{ fetchFromGitLab, pkgs, ... }: let host = "127.0.0.1"; port = 8080; user = "website-host-user"; repo = "https://git.spoodythe.one/spoody/website"; in { imports = [./nginx.nix]; services.nginx.virtualHosts."spoodythe.one" = { enableACME = true; forceSSL = true; default = true; locations."/" = { proxyPass = "http://${host}:${toString port}"; }; }; users.users."${user}" = { isSystemUser = true; home = "/home/${user}"; createHome = true; group = "${user}"; shell = pkgs.bash; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG90JNokb4/4DZ/2tHS8Lj/jq+UiA0B2g+MFeM8KuA6Y website-host-user@server" ]; }; users.groups."${user}" = {}; security.sudo.extraRules = [ { users = ["${user}"]; commands = [ { command = "/run/current-system/sw/bin/systemctl restart rebuild-website.service"; options = ["SETENV" "NOPASSWD"]; } { command = "/run/current-system/sw/bin/systemd-run -d --uid website-host-user ./webbisitey"; options = ["SETENV" "NOPASSWD"]; } ]; } ]; systemd.services."rebuild-website" = { description = "Service for running my website"; wants = ["network-online.target"]; after = ["network-online.target"]; wantedBy = ["multi-user.target"]; script = '' echo "Making temporary folder" path=$(mktemp -d) echo "Cloning repo" ${pkgs.git}/bin/git clone ${repo} "$path" echo "cd $path" cd "$path" echo "[nix build] Rebuilding website flake..." ${pkgs.nix}/bin/nix build # build echo "[killall] Killing previous website process" ${pkgs.killall}/bin/killall webbisitey || true # stop old website echo "Changing directory to build result..." cd result/bin # cd into result folder echo "[systemd-run] Running webbisitey-wrapped..." /run/wrappers/bin/sudo /run/current-system/sw/bin/systemd-run -d --uid ${user} ./webbisitey # run new website ''; serviceConfig = { Type = "oneshot"; RemainsAfterExit = true; User = user; WorkingDirectory = "/tmp"; }; }; }