xeiaso.net / site
The code and data behind xeiaso.net
5
fork

Configure Feed

Select the types of activity you want to include in your feed.

nix nix

Signed-off-by: Xe Iaso <me@xeiaso.net>

Xe Iaso b1c21aca 01d4314a

-699
-344
flake.lock
··· 1 - { 2 - "nodes": { 3 - "alpineLinux": { 4 - "flake": false, 5 - "locked": { 6 - "narHash": "sha256-5GM+4nNrWrE3idQiWlAq7bghb7IE6j/JncEfG1qM4jM=", 7 - "type": "file", 8 - "url": "https://cdn.xeiaso.net/file/christine-static/hack/alpine-amd64-3.19.0-1.tar" 9 - }, 10 - "original": { 11 - "type": "file", 12 - "url": "https://cdn.xeiaso.net/file/christine-static/hack/alpine-amd64-3.19.0-1.tar" 13 - } 14 - }, 15 - "crane": { 16 - "inputs": { 17 - "nixpkgs": [ 18 - "typst", 19 - "nixpkgs" 20 - ] 21 - }, 22 - "locked": { 23 - "lastModified": 1698166613, 24 - "narHash": "sha256-y4rdN4flxRiROqNi1waMYIZj/Fs7L2OrszFk/1ry9vU=", 25 - "owner": "ipetkov", 26 - "repo": "crane", 27 - "rev": "b7db46f0f1751f7b1d1911f6be7daf568ad5bc65", 28 - "type": "github" 29 - }, 30 - "original": { 31 - "owner": "ipetkov", 32 - "repo": "crane", 33 - "type": "github" 34 - } 35 - }, 36 - "deno2nix": { 37 - "inputs": { 38 - "devshell": "devshell", 39 - "flake-compat": "flake-compat", 40 - "flake-utils": [ 41 - "flake-utils" 42 - ], 43 - "nixpkgs": [ 44 - "nixpkgs" 45 - ] 46 - }, 47 - "locked": { 48 - "lastModified": 1670562741, 49 - "narHash": "sha256-13PVEXOYrbsGn05bIp/WWhG6lREgfcQtRTQU9Jd4g8w=", 50 - "owner": "Xe", 51 - "repo": "deno2nix", 52 - "rev": "db3563f20f74eab34e2c268e2a159325df315085", 53 - "type": "github" 54 - }, 55 - "original": { 56 - "owner": "Xe", 57 - "repo": "deno2nix", 58 - "type": "github" 59 - } 60 - }, 61 - "devshell": { 62 - "inputs": { 63 - "flake-utils": [ 64 - "deno2nix", 65 - "flake-utils" 66 - ], 67 - "nixpkgs": [ 68 - "deno2nix", 69 - "nixpkgs" 70 - ] 71 - }, 72 - "locked": { 73 - "lastModified": 1667210711, 74 - "narHash": "sha256-IoErjXZAkzYWHEpQqwu/DeRNJGFdR7X2OGbkhMqMrpw=", 75 - "owner": "numtide", 76 - "repo": "devshell", 77 - "rev": "96a9dd12b8a447840cc246e17a47b81a4268bba7", 78 - "type": "github" 79 - }, 80 - "original": { 81 - "owner": "numtide", 82 - "repo": "devshell", 83 - "type": "github" 84 - } 85 - }, 86 - "flake-compat": { 87 - "flake": false, 88 - "locked": { 89 - "lastModified": 1668681692, 90 - "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", 91 - "owner": "edolstra", 92 - "repo": "flake-compat", 93 - "rev": "009399224d5e398d03b22badca40a37ac85412a1", 94 - "type": "github" 95 - }, 96 - "original": { 97 - "owner": "edolstra", 98 - "repo": "flake-compat", 99 - "type": "github" 100 - } 101 - }, 102 - "flake-compat_2": { 103 - "flake": false, 104 - "locked": { 105 - "lastModified": 1696426674, 106 - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", 107 - "owner": "edolstra", 108 - "repo": "flake-compat", 109 - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", 110 - "type": "github" 111 - }, 112 - "original": { 113 - "owner": "edolstra", 114 - "repo": "flake-compat", 115 - "type": "github" 116 - } 117 - }, 118 - "flake-parts": { 119 - "inputs": { 120 - "nixpkgs-lib": "nixpkgs-lib" 121 - }, 122 - "locked": { 123 - "lastModified": 1696343447, 124 - "narHash": "sha256-B2xAZKLkkeRFG5XcHHSXXcP7To9Xzr59KXeZiRf4vdQ=", 125 - "owner": "hercules-ci", 126 - "repo": "flake-parts", 127 - "rev": "c9afaba3dfa4085dbd2ccb38dfade5141e33d9d4", 128 - "type": "github" 129 - }, 130 - "original": { 131 - "id": "flake-parts", 132 - "type": "indirect" 133 - } 134 - }, 135 - "flake-utils": { 136 - "inputs": { 137 - "systems": "systems" 138 - }, 139 - "locked": { 140 - "lastModified": 1710146030, 141 - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", 142 - "owner": "numtide", 143 - "repo": "flake-utils", 144 - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", 145 - "type": "github" 146 - }, 147 - "original": { 148 - "owner": "numtide", 149 - "repo": "flake-utils", 150 - "type": "github" 151 - } 152 - }, 153 - "gomod2nix": { 154 - "inputs": { 155 - "flake-utils": [ 156 - "flake-utils" 157 - ], 158 - "nixpkgs": [ 159 - "nixpkgs" 160 - ] 161 - }, 162 - "locked": { 163 - "lastModified": 1716202913, 164 - "narHash": "sha256-zjPNXI4DWBOrPsrK8u/XTsm5Q36quONQvz0jhAKHEeg=", 165 - "owner": "nix-community", 166 - "repo": "gomod2nix", 167 - "rev": "4702caff8e201f4c98fe3583637a930d253447c8", 168 - "type": "github" 169 - }, 170 - "original": { 171 - "owner": "nix-community", 172 - "repo": "gomod2nix", 173 - "type": "github" 174 - } 175 - }, 176 - "iosevka": { 177 - "inputs": { 178 - "nixpkgs": "nixpkgs", 179 - "utils": "utils" 180 - }, 181 - "locked": { 182 - "lastModified": 1698939764, 183 - "narHash": "sha256-CH68pMKscwAxi/N5xbRlZ5i2NNzMZx6fjzcQkPN3bSw=", 184 - "owner": "Xe", 185 - "repo": "iosevka", 186 - "rev": "faa4a6ed96820a85790244f9b65c4b0f4604ae2d", 187 - "type": "github" 188 - }, 189 - "original": { 190 - "owner": "Xe", 191 - "repo": "iosevka", 192 - "type": "github" 193 - } 194 - }, 195 - "nixpkgs": { 196 - "locked": { 197 - "lastModified": 1698611440, 198 - "narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=", 199 - "owner": "NixOS", 200 - "repo": "nixpkgs", 201 - "rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735", 202 - "type": "github" 203 - }, 204 - "original": { 205 - "id": "nixpkgs", 206 - "ref": "nixos-unstable", 207 - "type": "indirect" 208 - } 209 - }, 210 - "nixpkgs-lib": { 211 - "locked": { 212 - "dir": "lib", 213 - "lastModified": 1696019113, 214 - "narHash": "sha256-X3+DKYWJm93DRSdC5M6K5hLqzSya9BjibtBsuARoPco=", 215 - "owner": "NixOS", 216 - "repo": "nixpkgs", 217 - "rev": "f5892ddac112a1e9b3612c39af1b72987ee5783a", 218 - "type": "github" 219 - }, 220 - "original": { 221 - "dir": "lib", 222 - "owner": "NixOS", 223 - "ref": "nixos-unstable", 224 - "repo": "nixpkgs", 225 - "type": "github" 226 - } 227 - }, 228 - "nixpkgs_2": { 229 - "locked": { 230 - "lastModified": 1716330097, 231 - "narHash": "sha256-8BO3B7e3BiyIDsaKA0tY8O88rClYRTjvAp66y+VBUeU=", 232 - "owner": "NixOS", 233 - "repo": "nixpkgs", 234 - "rev": "5710852ba686cc1fd0d3b8e22b3117d43ba374c2", 235 - "type": "github" 236 - }, 237 - "original": { 238 - "id": "nixpkgs", 239 - "ref": "nixos-unstable", 240 - "type": "indirect" 241 - } 242 - }, 243 - "root": { 244 - "inputs": { 245 - "alpineLinux": "alpineLinux", 246 - "deno2nix": "deno2nix", 247 - "flake-compat": "flake-compat_2", 248 - "flake-utils": "flake-utils", 249 - "gomod2nix": "gomod2nix", 250 - "iosevka": "iosevka", 251 - "nixpkgs": "nixpkgs_2", 252 - "typst": "typst" 253 - } 254 - }, 255 - "systems": { 256 - "locked": { 257 - "lastModified": 1681028828, 258 - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 259 - "owner": "nix-systems", 260 - "repo": "default", 261 - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 262 - "type": "github" 263 - }, 264 - "original": { 265 - "owner": "nix-systems", 266 - "repo": "default", 267 - "type": "github" 268 - } 269 - }, 270 - "systems_2": { 271 - "locked": { 272 - "lastModified": 1681028828, 273 - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 274 - "owner": "nix-systems", 275 - "repo": "default", 276 - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 277 - "type": "github" 278 - }, 279 - "original": { 280 - "owner": "nix-systems", 281 - "repo": "default", 282 - "type": "github" 283 - } 284 - }, 285 - "systems_3": { 286 - "locked": { 287 - "lastModified": 1681028828, 288 - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 289 - "owner": "nix-systems", 290 - "repo": "default", 291 - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 292 - "type": "github" 293 - }, 294 - "original": { 295 - "owner": "nix-systems", 296 - "repo": "default", 297 - "type": "github" 298 - } 299 - }, 300 - "typst": { 301 - "inputs": { 302 - "crane": "crane", 303 - "flake-parts": "flake-parts", 304 - "nixpkgs": [ 305 - "nixpkgs" 306 - ], 307 - "systems": "systems_3" 308 - }, 309 - "locked": { 310 - "lastModified": 1716584994, 311 - "narHash": "sha256-4Y8zxWYpa8nD5ivHz9My5xu892XqqRS3mDzD5kTlMgo=", 312 - "owner": "typst", 313 - "repo": "typst", 314 - "rev": "ea4c64a7997556871934e20be7415cba8ec275a5", 315 - "type": "github" 316 - }, 317 - "original": { 318 - "owner": "typst", 319 - "repo": "typst", 320 - "type": "github" 321 - } 322 - }, 323 - "utils": { 324 - "inputs": { 325 - "systems": "systems_2" 326 - }, 327 - "locked": { 328 - "lastModified": 1694529238, 329 - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", 330 - "owner": "numtide", 331 - "repo": "flake-utils", 332 - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", 333 - "type": "github" 334 - }, 335 - "original": { 336 - "owner": "numtide", 337 - "repo": "flake-utils", 338 - "type": "github" 339 - } 340 - } 341 - }, 342 - "root": "root", 343 - "version": 7 344 - }
-202
flake.nix
··· 1 - { 2 - description = "A very basic flake"; 3 - 4 - inputs = { 5 - nixpkgs.url = "nixpkgs/nixos-unstable"; 6 - flake-utils.url = "github:numtide/flake-utils"; 7 - 8 - flake-compat = { 9 - url = "github:edolstra/flake-compat"; 10 - flake = false; 11 - }; 12 - 13 - deno2nix = { 14 - url = "github:Xe/deno2nix"; 15 - inputs.nixpkgs.follows = "nixpkgs"; 16 - inputs.flake-utils.follows = "flake-utils"; 17 - }; 18 - 19 - gomod2nix = { 20 - url = "github:nix-community/gomod2nix"; 21 - inputs.nixpkgs.follows = "nixpkgs"; 22 - inputs.flake-utils.follows = "flake-utils"; 23 - }; 24 - 25 - # Explicitly pulling from that version of nixpkgs to avoid font duplication. 26 - iosevka.url = "github:Xe/iosevka"; 27 - 28 - typst.url = "github:typst/typst"; 29 - typst.inputs.nixpkgs.follows = "nixpkgs"; 30 - 31 - alpineLinux = { 32 - flake = false; 33 - url = 34 - "file+https://cdn.xeiaso.net/file/christine-static/hack/alpine-amd64-3.19.0-1.tar"; 35 - }; 36 - }; 37 - 38 - outputs = { self, nixpkgs, flake-utils, deno2nix, iosevka, typst, gomod2nix 39 - , alpineLinux, ... }: 40 - flake-utils.lib.eachSystem [ 41 - "x86_64-linux" 42 - "aarch64-linux" 43 - "aarch64-darwin" 44 - ] (system: 45 - let 46 - graft = pkgs: pkg: 47 - pkg.override { buildGoModule = pkgs.buildGo122Module; }; 48 - pkgs = import nixpkgs { 49 - inherit system; 50 - overlays = [ 51 - deno2nix.overlays.default 52 - typst.overlays.default 53 - (final: prev: { 54 - go = prev.go_1_22; 55 - go-tools = graft prev prev.go-tools; 56 - gotools = graft prev prev.gotools; 57 - gopls = graft prev prev.gopls; 58 - }) 59 - gomod2nix.overlays.default 60 - ]; 61 - }; 62 - src = ./.; 63 - lib = pkgs.lib; 64 - 65 - fontsConf = pkgs.symlinkJoin { 66 - name = "typst-fonts"; 67 - paths = [ "${self.packages.${system}.iosevka}/static/css/iosevka" ]; 68 - }; 69 - 70 - typstWithIosevka = pkgs.writeShellApplication { 71 - name = "typst"; 72 - text = '' 73 - ${pkgs.typst-dev}/bin/typst \ 74 - compile \ 75 - --font-path ${fontsConf} \ 76 - "$@" 77 - ''; 78 - runtimeInputs = [ ]; 79 - }; 80 - 81 - # Generate a user-friendly version number. 82 - version = builtins.substring 0 8 self.lastModifiedDate; 83 - in rec { 84 - packages = rec { 85 - bin = pkgs.buildGoApplication { 86 - pname = "xesite_v4"; 87 - inherit version; 88 - src = ./.; 89 - modules = ./gomod2nix.toml; 90 - subPackages = [ "cmd/xesite" ]; 91 - }; 92 - 93 - patreon-bin = pkgs.buildGoApplication { 94 - pname = "patreon-saasproxy"; 95 - inherit version; 96 - src = ./.; 97 - modules = ./gomod2nix.toml; 98 - subPackages = [ "cmd/patreon-saasproxy" ]; 99 - }; 100 - 101 - iosevka = pkgs.stdenvNoCC.mkDerivation { 102 - name = "xesite-iosevka"; 103 - buildInputs = with pkgs; [ 104 - python311Packages.brotli 105 - python311Packages.fonttools 106 - ]; 107 - dontUnpack = true; 108 - buildPhase = '' 109 - mkdir -p out 110 - ${pkgs.unzip}/bin/unzip ${ 111 - self.inputs.iosevka.packages.${system}.default 112 - }/ttf.zip 113 - for ttf in ttf/*.ttf; do 114 - cp $ttf out 115 - name=`basename -s .ttf $ttf` 116 - pyftsubset \ 117 - $ttf \ 118 - --output-file=out/"$name".woff2 \ 119 - --flavor=woff2 \ 120 - --layout-features=* \ 121 - --no-hinting \ 122 - --desubroutinize \ 123 - --unicodes="U+0000-0170,U+00D7,U+00F7,U+2000-206F,U+2074,U+20AC,U+2122,U+2190-21BB,U+2212,U+2215,U+F8FF,U+FEFF,U+FFFD,U+00E8" 124 - done 125 - ''; 126 - installPhase = '' 127 - mkdir -p $out/static/css/iosevka 128 - cp out/* $out/static/css/iosevka 129 - ''; 130 - }; 131 - 132 - docker = pkgs.dockerTools.buildLayeredImage { 133 - name = "ghcr.io/xe/site/bin"; 134 - tag = "latest"; 135 - fromImage = alpineLinux; 136 - contents = with pkgs; [ cacert typst-dev dhall-json deno git ]; 137 - config = { 138 - Cmd = [ "${bin}/bin/xesite" "--data-dir=/data" ]; 139 - Env = [ 140 - "HOME=/data" 141 - "DHALL_PRELUDE=${pkgs.dhallPackages.Prelude}" 142 - "TYPST_FONT_PATHS=${fontsConf}" 143 - ]; 144 - Volumes."/data" = { }; 145 - }; 146 - }; 147 - 148 - patreon-docker = pkgs.dockerTools.buildLayeredImage { 149 - name = "ghcr.io/xe/site/patreon"; 150 - tag = "latest"; 151 - contents = with pkgs; [ cacert ]; 152 - config = { 153 - Cmd = [ "${patreon-bin}/bin/patreon-saasproxy" ]; 154 - Env = [ "HOME=/data" ]; 155 - Volumes."/data" = { }; 156 - }; 157 - }; 158 - }; 159 - 160 - devShell = pkgs.mkShell { 161 - buildInputs = with pkgs; [ 162 - # Go 163 - go 164 - go-tools 165 - gotools 166 - gopls 167 - gomod2nix.packages.${system}.default 168 - 169 - # dhall 170 - dhall 171 - dhall-json 172 - typst-dev 173 - pagefind 174 - 175 - # frontend 176 - deno 177 - nodePackages.uglify-js 178 - esbuild 179 - zig 180 - nodejs 181 - 182 - protobuf 183 - protoc-gen-go 184 - protoc-gen-twirp 185 - 186 - jq 187 - jo 188 - 189 - earthly 190 - 191 - # tools 192 - ispell 193 - pandoc 194 - python311Packages.fonttools 195 - ]; 196 - 197 - DHALL_PRELUDE = "${pkgs.dhallPackages.Prelude}"; 198 - TYPST_FONT_PATHS = "${fontsConf}"; 199 - FLY_REGION = "dev"; 200 - }; 201 - }); 202 - }
-153
xesite.nix
··· 1 - self: 2 - { config, lib, ... }: 3 - with lib; 4 - let cfg = config.xeserv.services.xesite; 5 - in { 6 - options.xeserv.services.xesite = { 7 - enable = mkEnableOption "Activates my personal website"; 8 - useACME = mkEnableOption "Enables ACME for cert stuff"; 9 - 10 - port = mkOption { 11 - type = types.port; 12 - default = 32837; 13 - example = 9001; 14 - description = "The port number xesite should listen on for HTTP traffic"; 15 - }; 16 - 17 - domain = mkOption { 18 - type = types.str; 19 - default = "${config.networking.hostName}.shark-harmonic.ts.net"; 20 - example = "xeiaso.net"; 21 - description = 22 - "The domain name that nginx should check against for HTTP hostnames"; 23 - }; 24 - 25 - sockPath = mkOption rec { 26 - type = types.str; 27 - default = "/srv/within/run/xesite.sock"; 28 - example = default; 29 - description = "The unix domain socket that xesite should listen on"; 30 - }; 31 - }; 32 - 33 - config = mkIf cfg.enable { 34 - users.users.xesite = { 35 - createHome = true; 36 - description = "github.com/Xe/site"; 37 - isSystemUser = true; 38 - group = "within"; 39 - home = "/srv/within/xesite"; 40 - extraGroups = [ "keys" ]; 41 - }; 42 - 43 - systemd.services.xesite = { 44 - wantedBy = [ "multi-user.target" ]; 45 - 46 - serviceConfig = { 47 - User = "xesite"; 48 - Group = "within"; 49 - Restart = "on-failure"; 50 - WorkingDirectory = "/srv/within/xesite"; 51 - RestartSec = "30s"; 52 - Type = "notify"; 53 - 54 - # Security 55 - CapabilityBoundingSet = ""; 56 - DeviceAllow = [ ]; 57 - NoNewPrivileges = "true"; 58 - ProtectControlGroups = "true"; 59 - ProtectClock = "true"; 60 - PrivateDevices = "true"; 61 - PrivateUsers = "true"; 62 - ProtectHome = "true"; 63 - ProtectHostname = "true"; 64 - ProtectKernelLogs = "true"; 65 - ProtectKernelModules = "true"; 66 - ProtectKernelTunables = "true"; 67 - ProtectSystem = "true"; 68 - ProtectProc = "invisible"; 69 - RemoveIPC = "true"; 70 - RestrictSUIDSGID = "true"; 71 - RestrictRealtime = "true"; 72 - SystemCallArchitectures = "native"; 73 - SystemCallFilter = [ 74 - "~@reboot" 75 - "~@module" 76 - "~@mount" 77 - "~@swap" 78 - "~@resources" 79 - "~@cpu-emulation" 80 - "~@obsolete" 81 - "~@debug" 82 - "~@privileged" 83 - ]; 84 - UMask = "007"; 85 - }; 86 - 87 - script = let site = self.packages.${system}.default; 88 - in '' 89 - [ -f /srv/within/xesite/.env ] && export $(cat /srv/within/xesite/.env | xargs) 90 - export SOCKPATH=${cfg.sockPath} 91 - export DOMAIN=${toString cfg.domain} 92 - cd ${site} 93 - exec ${site}/bin/xesite 94 - ''; 95 - }; 96 - 97 - services.nginx.virtualHosts."xelaso.net" = let 98 - proxyOld = { 99 - proxyPass = "http://unix:${toString cfg.sockPath}"; 100 - proxyWebsockets = true; 101 - }; 102 - in { 103 - locations."/jsonfeed" = proxyOld; 104 - locations."/.within/health" = proxyOld; 105 - locations."/.within/website.within.xesite/new_post" = proxyOld; 106 - locations."/blog.rss" = proxyOld; 107 - locations."/blog.atom" = proxyOld; 108 - locations."/blog.json" = proxyOld; 109 - locations."/".extraConfig = '' 110 - return 301 https://xeiaso.net$request_uri; 111 - ''; 112 - forceSSL = cfg.useACME; 113 - useACMEHost = "xeiaso.net"; 114 - extraConfig = '' 115 - access_log /var/log/nginx/xesite_old.access.log; 116 - ''; 117 - }; 118 - 119 - services.nginx.virtualHosts."christine.website" = let 120 - proxyOld = { 121 - proxyPass = "http://unix:${toString cfg.sockPath}"; 122 - proxyWebsockets = true; 123 - }; 124 - in { 125 - locations."/jsonfeed" = proxyOld; 126 - locations."/.within/health" = proxyOld; 127 - locations."/.within/website.within.xesite/new_post" = proxyOld; 128 - locations."/blog.rss" = proxyOld; 129 - locations."/blog.atom" = proxyOld; 130 - locations."/blog.json" = proxyOld; 131 - locations."/".extraConfig = '' 132 - return 301 https://xeiaso.net$request_uri; 133 - ''; 134 - forceSSL = cfg.useACME; 135 - useACMEHost = "christine.website"; 136 - extraConfig = '' 137 - access_log /var/log/nginx/xesite_old.access.log; 138 - ''; 139 - }; 140 - 141 - services.nginx.virtualHosts."xeiaso.net" = { 142 - locations."/" = { 143 - proxyPass = "http://unix:${toString cfg.sockPath}"; 144 - proxyWebsockets = true; 145 - }; 146 - forceSSL = cfg.useACME; 147 - useACMEHost = "xeiaso.net"; 148 - extraConfig = '' 149 - access_log /var/log/nginx/xesite.access.log; 150 - ''; 151 - }; 152 - }; 153 - }