fix up blog, add spacebar-client experimentally

flake.lock

@@ -5,11 +5,11 @@
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1749377392,
+        "lastModified": 1749395936,
-        "narHash": "sha256-h9XPJ30WwPelj9U5lfwxePs8Mb408egKFszG635StGY=",
+        "narHash": "sha256-tEqZKBzQbENlyIDvVMWcnhifjEQkaEzK3eKDQWCbt58=",
         "ref": "refs/heads/master",
-        "rev": "255615b8389f480c4ea3ce647f9d2ed792916c08",
+        "rev": "36fa8afd57449cacdc0535417c8d20fb6b702348",
-        "revCount": 6,
+        "revCount": 9,
         "type": "git",
         "url": "file:///var/lib/git-server/blog.git"
       },

flake.nix

@@ -26,7 +26,9 @@
         ./services/elmskell.nix
         ./services/ferron.nix
         ./services/rgit.nix
-        #        ./services/mattermost.nix
+        ./services/blog.nix
+
+        ./services/spacebar-client.nix
 
         noshell.nixosModules.default
         {programs.noshell.enable = true;}

services/blog.nix

@@ -4,22 +4,54 @@
   pkgs,
   ...
 }: let
+  botPolicies-nix = {
+    dnsbl = false;
+    status_codes = {
+      CHALLENGE = 200;
+      DENY = 200;
+    };
+    bots = [
+      {
+        name = "catch-everything";
+        user_agent_regex = ".*";
+        action = "CHALLENGE";
+      }
+    ];
+  };
   ferron-conf-nix = {
     global = {
+      port = 8181;
       secure = false;
       wwwroot = "${elmskell-blog.packages.x86_64-linux.default}/wwwroot";
     };
   };
 in {
-  systemd.services.ferron = {
+  services.anubis = {
+    instances.blog = {
+      enable = true;
+      settings = {
+        BIND = "[::1]:9181";
+        BIND_NETWORK = "tcp";
+        DIFFICULTY = 4;
+        METRICS_BIND = "[::1]:9182";
+        METRICS_BIND_NETWORK = "tcp";
+        POLICY_FNAME = "/etc/anubis/blog.botPolicies.yaml";
+        TARGET = "http://localhost:8181";
+      };
+    };
+  };
+  environment.etc."anubis/blog.botPolicies.yaml" = {
+    source = (pkgs.formats.yaml {}).generate "" botPolicies-nix;
+    mode = "644";
+  };
+  systemd.services.blog-ferron = {
     serviceConfig = {
       Type = "simple";
-      ExecStart = "${lib.getExe pkgs.ferron} --config=/etc/ferron.yaml";
+      ExecStart = "${lib.getExe pkgs.ferron} --config=/etc/blog.ferron.yaml";
       RemainAfterExit = true;
     };
   };
-
+  environment.etc."blog.ferron.yaml" = {
-  environment.etc."ferron.yaml" = {
     source = (pkgs.formats.yaml {}).generate "" ferron-conf-nix;
     mode = "644";
   };

services/ferron.nix

@@ -1,5 +1,4 @@
 {
-  elmskell-blog,
   lib,
   pkgs,
   ...

services/spacebar-client.nix

@@ -0,0 +1,91 @@
+# Auto-generated using compose2nix v0.3.1.
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  # Runtime
+  virtualisation.podman = {
+    enable = true;
+    autoPrune.enable = true;
+    dockerCompat = true;
+    defaultNetwork.settings = {
+      # Required for container networking to be able to use names.
+      dns_enabled = true;
+    };
+  };
+
+  # Enable container name DNS for non-default Podman networks.
+  # https://github.com/NixOS/nixpkgs/issues/226365
+  networking.firewall.interfaces."podman+".allowedUDPPorts = [53];
+
+  virtualisation.oci-containers.backend = "podman";
+
+  # Containers
+  virtualisation.oci-containers.containers."spaceclient-jank" = {
+    image = "localhost/compose2nix/spaceclient-jank";
+    ports = [
+      "9780:8080/tcp"
+    ];
+    log-driver = "journald";
+    extraOptions = [
+      "--network-alias=jank"
+      "--network=spaceclient_default"
+    ];
+  };
+  systemd.services."podman-spaceclient-jank" = {
+    serviceConfig = {
+      Restart = lib.mkOverride 90 "always";
+    };
+    after = [
+      "podman-network-spaceclient_default.service"
+    ];
+    requires = [
+      "podman-network-spaceclient_default.service"
+    ];
+    partOf = [
+      "podman-compose-spaceclient-root.target"
+    ];
+    wantedBy = [
+      "podman-compose-spaceclient-root.target"
+    ];
+  };
+
+  # Networks
+  systemd.services."podman-network-spaceclient_default" = {
+    path = [pkgs.podman];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+      ExecStop = "podman network rm -f spaceclient_default";
+    };
+    script = ''
+      podman network inspect spaceclient_default || podman network create spaceclient_default
+    '';
+    partOf = ["podman-compose-spaceclient-root.target"];
+    wantedBy = ["podman-compose-spaceclient-root.target"];
+  };
+
+  # Builds
+  systemd.services."podman-build-spaceclient-jank" = {
+    path = [pkgs.podman pkgs.git];
+    serviceConfig = {
+      Type = "oneshot";
+      TimeoutSec = 300;
+    };
+    script = ''
+      cd /home/mtgmonkey/spaceclient
+      podman build -t compose2nix/spaceclient-jank .
+    '';
+  };
+
+  # Root service
+  # When started, this will automatically create all resources and start
+  # the containers. When stopped, this will teardown all resources.
+  systemd.targets."podman-compose-spaceclient-root" = {
+    unitConfig = {
+      Description = "Root target generated by compose2nix.";
+    };
+    wantedBy = ["multi-user.target"];
+  };
+}