veryroundbird.house / core
forked from tangled.org/core
this repo has no description
fork atom

nix: configure air to stop on error

oppi.li 7ec0f24a 6fb7ef61

options
unified split
Changed files
+367 -378
flake.nix
+367 -378
flake.nix 
···

       
29

       
 

       
    };


     

       
30

       
 

       
  };


     

       
31

       
 

       



     

       
32

       
-

       
  outputs =


     

       
33

       
-

       
    { self


     

       
34

       
-

       
    , nixpkgs


     

       
35

       
-

       
    , indigo


     

       
36

       
-

       
    , htmx-src


     

       
37

       
-

       
    , lucide-src


     

       
38

       
-

       
    , gitignore


     

       
39

       
-

       
    , inter-fonts-src


     

       
40

       
-

       
    , ibm-plex-mono-src


     

       
41

       
-

       
    ,


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
42

       
 

       
    }:


     

       
43

       
-

       
    let


     

       
44

       
-

       
      supportedSystems = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ];


     

       
45

       
-

       
      forAllSystems = nixpkgs.lib.genAttrs supportedSystems;


     

       
46

       
-

       
      nixpkgsFor = forAllSystems (system:


     

       
47

       
-

       
        import nixpkgs {


     

       
48

       
-

       
          inherit system;


     

       
49

       
-

       
          overlays = [ self.overlays.default ];


     

       
50

       
-

       
        });


     

       
51

       
-

       
      inherit (gitignore.lib) gitignoreSource;


     

       
52

       
-

       
    in


     

       
53

       
-

       
    {


     

       
54

       
-

       
      overlays.default = final: prev:


     

       
55

       
-

       
        let


     

       
56

       
-

       
          goModHash = "sha256-EilWxfqrcKDaSR5zA3ZuDSCq7V+/IfWpKPu8HWhpndA=";


     

       
57

       
-

       
          buildCmdPackage = name:


     

       
58

       
-

       
            final.buildGoModule {


     

       
59

       
-

       
              pname = name;


     

       
60

       
-

       
              version = "0.1.0";


     

       
61

       
-

       
              src = gitignoreSource ./.;


     

       
62

       
-

       
              subPackages = [ "cmd/${name}" ];


     

       
63

       
-

       
              vendorHash = goModHash;


     

       
64

       
-

       
              CGO_ENABLED = 0;


     

       
65

       
 

       
            };


     

       
66

       
-

       
        in


     

       
67

       
-

       
        {


     

       
68

       
-

       
          indigo-lexgen = final.buildGoModule {


     

       
69

       
-

       
            pname = "indigo-lexgen";


     

       
70

       
-

       
            version = "0.1.0";


     

       
71

       
-

       
            src = indigo;


     

       
72

       
-

       
            subPackages = [ "cmd/lexgen" ];


     

       
73

       
-

       
            vendorHash = "sha256-pGc29fgJFq8LP7n/pY1cv6ExZl88PAeFqIbFEhB3xXs=";


     

       
74

       
-

       
            doCheck = false;


     

       
75

       
 

       
          };


     

       

       

       
     

       
76

       
 

       



     

       
77

       
-

       
          appview = with final;


     

       
78

       
-

       
            final.pkgsStatic.buildGoModule {


     

       
79

       
-

       
              pname = "appview";


     

       
80

       
-

       
              version = "0.1.0";


     

       
81

       
-

       
              src = gitignoreSource ./.;


     

       
82

       
-

       
              postUnpack = ''


     

       
83

       
-

       
                pushd source


     

       
84

       
-

       
                mkdir -p appview/pages/static/{fonts,icons}


     

       
85

       
-

       
                cp -f ${htmx-src} appview/pages/static/htmx.min.js


     

       
86

       
-

       
                cp -rf ${lucide-src}/*.svg appview/pages/static/icons/


     

       
87

       
-

       
                cp -f ${inter-fonts-src}/web/InterVariable*.woff2 appview/pages/static/fonts/


     

       
88

       
-

       
                cp -f ${inter-fonts-src}/web/InterDisplay*.woff2 appview/pages/static/fonts/


     

       
89

       
-

       
                cp -f ${ibm-plex-mono-src}/fonts/complete/woff2/IBMPlexMono-Regular.woff2 appview/pages/static/fonts/


     

       
90

       
-

       
                ${pkgs.tailwindcss}/bin/tailwindcss -i input.css -o appview/pages/static/tw.css


     

       
91

       
-

       
                popd


     

       
92

       
-

       
              '';


     

       
93

       
-

       
              doCheck = false;


     

       
94

       
-

       
              subPackages = [ "cmd/appview" ];


     

       
95

       
-

       
              vendorHash = goModHash;


     

       
96

       
-

       
              CGO_ENABLED = 1;


     

       
97

       
-

       
              stdenv = pkgsStatic.stdenv;


     

       
98

       
 

       
            };


     

       
99

       
 

       



     

       
100

       
-

       
          knotserver = with final;


     

       
101

       
-

       
            final.pkgsStatic.buildGoModule {


     

       
102

       
-

       
              pname = "knotserver";


     

       
103

       
-

       
              version = "0.1.0";


     

       
104

       
-

       
              src = gitignoreSource ./.;


     

       
105

       
-

       
              nativeBuildInputs = [ final.makeWrapper ];


     

       
106

       
-

       
              subPackages = [ "cmd/knotserver" ];


     

       
107

       
-

       
              vendorHash = goModHash;


     

       
108

       
-

       
              installPhase = ''


     

       
109

       
-

       
                runHook preInstall


     

       
110

       
 

       



     

       
111

       
-

       
                mkdir -p $out/bin


     

       
112

       
-

       
                cp $GOPATH/bin/knotserver $out/bin/knotserver


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
113

       
 

       



     

       
114

       
-

       
                wrapProgram $out/bin/knotserver \


     

       
115

       
-

       
                --prefix PATH : ${pkgs.git}/bin


     

       

       

       
     

       

       

       
     

       

       

       
     

       
116

       
 

       



     

       
117

       
-

       
                runHook postInstall


     

       
118

       
-

       
              '';


     

       
119

       
-

       
              CGO_ENABLED = 1;


     

       

       

       
     

       
120

       
 

       
            };


     

       
121

       
-

       
          knotserver-unwrapped = final.pkgsStatic.buildGoModule {


     

       
122

       
-

       
            pname = "knotserver";


     

       
123

       
-

       
            version = "0.1.0";


     

       
124

       
-

       
            src = gitignoreSource ./.;


     

       
125

       
-

       
            subPackages = [ "cmd/knotserver" ];


     

       
126

       
-

       
            vendorHash = goModHash;


     

       
127

       
-

       
            CGO_ENABLED = 1;


     

       
128

       
-

       
          };


     

       
129

       
-

       
          repoguard = buildCmdPackage "repoguard";


     

       
130

       
-

       
          keyfetch = buildCmdPackage "keyfetch";


     

       
131

       
-

       
        };


     

       
132

       
-

       
      packages = forAllSystems (system: {


     

       
133

       
-

       
        inherit


     

       
134

       
-

       
          (nixpkgsFor."${system}")


     

       
135

       
-

       
          indigo-lexgen


     

       
136

       
-

       
          appview


     

       
137

       
-

       
          knotserver


     

       
138

       
-

       
          knotserver-unwrapped


     

       
139

       
-

       
          repoguard


     

       
140

       
-

       
          keyfetch


     

       
141

       
-

       
          ;


     

       
142

       
-

       
      });


     

       
143

       
-

       
      defaultPackage = forAllSystems (system: nixpkgsFor.${system}.appview);


     

       
144

       
-

       
      formatter = forAllSystems (system: nixpkgsFor."${system}".alejandra);


     

       
145

       
-

       
      devShells = forAllSystems (system:


     

       
146

       
-

       
        let


     

       
147

       
-

       
          pkgs = nixpkgsFor.${system};


     

       
148

       
-

       
          staticShell = pkgs.mkShell.override {


     

       
149

       
-

       
            stdenv = pkgs.pkgsStatic.stdenv;


     

       
150

       
-

       
          };


     

       
151

       
-

       
        in


     

       
152

       
-

       
        {


     

       
153

       
-

       
          default = staticShell {


     

       
154

       
-

       
            nativeBuildInputs = [


     

       
155

       
-

       
              pkgs.go


     

       
156

       
-

       
              pkgs.air


     

       
157

       
-

       
              pkgs.gopls


     

       
158

       
-

       
              pkgs.httpie


     

       
159

       
-

       
              pkgs.indigo-lexgen


     

       
160

       
-

       
              pkgs.litecli


     

       
161

       
-

       
              pkgs.websocat


     

       
162

       
-

       
              pkgs.tailwindcss


     

       
163

       
-

       
              pkgs.nixos-shell


     

       
164

       
-

       
            ];


     

       
165

       
-

       
            shellHook = ''


     

       
166

       
-

       
              mkdir -p appview/pages/static/{fonts,icons}


     

       
167

       
-

       
              cp -f ${htmx-src} appview/pages/static/htmx.min.js


     

       
168

       
-

       
              cp -rf ${lucide-src}/*.svg appview/pages/static/icons/


     

       
169

       
-

       
              cp -f ${inter-fonts-src}/web/InterVariable*.woff2 appview/pages/static/fonts/


     

       
170

       
-

       
              cp -f ${inter-fonts-src}/web/InterDisplay*.woff2 appview/pages/static/fonts/


     

       
171

       
-

       
              cp -f ${ibm-plex-mono-src}/fonts/complete/woff2/IBMPlexMono-Regular.woff2 appview/pages/static/fonts/


     

       
172

       
-

       
            '';


     

       
173

       
-

       
          };


     

       
174

       
-

       
        });


     

       
175

       
-

       
      apps = forAllSystems (system:


     

       
176

       
-

       
        let


     

       
177

       
-

       
          pkgs = nixpkgsFor."${system}";


     

       
178

       
-

       
          air-watcher = name:


     

       
179

       
-

       
            pkgs.writeShellScriptBin "run"


     

       
180

       
-

       
              ''


     

       
181

       
-

       
                TANGLED_DEV=true ${pkgs.air}/bin/air -c /dev/null \


     

       
182

       
-

       
                -build.cmd "${pkgs.tailwindcss}/bin/tailwindcss -i input.css -o ./appview/pages/static/tw.css && ${pkgs.go}/bin/go build -o ./out/${name}.out ./cmd/${name}/main.go" \


     

       
183

       
-

       
                -build.bin "./out/${name}.out" \


     

       
184

       
-

       
                -build.include_ext "go"


     

       
185

       
-

       
              '';


     

       
186

       
-

       
          tailwind-watcher =


     

       
187

       
-

       
            pkgs.writeShellScriptBin "run"


     

       
188

       
-

       
              ''


     

       
189

       
-

       
                ${pkgs.tailwindcss}/bin/tailwindcss -w -i input.css -o ./appview/pages/static/tw.css


     

       
190

       
-

       
              '';


     

       
191

       
-

       
        in


     

       
192

       
-

       
        {


     

       
193

       
-

       
          watch-appview = {


     

       
194

       
-

       
            type = "app";


     

       
195

       
-

       
            program = ''${air-watcher "appview"}/bin/run'';


     

       
196

       
-

       
          };


     

       
197

       
-

       
          watch-knotserver = {


     

       
198

       
-

       
            type = "app";


     

       
199

       
-

       
            program = ''${air-watcher "knotserver"}/bin/run'';


     

       
200

       
-

       
          };


     

       
201

       
-

       
          watch-tailwind = {


     

       
202

       
-

       
            type = "app";


     

       
203

       
-

       
            program = ''${tailwind-watcher}/bin/run'';


     

       
204

       
-

       
          };


     

       
205

       
-

       
        });


     

       
206

       
 

       



     

       
207

       
-

       
      nixosModules.appview =


     

       
208

       
-

       
        { config


     

       
209

       
-

       
        , pkgs


     

       
210

       
-

       
        , lib


     

       
211

       
-

       
        , ...


     

       
212

       
-

       
        }:


     

       
213

       
-

       
          with lib; {


     

       
214

       
-

       
            options = {


     

       
215

       
-

       
              services.tangled-appview = {


     

       
216

       
-

       
                enable = mkOption {


     

       
217

       
-

       
                  type = types.bool;


     

       
218

       
-

       
                  default = false;


     

       
219

       
-

       
                  description = "Enable tangled appview";


     

       
220

       
-

       
                };


     

       
221

       
-

       
                port = mkOption {


     

       
222

       
-

       
                  type = types.int;


     

       
223

       
-

       
                  default = 3000;


     

       
224

       
-

       
                  description = "Port to run the appview on";


     

       
225

       
-

       
                };


     

       
226

       
-

       
                cookie_secret = mkOption {


     

       
227

       
-

       
                  type = types.str;


     

       
228

       
-

       
                  default = "00000000000000000000000000000000";


     

       
229

       
-

       
                  description = "Cookie secret";


     

       
230

       
-

       
                };


     

       
231

       
-

       
              };


     

       
232

       
 

       
            };


     

       
233

       
 

       



     

       
234

       
-

       
            config = mkIf config.services.tangled-appview.enable {


     

       
235

       
-

       
              systemd.services.tangled-appview = {


     

       
236

       
-

       
                description = "tangled appview service";


     

       
237

       
-

       
                wantedBy = [ "multi-user.target" ];


     

       

       

       
     

       
238

       
 

       



     

       
239

       
-

       
                serviceConfig = {


     

       
240

       
-

       
                  ListenStream = "0.0.0.0:${toString config.services.tangled-appview.port}";


     

       
241

       
-

       
                  ExecStart = "${self.packages.${pkgs.system}.appview}/bin/appview";


     

       
242

       
-

       
                  Restart = "always";


     

       
243

       
-

       
                };


     

       
244

       
-

       



     

       
245

       
-

       
                environment = {


     

       
246

       
-

       
                  TANGLED_DB_PATH = "appview.db";


     

       
247

       
-

       
                  TANGLED_COOKIE_SECRET = config.services.tangled-appview.cookie_secret;


     

       
248

       
-

       
                };


     

       
249

       
 

       
              };


     

       
250

       
-

       
            };


     

       
251

       
-

       
          };


     

       
252

       
 

       



     

       
253

       
-

       
      nixosModules.knotserver =


     

       
254

       
-

       
        { config


     

       
255

       
-

       
        , pkgs


     

       
256

       
-

       
        , lib


     

       
257

       
-

       
        , ...


     

       
258

       
-

       
        }:


     

       
259

       
-

       
        let


     

       
260

       
-

       
          cfg = config.services.tangled-knotserver;


     

       
261

       
-

       
        in


     

       
262

       
-

       
        with lib; {


     

       
263

       
-

       
          options = {


     

       
264

       
-

       
            services.tangled-knotserver = {


     

       
265

       
-

       
              enable = mkOption {


     

       
266

       
-

       
                type = types.bool;


     

       
267

       
-

       
                default = false;


     

       
268

       
-

       
                description = "Enable a tangled knotserver";


     

       
269

       
 

       
              };


     

       

       

       
     

       
270

       
 

       



     

       
271

       
-

       
              appviewEndpoint = mkOption {


     

       

       

       
     

       
272

       
 

       
                type = types.str;


     

       
273

       
-

       
                default = "https://tangled.sh";


     

       
274

       
-

       
                description = "Appview endpoint";


     

       
275

       
 

       
              };


     

       
276

       
 

       



     

       
277

       
-

       
              gitUser = mkOption {


     

       
278

       
 

       
                type = types.str;


     

       
279

       
-

       
                default = "git";


     

       
280

       
-

       
                description = "User that hosts git repos and performs git operations";


     

       
281

       
 

       
              };


     

       
282

       
 

       



     

       
283

       
-

       
              openFirewall = mkOption {


     

       
284

       
-

       
                type = types.bool;


     

       
285

       
-

       
                default = true;


     

       
286

       
-

       
                description = "Open port 22 in the firewall for ssh";


     

       
287

       
 

       
              };


     

       
288

       
 

       



     

       
289

       
-

       
              stateDir = mkOption {


     

       
290

       
 

       
                type = types.path;


     

       
291

       
-

       
                default = "/home/${cfg.gitUser}";


     

       
292

       
-

       
                description = "Tangled knot data directory";


     

       
293

       
 

       
              };


     

       
294

       
 

       



     

       
295

       
-

       
              repo = {


     

       
296

       
-

       
                scanPath = mkOption {


     

       
297

       
-

       
                  type = types.path;


     

       
298

       
-

       
                  default = cfg.stateDir;


     

       
299

       
-

       
                  description = "Path where repositories are scanned from";


     

       
300

       
-

       
                };


     

       
301

       
-

       



     

       
302

       
-

       
                mainBranch = mkOption {


     

       
303

       
-

       
                  type = types.str;


     

       
304

       
-

       
                  default = "main";


     

       
305

       
-

       
                  description = "Default branch name for repositories";


     

       
306

       
-

       
                };


     

       
307

       
 

       
              };


     

       
308

       
 

       



     

       
309

       
-

       
              server = {


     

       
310

       
-

       
                listenAddr = mkOption {


     

       
311

       
-

       
                  type = types.str;


     

       
312

       
-

       
                  default = "0.0.0.0:5555";


     

       
313

       
-

       
                  description = "Address to listen on";


     

       
314

       
-

       
                };


     

       
315

       
-

       



     

       
316

       
-

       
                internalListenAddr = mkOption {


     

       
317

       
-

       
                  type = types.str;


     

       
318

       
-

       
                  default = "127.0.0.1:5444";


     

       
319

       
-

       
                  description = "Internal address for inter-service communication";


     

       
320

       
-

       
                };


     

       
321

       
-

       



     

       
322

       
-

       
                secretFile = mkOption {


     

       
323

       
-

       
                  type = lib.types.path;


     

       
324

       
-

       
                  example = "KNOT_SERVER_SECRET=<hash>";


     

       
325

       
-

       
                  description = "File containing secret key provided by appview (required)";


     

       
326

       
-

       
                };


     

       
327

       
-

       



     

       
328

       
-

       
                dbPath = mkOption {


     

       
329

       
-

       
                  type = types.path;


     

       
330

       
-

       
                  default = "${cfg.stateDir}/knotserver.db";


     

       
331

       
-

       
                  description = "Path to the database file";


     

       
332

       
-

       
                };


     

       
333

       
-

       



     

       
334

       
-

       
                hostname = mkOption {


     

       
335

       
-

       
                  type = types.str;


     

       
336

       
-

       
                  example = "knot.tangled.sh";


     

       
337

       
-

       
                  description = "Hostname for the server (required)";


     

       
338

       
-

       
                };


     

       
339

       
-

       



     

       
340

       
-

       
                dev = mkOption {


     

       
341

       
-

       
                  type = types.bool;


     

       
342

       
-

       
                  default = false;


     

       
343

       
-

       
                  description = "Enable development mode (disables signature verification)";


     

       
344

       
-

       
                };


     

       
345

       
 

       
              };


     

       
346

       
 

       
            };


     

       
347

       
 

       
          };


     

       

       

       
     

       
348

       
 

       



     

       
349

       
-

       
          config = mkIf cfg.enable {


     

       
350

       
-

       
            environment.systemPackages = with pkgs; [ git ];


     

       
351

       
 

       



     

       
352

       
-

       
            system.activationScripts.gitConfig = ''


     

       
353

       
-

       
              mkdir -p "${cfg.repo.scanPath}"


     

       
354

       
-

       
              chown -R ${cfg.gitUser}:${cfg.gitUser} \


     

       
355

       
-

       
                  "${cfg.repo.scanPath}"


     

       
356

       
 

       



     

       
357

       
-

       
              mkdir -p "${cfg.stateDir}/.config/git"


     

       
358

       
-

       
              cat > "${cfg.stateDir}/.config/git/config" << EOF


     

       
359

       
-

       
              [user]


     

       
360

       
-

       
                  name = Git User


     

       
361

       
-

       
                  email = git@example.com


     

       
362

       
-

       
              EOF


     

       
363

       
-

       
              chown -R ${cfg.gitUser}:${cfg.gitUser} \


     

       
364

       
-

       
                  "${cfg.stateDir}"


     

       
365

       
-

       
            '';


     

       
366

       
 

       



     

       
367

       
-

       
            users.users.${cfg.gitUser} = {


     

       
368

       
-

       
              isSystemUser = true;


     

       
369

       
-

       
              useDefaultShell = true;


     

       
370

       
-

       
              home = cfg.stateDir;


     

       
371

       
-

       
              createHome = true;


     

       
372

       
-

       
              group = cfg.gitUser;


     

       
373

       
-

       
            };


     

       
374

       
 

       



     

       
375

       
-

       
            users.groups.${cfg.gitUser} = { };


     

       
376

       
 

       



     

       
377

       
-

       
            services.openssh = {


     

       
378

       
-

       
              enable = true;


     

       
379

       
-

       
              extraConfig = ''


     

       
380

       
-

       
                Match User ${cfg.gitUser}


     

       
381

       
-

       
                    AuthorizedKeysCommand /etc/ssh/keyfetch_wrapper


     

       
382

       
-

       
                    AuthorizedKeysCommandUser nobody


     

       
383

       
-

       
              '';


     

       
384

       
-

       
            };


     

       
385

       
 

       



     

       
386

       
-

       
            environment.etc."ssh/keyfetch_wrapper" = {


     

       
387

       
-

       
              mode = "0555";


     

       
388

       
-

       
              text = ''


     

       
389

       
-

       
                #!${pkgs.stdenv.shell}


     

       
390

       
-

       
                ${self.packages.${pkgs.system}.keyfetch}/bin/keyfetch \


     

       
391

       
-

       
                  -repoguard-path ${self.packages.${pkgs.system}.repoguard}/bin/repoguard \


     

       
392

       
-

       
                  -internal-api "http://${cfg.server.internalListenAddr}" \


     

       
393

       
-

       
                  -git-dir "${cfg.repo.scanPath}" \


     

       
394

       
-

       
                  -log-path /tmp/repoguard.log


     

       
395

       
-

       
              '';


     

       
396

       
-

       
            };


     

       
397

       
 

       



     

       
398

       
-

       
            systemd.services.knotserver = {


     

       
399

       
-

       
              description = "knotserver service";


     

       
400

       
-

       
              after = [ "network.target" "sshd.service" ];


     

       
401

       
-

       
              wantedBy = [ "multi-user.target" ];


     

       
402

       
-

       
              serviceConfig = {


     

       
403

       
-

       
                User = cfg.gitUser;


     

       
404

       
-

       
                WorkingDirectory = cfg.stateDir;


     

       
405

       
-

       
                Environment = [


     

       
406

       
-

       
                  "KNOT_REPO_SCAN_PATH=${cfg.repo.scanPath}"


     

       
407

       
-

       
                  "KNOT_REPO_MAIN_BRANCH=${cfg.repo.mainBranch}"


     

       
408

       
-

       
                  "APPVIEW_ENDPOINT=${cfg.appviewEndpoint}"


     

       
409

       
-

       
                  "KNOT_SERVER_INTERNAL_LISTEN_ADDR=${cfg.server.internalListenAddr}"


     

       
410

       
-

       
                  "KNOT_SERVER_LISTEN_ADDR=${cfg.server.listenAddr}"


     

       
411

       
-

       
                  "KNOT_SERVER_DB_PATH=${cfg.server.dbPath}"


     

       
412

       
-

       
                  "KNOT_SERVER_HOSTNAME=${cfg.server.hostname}"


     

       
413

       
-

       
                ];


     

       
414

       
-

       
                EnvironmentFile = cfg.server.secretFile;


     

       
415

       
-

       
                ExecStart = "${self.packages.${pkgs.system}.knotserver}/bin/knotserver";


     

       
416

       
-

       
                Restart = "always";


     

       
417

       
-

       
              };


     

       
418

       
 

       
            };


     

       
419

       
-

       



     

       
420

       
-

       
            networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ 22 ];


     

       
421

       
 

       
          };


     

       

       

       
     

       

       

       
     

       
422

       
 

       
        };


     

       

       

       
     

       
423

       
 

       



     

       
424

       
-

       
      nixosConfigurations.knotVM = nixpkgs.lib.nixosSystem {


     

       
425

       
-

       
        system = "x86_64-linux";


     

       
426

       
-

       
        modules = [


     

       
427

       
-

       
          self.nixosModules.knotserver


     

       
428

       
-

       
          ({ config


     

       
429

       
-

       
           , pkgs


     

       
430

       
-

       
           , ...


     

       
431

       
-

       
           }: {


     

       
432

       
-

       
            virtualisation.memorySize = 2048;


     

       
433

       
-

       
            virtualisation.diskSize = 10 * 1024;


     

       
434

       
-

       
            virtualisation.cores = 2;


     

       
435

       
-

       
            services.getty.autologinUser = "root";


     

       
436

       
-

       
            environment.systemPackages = with pkgs; [ curl vim git ];


     

       
437

       
-

       
            systemd.tmpfiles.rules =


     

       
438

       
-

       
              let


     

       
439

       
-

       
                u = config.services.tangled-knotserver.gitUser;


     

       
440

       
-

       
                g = config.services.tangled-knotserver.gitUser;


     

       
441

       
-

       
              in


     

       
442

       
-

       
              [


     

       
443

       
-

       
                "d /var/lib/knotserver 0770 ${u} ${g} - -" # Create the directory first


     

       
444

       
-

       
                "f+ /var/lib/knotserver/secret 0660 ${u} ${g} - KNOT_SERVER_SECRET=679f15000084699abc6a20d3ef449efa3656583f38e456a08f0638250688ff2e"


     

       
445

       
-

       
              ];


     

       
446

       
-

       
            services.tangled-knotserver = {


     

       
447

       
-

       
              enable = true;


     

       
448

       
-

       
              server = {


     

       
449

       
-

       
                secretFile = "/var/lib/knotserver/secret";


     

       
450

       
-

       
                hostname = "localhost:6000";


     

       
451

       
-

       
                listenAddr = "0.0.0.0:6000";


     

       
452

       
-

       
              };


     

       
453

       
 

       
            };


     

       
454

       
-

       
          })


     

       
455

       
-

       
        ];


     

       
456

       
-

       
      };


     

       
457

       
 

       
    };


     

       

       

       
     

       
458

       
 

       
}


     
···

       
29

       
 

       
    };


     

       
30

       
 

       
  };


     

       
31

       
 

       



     

       
32

       
+

       
  outputs = {


     

       
33

       
+

       
    self,


     

       
34

       
+

       
    nixpkgs,


     

       
35

       
+

       
    indigo,


     

       
36

       
+

       
    htmx-src,


     

       
37

       
+

       
    lucide-src,


     

       
38

       
+

       
    gitignore,


     

       
39

       
+

       
    inter-fonts-src,


     

       
40

       
+

       
    ibm-plex-mono-src,


     

       
41

       
+

       
  }: let


     

       
42

       
+

       
    supportedSystems = ["x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin"];


     

       
43

       
+

       
    forAllSystems = nixpkgs.lib.genAttrs supportedSystems;


     

       
44

       
+

       
    nixpkgsFor = forAllSystems (system:


     

       
45

       
+

       
      import nixpkgs {


     

       
46

       
+

       
        inherit system;


     

       
47

       
+

       
        overlays = [self.overlays.default];


     

       
48

       
+

       
      });


     

       
49

       
+

       
    inherit (gitignore.lib) gitignoreSource;


     

       
50

       
+

       
  in {


     

       
51

       
+

       
    overlays.default = final: prev: let


     

       
52

       
+

       
      goModHash = "sha256-EilWxfqrcKDaSR5zA3ZuDSCq7V+/IfWpKPu8HWhpndA=";


     

       
53

       
+

       
      buildCmdPackage = name:


     

       
54

       
+

       
        final.buildGoModule {


     

       
55

       
+

       
          pname = name;


     

       
56

       
+

       
          version = "0.1.0";


     

       
57

       
+

       
          src = gitignoreSource ./.;


     

       
58

       
+

       
          subPackages = ["cmd/${name}"];


     

       
59

       
+

       
          vendorHash = goModHash;


     

       
60

       
+

       
          CGO_ENABLED = 0;


     

       
61

       
+

       
        };


     

       
62

       
+

       
    in {


     

       
63

       
+

       
      indigo-lexgen = final.buildGoModule {


     

       
64

       
+

       
        pname = "indigo-lexgen";


     

       
65

       
+

       
        version = "0.1.0";


     

       
66

       
+

       
        src = indigo;


     

       
67

       
+

       
        subPackages = ["cmd/lexgen"];


     

       
68

       
+

       
        vendorHash = "sha256-pGc29fgJFq8LP7n/pY1cv6ExZl88PAeFqIbFEhB3xXs=";


     

       
69

       
+

       
        doCheck = false;


     

       
70

       
+

       
      };


     

       
71

       
+

       



     

       
72

       
+

       
      appview = with final;


     

       
73

       
+

       
        final.pkgsStatic.buildGoModule {


     

       
74

       
+

       
          pname = "appview";


     

       
75

       
+

       
          version = "0.1.0";


     

       
76

       
+

       
          src = gitignoreSource ./.;


     

       
77

       
+

       
          postUnpack = ''


     

       
78

       
+

       
            pushd source


     

       
79

       
+

       
            mkdir -p appview/pages/static/{fonts,icons}


     

       
80

       
+

       
            cp -f ${htmx-src} appview/pages/static/htmx.min.js


     

       
81

       
+

       
            cp -rf ${lucide-src}/*.svg appview/pages/static/icons/


     

       
82

       
+

       
            cp -f ${inter-fonts-src}/web/InterVariable*.woff2 appview/pages/static/fonts/


     

       
83

       
+

       
            cp -f ${inter-fonts-src}/web/InterDisplay*.woff2 appview/pages/static/fonts/


     

       
84

       
+

       
            cp -f ${ibm-plex-mono-src}/fonts/complete/woff2/IBMPlexMono-Regular.woff2 appview/pages/static/fonts/


     

       
85

       
+

       
            ${pkgs.tailwindcss}/bin/tailwindcss -i input.css -o appview/pages/static/tw.css


     

       
86

       
+

       
            popd


     

       
87

       
+

       
          '';


     

       
88

       
+

       
          doCheck = false;


     

       
89

       
+

       
          subPackages = ["cmd/appview"];


     

       
90

       
+

       
          vendorHash = goModHash;


     

       
91

       
+

       
          CGO_ENABLED = 1;


     

       
92

       
+

       
          stdenv = pkgsStatic.stdenv;


     

       
93

       
+

       
        };


     

       
94

       
+

       



     

       
95

       
+

       
      knotserver = with final;


     

       
96

       
+

       
        final.pkgsStatic.buildGoModule {


     

       
97

       
+

       
          pname = "knotserver";


     

       
98

       
+

       
          version = "0.1.0";


     

       
99

       
+

       
          src = gitignoreSource ./.;


     

       
100

       
+

       
          nativeBuildInputs = [final.makeWrapper];


     

       
101

       
+

       
          subPackages = ["cmd/knotserver"];


     

       
102

       
+

       
          vendorHash = goModHash;


     

       
103

       
+

       
          installPhase = ''


     

       
104

       
+

       
            runHook preInstall


     

       
105

       
+

       



     

       
106

       
+

       
            mkdir -p $out/bin


     

       
107

       
+

       
            cp $GOPATH/bin/knotserver $out/bin/knotserver


     

       
108

       
+

       



     

       
109

       
+

       
            wrapProgram $out/bin/knotserver \


     

       
110

       
+

       
            --prefix PATH : ${pkgs.git}/bin


     

       
111

       
+

       



     

       
112

       
+

       
            runHook postInstall


     

       
113

       
+

       
          '';


     

       
114

       
+

       
          CGO_ENABLED = 1;


     

       
115

       
+

       
        };


     

       
116

       
+

       
      knotserver-unwrapped = final.pkgsStatic.buildGoModule {


     

       
117

       
+

       
        pname = "knotserver";


     

       
118

       
+

       
        version = "0.1.0";


     

       
119

       
+

       
        src = gitignoreSource ./.;


     

       
120

       
+

       
        subPackages = ["cmd/knotserver"];


     

       
121

       
+

       
        vendorHash = goModHash;


     

       
122

       
+

       
        CGO_ENABLED = 1;


     

       
123

       
+

       
      };


     

       
124

       
+

       
      repoguard = buildCmdPackage "repoguard";


     

       
125

       
+

       
      keyfetch = buildCmdPackage "keyfetch";


     

       
126

       
+

       
    };


     

       
127

       
+

       
    packages = forAllSystems (system: {


     

       
128

       
+

       
      inherit


     

       
129

       
+

       
        (nixpkgsFor."${system}")


     

       
130

       
+

       
        indigo-lexgen


     

       
131

       
+

       
        appview


     

       
132

       
+

       
        knotserver


     

       
133

       
+

       
        knotserver-unwrapped


     

       
134

       
+

       
        repoguard


     

       
135

       
+

       
        keyfetch


     

       
136

       
+

       
        ;


     

       
137

       
+

       
    });


     

       
138

       
+

       
    defaultPackage = forAllSystems (system: nixpkgsFor.${system}.appview);


     

       
139

       
+

       
    formatter = forAllSystems (system: nixpkgsFor."${system}".alejandra);


     

       
140

       
+

       
    devShells = forAllSystems (system: let


     

       
141

       
+

       
      pkgs = nixpkgsFor.${system};


     

       
142

       
+

       
      staticShell = pkgs.mkShell.override {


     

       
143

       
+

       
        stdenv = pkgs.pkgsStatic.stdenv;


     

       
144

       
+

       
      };


     

       
145

       
+

       
    in {


     

       
146

       
+

       
      default = staticShell {


     

       
147

       
+

       
        nativeBuildInputs = [


     

       
148

       
+

       
          pkgs.go


     

       
149

       
+

       
          pkgs.air


     

       
150

       
+

       
          pkgs.gopls


     

       
151

       
+

       
          pkgs.httpie


     

       
152

       
+

       
          pkgs.indigo-lexgen


     

       
153

       
+

       
          pkgs.litecli


     

       
154

       
+

       
          pkgs.websocat


     

       
155

       
+

       
          pkgs.tailwindcss


     

       
156

       
+

       
          pkgs.nixos-shell


     

       
157

       
+

       
        ];


     

       
158

       
+

       
        shellHook = ''


     

       
159

       
+

       
          mkdir -p appview/pages/static/{fonts,icons}


     

       
160

       
+

       
          cp -f ${htmx-src} appview/pages/static/htmx.min.js


     

       
161

       
+

       
          cp -rf ${lucide-src}/*.svg appview/pages/static/icons/


     

       
162

       
+

       
          cp -f ${inter-fonts-src}/web/InterVariable*.woff2 appview/pages/static/fonts/


     

       
163

       
+

       
          cp -f ${inter-fonts-src}/web/InterDisplay*.woff2 appview/pages/static/fonts/


     

       
164

       
+

       
          cp -f ${ibm-plex-mono-src}/fonts/complete/woff2/IBMPlexMono-Regular.woff2 appview/pages/static/fonts/


     

       
165

       
+

       
        '';


     

       
166

       
+

       
      };


     

       
167

       
+

       
    });


     

       
168

       
+

       
    apps = forAllSystems (system: let


     

       
169

       
+

       
      pkgs = nixpkgsFor."${system}";


     

       
170

       
+

       
      air-watcher = name:


     

       
171

       
+

       
        pkgs.writeShellScriptBin "run"


     

       
172

       
+

       
        ''


     

       
173

       
+

       
          TANGLED_DEV=true ${pkgs.air}/bin/air -c /dev/null \


     

       
174

       
+

       
          -build.cmd "${pkgs.tailwindcss}/bin/tailwindcss -i input.css -o ./appview/pages/static/tw.css && ${pkgs.go}/bin/go build -o ./out/${name}.out ./cmd/${name}/main.go" \


     

       
175

       
+

       
          -build.bin "./out/${name}.out" \


     

       
176

       
+

       
          -build.include_ext "go"


     

       
177

       
+

       
        '';


     

       
178

       
+

       
      tailwind-watcher =


     

       
179

       
+

       
        pkgs.writeShellScriptBin "run"


     

       
180

       
+

       
        ''


     

       
181

       
+

       
          ${pkgs.tailwindcss}/bin/tailwindcss -w -i input.css -o ./appview/pages/static/tw.css


     

       
182

       
+

       
        '';


     

       
183

       
+

       
    in {


     

       
184

       
+

       
      watch-appview = {


     

       
185

       
+

       
        type = "app";


     

       
186

       
+

       
        program = ''${air-watcher "appview"}/bin/run'';


     

       
187

       
+

       
      };


     

       
188

       
+

       
      watch-knotserver = {


     

       
189

       
+

       
        type = "app";


     

       
190

       
+

       
        program = ''${air-watcher "knotserver"}/bin/run'';


     

       
191

       
+

       
      };


     

       
192

       
+

       
      watch-tailwind = {


     

       
193

       
+

       
        type = "app";


     

       
194

       
+

       
        program = ''${tailwind-watcher}/bin/run'';


     

       
195

       
+

       
      };


     

       
196

       
+

       
    });


     

       
197

       
+

       



     

       
198

       
+

       
    nixosModules.appview = {


     

       
199

       
+

       
      config,


     

       
200

       
+

       
      pkgs,


     

       
201

       
+

       
      lib,


     

       
202

       
+

       
      ...


     

       
203

       
 

       
    }:


     

       
204

       
+

       
      with lib; {


     

       
205

       
+

       
        options = {


     

       
206

       
+

       
          services.tangled-appview = {


     

       
207

       
+

       
            enable = mkOption {


     

       
208

       
+

       
              type = types.bool;


     

       
209

       
+

       
              default = false;


     

       
210

       
+

       
              description = "Enable tangled appview";


     

       
211

       
+

       
            };


     

       
212

       
+

       
            port = mkOption {


     

       
213

       
+

       
              type = types.int;


     

       
214

       
+

       
              default = 3000;


     

       
215

       
+

       
              description = "Port to run the appview on";


     

       
216

       
+

       
            };


     

       
217

       
+

       
            cookie_secret = mkOption {


     

       
218

       
+

       
              type = types.str;


     

       
219

       
+

       
              default = "00000000000000000000000000000000";


     

       
220

       
+

       
              description = "Cookie secret";


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
221

       
 

       
            };


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
222

       
 

       
          };


     

       
223

       
+

       
        };


     

       
224

       
 

       



     

       
225

       
+

       
        config = mkIf config.services.tangled-appview.enable {


     

       
226

       
+

       
          systemd.services.tangled-appview = {


     

       
227

       
+

       
            description = "tangled appview service";


     

       
228

       
+

       
            wantedBy = ["multi-user.target"];


     

       
229

       
+

       



     

       
230

       
+

       
            serviceConfig = {


     

       
231

       
+

       
              ListenStream = "0.0.0.0:${toString config.services.tangled-appview.port}";


     

       
232

       
+

       
              ExecStart = "${self.packages.${pkgs.system}.appview}/bin/appview";


     

       
233

       
+

       
              Restart = "always";


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
234

       
 

       
            };


     

       
235

       
 

       



     

       
236

       
+

       
            environment = {


     

       
237

       
+

       
              TANGLED_DB_PATH = "appview.db";


     

       
238

       
+

       
              TANGLED_COOKIE_SECRET = config.services.tangled-appview.cookie_secret;


     

       
239

       
+

       
            };


     

       
240

       
+

       
          };


     

       
241

       
+

       
        };


     

       
242

       
+

       
      };


     

       

       

       
     

       

       

       
     

       

       

       
     

       
243

       
 

       



     

       
244

       
+

       
    nixosModules.knotserver = {


     

       
245

       
+

       
      config,


     

       
246

       
+

       
      pkgs,


     

       
247

       
+

       
      lib,


     

       
248

       
+

       
      ...


     

       
249

       
+

       
    }: let


     

       
250

       
+

       
      cfg = config.services.tangled-knotserver;


     

       
251

       
+

       
    in


     

       
252

       
+

       
      with lib; {


     

       
253

       
+

       
        options = {


     

       
254

       
+

       
          services.tangled-knotserver = {


     

       
255

       
+

       
            enable = mkOption {


     

       
256

       
+

       
              type = types.bool;


     

       
257

       
+

       
              default = false;


     

       
258

       
+

       
              description = "Enable a tangled knotserver";


     

       
259

       
+

       
            };


     

       
260

       
 

       



     

       
261

       
+

       
            appviewEndpoint = mkOption {


     

       
262

       
+

       
              type = types.str;


     

       
263

       
+

       
              default = "https://tangled.sh";


     

       
264

       
+

       
              description = "Appview endpoint";


     

       
265

       
+

       
            };


     

       
266

       
 

       



     

       
267

       
+

       
            gitUser = mkOption {


     

       
268

       
+

       
              type = types.str;


     

       
269

       
+

       
              default = "git";


     

       
270

       
+

       
              description = "User that hosts git repos and performs git operations";


     

       
271

       
 

       
            };


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
272

       
 

       



     

       
273

       
+

       
            openFirewall = mkOption {


     

       
274

       
+

       
              type = types.bool;


     

       
275

       
+

       
              default = true;


     

       
276

       
+

       
              description = "Open port 22 in the firewall for ssh";


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
277

       
 

       
            };


     

       
278

       
 

       



     

       
279

       
+

       
            stateDir = mkOption {


     

       
280

       
+

       
              type = types.path;


     

       
281

       
+

       
              default = "/home/${cfg.gitUser}";


     

       
282

       
+

       
              description = "Tangled knot data directory";


     

       
283

       
+

       
            };


     

       
284

       
 

       



     

       
285

       
+

       
            repo = {


     

       
286

       
+

       
              scanPath = mkOption {


     

       
287

       
+

       
                type = types.path;


     

       
288

       
+

       
                default = cfg.stateDir;


     

       
289

       
+

       
                description = "Path where repositories are scanned from";


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
290

       
 

       
              };


     

       

       

       
     

       

       

       
     

       
291

       
 

       



     

       
292

       
+

       
              mainBranch = mkOption {


     

       
293

       
+

       
                type = types.str;


     

       
294

       
+

       
                default = "main";


     

       
295

       
+

       
                description = "Default branch name for repositories";


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
296

       
 

       
              };


     

       
297

       
+

       
            };


     

       
298

       
 

       



     

       
299

       
+

       
            server = {


     

       
300

       
+

       
              listenAddr = mkOption {


     

       
301

       
 

       
                type = types.str;


     

       
302

       
+

       
                default = "0.0.0.0:5555";


     

       
303

       
+

       
                description = "Address to listen on";


     

       
304

       
 

       
              };


     

       
305

       
 

       



     

       
306

       
+

       
              internalListenAddr = mkOption {


     

       
307

       
 

       
                type = types.str;


     

       
308

       
+

       
                default = "127.0.0.1:5444";


     

       
309

       
+

       
                description = "Internal address for inter-service communication";


     

       
310

       
 

       
              };


     

       
311

       
 

       



     

       
312

       
+

       
              secretFile = mkOption {


     

       
313

       
+

       
                type = lib.types.path;


     

       
314

       
+

       
                example = "KNOT_SERVER_SECRET=<hash>";


     

       
315

       
+

       
                description = "File containing secret key provided by appview (required)";


     

       
316

       
 

       
              };


     

       
317

       
 

       



     

       
318

       
+

       
              dbPath = mkOption {


     

       
319

       
 

       
                type = types.path;


     

       
320

       
+

       
                default = "${cfg.stateDir}/knotserver.db";


     

       
321

       
+

       
                description = "Path to the database file";


     

       
322

       
 

       
              };


     

       
323

       
 

       



     

       
324

       
+

       
              hostname = mkOption {


     

       
325

       
+

       
                type = types.str;


     

       
326

       
+

       
                example = "knot.tangled.sh";


     

       
327

       
+

       
                description = "Hostname for the server (required)";


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
328

       
 

       
              };


     

       
329

       
 

       



     

       
330

       
+

       
              dev = mkOption {


     

       
331

       
+

       
                type = types.bool;


     

       
332

       
+

       
                default = false;


     

       
333

       
+

       
                description = "Enable development mode (disables signature verification)";


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
334

       
 

       
              };


     

       
335

       
 

       
            };


     

       
336

       
 

       
          };


     

       
337

       
+

       
        };


     

       
338

       
 

       



     

       
339

       
+

       
        config = mkIf cfg.enable {


     

       
340

       
+

       
          environment.systemPackages = with pkgs; [git];


     

       
341

       
 

       



     

       
342

       
+

       
          system.activationScripts.gitConfig = ''


     

       
343

       
+

       
            mkdir -p "${cfg.repo.scanPath}"


     

       
344

       
+

       
            chown -R ${cfg.gitUser}:${cfg.gitUser} \


     

       
345

       
+

       
                "${cfg.repo.scanPath}"


     

       
346

       
 

       



     

       
347

       
+

       
            mkdir -p "${cfg.stateDir}/.config/git"


     

       
348

       
+

       
            cat > "${cfg.stateDir}/.config/git/config" << EOF


     

       
349

       
+

       
            [user]


     

       
350

       
+

       
                name = Git User


     

       
351

       
+

       
                email = git@example.com


     

       
352

       
+

       
            EOF


     

       
353

       
+

       
            chown -R ${cfg.gitUser}:${cfg.gitUser} \


     

       
354

       
+

       
                "${cfg.stateDir}"


     

       
355

       
+

       
          '';


     

       
356

       
 

       



     

       
357

       
+

       
          users.users.${cfg.gitUser} = {


     

       
358

       
+

       
            isSystemUser = true;


     

       
359

       
+

       
            useDefaultShell = true;


     

       
360

       
+

       
            home = cfg.stateDir;


     

       
361

       
+

       
            createHome = true;


     

       
362

       
+

       
            group = cfg.gitUser;


     

       
363

       
+

       
          };


     

       
364

       
 

       



     

       
365

       
+

       
          users.groups.${cfg.gitUser} = {};


     

       
366

       
 

       



     

       
367

       
+

       
          services.openssh = {


     

       
368

       
+

       
            enable = true;


     

       
369

       
+

       
            extraConfig = ''


     

       
370

       
+

       
              Match User ${cfg.gitUser}


     

       
371

       
+

       
                  AuthorizedKeysCommand /etc/ssh/keyfetch_wrapper


     

       
372

       
+

       
                  AuthorizedKeysCommandUser nobody


     

       
373

       
+

       
            '';


     

       
374

       
+

       
          };


     

       
375

       
 

       



     

       
376

       
+

       
          environment.etc."ssh/keyfetch_wrapper" = {


     

       
377

       
+

       
            mode = "0555";


     

       
378

       
+

       
            text = ''


     

       
379

       
+

       
              #!${pkgs.stdenv.shell}


     

       
380

       
+

       
              ${self.packages.${pkgs.system}.keyfetch}/bin/keyfetch \


     

       
381

       
+

       
                -repoguard-path ${self.packages.${pkgs.system}.repoguard}/bin/repoguard \


     

       
382

       
+

       
                -internal-api "http://${cfg.server.internalListenAddr}" \


     

       
383

       
+

       
                -git-dir "${cfg.repo.scanPath}" \


     

       
384

       
+

       
                -log-path /tmp/repoguard.log


     

       
385

       
+

       
            '';


     

       
386

       
+

       
          };


     

       
387

       
 

       



     

       
388

       
+

       
          systemd.services.knotserver = {


     

       
389

       
+

       
            description = "knotserver service";


     

       
390

       
+

       
            after = ["network.target" "sshd.service"];


     

       
391

       
+

       
            wantedBy = ["multi-user.target"];


     

       
392

       
+

       
            serviceConfig = {


     

       
393

       
+

       
              User = cfg.gitUser;


     

       
394

       
+

       
              WorkingDirectory = cfg.stateDir;


     

       
395

       
+

       
              Environment = [


     

       
396

       
+

       
                "KNOT_REPO_SCAN_PATH=${cfg.repo.scanPath}"


     

       
397

       
+

       
                "KNOT_REPO_MAIN_BRANCH=${cfg.repo.mainBranch}"


     

       
398

       
+

       
                "APPVIEW_ENDPOINT=${cfg.appviewEndpoint}"


     

       
399

       
+

       
                "KNOT_SERVER_INTERNAL_LISTEN_ADDR=${cfg.server.internalListenAddr}"


     

       
400

       
+

       
                "KNOT_SERVER_LISTEN_ADDR=${cfg.server.listenAddr}"


     

       
401

       
+

       
                "KNOT_SERVER_DB_PATH=${cfg.server.dbPath}"


     

       
402

       
+

       
                "KNOT_SERVER_HOSTNAME=${cfg.server.hostname}"


     

       
403

       
+

       
              ];


     

       
404

       
+

       
              EnvironmentFile = cfg.server.secretFile;


     

       
405

       
+

       
              ExecStart = "${self.packages.${pkgs.system}.knotserver}/bin/knotserver";


     

       
406

       
+

       
              Restart = "always";


     

       

       

       
     

       
407

       
 

       
            };


     

       

       

       
     

       

       

       
     

       
408

       
 

       
          };


     

       
409

       
+

       



     

       
410

       
+

       
          networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [22];


     

       
411

       
 

       
        };


     

       
412

       
+

       
      };


     

       
413

       
 

       



     

       
414

       
+

       
    nixosConfigurations.knotVM = nixpkgs.lib.nixosSystem {


     

       
415

       
+

       
      system = "x86_64-linux";


     

       
416

       
+

       
      modules = [


     

       
417

       
+

       
        self.nixosModules.knotserver


     

       
418

       
+

       
        ({


     

       
419

       
+

       
          config,


     

       
420

       
+

       
          pkgs,


     

       
421

       
+

       
          ...


     

       
422

       
+

       
        }: {


     

       
423

       
+

       
          virtualisation.memorySize = 2048;


     

       
424

       
+

       
          virtualisation.diskSize = 10 * 1024;


     

       
425

       
+

       
          virtualisation.cores = 2;


     

       
426

       
+

       
          services.getty.autologinUser = "root";


     

       
427

       
+

       
          environment.systemPackages = with pkgs; [curl vim git];


     

       
428

       
+

       
          systemd.tmpfiles.rules = let


     

       
429

       
+

       
            u = config.services.tangled-knotserver.gitUser;


     

       
430

       
+

       
            g = config.services.tangled-knotserver.gitUser;


     

       
431

       
+

       
          in [


     

       
432

       
+

       
            "d /var/lib/knotserver 0770 ${u} ${g} - -" # Create the directory first


     

       
433

       
+

       
            "f+ /var/lib/knotserver/secret 0660 ${u} ${g} - KNOT_SERVER_SECRET=679f15000084699abc6a20d3ef449efa3656583f38e456a08f0638250688ff2e"


     

       
434

       
+

       
          ];


     

       
435

       
+

       
          services.tangled-knotserver = {


     

       
436

       
+

       
            enable = true;


     

       
437

       
+

       
            server = {


     

       
438

       
+

       
              secretFile = "/var/lib/knotserver/secret";


     

       
439

       
+

       
              hostname = "localhost:6000";


     

       
440

       
+

       
              listenAddr = "0.0.0.0:6000";


     

       

       

       
     

       

       

       
     

       
441

       
 

       
            };


     

       
442

       
+

       
          };


     

       
443

       
+

       
        })


     

       
444

       
+

       
      ];


     

       
445

       
 

       
    };


     

       
446

       
+

       
  };


     

       
447

       
 

       
}