-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathflake.nix
172 lines (156 loc) · 6.53 KB
/
flake.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
{
description = "A simple Go package";
# Nixpkgs / NixOS version to use.
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
outputs = { self, nixpkgs }:
let
# to work with older version of flakes
lastModifiedDate = self.lastModifiedDate or self.lastModified or "19700101";
# Generate a user-friendly version number.
version = builtins.substring 0 8 lastModifiedDate;
# System types to support.
supportedSystems = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ];
# Helper function to generate an attrset '{ x86_64-linux = f "x86_64-linux"; ... }'.
forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
# Nixpkgs instantiated for supported system types.
nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; });
in
{
nixosModule = { config, options, lib, pkgs, ... }:
let
cfg = config.services.xynoblog;
xb = self.packages.${pkgs.system}.xynoblog;
in
with lib;
{
options.services.xynoblog = {
enable = mkOption {
type = types.bool;
default = false;
description = "wether to enable the xynoblog blog engine";
};
listen = mkOption {
type = types.str;
default = ":8392";
description = "the domain/post xynoblog listens on";
};
stateDirectory = mkOption {
type = types.str;
default = "xynoblog";
description = "dir to store the sqlite3 database (relative to /var/lib)";
};
};
config = mkIf cfg.enable {
users.users.xynoblog = {
group = "xynoblog";
isSystemUser = true;
};
users.groups.xynoblog = { };
environment.systemPackages = [
xb
];
systemd.services.xynoblog = {
description = "xynoblog blog engine";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "xynoblog";
Group = "xynoblog";
PrivateTmp = "true";
PrivateDevices = "true";
ProtectHome = "true";
ProtectSystem = "strict";
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
Environment = "GIN_MODE=release";
ExecStart = "${xb}/bin/xynoblog serve --listen \"${cfg.listen}\" --db /var/lib/${cfg.stateDirectory}/blog.db --mediadir /var/lib/${cfg.stateDirectory}/media";
StateDirectory = cfg.stateDirectory;
};
};
};
};
# Provide some binary packages for selected system types.
packages = forAllSystems (system:
let
pkgs = nixpkgsFor.${system};
in
{
xynoblog_tmpl =
pkgs.mkYarnPackage rec {
pname = "xynoblog_tmpl";
workspaceDependencies =
let
deps = map
(x:
pkgs.mkYarnPackage {
src = "${./packages}/${x}";
yarnLock = src + "/yarn.lock";
fixupPhase = "true";
inherit version offlineCache;
}
)
(builtins.attrNames (builtins.readDir ./packages));
in
deps;
inherit version;
offlineCache = pkgs.fetchYarnDeps {
yarnLock = src + "/yarn.lock";
sha256 = "sha256-KBPfBivLS72DnrS+d8D/8rEjPtqkkiH35o3BuNdZ/lI=";
#sha256 = pkgs.lib.fakeSha256;
};
src = ./.;
distPhase = "true";
installPhase = "true";
doCheck = false;
fixupPhase = "true";
buildPhase = ''
export HOME=$(mktemp -d)
echo $node_modules
mkdir -p $out/templates
yarn --offline build --dist-dir $out/templates
'';
};
xynoblog =
pkgs.buildGoModule rec {
pname = "xynoblog";
inherit version;
# In 'nix develop', we don't need a copy of the source tree
# in the Nix store.
src = ./.;
nativeBuildInputs = let
quicktemplate = pkgs.quicktemplate.overrideAttrs (prev: curr: { doCheck = false; });
in [ pkgs.installShellFiles pkgs.makeWrapper quicktemplate pkgs.pkg-config ];
buildInputs = [ pkgs.libwebp ];
preConfigure = ''
cp -r ${self.packages.${pkgs.system}.xynoblog_tmpl}/{statics,templates} .
chmod +w -R ./{statics,templates}
qtc -dir=templates
'';
postInstall = ''
installShellCompletion --cmd ${pname} \
--bash <($out/bin/${pname} completion bash) \
--fish <($out/bin/${pname} completion fish) \
--zsh <($out/bin/${pname} completion zsh)
'';
# This hash locks the dependencies of this package. It is
# necessary because of how Go requires network access to resolve
# VCS. See https://www.tweag.io/blog/2021-03-04-gomod2nix/ for
# details. Normally one can build with a fake sha256 and rely on native Go
# mechanisms to tell you what the hash should be or determine what
# it should be "out-of-band" with other tooling (eg. gomod2nix).
# To begin with it is recommended to set this, but one must
# remeber to bump this hash when your dependencies change.
vendorHash = "sha256-dTXPJ43LGHWdgcAVoxkAOxIul8/NsztWFcNn3QWdVFE=";
#vendorSha256 = "sha256-PafmHjr0D69Pdp5FAwSC/2RtPBUAdbtDq7yEngteXNk=";
};
});
# The default package for 'nix build'. This makes sense if the
# flake provides only one package or there is a clear "main"
# package.
defaultPackage = forAllSystems (system: self.packages.${system}.xynoblog);
devShell = forAllSystems (system:
let pkgs = nixpkgsFor.${system}; in
(pkgs.mkShell {
buildInputs = [ pkgs.nixpkgs-fmt pkgs.gopls pkgs.go pkgs.lefthook pkgs.libwebp pkgs.sqlc pkgs.yarn (pkgs.quicktemplate.overrideAttrs (prev: curr: { doCheck = false; }))];
}));
};
}