spoody/server-configuration
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
server-configuration/services/website.nix
baritone 2fa176db17 bunch of stuff 
zero downtime website deployment

forgejo runners

media folder stuff
2025-04-01 15:50:31 +02:00

80 lines
2.3 KiB
Nix
Executable file
Raw Blame History

{
fetchFromGitLab,
pkgs,
...
}: let
host = "127.0.0.1";
port = 8080;
user = "website-host-user";
repo = "https://git.spoodythe.one/spoody/website";
in {
imports = [./nginx.nix];
services.nginx.virtualHosts."spoodythe.one" = {
enableACME = true;
forceSSL = true;
default = true;
locations."/" = {
proxyPass = "http://${host}:${toString port}";
};
};
users.users."${user}" = {
isSystemUser = true;
home = "/home/${user}";
createHome = true;
group = "${user}";
shell = pkgs.bash;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG90JNokb4/4DZ/2tHS8Lj/jq+UiA0B2g+MFeM8KuA6Y website-host-user@server"
];
};
users.groups."${user}" = {};
security.sudo.extraRules = [
{
users = ["${user}"];
commands = [
{
command = "/run/current-system/sw/bin/systemctl restart rebuild-website.service";
options = ["SETENV" "NOPASSWD"];
}
{
command = "/run/current-system/sw/bin/systemd-run -d --uid website-host-user ./webbisitey";
options = ["SETENV" "NOPASSWD"];
}
];
}
];
systemd.services."rebuild-website" = {
description = "Service for running my website";
wants = ["network-online.target"];
after = ["network-online.target"];
wantedBy = ["multi-user.target"];
script = ''
echo "Making temporary folder"
path=$(mktemp -d)
echo "Cloning repo"
${pkgs.git}/bin/git clone ${repo} "$path"
echo "cd $path"
cd "$path"
echo "[nix build] Rebuilding website flake..."
${pkgs.nix}/bin/nix build # build
echo "[killall] Killing previous website process"
${pkgs.killall}/bin/killall webbisitey || true # stop old website
echo "Changing directory to build result..."
cd result/bin # cd into result folder
echo "[systemd-run] Running webbisitey-wrapped..."
/run/wrappers/bin/sudo /run/current-system/sw/bin/systemd-run -d --uid ${user} ./webbisitey # run new website
'';
serviceConfig = {
Type = "oneshot";
RemainsAfterExit = true;
User = user;
WorkingDirectory = "/tmp";
};
};
}
Reference in a new issue View git blame Copy permalink