ctucx.git: nixfiles

ctucx' nixfiles

commit 8af18018950603510026db9f9d103459031a83fe
parent f17628983f8619218fb20404bb5dece68c253bc3
Author: Leah (ctucx) <leah@ctu.cx>
Date: Tue, 17 May 2022 19:36:42 +0200

machines/osterei/websites: add flauschehorn.sexy
2 files changed, 98 insertions(+), 0 deletions(-)
M
machines/osterei/websites/default.nix
|
1
+
A
machines/osterei/websites/flauschehorn.sexy.nix
|
97
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff --git a/machines/osterei/websites/default.nix b/machines/osterei/websites/default.nix
@@ -5,6 +5,7 @@
   imports = [
     ./ctu.cx.nix
     ./photos.ctu.cx.nix
+    ./flauschehorn.sexy.nix
   ];
 
 }
diff --git a/machines/osterei/websites/flauschehorn.sexy.nix b/machines/osterei/websites/flauschehorn.sexy.nix
@@ -0,0 +1,97 @@
+{ pkgs, config, ...}:
+
+let
+  flauschehorn = pkgs.nimPackages.buildNimPackage {
+    name = "flauschehorn";
+
+    nimBinOnly  = true;
+    nimRelease  = true;
+
+    buildInputs = [ pkgs.sqlite ];
+
+    src = pkgs.fetchgit {
+      url    = "https://cgit.ctu.cx/flauschehorn.sexy";
+      rev    = "993cb3388e41506aed2875971a980becc348ccb0";
+      sha256 = "164mrbhq7aq19b577ddwgs47s6d6lzjzs6nnr9bzavpc2f6ai07z";
+    };
+  };
+
+in {
+
+  users = {
+    users."flauschehorn" = {
+      home = "/var/lib/flauschehorn";
+      group = "flauschehorn";
+      isSystemUser = true;
+    };
+    groups."flauschehorn" = {};
+  };
+
+  systemd = {
+    services.flauschehorn-fetcher = {
+      after       = [ "network-online.target" ];
+      environment = {
+        DB_PATH = "hornpostings.db";
+      };
+      serviceConfig = {
+        Type = "oneshot";
+
+        ExecStart = "${flauschehorn}/bin/mastofetch";
+
+        User  = "flauschehorn";
+        Group = "flauschehorn";
+
+        WorkingDirectory        = "~";
+        StateDirectory          = "flauschehorn";
+        StateDirectoryMode      = "755";
+
+        NoNewPrivileges         = true;
+        PrivateTmp              = true;
+        PrivateDevices          = true;
+
+        RestrictAddressFamilies = "AF_INET AF_INET6";
+        RestrictNamespaces      = true;
+        RestrictRealtime        = true;
+
+        ProtectSystem           = "full";
+        ProtectControlGroups    = true;
+        ProtectKernelModules    = true;
+        ProtectKernelTunables   = true;
+
+        DevicePolicy            = "closed";
+        LockPersonality         = true;
+      };
+    };
+
+    timers.flauschehorn-fetcher = {
+      wantedBy     = [ "timers.target" ];
+      partOf       = [ "flauschehorn-fetcher.service" ];
+      timerConfig  = {
+        OnCalendar         = "*-*-* 3:00:00";
+        RandomizedDelaySec = 300;
+        Unit               = "flauschehorn-fetcher.service";
+      };
+    };
+  };
+
+  services = {
+    fcgiwrap.enable = true;
+    nginx = {
+      enable = true;
+      virtualHosts."flauschehorn.sexy" = {
+        enableACME = true;
+        forceSSL   = true;
+        locations  = {
+          "/".extraConfig = ''
+            include "${pkgs.nginx}/conf/fastcgi_params";
+            fastcgi_param SCRIPT_FILENAME "${flauschehorn}/bin/website";
+            fastcgi_param DB_PATH         "/var/lib/flauschehorn/hornpostings.db";
+            fastcgi_param QUERY_STRING    $args;
+            fastcgi_pass  unix:${config.services.fcgiwrap.socketAddress};
+          '';
+        };
+      };
+    };
+  };
+
+}