julien.rbrt.fr / tangled-core
forked from tangled.org/core
Monorepo for Tangled — https://tangled.org
fork atom
tangled-core / flake.nix
at 6e7c39fb1a5cfee8315bece42bfc93f6e4fe523a 11 kB view raw
1{ 2 description = "atproto github"; 3 4 inputs = { 5 nixpkgs.url = "github:nixos/nixpkgs"; 6 indigo = { 7 url = "github:oppiliappan/indigo"; 8 flake = false; 9 }; 10 htmx-src = { 11 url = "https://unpkg.com/htmx.org@2.0.4/dist/htmx.min.js"; 12 flake = false; 13 }; 14 lucide-src = { 15 url = "https://unpkg.com/lucide@latest"; 16 flake = false; 17 }; 18 ia-fonts-src = { 19 url = "github:iaolo/iA-Fonts"; 20 flake = false; 21 }; 22 gitignore = { 23 url = "github:hercules-ci/gitignore.nix"; 24 inputs.nixpkgs.follows = "nixpkgs"; 25 }; 26 }; 27 28 outputs = { 29 self, 30 nixpkgs, 31 indigo, 32 htmx-src, 33 lucide-src, 34 gitignore, 35 ia-fonts-src, 36 }: let 37 supportedSystems = ["x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin"]; 38 forAllSystems = nixpkgs.lib.genAttrs supportedSystems; 39 nixpkgsFor = forAllSystems (system: 40 import nixpkgs { 41 inherit system; 42 overlays = [self.overlays.default]; 43 }); 44 inherit (gitignore.lib) gitignoreSource; 45 in { 46 overlays.default = final: prev: let 47 goModHash = "sha256-tBhwRT3qnTHoAyasYIDwr9+3V+c7VLPY2LJ6A25l1gA="; 48 buildCmdPackage = name: 49 final.buildGoModule { 50 pname = name; 51 version = "0.1.0"; 52 src = gitignoreSource ./.; 53 subPackages = ["cmd/${name}"]; 54 vendorHash = goModHash; 55 env.CGO_ENABLED = 0; 56 }; 57 in { 58 indigo-lexgen = with final; 59 final.buildGoModule { 60 pname = "indigo-lexgen"; 61 version = "0.1.0"; 62 src = indigo; 63 subPackages = ["cmd/lexgen"]; 64 vendorHash = "sha256-pGc29fgJFq8LP7n/pY1cv6ExZl88PAeFqIbFEhB3xXs="; 65 doCheck = false; 66 }; 67 68 appview = with final; 69 final.pkgsStatic.buildGoModule { 70 pname = "appview"; 71 version = "0.1.0"; 72 src = gitignoreSource ./.; 73 postUnpack = '' 74 pushd source 75 cp -f ${htmx-src} appview/pages/static/htmx.min.js 76 cp -f ${lucide-src} appview/pages/static/lucide.min.js 77 mkdir -p appview/pages/static/fonts 78 cp -f ${ia-fonts-src}/"iA Writer Quattro"/Static/*.ttf appview/pages/static/fonts/ 79 cp -f ${ia-fonts-src}/"iA Writer Mono"/Static/*.ttf appview/pages/static/fonts/ 80 ${pkgs.tailwindcss}/bin/tailwindcss -i input.css -o appview/pages/static/tw.css 81 popd 82 ''; 83 doCheck = false; 84 subPackages = ["cmd/appview"]; 85 vendorHash = goModHash; 86 env.CGO_ENABLED = 1; 87 stdenv = pkgsStatic.stdenv; 88 }; 89 90 knotserver = with final; 91 final.pkgsStatic.buildGoModule { 92 pname = "knotserver"; 93 version = "0.1.0"; 94 src = gitignoreSource ./.; 95 subPackages = ["cmd/knotserver"]; 96 vendorHash = goModHash; 97 env.CGO_ENABLED = 1; 98 }; 99 repoguard = buildCmdPackage "repoguard"; 100 keyfetch = buildCmdPackage "keyfetch"; 101 }; 102 packages = forAllSystems (system: { 103 inherit (nixpkgsFor."${system}") indigo-lexgen appview knotserver repoguard keyfetch; 104 }); 105 defaultPackage = forAllSystems (system: nixpkgsFor.${system}.appview); 106 formatter = forAllSystems (system: nixpkgsFor."${system}".alejandra); 107 devShells = forAllSystems (system: let 108 pkgs = nixpkgsFor.${system}; 109 staticShell = pkgs.mkShell.override { 110 stdenv = pkgs.pkgsStatic.stdenv; 111 }; 112 in { 113 default = staticShell { 114 nativeBuildInputs = [ 115 pkgs.go 116 pkgs.air 117 pkgs.gopls 118 pkgs.httpie 119 pkgs.indigo-lexgen 120 pkgs.litecli 121 pkgs.websocat 122 pkgs.tailwindcss 123 pkgs.nixos-shell 124 ]; 125 shellHook = '' 126 cp -f ${htmx-src} appview/pages/static/htmx.min.js 127 cp -f ${lucide-src} appview/pages/static/lucide.min.js 128 cp -f ${ia-fonts-src}/"iA Writer Quattro"/Static/*.ttf appview/pages/static/fonts/ 129 cp -f ${ia-fonts-src}/"iA Writer Mono"/Static/*.ttf appview/pages/static/fonts/ 130 ''; 131 }; 132 }); 133 apps = forAllSystems (system: let 134 pkgs = nixpkgsFor."${system}"; 135 air-watcher = name: 136 pkgs.writeShellScriptBin "run" 137 '' 138 ${pkgs.air}/bin/air -c /dev/null \ 139 -build.cmd "${pkgs.tailwindcss}/bin/tailwindcss -i input.css -o ./appview/pages/static/tw.css && ${pkgs.go}/bin/go build -o ./out/${name}.out ./cmd/${name}/main.go" \ 140 -build.bin "./out/${name}.out" \ 141 -build.include_ext "go,html,css" 142 ''; 143 in { 144 watch-appview = { 145 type = "app"; 146 program = ''${air-watcher "appview"}/bin/run''; 147 }; 148 watch-knotserver = { 149 type = "app"; 150 program = ''${air-watcher "knotserver"}/bin/run''; 151 }; 152 }); 153 154 nixosModules.appview = { 155 config, 156 pkgs, 157 lib, 158 ... 159 }: 160 with lib; { 161 options = { 162 services.tangled-appview = { 163 enable = mkOption { 164 type = types.bool; 165 default = false; 166 description = "Enable tangled appview"; 167 }; 168 port = mkOption { 169 type = types.int; 170 default = 3000; 171 description = "Port to run the appview on"; 172 }; 173 cookie_secret = mkOption { 174 type = types.str; 175 default = "00000000000000000000000000000000"; 176 description = "Cookie secret"; 177 }; 178 }; 179 }; 180 181 config = mkIf config.services.tangled-appview.enable { 182 nixpkgs.overlays = [self.overlays.default]; 183 systemd.services.tangled-appview = { 184 description = "tangled appview service"; 185 wantedBy = ["multi-user.target"]; 186 187 serviceConfig = { 188 ListenStream = "0.0.0.0:${toString config.services.tangled-appview.port}"; 189 ExecStart = "${pkgs.tangled-appview}/bin/tangled-appview"; 190 Restart = "always"; 191 }; 192 193 environment = { 194 TANGLED_DB_PATH = "appview.db"; 195 TANGLED_COOKIE_SECRET = config.services.tangled-appview.cookie_secret; 196 }; 197 }; 198 }; 199 }; 200 201 nixosModules.knotserver = { 202 config, 203 pkgs, 204 lib, 205 ... 206 }: 207 with lib; { 208 options = { 209 services.tangled-knotserver = { 210 enable = mkOption { 211 type = types.bool; 212 default = false; 213 description = "Enable a tangled knotserver"; 214 }; 215 216 appviewEndpoint = mkOption { 217 type = types.str; 218 default = "https://tangled.sh"; 219 description = "Appview endpoint"; 220 }; 221 222 gitUser = mkOption { 223 type = types.str; 224 default = "git"; 225 description = "User that hosts git repos and performs git operations"; 226 }; 227 228 repo = { 229 scanPath = mkOption { 230 type = types.path; 231 default = "/home/git"; 232 description = "Path where repositories are scanned from"; 233 }; 234 235 mainBranch = mkOption { 236 type = types.str; 237 default = "main"; 238 description = "Default branch name for repositories"; 239 }; 240 }; 241 242 server = { 243 listenAddr = mkOption { 244 type = types.str; 245 default = "0.0.0.0:5555"; 246 description = "Address to listen on"; 247 }; 248 249 internalListenAddr = mkOption { 250 type = types.str; 251 default = "127.0.0.1:5444"; 252 description = "Internal address for inter-service communication"; 253 }; 254 255 secret = mkOption { 256 type = types.str; 257 example = "super-secret-key"; 258 description = "Secret key provided by appview (required)"; 259 }; 260 261 dbPath = mkOption { 262 type = types.path; 263 default = "knotserver.db"; 264 description = "Path to the database file"; 265 }; 266 267 hostname = mkOption { 268 type = types.str; 269 example = "knot.tangled.sh"; 270 description = "Hostname for the server (required)"; 271 }; 272 273 dev = mkOption { 274 type = types.bool; 275 default = false; 276 description = "Enable development mode (disables signature verification)"; 277 }; 278 }; 279 }; 280 }; 281 282 config = mkIf config.services.tangled-knotserver.enable { 283 nixpkgs.overlays = [self.overlays.default]; 284 285 environment.systemPackages = with pkgs; [ 286 git 287 ]; 288 289 users.users.git = { 290 isSystemUser = true; 291 home = "/home/git"; 292 createHome = true; 293 shell = "${pkgs.shadow}/bin/nologin"; 294 uid = 1000; 295 group = "git"; 296 extraGroups = ["sudo"]; 297 }; 298 299 users.groups.git = {}; 300 301 services.openssh = { 302 enable = true; 303 extraConfig = '' 304 Match User git 305 AuthorizedKeysCommand ${pkgs.keyfetch}/bin/keyfetch -repoguard-path ${pkgs.repoguard}/bin/repoguard -log-path /home/git/repoguard.log 306 AuthorizedKeysCommandUser nobody 307 ''; 308 }; 309 310 systemd.services.knotserver = { 311 description = "knotserver service"; 312 after = ["network.target" "sshd.service"]; 313 wantedBy = ["multi-user.target"]; 314 serviceConfig = { 315 User = "git"; 316 WorkingDirectory = "/home/git"; 317 Environment = [ 318 "KNOT_REPO_SCAN_PATH=${config.services.tangled-knotserver.repo.scanPath}" 319 "APPVIEW_ENDPOINT=${config.services.tangled-knotserver.appviewEndpoint}" 320 "KNOT_SERVER_INTERNAL_LISTEN_ADDR=${config.services.tangled-knotserver.server.internalListenAddr}" 321 "KNOT_SERVER_LISTEN_ADDR=${config.services.tangled-knotserver.server.listenAddr}" 322 "KNOT_SERVER_SECRET=${config.services.tangled-knotserver.server.secret}" 323 "KNOT_SERVER_HOSTNAME=${config.services.tangled-knotserver.server.hostname}" 324 ]; 325 ExecStart = "${pkgs.knotserver}/bin/knotserver"; 326 Restart = "always"; 327 }; 328 }; 329 330 networking.firewall.allowedTCPPorts = [22]; 331 }; 332 }; 333 334 nixosConfigurations.knotVM = nixpkgs.lib.nixosSystem { 335 system = "x86_64-linux"; 336 modules = [ 337 self.nixosModules.knotserver 338 ({ 339 config, 340 pkgs, 341 ... 342 }: { 343 virtualisation.memorySize = 2048; 344 virtualisation.cores = 2; 345 services.getty.autologinUser = "root"; 346 environment.systemPackages = with pkgs; [curl vim git]; 347 services.tangled-knotserver = { 348 enable = true; 349 server = { 350 secret = "21c9c8b2a405bcfb14694481e32bab09d842c2f4cc0437906b68015d32f15b97"; 351 hostname = "localhost:6000"; 352 listenAddr = "0.0.0.0:6000"; 353 }; 354 }; 355 }) 356 ]; 357 }; 358 }; 359}