fix up blog, add spacebar-client experimentally

2025-06-08 18:48:43 +00:00 · 2025-06-08 18:48:43 +00:00 · e8c8d58c0d
commit e8c8d58c0d
parent f7d48d286a
5 changed files with 134 additions and 10 deletions
--- a/flake.lock
+++ b/flake.lock
@ -5,11 +5,11 @@
        "nixpkgs": "nixpkgs"
      },
      "locked": {
-        "lastModified": 1749377392,
-        "narHash": "sha256-h9XPJ30WwPelj9U5lfwxePs8Mb408egKFszG635StGY=",
+        "lastModified": 1749395936,
+        "narHash": "sha256-tEqZKBzQbENlyIDvVMWcnhifjEQkaEzK3eKDQWCbt58=",
        "ref": "refs/heads/master",
-        "rev": "255615b8389f480c4ea3ce647f9d2ed792916c08",
-        "revCount": 6,
+        "rev": "36fa8afd57449cacdc0535417c8d20fb6b702348",
+        "revCount": 9,
        "type": "git",
        "url": "file:///var/lib/git-server/blog.git"
      },
--- a/flake.nix
+++ b/flake.nix
@ -26,7 +26,9 @@
        ./services/elmskell.nix
        ./services/ferron.nix
        ./services/rgit.nix
-        #        ./services/mattermost.nix
+        ./services/blog.nix
+
+        ./services/spacebar-client.nix

        noshell.nixosModules.default
        {programs.noshell.enable = true;}
--- a/services/blog.nix
+++ b/services/blog.nix
@ -4,22 +4,54 @@
  pkgs,
  ...
 }: let
+  botPolicies-nix = {
+    dnsbl = false;
+    status_codes = {
+      CHALLENGE = 200;
+      DENY = 200;
+    };
+    bots = [
+      {
+        name = "catch-everything";
+        user_agent_regex = ".*";
+        action = "CHALLENGE";
+      }
+    ];
+  };
  ferron-conf-nix = {
    global = {
+      port = 8181;
      secure = false;
      wwwroot = "${elmskell-blog.packages.x86_64-linux.default}/wwwroot";
    };
  };
 in {
-  systemd.services.ferron = {
+  services.anubis = {
+    instances.blog = {
+      enable = true;
+      settings = {
+        BIND = "[::1]:9181";
+        BIND_NETWORK = "tcp";
+        DIFFICULTY = 4;
+        METRICS_BIND = "[::1]:9182";
+        METRICS_BIND_NETWORK = "tcp";
+        POLICY_FNAME = "/etc/anubis/blog.botPolicies.yaml";
+        TARGET = "http://localhost:8181";
+      };
+    };
+  };
+  environment.etc."anubis/blog.botPolicies.yaml" = {
+    source = (pkgs.formats.yaml {}).generate "" botPolicies-nix;
+    mode = "644";
+  };
+  systemd.services.blog-ferron = {
    serviceConfig = {
      Type = "simple";
-      ExecStart = "${lib.getExe pkgs.ferron} --config=/etc/ferron.yaml";
+      ExecStart = "${lib.getExe pkgs.ferron} --config=/etc/blog.ferron.yaml";
      RemainAfterExit = true;
    };
  };
-
-  environment.etc."ferron.yaml" = {
+  environment.etc."blog.ferron.yaml" = {
    source = (pkgs.formats.yaml {}).generate "" ferron-conf-nix;
    mode = "644";
  };
--- a/services/ferron.nix
+++ b/services/ferron.nix
@ -1,5 +1,4 @@
 {
-  elmskell-blog,
  lib,
  pkgs,
  ...
--- a/services/spacebar-client.nix
+++ b/services/spacebar-client.nix
@ -0,0 +1,91 @@
+# Auto-generated using compose2nix v0.3.1.
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  # Runtime
+  virtualisation.podman = {
+    enable = true;
+    autoPrune.enable = true;
+    dockerCompat = true;
+    defaultNetwork.settings = {
+      # Required for container networking to be able to use names.
+      dns_enabled = true;
+    };
+  };
+
+  # Enable container name DNS for non-default Podman networks.
+  # https://github.com/NixOS/nixpkgs/issues/226365
+  networking.firewall.interfaces."podman+".allowedUDPPorts = [53];
+
+  virtualisation.oci-containers.backend = "podman";
+
+  # Containers
+  virtualisation.oci-containers.containers."spaceclient-jank" = {
+    image = "localhost/compose2nix/spaceclient-jank";
+    ports = [
+      "9780:8080/tcp"
+    ];
+    log-driver = "journald";
+    extraOptions = [
+      "--network-alias=jank"
+      "--network=spaceclient_default"
+    ];
+  };
+  systemd.services."podman-spaceclient-jank" = {
+    serviceConfig = {
+      Restart = lib.mkOverride 90 "always";
+    };
+    after = [
+      "podman-network-spaceclient_default.service"
+    ];
+    requires = [
+      "podman-network-spaceclient_default.service"
+    ];
+    partOf = [
+      "podman-compose-spaceclient-root.target"
+    ];
+    wantedBy = [
+      "podman-compose-spaceclient-root.target"
+    ];
+  };
+
+  # Networks
+  systemd.services."podman-network-spaceclient_default" = {
+    path = [pkgs.podman];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+      ExecStop = "podman network rm -f spaceclient_default";
+    };
+    script = ''
+      podman network inspect spaceclient_default || podman network create spaceclient_default
+    '';
+    partOf = ["podman-compose-spaceclient-root.target"];
+    wantedBy = ["podman-compose-spaceclient-root.target"];
+  };
+
+  # Builds
+  systemd.services."podman-build-spaceclient-jank" = {
+    path = [pkgs.podman pkgs.git];
+    serviceConfig = {
+      Type = "oneshot";
+      TimeoutSec = 300;
+    };
+    script = ''
+      cd /home/mtgmonkey/spaceclient
+      podman build -t compose2nix/spaceclient-jank .
+    '';
+  };
+
+  # Root service
+  # When started, this will automatically create all resources and start
+  # the containers. When stopped, this will teardown all resources.
+  systemd.targets."podman-compose-spaceclient-root" = {
+    unitConfig = {
+      Description = "Root target generated by compose2nix.";
+    };
+    wantedBy = ["multi-user.target"];
+  };
+}