Noratrieb/vps
1
0
Fork 0
mirror of https://github.com/Noratrieb/vps.git synced 2026-01-14 08:45:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
vps/nix/apps/does-it-build/default.nix
Noratrieb bd9d44526a update does-it-build
2025-11-10 21:16:29 +01:00

71 lines
2.3 KiB
Nix
Raw Blame History

{ pkgs, lib, config, my-projects-versions, ... }:
let
does-it-build-base = (import (pkgs.fetchFromGitHub my-projects-versions.does-it-build.fetchFromGitHub)) { inherit pkgs; };
does-it-build = does-it-build-base.overrideAttrs (finalAttrs: previousAttrs: {
DOES_IT_BUILD_OVERRIDE_VERSION = my-projects-versions.does-it-build.commit;
RUSTFLAGS = "-Cforce-frame-pointers=true";
});
in
{
age.secrets.does_it_build_private_key.file = ../../secrets/does_it_build_private_key.age;
services.caddy.virtualHosts = {
"does-it-build.noratrieb.dev" = {
logFormat = "";
extraConfig = ''
@blocked {
header User-Agent *SemrushBot*
header User-Agent *AhrefsBot*
header User-Agent *Amazonbot*
header User-Agent *openai.com*
}
respond @blocked "get fucked" 418
encode zstd gzip
reverse_proxy * localhost:3000
'';
};
};
systemd.services.does-it-build = {
description = "https://github.com/Noratrieb/does-it-build";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
path = with pkgs; [ rustup gcc bash ];
serviceConfig = {
User = "does-it-build";
Group = "does-it-build";
ExecStart = "${lib.getExe' (does-it-build) "does-it-build" }";
Environment = [
"DB_PATH=/var/lib/does-it-build/db.sqlite"
"GITHUB_SEND_PINGS=1"
"GITHUB_OWNER=Noratrieb"
"GITHUB_REPO=does-it-build-notifications"
"GITHUB_APP_ID=2263995" # https://github.com/settings/apps/does-it-build
];
# GITHUB_APP_PRIVATE_KEY=-----BEGIN RSA PRIVATE KEY-----...
EnvironmentFile = [ config.age.secrets.does_it_build_private_key.path ];
};
};
services.custom-backup-restic.jobs = [{
app = "does-it-build";
path = "/var/lib/does-it-build/db.sqlite";
}];
users.users.does-it-build = {
isSystemUser = true;
home = "/var/lib/does-it-build";
description = "does-it-build builder account";
group = "does-it-build";
};
users.groups.does-it-build = { };
# TODO: i feel like there's gotta be a better way to do the chown..
system.activationScripts.makeDoesItBuildDir = lib.stringAfter [ "var" ] ''
mkdir -p /var/lib/does-it-build/
chown does-it-build:does-it-build /var/lib/does-it-build/
'';
}
Reference in a new issue View git blame Copy permalink