mermet: radicle: nginx: add radicle-explorer Web site
authorJulien Moutinho <julm+sourcephile-nix@sourcephile.fr>
Thu, 23 May 2024 11:23:51 +0000 (13:23 +0200)
committerJulien Moutinho <julm+sourcephile-nix@sourcephile.fr>
Thu, 23 May 2024 14:52:04 +0000 (16:52 +0200)
flake.lock
flake.nix
hosts/mermet.nix
hosts/mermet/knot/sourcephile.fr.nix
hosts/mermet/radicle.nix [new file with mode: 0644]

index cb53c71b7c4cfafec6b1ec02d8911af734819171..4c0c80720fa94ab50067b84e4984f9dab8a8d7a9 100644 (file)
@@ -1,5 +1,43 @@
 {
   "nodes": {
+    "advisory-db": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1714183630,
+        "narHash": "sha256-1BVft7ggSN2XXFeXQjazU3jN9wVECd9qp2mZx/8GDMk=",
+        "owner": "rustsec",
+        "repo": "advisory-db",
+        "rev": "35e7459a331d3e0c585e56dabd03006b9b354088",
+        "type": "github"
+      },
+      "original": {
+        "owner": "rustsec",
+        "repo": "advisory-db",
+        "type": "github"
+      }
+    },
+    "crane": {
+      "inputs": {
+        "nixpkgs": [
+          "julm-nix",
+          "heartwood",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1715274763,
+        "narHash": "sha256-3Iv1PGHJn9sV3HO4FlOVaaztOxa9uGLfOmUWrH7v7+A=",
+        "owner": "ipetkov",
+        "repo": "crane",
+        "rev": "27025ab71bdca30e7ed0a16c88fd74c5970fc7f5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ipetkov",
+        "repo": "crane",
+        "type": "github"
+      }
+    },
     "doom-emacs": {
       "flake": false,
       "locked": {
         "type": "github"
       }
     },
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1710146030,
+        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
     "git-hooks": {
       "inputs": {
         "flake-compat": "flake-compat",
         "type": "github"
       }
     },
+    "heartwood": {
+      "inputs": {
+        "advisory-db": "advisory-db",
+        "crane": "crane",
+        "flake-utils": "flake-utils",
+        "nixpkgs": [
+          "julm-nix",
+          "nixpkgs"
+        ],
+        "rust-overlay": "rust-overlay"
+      },
+      "locked": {
+        "lastModified": 1716379007,
+        "narHash": "sha256-3+10+g0qQ3Ivn56U32jqxaSMZKN/AtS+6Yy6p4UQBgo=",
+        "ref": "refs/heads/master",
+        "rev": "3403a66d0fc9c9cfab97eddaf5adeab40dc3bf23",
+        "revCount": 1973,
+        "type": "git",
+        "url": "https://seed.radicle.garden/z3gqcJUoA1n9HaHKufZs5FCSGazv5.git"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://seed.radicle.garden/z3gqcJUoA1n9HaHKufZs5FCSGazv5.git"
+      }
+    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
       "inputs": {
         "doom-emacs": "doom-emacs",
         "git-hooks": "git-hooks",
+        "heartwood": "heartwood",
         "home-manager": "home-manager",
         "nix-formatter-pack": "nix-formatter-pack",
         "nixpkgs": [
           "nixpkgs"
-        ]
+        ],
+        "radicle-explorer": "radicle-explorer"
       },
       "locked": {
-        "lastModified": 1716411576,
-        "narHash": "sha256-7aqWzBks/3Ze6L+6AdCmlofhjZ8+l6C0ZPtjNa2ACQU=",
+        "lastModified": 1716459584,
+        "narHash": "sha256-yKwo71IxijKjp3P14lBE5bZci79di/toJj8Qvnr/p4Q=",
         "ref": "main",
-        "rev": "64a55f91a4c0c13ffc3dce40d7f7974704e3a9b2",
-        "revCount": 901,
+        "rev": "a851689001c69d66159a35a61e72bc582c0b0ca4",
+        "revCount": 902,
         "type": "git",
         "url": "file:///home/julm/work/sourcephile/nix/julm-nix"
       },
         "type": "gitlab"
       }
     },
+    "radicle-explorer": {
+      "inputs": {
+        "flake-utils": [
+          "julm-nix",
+          "radicle-explorer",
+          "heartwood",
+          "flake-utils"
+        ],
+        "heartwood": [
+          "julm-nix",
+          "heartwood"
+        ],
+        "nixpkgs": [
+          "julm-nix",
+          "radicle-explorer",
+          "heartwood",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1716392706,
+        "narHash": "sha256-xN2Uzsfid7jdNCmE3aZ2A0l0Rhbai5XrtJ70p+n+bhc=",
+        "ref": "refs/heads/master",
+        "rev": "77cc3ce031dc261c25cde9ab88bf187eea33f433",
+        "revCount": 1796,
+        "type": "git",
+        "url": "https://seed.radicle.garden/z4V1sjrXqjvFdnCUbxPFqd5p4DtH5.git"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://seed.radicle.garden/z4V1sjrXqjvFdnCUbxPFqd5p4DtH5.git"
+      }
+    },
     "root": {
       "inputs": {
         "doom-emacs": [
         ],
         "nixpkgs": "nixpkgs"
       }
+    },
+    "rust-overlay": {
+      "inputs": {
+        "flake-utils": [
+          "julm-nix",
+          "heartwood",
+          "flake-utils"
+        ],
+        "nixpkgs": [
+          "julm-nix",
+          "heartwood",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1715307487,
+        "narHash": "sha256-yuDAys3JuJmhQUQGMMsl3BDQNZUYZDw0eA71OVh9FeY=",
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "rev": "ec7a7caf50877bc32988c82653d6b3e6952a8c3f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "type": "github"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
     }
   },
   "root": "root",
index c2491ad28e0991199f2cd346dfb55d3ac81a736e..6ae925d1ab56bd2387262e8f59856b4591dc692b 100644 (file)
--- a/flake.nix
+++ b/flake.nix
       };
       profile = "/nix/var/nix/profiles/system";
       inherit (inputs.nixpkgs) lib;
+      overlays = system:
+        import nixpkgs/overlays.nix ++
+        import (inputs.julm-nix + "/nixpkgs/overlays.nix") ++ [
+          (finalPkgs: previousPkgs:
+            inputs.julm-nix.inputs.heartwood.packages.${system} //
+            inputs.julm-nix.inputs.radicle-explorer.packages.${system}
+          )
+        ];
       #nixosSystem = lib.nixosSystem;
       nixosSystem = import (nixpkgsPath + "/nixos/lib/eval-config.nix");
       forAllSystems = f: lib.genAttrs lib.systems.flakeExposed (system: f rec {
         inherit system;
         #pkgs = inputs.nixpkgs.legacyPackages.${system};
-        pkgs = import nixpkgsPath {
-          inherit system;
-          overlays =
-            import nixpkgs/overlays.nix ++
-            import (inputs.julm-nix + "/nixpkgs/overlays.nix");
-        };
+        pkgs = import nixpkgsPath { inherit system; overlays = overlays system; };
       });
     in
     {
               nixos/default.nix
               (inputs.julm-nix + "/nixos/default.nix")
               (inputs.self + "/hosts/${hostName}.nix")
-              {
+              ({ config, ... }: {
                 _module.args = {
                   inherit hostName;
                   hosts = inputs.self.nixosConfigurations;
                   host = inputs.self.nixosConfigurations.${hostName}._module.args;
                   info = import ./info.nix;
                 };
-                nixpkgs.overlays =
-                  import nixpkgs/overlays.nix ++
-                  import (inputs.julm-nix + "/nixpkgs/overlays.nix");
+                nixpkgs.overlays = overlays config.nixpkgs.hostPlatform.system;
                 #nixpkgs.buildPlatform = "x86_64-linux";
                 nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "hplip" ];
-              }
+              })
               inputs.nixpkgs.nixosModules.notDetected
               inputs.home-manager.nixosModules.home-manager
               {
index c7b1fb5a8c54e442e686f5139023d233f0f2fe24..ed0e36766d4e41231d6ad29e124a2c233740f86b 100644 (file)
@@ -31,6 +31,7 @@
     mermet/postgresql.nix
     mermet/prosody.nix
     mermet/public-inbox.nix
+    mermet/radicle.nix
     mermet/rspamd.nix
     mermet/sanoid.nix
     mermet/security.nix
index da6168d09f1762d428f3a7739b347f160084590d..0fd19d128bb60c007d111a98c0db8084b0ba591f 100644 (file)
@@ -51,6 +51,7 @@ let
       whoami       A ${hosts.mermet._module.args.ipv4}
       code          A ${hosts.mermet._module.args.ipv4}
       miniflux      A ${hosts.mermet._module.args.ipv4}
+      radicle-mermet A ${hosts.mermet._module.args.ipv4}
 
       ; CNAME (Canonical Name)
       openconcerto     CNAME losurdo
@@ -68,6 +69,7 @@ let
       nix-extracache   CNAME losurdo
       nix-localcache   CNAME lan.losurdo
       sftp             CNAME losurdo
+      radicle          CNAME radicle-mermet
 
       ; DMARC (Domain-based Message Authentication, Reporting and Conformance)
       _dmarc 3600 IN TXT "v=DMARC1; p=none; pct=100; rua=mailto:root+dmarc+aggregate@sourcephile.fr; ruf=mailto:root+dmarc+forensic@sourcephile.fr"
diff --git a/hosts/mermet/radicle.nix b/hosts/mermet/radicle.nix
new file mode 100644 (file)
index 0000000..c1e1212
--- /dev/null
@@ -0,0 +1,25 @@
+{ config, pkgs, lib, hostName, ... }:
+let
+  domain = "sourcephile.fr";
+  srv = "radicle";
+in
+{
+  services.nginx.virtualHosts."${srv}.${domain}" = {
+    serverAliases = [ "${srv}-${hostName}.${domain}" ];
+    forceSSL = true;
+    useACMEHost = domain;
+    extraConfig = ''
+      access_log off;
+      error_log  /var/log/nginx/${domain}/${srv}/error.log warn;
+    '';
+    locations."/" = {
+      root = pkgs.radicle-explorer;
+      index = "index.html";
+      extraConfig = ''
+        try_files $uri $uri/ /index.html;
+      '';
+    };
+  };
+  systemd.services.nginx.serviceConfig.LogsDirectory =
+    lib.mkForce [ "nginx/${domain}/${srv}" ];
+}