hyl.st / helm
nix config
2
fork

Configure Feed

Select the types of activity you want to include in your feed.

delete failed blog attempt

Anish Lakhwara e92a34b7 92e293d8

-352
-18
hosts/profiles/blogg/default.nix
··· 1 - {pkgs, ... }: 2 - { 3 - services.nginx = { 4 - enable = true; 5 - recommendedGzipSettings = true; 6 - recommendedOptimisation = true; 7 - recommendedProxySettings = true; 8 - recommendedTlsSettings = true; 9 - }; 10 - 11 - # Enables MySQL 12 - services.mysql = { 13 - enable = true; 14 - package = pkgs.mariadb; 15 - }; 16 - 17 - services."write.sealight.xyz".enable = true; 18 - }
-18
hosts/profiles/ghost/default.nix
··· 1 - {pkgs, ... }: 2 - { 3 - services.nginx = { 4 - enable = true; 5 - recommendedGzipSettings = true; 6 - recommendedOptimisation = true; 7 - recommendedProxySettings = true; 8 - recommendedTlsSettings = true; 9 - }; 10 - 11 - # Enables MySQL 12 - services.mysql = { 13 - enable = true; 14 - package = pkgs.mariadb; 15 - }; 16 - 17 - services."write.sealight.xyz".enable = true; 18 - }
-148
modules/nixos/blogging.nix
··· 1 - { options, lib, config, pkgs, ... }: 2 - let 3 - # domain for the Ghost blog 4 - serverName = "write.sealight.xyz"; 5 - # port on which the Ghost service runs 6 - port = 1357; 7 - # user used to run the Ghost service 8 - userName = builtins.replaceStrings [ "." ] [ "_" ] serverName; 9 - # MySQL database used by Ghost 10 - dbName = userName; 11 - # MySQL user used by Ghost 12 - dbUser = userName; 13 - # directory used to save the blog content 14 - dataDir = "/var/lib/${userName}"; 15 - # Ghost package we created in the section above 16 - ghost = import ./ghost { inherit pkgs; }; 17 - # script that sets up the Ghost content directory 18 - setupScript = pkgs.writeScript "${serverName}-setup.sh" '' 19 - #! ${pkgs.stdenv.shell} -e 20 - chmod g+s "${dataDir}" 21 - [[ ! -d "${dataDir}/content" ]] && cp -r "${ghost}/content" "${dataDir}/content" 22 - chown -R "${userName}":"${userName}" "${dataDir}/content" 23 - chmod -R +w "${dataDir}/content" 24 - ln -f -s "/etc/${serverName}.json" "${dataDir}/config.production.json" 25 - [[ -d "${dataDir}/current" ]] && rm "${dataDir}/current" 26 - ln -f -s "${ghost}/current" "${dataDir}/current" 27 - [[ -d "${dataDir}/content/themes/casper" ]] && rm "${dataDir}/content/themes/casper" 28 - ln -f -s "${ghost}/current/content/themes/casper" "${dataDir}/content/themes/casper" 29 - ''; 30 - 31 - databaseService = "mysql.service"; 32 - 33 - serviceConfig = config.services."${serverName}"; 34 - options = { enable = lib.mkEnableOption "${serverName} service"; }; 35 - in { 36 - options.services.${serverName} = options; 37 - config = lib.mkIf serviceConfig.enable { 38 - # Creates the user and group 39 - users.users.${userName} = { 40 - isSystemUser = true; 41 - group = userName; 42 - createHome = true; 43 - home = dataDir; 44 - }; 45 - users.groups.${userName} = { }; 46 - 47 - # Creates the Ghost config 48 - environment.etc."${serverName}.json".text = '' 49 - { 50 - "url": "https://${serverName}", 51 - "server": { 52 - "port": ${port}, 53 - "host": "0.0.0.0" 54 - }, 55 - "database": { 56 - "client": "mysql", 57 - "connection": { 58 - "host": "localhost", 59 - "user": "${dbUser}", 60 - "database": "${dbName}", 61 - "password": "", 62 - "socketPath": "/run/mysqld/mysqld.sock" 63 - } 64 - }, 65 - "mail": { 66 - "transport": "sendmail" 67 - }, 68 - "logging": { 69 - "transports": ["stdout"] 70 - }, 71 - "paths": { 72 - "contentPath": "${dataDir}/content" 73 - } 74 - } 75 - ''; 76 - 77 - # Sets up the Systemd service 78 - systemd.services."${serverName}" = { 79 - enable = true; 80 - description = "${serverName} ghost blog"; 81 - restartIfChanged = true; 82 - restartTriggers = 83 - [ ghost config.environment.etc."${serverName}.json".source ]; 84 - requires = [ databaseService ]; 85 - after = [ databaseService ]; 86 - path = [ pkgs.nodejs pkgs.vips ]; 87 - wantedBy = [ "multi-user.target" ]; 88 - serviceConfig = { 89 - User = userName; 90 - Group = userName; 91 - WorkingDirectory = dataDir; 92 - # Executes the setup script before start 93 - ExecStartPre = setupScript; 94 - # Runs Ghost with node 95 - ExecStart = "${pkgs.nodejs}/bin/node current/index.js"; 96 - # Sandboxes the Systemd service 97 - AmbientCapabilities = [ ]; 98 - CapabilityBoundingSet = [ ]; 99 - KeyringMode = "private"; 100 - LockPersonality = true; 101 - NoNewPrivileges = true; 102 - PrivateDevices = true; 103 - PrivateMounts = true; 104 - PrivateTmp = true; 105 - ProtectClock = true; 106 - ProtectControlGroups = true; 107 - ProtectHome = true; 108 - ProtectHostname = true; 109 - ProtectKernelLogs = true; 110 - ProtectKernelModules = true; 111 - ProtectKernelTunables = true; 112 - ProtectSystem = "full"; 113 - RemoveIPC = true; 114 - RestrictAddressFamilies = [ ]; 115 - RestrictNamespaces = true; 116 - RestrictRealtime = true; 117 - }; 118 - environment = { NODE_ENV = "production"; }; 119 - }; 120 - 121 - # Sets up the blog virtual host on NGINX 122 - services.nginx.virtualHosts.${serverName} = { 123 - # Sets up Lets Encrypt SSL certificates for the blog 124 - forceSSL = true; 125 - enableACME = true; 126 - locations."/" = { proxyPass = "http://127.0.0.1:${toString port}"; }; 127 - extraConfig = '' 128 - charset UTF-8; 129 - 130 - add_header Strict-Transport-Security "max-age=2592000; includeSubDomains" always; 131 - add_header Referrer-Policy "strict-origin-when-cross-origin"; 132 - add_header X-Frame-Options "SAMEORIGIN"; 133 - add_header X-XSS-Protection "1; mode=block"; 134 - add_header X-Content-Type-Options nosniff; 135 - ''; 136 - }; 137 - 138 - # Sets up MySQL database and user for Ghost 139 - services.mysql = { 140 - ensureDatabases = [ dbName ]; 141 - ensureUsers = [{ 142 - name = dbUser; 143 - ensurePermissions = { "${dbName}.*" = "ALL PRIVILEGES"; }; 144 - }]; 145 - }; 146 - }; 147 - } 148 -
-148
modules/nixos/ghost.nix
··· 1 - { options, lib, config, pkgs, ... }: 2 - let 3 - # domain for the Ghost blog 4 - serverName = "write.sealight.xyz"; 5 - # port on which the Ghost service runs 6 - port = 1357; 7 - # user used to run the Ghost service 8 - userName = builtins.replaceStrings [ "." ] [ "_" ] serverName; 9 - # MySQL database used by Ghost 10 - dbName = userName; 11 - # MySQL user used by Ghost 12 - dbUser = userName; 13 - # directory used to save the blog content 14 - dataDir = "/var/lib/${userName}"; 15 - # Ghost package we created in the section above 16 - ghost = import ./ghost { inherit pkgs; }; 17 - # script that sets up the Ghost content directory 18 - setupScript = pkgs.writeScript "${serverName}-setup.sh" '' 19 - #! ${pkgs.stdenv.shell} -e 20 - chmod g+s "${dataDir}" 21 - [[ ! -d "${dataDir}/content" ]] && cp -r "${ghost}/content" "${dataDir}/content" 22 - chown -R "${userName}":"${userName}" "${dataDir}/content" 23 - chmod -R +w "${dataDir}/content" 24 - ln -f -s "/etc/${serverName}.json" "${dataDir}/config.production.json" 25 - [[ -d "${dataDir}/current" ]] && rm "${dataDir}/current" 26 - ln -f -s "${ghost}/current" "${dataDir}/current" 27 - [[ -d "${dataDir}/content/themes/casper" ]] && rm "${dataDir}/content/themes/casper" 28 - ln -f -s "${ghost}/current/content/themes/casper" "${dataDir}/content/themes/casper" 29 - ''; 30 - 31 - databaseService = "mysql.service"; 32 - 33 - serviceConfig = config.services."${serverName}"; 34 - options = { enable = lib.mkEnableOption "${serverName} service"; }; 35 - in { 36 - options.services.${serverName} = options; 37 - config = lib.mkIf serviceConfig.enable { 38 - # Creates the user and group 39 - users.users.${userName} = { 40 - isSystemUser = true; 41 - group = userName; 42 - createHome = true; 43 - home = dataDir; 44 - }; 45 - users.groups.${userName} = { }; 46 - 47 - # Creates the Ghost config 48 - environment.etc."${serverName}.json".text = '' 49 - { 50 - "url": "https://${serverName}", 51 - "server": { 52 - "port": ${port}, 53 - "host": "0.0.0.0" 54 - }, 55 - "database": { 56 - "client": "mysql", 57 - "connection": { 58 - "host": "localhost", 59 - "user": "${dbUser}", 60 - "database": "${dbName}", 61 - "password": "", 62 - "socketPath": "/run/mysqld/mysqld.sock" 63 - } 64 - }, 65 - "mail": { 66 - "transport": "sendmail" 67 - }, 68 - "logging": { 69 - "transports": ["stdout"] 70 - }, 71 - "paths": { 72 - "contentPath": "${dataDir}/content" 73 - } 74 - } 75 - ''; 76 - 77 - # Sets up the Systemd service 78 - systemd.services."${serverName}" = { 79 - enable = true; 80 - description = "${serverName} ghost blog"; 81 - restartIfChanged = true; 82 - restartTriggers = 83 - [ ghost config.environment.etc."${serverName}.json".source ]; 84 - requires = [ databaseService ]; 85 - after = [ databaseService ]; 86 - path = [ pkgs.nodejs pkgs.vips ]; 87 - wantedBy = [ "multi-user.target" ]; 88 - serviceConfig = { 89 - User = userName; 90 - Group = userName; 91 - WorkingDirectory = dataDir; 92 - # Executes the setup script before start 93 - ExecStartPre = setupScript; 94 - # Runs Ghost with node 95 - ExecStart = "${pkgs.nodejs}/bin/node current/index.js"; 96 - # Sandboxes the Systemd service 97 - AmbientCapabilities = [ ]; 98 - CapabilityBoundingSet = [ ]; 99 - KeyringMode = "private"; 100 - LockPersonality = true; 101 - NoNewPrivileges = true; 102 - PrivateDevices = true; 103 - PrivateMounts = true; 104 - PrivateTmp = true; 105 - ProtectClock = true; 106 - ProtectControlGroups = true; 107 - ProtectHome = true; 108 - ProtectHostname = true; 109 - ProtectKernelLogs = true; 110 - ProtectKernelModules = true; 111 - ProtectKernelTunables = true; 112 - ProtectSystem = "full"; 113 - RemoveIPC = true; 114 - RestrictAddressFamilies = [ ]; 115 - RestrictNamespaces = true; 116 - RestrictRealtime = true; 117 - }; 118 - environment = { NODE_ENV = "production"; }; 119 - }; 120 - 121 - # Sets up the blog virtual host on NGINX 122 - services.nginx.virtualHosts.${serverName} = { 123 - # Sets up Lets Encrypt SSL certificates for the blog 124 - forceSSL = true; 125 - enableACME = true; 126 - locations."/" = { proxyPass = "http://127.0.0.1:${toString port}"; }; 127 - extraConfig = '' 128 - charset UTF-8; 129 - 130 - add_header Strict-Transport-Security "max-age=2592000; includeSubDomains" always; 131 - add_header Referrer-Policy "strict-origin-when-cross-origin"; 132 - add_header X-Frame-Options "SAMEORIGIN"; 133 - add_header X-XSS-Protection "1; mode=block"; 134 - add_header X-Content-Type-Options nosniff; 135 - ''; 136 - }; 137 - 138 - # Sets up MySQL database and user for Ghost 139 - services.mysql = { 140 - ensureDatabases = [ dbName ]; 141 - ensureUsers = [{ 142 - name = dbUser; 143 - ensurePermissions = { "${dbName}.*" = "ALL PRIVILEGES"; }; 144 - }]; 145 - }; 146 - }; 147 - } 148 -
-9
pkgs/ghost/builder.sh
··· 1 - source "$stdenv"/setup 2 - 3 - export HOME=$(mktemp -d) 4 - npm install --loglevel=info --logs-max=0 "ghost-cli@$ghostCliVersion" 5 - 6 - mkdir --parents "$out"/ 7 - node_modules/ghost-cli/bin/ghost install "$version" --db=sqlite3 \ 8 - --no-enable --no-prompt --no-stack --no-setup --no-start --dir "$out" 9 -
-11
pkgs/ghost/default.nix
··· 1 - { pkgs }: 2 - 3 - let 4 - pname = "ghost"; 5 - version = "5.8.0"; 6 - in pkgs.stdenv.mkDerivation { 7 - inherit pname version; 8 - buildInputs = with pkgs; [ nodejs yarn vips ]; 9 - ghostCliVersion = "1.21.1"; 10 - builder = ./builder.sh; 11 - }