kot.pink / core
forked from tangled.org/core
Monorepo for Tangled — https://tangled.org
fork atom
core / flake.nix
at add-migrations 12 kB view raw
1{ 2 description = "atproto github"; 3 4 inputs = { 5 nixpkgs.url = "github:nixos/nixpkgs"; 6 indigo = { 7 url = "github:oppiliappan/indigo"; 8 flake = false; 9 }; 10 htmx-src = { 11 url = "https://unpkg.com/htmx.org@2.0.4/dist/htmx.min.js"; 12 flake = false; 13 }; 14 lucide-src = { 15 url = "https://unpkg.com/lucide@latest"; 16 flake = false; 17 }; 18 ia-fonts-src = { 19 url = "github:iaolo/iA-Fonts"; 20 flake = false; 21 }; 22 gitignore = { 23 url = "github:hercules-ci/gitignore.nix"; 24 inputs.nixpkgs.follows = "nixpkgs"; 25 }; 26 }; 27 28 outputs = { 29 self, 30 nixpkgs, 31 indigo, 32 htmx-src, 33 lucide-src, 34 gitignore, 35 ia-fonts-src, 36 }: let 37 supportedSystems = ["x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin"]; 38 forAllSystems = nixpkgs.lib.genAttrs supportedSystems; 39 nixpkgsFor = forAllSystems (system: 40 import nixpkgs { 41 inherit system; 42 overlays = [self.overlays.default]; 43 }); 44 inherit (gitignore.lib) gitignoreSource; 45 in { 46 overlays.default = final: prev: let 47 goModHash = "sha256-k+WeNx9jZ5YGgskCJYiU2mwyz25E0bhFgSg2GDWZXFw="; 48 buildCmdPackage = name: 49 final.buildGoModule { 50 pname = name; 51 version = "0.1.0"; 52 src = gitignoreSource ./.; 53 subPackages = ["cmd/${name}"]; 54 vendorHash = goModHash; 55 env.CGO_ENABLED = 0; 56 }; 57 in { 58 indigo-lexgen = with final; 59 final.buildGoModule { 60 pname = "indigo-lexgen"; 61 version = "0.1.0"; 62 src = indigo; 63 subPackages = ["cmd/lexgen"]; 64 vendorHash = "sha256-pGc29fgJFq8LP7n/pY1cv6ExZl88PAeFqIbFEhB3xXs="; 65 doCheck = false; 66 }; 67 68 appview = with final; 69 final.pkgsStatic.buildGoModule { 70 pname = "appview"; 71 version = "0.1.0"; 72 src = gitignoreSource ./.; 73 postUnpack = '' 74 pushd source 75 cp -f ${htmx-src} appview/pages/static/htmx.min.js 76 cp -f ${lucide-src} appview/pages/static/lucide.min.js 77 mkdir -p appview/pages/static/fonts 78 cp -f ${ia-fonts-src}/"iA Writer Quattro"/Static/*.ttf appview/pages/static/fonts/ 79 cp -f ${ia-fonts-src}/"iA Writer Mono"/Static/*.ttf appview/pages/static/fonts/ 80 ${pkgs.tailwindcss}/bin/tailwindcss -i input.css -o appview/pages/static/tw.css 81 popd 82 ''; 83 doCheck = false; 84 subPackages = ["cmd/appview"]; 85 vendorHash = goModHash; 86 env.CGO_ENABLED = 1; 87 stdenv = pkgsStatic.stdenv; 88 }; 89 90 knotserver = with final; 91 final.pkgsStatic.buildGoModule { 92 pname = "knotserver"; 93 version = "0.1.0"; 94 src = gitignoreSource ./.; 95 nativeBuildInputs = [ final.makeWrapper ]; 96 subPackages = ["cmd/knotserver"]; 97 vendorHash = goModHash; 98 installPhase = '' 99 runHook preInstall 100 101 mkdir -p $out/bin 102 cp $GOPATH/bin/knotserver $out/bin/knotserver 103 104 wrapProgram $out/bin/knotserver \ 105 --prefix PATH : ${pkgs.git}/bin 106 107 runHook postInstall 108 ''; 109 env.CGO_ENABLED = 1; 110 }; 111 repoguard = buildCmdPackage "repoguard"; 112 keyfetch = buildCmdPackage "keyfetch"; 113 }; 114 packages = forAllSystems (system: { 115 inherit (nixpkgsFor."${system}") indigo-lexgen appview knotserver repoguard keyfetch; 116 }); 117 defaultPackage = forAllSystems (system: nixpkgsFor.${system}.appview); 118 formatter = forAllSystems (system: nixpkgsFor."${system}".alejandra); 119 devShells = forAllSystems (system: let 120 pkgs = nixpkgsFor.${system}; 121 staticShell = pkgs.mkShell.override { 122 stdenv = pkgs.pkgsStatic.stdenv; 123 }; 124 in { 125 default = staticShell { 126 nativeBuildInputs = [ 127 pkgs.go 128 pkgs.air 129 pkgs.gopls 130 pkgs.httpie 131 pkgs.indigo-lexgen 132 pkgs.litecli 133 pkgs.websocat 134 pkgs.tailwindcss 135 pkgs.nixos-shell 136 ]; 137 shellHook = '' 138 cp -f ${htmx-src} appview/pages/static/htmx.min.js 139 cp -f ${lucide-src} appview/pages/static/lucide.min.js 140 cp -f ${ia-fonts-src}/"iA Writer Quattro"/Static/*.ttf appview/pages/static/fonts/ 141 cp -f ${ia-fonts-src}/"iA Writer Mono"/Static/*.ttf appview/pages/static/fonts/ 142 ''; 143 }; 144 }); 145 apps = forAllSystems (system: let 146 pkgs = nixpkgsFor."${system}"; 147 air-watcher = name: 148 pkgs.writeShellScriptBin "run" 149 '' 150 ${pkgs.air}/bin/air -c /dev/null \ 151 -build.cmd "${pkgs.tailwindcss}/bin/tailwindcss -i input.css -o ./appview/pages/static/tw.css && ${pkgs.go}/bin/go build -o ./out/${name}.out ./cmd/${name}/main.go" \ 152 -build.bin "./out/${name}.out" \ 153 -build.include_ext "go,html,css" 154 ''; 155 in { 156 watch-appview = { 157 type = "app"; 158 program = ''${air-watcher "appview"}/bin/run''; 159 }; 160 watch-knotserver = { 161 type = "app"; 162 program = ''${air-watcher "knotserver"}/bin/run''; 163 }; 164 }); 165 166 nixosModules.appview = { 167 config, 168 pkgs, 169 lib, 170 ... 171 }: 172 with lib; { 173 options = { 174 services.tangled-appview = { 175 enable = mkOption { 176 type = types.bool; 177 default = false; 178 description = "Enable tangled appview"; 179 }; 180 port = mkOption { 181 type = types.int; 182 default = 3000; 183 description = "Port to run the appview on"; 184 }; 185 cookie_secret = mkOption { 186 type = types.str; 187 default = "00000000000000000000000000000000"; 188 description = "Cookie secret"; 189 }; 190 }; 191 }; 192 193 config = mkIf config.services.tangled-appview.enable { 194 nixpkgs.overlays = [self.overlays.default]; 195 systemd.services.tangled-appview = { 196 description = "tangled appview service"; 197 wantedBy = ["multi-user.target"]; 198 199 serviceConfig = { 200 ListenStream = "0.0.0.0:${toString config.services.tangled-appview.port}"; 201 ExecStart = "${pkgs.tangled-appview}/bin/tangled-appview"; 202 Restart = "always"; 203 }; 204 205 environment = { 206 TANGLED_DB_PATH = "appview.db"; 207 TANGLED_COOKIE_SECRET = config.services.tangled-appview.cookie_secret; 208 }; 209 }; 210 }; 211 }; 212 213 nixosModules.knotserver = { 214 config, 215 pkgs, 216 lib, 217 ... 218 }: 219 with lib; { 220 options = { 221 services.tangled-knotserver = { 222 enable = mkOption { 223 type = types.bool; 224 default = false; 225 description = "Enable a tangled knotserver"; 226 }; 227 228 appviewEndpoint = mkOption { 229 type = types.str; 230 default = "https://tangled.sh"; 231 description = "Appview endpoint"; 232 }; 233 234 gitUser = mkOption { 235 type = types.str; 236 default = "git"; 237 description = "User that hosts git repos and performs git operations"; 238 }; 239 240 repo = { 241 scanPath = mkOption { 242 type = types.path; 243 default = "/home/git"; 244 description = "Path where repositories are scanned from"; 245 }; 246 247 mainBranch = mkOption { 248 type = types.str; 249 default = "main"; 250 description = "Default branch name for repositories"; 251 }; 252 }; 253 254 server = { 255 listenAddr = mkOption { 256 type = types.str; 257 default = "0.0.0.0:5555"; 258 description = "Address to listen on"; 259 }; 260 261 internalListenAddr = mkOption { 262 type = types.str; 263 default = "127.0.0.1:5444"; 264 description = "Internal address for inter-service communication"; 265 }; 266 267 secret = mkOption { 268 type = types.str; 269 example = "super-secret-key"; 270 description = "Secret key provided by appview (required)"; 271 }; 272 273 dbPath = mkOption { 274 type = types.path; 275 default = "knotserver.db"; 276 description = "Path to the database file"; 277 }; 278 279 hostname = mkOption { 280 type = types.str; 281 example = "knot.tangled.sh"; 282 description = "Hostname for the server (required)"; 283 }; 284 285 dev = mkOption { 286 type = types.bool; 287 default = false; 288 description = "Enable development mode (disables signature verification)"; 289 }; 290 }; 291 }; 292 }; 293 294 config = mkIf config.services.tangled-knotserver.enable { 295 nixpkgs.overlays = [self.overlays.default]; 296 297 environment.systemPackages = with pkgs; [ git ]; 298 299 users.users.git = { 300 isNormalUser = true; 301 home = "/home/git"; 302 createHome = true; 303 uid = 1000; 304 group = "git"; 305 }; 306 307 users.groups.git = {}; 308 309 services.openssh = { 310 enable = true; 311 extraConfig = '' 312 Match User git 313 AuthorizedKeysCommand /etc/ssh/keyfetch_wrapper 314 AuthorizedKeysCommandUser nobody 315 ''; 316 }; 317 318 environment.etc."ssh/keyfetch_wrapper" = { 319 mode = "0555"; 320 text = '' 321 #!${pkgs.stdenv.shell} 322 ${pkgs.keyfetch}/bin/keyfetch -repoguard-path ${pkgs.repoguard}/bin/repoguard -log-path /tmp/repoguard.log 323 ''; 324 }; 325 326 systemd.services.knotserver = { 327 description = "knotserver service"; 328 after = ["network.target" "sshd.service"]; 329 wantedBy = ["multi-user.target"]; 330 serviceConfig = { 331 User = "git"; 332 WorkingDirectory = "/home/git"; 333 Environment = [ 334 "KNOT_REPO_SCAN_PATH=${config.services.tangled-knotserver.repo.scanPath}" 335 "APPVIEW_ENDPOINT=${config.services.tangled-knotserver.appviewEndpoint}" 336 "KNOT_SERVER_INTERNAL_LISTEN_ADDR=${config.services.tangled-knotserver.server.internalListenAddr}" 337 "KNOT_SERVER_LISTEN_ADDR=${config.services.tangled-knotserver.server.listenAddr}" 338 "KNOT_SERVER_SECRET=${config.services.tangled-knotserver.server.secret}" 339 "KNOT_SERVER_HOSTNAME=${config.services.tangled-knotserver.server.hostname}" 340 ]; 341 ExecStart = "${pkgs.knotserver}/bin/knotserver"; 342 Restart = "always"; 343 }; 344 }; 345 346 networking.firewall.allowedTCPPorts = [22]; 347 }; 348 }; 349 350 nixosConfigurations.knotVM = nixpkgs.lib.nixosSystem { 351 system = "x86_64-linux"; 352 modules = [ 353 self.nixosModules.knotserver 354 ({ 355 config, 356 pkgs, 357 ... 358 }: { 359 virtualisation.memorySize = 2048; 360 virtualisation.cores = 2; 361 services.getty.autologinUser = "root"; 362 environment.systemPackages = with pkgs; [curl vim git]; 363 services.tangled-knotserver = { 364 enable = true; 365 server = { 366 secret = "61120605bf85e8b036c922221ae0d740efb1e93a1ebe5cd71e4aca552d7d8a86"; 367 hostname = "localhost:6000"; 368 listenAddr = "0.0.0.0:6000"; 369 }; 370 }; 371 }) 372 ]; 373 }; 374 }; 375}