eeep.ee / nixos
my nixos config
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

Fully Automated Luxury Gay Space Communism, aka website updater & etag

chfour ab7337c1 20f3be93

+71 -19
+71 -19
machines/fovps/services/caddy/website.nix
··· 1 - { pkgs, config, website, ... }: 1 + { pkgs, config, ... }: 2 2 3 + # TODO: maybe make this into a module or sth 3 4 let 4 - websiteDest = "${config.services.caddy.dataDir}/website"; 5 - websitePath = builtins.toString website.website.out; 6 - in 7 - { 5 + source = "github:chfour/website3#website"; 6 + dataDir = "/var/lib/website"; 7 + user = config.services.caddy.user; 8 + group = config.services.caddy.group; 9 + in { 10 + systemd.tmpfiles.rules = [ 11 + "d ${dataDir}/ 0755 ${user} ${group} - -" 12 + "f ${dataDir}/etag 0755 ${user} ${group} -" 13 + ]; 8 14 services.caddy.virtualHosts = { 9 15 "eeep.ee".extraConfig = '' 10 16 import errors 11 17 import bots 12 18 13 - root * ${websiteDest} 14 - encode zstd gzip 15 - file_server 19 + handle { 20 + root * ${dataDir}/current/var/www 21 + encode zstd gzip 22 + header { 23 + -Last-modified 24 + import ${dataDir}/etag 25 + } 26 + file_server 27 + } 16 28 ''; 17 29 }; 18 - system.activationScripts = { 19 - copyWebsite = { 30 + systemd.services.update-website = let 31 + updater-unpriv = pkgs.writeShellApplication { 32 + name = "website-updater-unpriv"; 33 + runtimeInputs = [ config.nix.package ]; 20 34 text = '' 21 - # epic hack hacky hackk 22 - mkdir -p ${websiteDest} 23 - ${pkgs.lib.getExe pkgs.rsync} -r --copy-links --delete \ 24 - ${websitePath}/var/www/ ${websiteDest} 35 + cd "${dataDir}" 36 + # build 37 + rm -f next 38 + nix build "${source}".out --out-link next 39 + nextPath="$(readlink next)" 25 40 26 - # :trol: 27 - ${pkgs.lib.getExe pkgs.gnused} -i \ 28 - 's|/nix/store/VERY5p3c14lsecretv4luereplaceme0-chfour-website|${websitePath}|' \ 29 - ${websiteDest}/index.html 41 + # if the link target is the same (no changes) then exit, theres nothing to do 42 + [ -e current ] && 43 + [ "$nextPath" = "$(readlink current)" ] && 44 + rm next && exit 45 + 46 + # atomically swap 47 + mv next current 48 + echo 'Etag "\"'"''${nextPath##*/}"'\""' > ${dataDir}/etag 30 49 ''; 31 - deps = []; 50 + }; 51 + in { 52 + description = "Fully Automated Luxury Gay Space Communism"; 53 + 54 + # Behavior of oneshot is similar to simple; however, the 55 + # service manager will consider the unit up after the main 56 + # process exits. It will then start follow-up units. 57 + before = [ "caddy.service" ]; 58 + wantedBy = [ "caddy.service" ]; 59 + 60 + path = [ pkgs.sudo config.systemd.package ]; 61 + script = '' 62 + sudo -u ${user} -g ${group} \ 63 + ${updater-unpriv}/bin/website-updater-unpriv 64 + 65 + # reload bc etag changed 66 + systemctl is-active --quiet caddy.service && 67 + systemctl reload --no-block caddy.service || true 68 + ''; 69 + # --no-block because it seems systemd blocks 70 + # the reload until this service finishes... 71 + # so it deadlocks here if caddy is running 72 + # it's also fine because we only change Etag 73 + # which shouldn't have any syntax errors... 74 + # so it's not really our problem if something 75 + # shits the bed 76 + serviceConfig = { 77 + Type = "oneshot"; 78 + User = "root"; 79 + Group = "root"; 32 80 }; 81 + startAt = "05,17:00"; 82 + }; 83 + systemd.timers.update-website = { 84 + timerConfig.RandomOffsetSec = "5h"; 33 85 }; 34 86 }