ... }:
let
does-it-build-base = (import (pkgs.fetchFromGitHub my-projects-versions.does-it-build.fetchFromGitHub)) { inherit pkgs; };
does-it-build-base = (import (fetchTarball "https://github.com/Noratrieb/does-it-build/archive/${my-projects-versions.does-it-build}.tar.gz")) { inherit pkgs; };
does-it-build = does-it-build-base.overrideAttrs (finalAttrs: previousAttrs: {
DOES_IT_BUILD_OVERRIDE_VERSION = my-projects-versions.does-it-build.commit;
DOES_IT_BUILD_OVERRIDE_VERSION = my-projects-versions.does-it-build;
});
in
{
services.caddy.virtualHosts = {
"does-it-build.noratrieb.dev" = {
logFormat = "";
extraConfig = ''
encode zstd gzip
reverse_proxy * localhost:3000
'';
};
};
systemd.services.does-it-build = {
description = "https://github.com/Noratrieb/does-it-build";
wantedBy = [ "multi-user.target" ];

3
nix/apps/fakessh/default.nix
View file

@ -1,6 +1,5 @@
{ lib, pkgs, my-projects-versions, ... }:
let
cluelessh = import (pkgs.fetchFromGitHub my-projects-versions.cluelessh.fetchFromGitHub);
let cluelessh = import (fetchTarball "https://github.com/Noratrieb/cluelessh/archive/${my-projects-versions.cluelessh}.tar.gz");
in
{
systemd.services.fakessh = {

8
nix/apps/forgejo/default.nix
View file

@ -43,14 +43,6 @@
};
};
services.caddy.virtualHosts."git.noratrieb.dev" = {
logFormat = "";
extraConfig = ''
encode zstd gzip
reverse_proxy * localhost:5015
'';
};
services.custom-backup.jobs = [{
app = "forgejo";
file = "/var/lib/forgejo/data/forgejo.db";

60
nix/apps/hugo-chat/default.nix
View file

@ -5,11 +5,6 @@ let
"https://github.com/C0RR1T/HugoChat/releases/download/2024-08-05/HugoServer.jar";
hash = "sha256-hCe2UPqrSR6u3/UxsURI2KzRxN5saeTteCRq5Zfay4M=";
};
hugo-chat-client = fetchTarball {
url =
"https://github.com/C0RR1T/HugoChat/releases/download/2024-08-05/hugo-client.tar.xz";
sha256 = "sha256:121ai8q6bm7gp0pl1ajfk0k2nrfg05zid61i20z0j5gpb2qyhsib";
};
in
{
age.secrets.hugochat_db_password.file = ../../secrets/hugochat_db_password.age;
@ -41,61 +36,6 @@ in
};
};
services.caddy.virtualHosts = {
"hugo-chat.noratrieb.dev" = {
logFormat = "";
extraConfig = ''
encode zstd gzip
root * ${import ../../packages/caddy-static-prepare {
name = "hugo-chat-client";
src = hugo-chat-client;
inherit pkgs lib;
}}
try_files {path} /index.html
file_server {
etag_file_extensions .sha256
precompressed zstd gzip br
}
'';
};
"api.hugo-chat.noratrieb.dev" =
let
cors = pkgs.writeText "cors" ''
# https://gist.github.com/ryanburnette/d13575c9ced201e73f8169d3a793c1a3
@cors_preflight{args[0]} method OPTIONS
@cors{args[0]} header Origin {args[0]}
handle @cors_preflight{args[0]} {
header {
Access-Control-Allow-Origin "{args[0]}"
Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS"
Access-Control-Allow-Credentials "false"
Access-Control-Allow-Headers "$${args[1]}"
Access-Control-Max-Age "86400"
defer
}
respond "" 204
}
handle @cors{args[0]} {
header {
Access-Control-Allow-Origin "{args[0]}"
Access-Control-Expose-Headers *
defer
}
}
'';
in
{
logFormat = "";
extraConfig = ''
import ${cors} https://hugo-chat.noratrieb.dev "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type"
encode zstd gzip
reverse_proxy * localhost:5001
'';
};
};
services.custom-backup.jobs = [
{
app = "hugo-chat";

41
nix/apps/old-redirects/default.nix
View file

@ -1,41 +0,0 @@
{ ... }:
let
permanent = [
{ from = "www.noratrieb.dev"; to = "noratrieb.dev"; }
{ from = "blog.noratrieb.dev"; to = "noratrieb.dev/blog"; }
{ from = "nilstrieb.dev"; to = "noratrieb.dev"; }
{ from = "www.nilstrieb.dev"; to = "noratrieb.dev"; }
{ from = "blog.nilstrieb.dev"; to = "noratrieb.dev/blog"; }
{ from = "bisect-rustc.nilstrieb.dev"; to = "bisect-rustc.noratrieb.dev"; }
{ from = "docker.nilstrieb.dev"; to = "docker.noratrieb.dev"; }
{ from = "hugo-chat.nilstrieb.dev"; to = "hugo-chat.noratrieb.dev"; }
{ from = "api.hugo-chat.nilstrieb.dev"; to = "api.hugo-chat.noratrieb.dev"; }
{ from = "uptime.nilstrieb.dev"; to = "uptime.noratrieb.dev"; }
{ from = "olat.nilstrieb.dev"; to = "olat.noratrieb.dev"; }
{ from = "olat.nilstrieb.dev:8088"; to = "olat.noratrieb.dev"; }
];
in
{
services.caddy.virtualHosts = (
{
"bisect-rustc.noratrieb.dev" = {
logFormat = "";
extraConfig = "redir https://github.com/Noratrieb/cargo-bisect-rustc-service?tab=readme-ov-file#cargo-bisect-rustc-service";
};
"uptime.noratrieb.dev" = {
logFormat = "";
extraConfig = "redir https://github.com/Noratrieb/uptime?tab=readme-ov-file#uptime";
};
}
) // (
builtins.listToAttrs (map
(redirect: {
name = redirect.from;
value = {
logFormat = "";
extraConfig = "redir https://${redirect.to}{uri} permanent";
};
})
permanent)
);
}

18
nix/apps/openolat/default.nix
View file

@ -44,24 +44,6 @@ in
};
};
services.caddy.virtualHosts = {
"olat.noratrieb.dev" = {
logFormat = "";
extraConfig = ''
encode zstd gzip
reverse_proxy * localhost:5011
'';
};
# unsure if necessary... something was misconfigured in the past here...
"olat.noratrieb.dev:8088" = {
logFormat = "";
extraConfig = ''
encode zstd gzip
reverse_proxy * localhost:5011
'';
};
};
services.custom-backup.jobs = [
{
app = "openolat-db";

15
nix/apps/upload-files/default.nix
View file

@ -1,7 +1,5 @@
{ my-projects-versions, pkgs, lib, config, ... }:
let
upload-files = import (pkgs.fetchFromGitHub my-projects-versions."upload.files.noratrieb.dev".fetchFromGitHub);
in
let upload-files = import (fetchTarball "https://github.com/Noratrieb/upload.files.noratrieb.dev/archive/${my-projects-versions."upload.files.noratrieb.dev"}.tar.gz"); in
{
age.secrets.upload_files_s3_secret.file = ../../secrets/upload_files_s3_secret.age;
@ -20,15 +18,4 @@ in
EnvironmentFile = [ config.age.secrets.upload_files_s3_secret.path ];
};
};
services.caddy.virtualHosts."upload.files.noratrieb.dev" = {
logFormat = "";
extraConfig = ''
encode zstd gzip
# we need HTTP/2 here because the server doesn't work with HTTP/1.1
# because it will send early 401 responses during the upload without consuming the body
# (this has been mostly fixed but still keep it)
reverse_proxy * h2c://localhost:3050
'';
};
}

34
nix/apps/website/default.nix
View file

@ -1,34 +0,0 @@
{ pkgs, lib, my-projects-versions, ... }:
let
website = import (pkgs.fetchFromGitHub my-projects-versions.website.fetchFromGitHub);
blog = pkgs.fetchFromGitHub my-projects-versions.blog.fetchFromGitHub;
slides = pkgs.fetchFromGitHub my-projects-versions.slides.fetchFromGitHub;
website-build = website { inherit pkgs slides blog; };
in
{
services.caddy.virtualHosts = {
"noratrieb.dev" = {
logFormat = "";
extraConfig = ''
encode zstd gzip
header -Last-Modified
root * ${import ../../packages/caddy-static-prepare {
name = "website";
src = website-build;
inherit pkgs lib;
}}
file_server {
etag_file_extensions .sha256
precompressed zstd gzip br
}
'';
};
"files.noratrieb.dev" = {
logFormat = "";
extraConfig = ''
encode zstd gzip
reverse_proxy * localhost:3902
'';
};
};
}

7
nix/apps/widetom/default.nix
View file

@ -1,7 +1,12 @@
{ config, pkgs, lib, my-projects-versions, ... }:
let
widetom = pkgs.rustPlatform.buildRustPackage {
src = pkgs.fetchFromGitHub my-projects-versions.widetom.fetchFromGitHub;
src = pkgs.fetchFromGitHub {
owner = "Noratrieb";
repo = "widetom";
rev = my-projects-versions.widetom;
hash = "sha256-lSjlDozwKRLF62jsDaWo+8+rcQdeEgurEnuw00hk3o8=";
};
pname = "widetom";
version = "0.1.0";
cargoHash = "sha256-AWbdPcDc+QOW7U/FYbqlIsg+3MwfggKCTCw1z/ZbSEE=";

5
nix/hive.nix
View file

@ -180,8 +180,6 @@
./modules/backup
# apps
./apps/website
./apps/old-redirects
./apps/widetom
./apps/hugo-chat
./apps/killua
@ -213,8 +211,6 @@
./modules/caddy
./modules/garage
./modules/prometheus
./apps/website
];
system.stateVersion = "23.11";
@ -229,7 +225,6 @@
./modules/backup
# apps
./apps/website
./apps/does-it-build
];

59
nix/modules/caddy/base.Caddyfile Normal file
View file

@ -0,0 +1,59 @@
{
email noratrieb@proton.me
auto_https disable_redirects
storage s3 {
host "localhost:3900"
bucket "caddy-store"
# access_id ENV S3_ACCESS_ID
# secret_key ENV S3_SECRET_KEY
insecure true
}
servers {
metrics
}
log default {
output stdout
format json
}
}
# https://gist.github.com/ryanburnette/d13575c9ced201e73f8169d3a793c1a3
(cors) {
@cors_preflight{args[0]} method OPTIONS
@cors{args[0]} header Origin {args[0]}
handle @cors_preflight{args[0]} {
header {
Access-Control-Allow-Origin "{args[0]}"
Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS"
Access-Control-Allow-Credentials "false"
Access-Control-Allow-Headers "${args[1]}"
Access-Control-Max-Age "86400"
defer
}
respond "" 204
}
handle @cors{args[0]} {
header {
Access-Control-Allow-Origin "{args[0]}"
Access-Control-Expose-Headers *
defer
}
}
}
http:// {
log
respond "This is an HTTPS-only server, silly you. Go to https:// instead." 418
}
# HTTP
:9010 {
log
metrics /metrics
}

132
nix/modules/caddy/default.nix
View file

@ -1,4 +1,4 @@
{ pkgs, config, lib, name, ... }:
{ pkgs, config, lib, name, my-projects-versions, ... }:
let
caddy = pkgs.callPackage ./caddy-build.nix {
@ -11,6 +11,15 @@ let
];
vendorHash = "sha256-KP9bYitM/Pocw4DxOXPVBigWh4IykNf8yKJiBlTFZmI=";
};
website = import (fetchTarball "https://github.com/Noratrieb/website/archive/${my-projects-versions.website}.tar.gz");
blog = fetchTarball "https://github.com/Noratrieb/blog/archive/${my-projects-versions.blog}.tar.gz";
slides = fetchTarball "https://github.com/Noratrieb/slides/archive/${my-projects-versions.slides}.tar.gz";
website-build = website { inherit pkgs slides blog; };
hugo-chat-client = fetchTarball {
url =
"https://github.com/C0RR1T/HugoChat/releases/download/2024-08-05/hugo-client.tar.xz";
sha256 = "sha256:121ai8q6bm7gp0pl1ajfk0k2nrfg05zid61i20z0j5gpb2qyhsib";
};
in
{
environment.systemPackages = [ caddy ];
@ -34,56 +43,79 @@ in
services.caddy = {
enable = true;
package = caddy;
logFormat = ''
output stdout
format json
'';
globalConfig = ''
email noratrieb@proton.me
auto_https disable_redirects
storage s3 {
host "localhost:3900"
bucket "caddy-store"
# access_id ENV S3_ACCESS_ID
# secret_key ENV S3_SECRET_KEY
insecure true
}
servers {
metrics
}
'';
virtualHosts = {
"http://" = {
logFormat = "";
extraConfig = ''
respond "This is an HTTPS-only server, silly you. Go to https:// instead." 418
'';
};
":9010" = {
logFormat = "output discard";
extraConfig = ''
metrics /metrics
'';
};
"${name}.infra.noratrieb.dev" = {
logFormat = "";
extraConfig = ''
encode zstd gzip
header -Last-Modified
root * ${import ./caddy-static-prepare {
name = "debugging-page";
src = ./debugging-page;
inherit pkgs lib;
}}
file_server {
etag_file_extensions .sha256
precompressed zstd gzip br
configFile = pkgs.writeTextFile {
name = "Caddyfile";
text = (
builtins.readFile ./base.Caddyfile +
''
${config.networking.hostName}.infra.noratrieb.dev {
log
encode zstd gzip
header -Last-Modified
root * ${import ./caddy-static-prepare {
name = "debugging-page";
src = ./debugging-page;
inherit pkgs lib;
}}
file_server {
etag_file_extensions .sha256
precompressed zstd gzip br
}
}
'';
};
${
if name == "vps1" || name == "vps3" || name == "vps4" then ''
noratrieb.dev {
log
encode zstd gzip
header -Last-Modified
root * ${import ./caddy-static-prepare {
name = "website";
src = website-build;
inherit pkgs lib;
}}
file_server {
etag_file_extensions .sha256
precompressed zstd gzip br
}
}
files.noratrieb.dev {
log
encode zstd gzip
reverse_proxy * localhost:3902
}
'' else ""
}
${if name == "vps1" then ''
hugo-chat.noratrieb.dev {
log
encode zstd gzip
root * ${import ./caddy-static-prepare {
name = "hugo-chat-client";
src = hugo-chat-client;
inherit pkgs lib;
}}
try_files {path} /index.html
file_server {
etag_file_extensions .sha256
precompressed zstd gzip br
}
}
'' else ""}
${
if name == "vps1" || name == "vps3" || name == "vps4" then
builtins.readFile ./${name}.Caddyfile else ""
}
''
);
checkPhase = ''
${lib.getExe caddy} --version
${lib.getExe caddy} validate --adapter=caddyfile --config=$out
'';
};
};
}

111
nix/modules/caddy/vps1.Caddyfile Normal file
View file

@ -0,0 +1,111 @@
www.noratrieb.dev {
log
redir https://noratrieb.dev{uri} permanent
}
api.hugo-chat.noratrieb.dev {
log
import cors https://hugo-chat.noratrieb.dev "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type"
encode zstd gzip
reverse_proxy * localhost:5001
}
docker.noratrieb.dev {
log
reverse_proxy * localhost:5000
}
git.noratrieb.dev {
log
encode zstd gzip
reverse_proxy * localhost:5015
}
olat.noratrieb.dev {
log
encode zstd gzip
reverse_proxy * localhost:5011
}
# unsure if necessary... something was misconfigured in the past here...
olat.noratrieb.dev:8088 {
log
encode zstd gzip
reverse_proxy * localhost:5011
}
upload.files.noratrieb.dev {
log
encode zstd gzip
# we need HTTP/2 here because the server doesn't work with HTTP/1.1
# because it will send early 401 responses during the upload without consuming the body
reverse_proxy * h2c://localhost:3050
}
################################################################
# retired
bisect-rustc.noratrieb.dev {
log
redir https://github.com/Noratrieb/cargo-bisect-rustc-service?tab=readme-ov-file#cargo-bisect-rustc-service
}
uptime.noratrieb.dev {
log
redir https://github.com/Noratrieb/uptime?tab=readme-ov-file#uptime
}
blog.noratrieb.dev {
log
redir https://noratrieb.dev/blog{uri} permanent
}
nilstrieb.dev {
log
redir https://noratrieb.dev{uri} permanent
}
www.nilstrieb.dev {
log
redir https://noratrieb.dev{uri} permanent
}
blog.nilstrieb.dev {
log
redir https://noratrieb.dev/blog{uri} permanent
}
bisect-rustc.nilstrieb.dev {
log
redir https://bisect-rustc.noratrieb.dev/blog{uri} permanent
}
docker.nilstrieb.dev {
log
redir https://docker.noratrieb.dev{uri} permanent
}
hugo-chat.nilstrieb.dev {
log
redir https://hugo-chat.noratrieb.dev{uri} permanent
}
api.hugo-chat.nilstrieb.dev {
log
redir https://api.hugo-chat.noratrieb.dev{uri} permanent
}
uptime.nilstrieb.dev {
log
redir https://uptime.noratrieb.dev{uri} permanent
}
olat.nilstrieb.dev {
log
redir https://olat.noratrieb.dev{uri} permanent
}
olat.nilstrieb.dev:8088 {
log
redir https://olat.noratrieb.dev{uri} permanent
}

5
nix/modules/caddy/vps3.Caddyfile Normal file
View file

@ -0,0 +1,5 @@
grafana.noratrieb.dev {
log
encode zstd gzip
reverse_proxy * localhost:3000
}

5
nix/modules/caddy/vps4.Caddyfile Normal file
View file

@ -0,0 +1,5 @@
does-it-build.noratrieb.dev {
log
encode zstd gzip
reverse_proxy * localhost:3000
}

12
nix/modules/default/default.nix
View file

@ -1,15 +1,11 @@
{ pkgs, lib, name, my-projects-versions, networkingConfig, nixpkgs-path, ... }:
let
pretense = import (pkgs.fetchFromGitHub my-projects-versions.pretense.fetchFromGitHub);
quotdd = import (pkgs.fetchFromGitHub my-projects-versions.quotdd.fetchFromGitHub);
pretense = import (fetchTarball "https://github.com/Noratrieb/pretense/archive/${my-projects-versions.pretense}.tar.gz");
quotdd = import (fetchTarball "https://github.com/Noratrieb/quotdd/archive/${my-projects-versions.quotdd}.tar.gz");
in
{
deployment.targetHost = "${name}.infra.noratrieb.dev";
networking.hosts = {
"${networkingConfig.vps3.wg.privateIP}" = [ "loki.internal" "pyroscope.internal" "prometheus.internal" ];
};
imports = [
"${builtins.fetchTarball "https://github.com/ryantm/agenix/archive/de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6.tar.gz"}/modules/age.nix" # main 2024-07-26
];
@ -130,7 +126,7 @@ in
};
clients = [
{
url = "http://loki.internal:3100/loki/api/v1/push";
url = "http://vps3.local:3100/loki/api/v1/push";
}
];
scrape_configs = [
@ -221,7 +217,7 @@ in
pyroscope.write "endpoint" {
endpoint {
url = "http://pyroscope.internal:4040"
url = "http://vps3.local:4040"
}
external_labels = {
"instance" = env("HOSTNAME"),

4
nix/modules/garage/default.nix
View file

@ -35,12 +35,12 @@ in
s3_api = {
s3_region = "garage";
api_bind_addr = "[::]:3900";
root_domain = ".s3.garage.internal";
root_domain = ".s3.garage.localhost";
};
s3_web = {
bind_addr = "[::]:3902";
root_domain = ".web.garage.internal";
root_domain = ".web.garage.localhost";
index = "index.html";
};

15
nix/modules/prometheus/default.nix
View file

@ -18,6 +18,7 @@
{
job_name = "cadvisor";
static_configs = [{ targets = map (name: "${name}.local:8080") (builtins.attrNames networkingConfig); }];
}
{
job_name = "systemd";
@ -70,7 +71,7 @@
name = "Prometheus";
type = "prometheus";
access = "proxy";
url = "http://prometheus.internal:9090";
url = "http://vps3.local:9090";
jsonData = {
httpMethod = "POST";
prometheusType = "Prometheus";
@ -80,27 +81,19 @@
name = "loki";
type = "loki";
access = "proxy";
url = "http://loki.internal:3100";
url = "http://vps3.local:3100";
}
{
name = "pyroscope";
type = "grafana-pyroscope-datasource";
access = "proxy";
url = "http://pyroscope.internal:4040";
url = "http://vps3.local:4040";
}
];
};
};
};
services.caddy.virtualHosts."grafana.noratrieb.dev" = {
logFormat = "";
extraConfig = ''
encode zstd gzip
reverse_proxy * localhost:3000
'';
};
networking.firewall.interfaces.wg0.allowedTCPPorts = [
config.services.loki.configuration.server.http_listen_port
4040 # pyroscope

7
nix/modules/registry/default.nix
View file

@ -60,11 +60,4 @@
};
};
};
services.caddy.virtualHosts."docker.noratrieb.dev" = {
logFormat = "";
extraConfig = ''
reverse_proxy * localhost:5000
'';
};
}

2
nix/modules/wg-mesh/default.nix
View file

@ -9,7 +9,7 @@ in
let
hostsEntries = map
(host:
let hostConfig = networkingConfig."${host}"; in
let hostConfig = builtins.getAttr host networkingConfig; in
if builtins.hasAttr "wg" hostConfig then {
name = hostConfig.wg.privateIP;
value = [ "${host}.local" ];

90
nix/my-projects.json
View file

@ -1,83 +1,11 @@
{
"website": {
"commit": "57c4a239da5d17eafde4ade165f3c6706639a9b4",
"fetchFromGitHub": {
"owner": "Noratrieb",
"repo": "website",
"rev": "57c4a239da5d17eafde4ade165f3c6706639a9b4",
"hash": "sha256-or6mCQjbc7tWAzzAKQpznZv+2vWJMhyzqxBPwRE2HKw="
}
},
"blog": {
"commit": "ea2758dd10f29e8d66ca3f54d7303f2ac20005d2",
"fetchFromGitHub": {
"owner": "Noratrieb",
"repo": "blog",
"rev": "ea2758dd10f29e8d66ca3f54d7303f2ac20005d2",
"hash": "sha256-LvQ41eJzOvI7mLYDTvlFwGZ2TKrZO26rasydqnEZ/t4="
}
},
"slides": {
"commit": "0401f35c22b124b69447655f0c537badae9e223c",
"fetchFromGitHub": {
"owner": "Noratrieb",
"repo": "slides",
"rev": "0401f35c22b124b69447655f0c537badae9e223c",
"hash": "sha256-K1Me4wf/GSfoc1PGWVJygPyTVV8SXienxUrzXkdCrjQ="
}
},
"pretense": {
"commit": "270b01fc1118dfd713c1c41530d1a7d98f04527d",
"fetchFromGitHub": {
"owner": "Noratrieb",
"repo": "pretense",
"rev": "270b01fc1118dfd713c1c41530d1a7d98f04527d",
"hash": "sha256-76ixjjrZ2xFz3uy92LHT4zbeNvab2f4J9C46MDVr+xQ="
}
},
"quotdd": {
"commit": "e922229e1d9e055be35dabd112bafc87a0686548",
"fetchFromGitHub": {
"owner": "Noratrieb",
"repo": "quotdd",
"rev": "e922229e1d9e055be35dabd112bafc87a0686548",
"hash": "sha256-LhTrUDAZDIVyggaO1deFjoC13M6aktzV3QINY01ThfY="
}
},
"does-it-build": {
"commit": "81790825173d87f89656f66f12a123bc99e2f6f1",
"fetchFromGitHub": {
"owner": "Noratrieb",
"repo": "does-it-build",
"rev": "81790825173d87f89656f66f12a123bc99e2f6f1",
"hash": "sha256-MCgGDd7Sg+BiG8L20Bbz8bHMB/Xuc1ztOVwv/b37BnQ="
}
},
"upload.files.noratrieb.dev": {
"commit": "9f31fe53f040f73edbbdc8afcc9bd3cdbc1cd8ab",
"fetchFromGitHub": {
"owner": "Noratrieb",
"repo": "upload.files.noratrieb.dev",
"rev": "9f31fe53f040f73edbbdc8afcc9bd3cdbc1cd8ab",
"hash": "sha256-IQug0slBlMpHTqrj/SlJKPWCMijSka+s33HDeMf8rd0="
}
},
"cluelessh": {
"commit": "c711cd405da4b7951e554577d09c9576bedf7970",
"fetchFromGitHub": {
"owner": "Noratrieb",
"repo": "cluelessh",
"rev": "c711cd405da4b7951e554577d09c9576bedf7970",
"hash": "sha256-UTo5RUda/AcwGiPEeeliuA78TVMJzvBhhXs4Fr2+BGg="
}
},
"widetom": {
"commit": "33d1738799618d72fe2b86896f766cbfea58dc76",
"fetchFromGitHub": {
"owner": "Noratrieb",
"repo": "widetom",
"rev": "33d1738799618d72fe2b86896f766cbfea58dc76",
"hash": "sha256-lSjlDozwKRLF62jsDaWo+8+rcQdeEgurEnuw00hk3o8="
}
}
"website": "57c4a239da5d17eafde4ade165f3c6706639a9b4",
"blog": "ea2758dd10f29e8d66ca3f54d7303f2ac20005d2",
"slides": "0401f35c22b124b69447655f0c537badae9e223c",
"pretense": "270b01fc1118dfd713c1c41530d1a7d98f04527d",
"quotdd": "e922229e1d9e055be35dabd112bafc87a0686548",
"does-it-build": "81790825173d87f89656f66f12a123bc99e2f6f1",
"upload.files.noratrieb.dev": "0124fa5ba5446cb463fb6b3c4f52e7e6b84e5077",
"cluelessh": "c711cd405da4b7951e554577d09c9576bedf7970",
"widetom": "33d1738799618d72fe2b86896f766cbfea58dc76"
}

13
nix/packages/caddy-static-prepare/default.nix
View file

@ -1,13 +0,0 @@
{ pkgs, lib, name, src ? null, ... }: pkgs.stdenv.mkDerivation {
inherit name src;
buildInputs = with pkgs; [ python311 python311Packages.zstandard python311Packages.brotli ];
buildPhase = ''
mkdir -p $out
cp -r $src/* $out/
chmod -R +w $out
${lib.getExe pkgs.python311} ${./prepare.py} $out
chmod -R -w $out
'';
}

60
nix/packages/caddy-static-prepare/prepare.py
View file

@ -1,60 +0,0 @@
import os
import sys
import gzip
import brotli
import zstandard
import hashlib
def usage():
print("usage: prepare.py [SRC]")
def write_etag(path, content):
shasum = hashlib.sha256(content)
etag_path = path+".sha256"
with open(etag_path, "w") as f:
print(f"Writing ETag {etag_path}")
f.write(f'"{shasum.hexdigest()}"')
def main():
if len(sys.argv) < 2:
usage()
exit(1)
src_dir = sys.argv[1]
for root, dirs, files in os.walk(src_dir):
for file in files:
path = os.path.join(root, file)
# Ignore etags
if path.endswith(".sha256") or path.endswith(".b3sum"):
continue
# Ignore already compressed files
if path.endswith(".gz") or path.endswith(".zst") or path.endswith(".br"):
continue
with open(path, "rb") as f:
content = f.read()
compressions = [
(".gz", gzip),
(".zst", zstandard),
(".br", brotli),
]
for ext, alg in compressions:
new_path = path+ext
with open(new_path, "wb") as out:
print(f"Writing {new_path}")
compressed = alg.compress(content)
out.write(compressed)
write_etag(new_path, compressed)
write_etag(path, content)
if __name__ == "__main__":
main()

32
nix/update-my-projects.mjs
View file

@ -1,28 +1,11 @@
import fs from "node:fs/promises";
import child_process from "node:child_process";
const fetchHash = (url) => {
const res = child_process.execFileSync("nix", [
"store",
"prefetch-file",
"--unpack",
"--hash-type",
"sha256",
"--json",
url,
]);
const out = new TextDecoder().decode(res).trim();
const { hash } = JSON.parse(out);
return hash;
};
const path = `${import.meta.dirname}/my-projects.json`;
const projects = JSON.parse(await fs.readFile(path));
let hasChanges = false;
for (const [name, state] of Object.entries(projects)) {
const { commit } = state;
for (const [name, commit] of Object.entries(projects)) {
const res = await fetch(
`https://api.github.com/repos/Noratrieb/${name}/commits/HEAD`
);
@ -38,18 +21,7 @@ for (const [name, state] of Object.entries(projects)) {
console.log(
`${name} changed from ${commit} -> ${latestCommit} (${body.commit.message})`
);
const url = `https://github.com/Noratrieb/${name}/archive/${latestCommit}.tar.gz`;
projects[name] = {
commit: latestCommit,
fetchFromGitHub: {
owner: "Noratrieb",
repo: name,
rev: latestCommit,
hash: fetchHash(url),
},
};
projects[name] = latestCommit;
hasChanges = true;
}
}

9
shell.nix
View file

@ -12,13 +12,6 @@
python311Packages.zstandard
python311Packages.brotli
nodejs
(import
(pkgs.fetchFromGitHub {
owner = "ryantm";
repo = "agenix";
rev = "531beac616433bac6f9e2a19feb8e99a22a66baf";
hash = "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=";
})
{ }).agenix
(import (builtins.fetchTarball "https://github.com/ryantm/agenix/archive/531beac616433bac6f9e2a19feb8e99a22a66baf.tar.gz") { }).agenix
];
}