From 56483b6b80f4cd3eb801e93b40795c3d8ba3d88f Mon Sep 17 00:00:00 2001 From: Patrick Stevens Date: Sun, 1 Oct 2023 22:40:11 +0100 Subject: [PATCH] Add my website (#21) --- PulumiWebServer/Nix/configuration.nix | 28 +- PulumiWebServer/Nix/flake.lock | 342 +++++++++++++++++++-- PulumiWebServer/Nix/flake.nix | 17 +- PulumiWebServer/Nix/nginx/nginx-config.nix | 7 + 4 files changed, 372 insertions(+), 22 deletions(-) diff --git a/PulumiWebServer/Nix/configuration.nix b/PulumiWebServer/Nix/configuration.nix index 6ccddc8..7c59600 100644 --- a/PulumiWebServer/Nix/configuration.nix +++ b/PulumiWebServer/Nix/configuration.nix @@ -1,5 +1,11 @@ -{nixpkgs, ...}: let +{ + nixpkgs, + website, + ... +}: let lib = nixpkgs.lib; + # TODO: how can I get this passed in? + pkgs = nixpkgs.legacyPackages."x86_64-linux"; userConfig = lib.importJSON ./config.json; sshKeys = lib.importJSON ./ssh-keys.json; in { @@ -40,6 +46,17 @@ in { system.stateVersion = "23.05"; + nix = { + settings = { + auto-optimise-store = true; + experimental-features = ["nix-command" "flakes"]; + }; + package = pkgs.nixUnstable; + extraOptions = '' + experimental-features = ca-derivations + ''; + }; + boot.tmp.cleanOnBoot = true; zramSwap.enable = true; networking.hostName = userConfig.name; @@ -48,4 +65,13 @@ in { virtualisation.docker.enable = true; users.extraGroups.docker.members = [userConfig.remoteUsername]; + + security.pam.loginLimits = [ + { + domain = "*"; + type = "soft"; + item = "nofile"; + value = "8192"; + } + ]; } diff --git a/PulumiWebServer/Nix/flake.lock b/PulumiWebServer/Nix/flake.lock index 9058175..e921f8a 100644 --- a/PulumiWebServer/Nix/flake.lock +++ b/PulumiWebServer/Nix/flake.lock @@ -1,5 +1,100 @@ { "nodes": { + "anki-compiler": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1694219801, + "narHash": "sha256-8KFSy+R0nwUeZ3U2WYvRRjEYEk8iLXwWM9onvz5pixE=", + "owner": "Smaug123", + "repo": "anki-dotnet", + "rev": "8d1904d5cea06c8c20f5712ba865ace2d61b6255", + "type": "github" + }, + "original": { + "owner": "Smaug123", + "repo": "anki-dotnet", + "type": "github" + } + }, + "anki-decks": { + "inputs": { + "anki-compiler": "anki-compiler", + "flake-utils": [ + "website", + "flake-utils" + ], + "nixpkgs": [ + "website", + "nixpkgs" + ], + "scripts": "scripts" + }, + "locked": { + "lastModified": 1696031308, + "narHash": "sha256-/vFFNkM76WlcddKZQ8iExpuG/lae0pLHCMGI6OzD9es=", + "owner": "Smaug123", + "repo": "anki-decks", + "rev": "5e7cb415aa656c85fe042b1c79b386efe862a7cc", + "type": "github" + }, + "original": { + "owner": "Smaug123", + "repo": "anki-decks", + "type": "github" + } + }, + "extra-content": { + "flake": false, + "locked": { + "lastModified": 1694359899, + "narHash": "sha256-zqso6yrZLMvhEWBrffXMTvirHeX/CWy0HmfCpC+FFXE=", + "path": "/Users/patrick/Desktop/website/extra-site-content", + "type": "path" + }, + "original": { + "path": "/Users/patrick/Desktop/website/extra-site-content", + "type": "path" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1692799911, + "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -7,11 +102,11 @@ ] }, "locked": { - "lastModified": 1684824189, - "narHash": "sha256-k3nCkn5Qy67rCguuw6YkGuL6hOUNRKxQoKOjnapk5sU=", + "lastModified": 1696145345, + "narHash": "sha256-3dM7I/d4751SLPJah0to1WBlWiyzIiuCEUwJqwBdmr4=", "owner": "nix-community", "repo": "home-manager", - "rev": "58eb968c21d309a6c2b020ea8d64e25c38ceebba", + "rev": "6f9b5b83ad1f470b3d11b8a9fe1d5ef68c7d0e30", "type": "github" }, "original": { @@ -20,45 +115,97 @@ "type": "github" } }, + "images": { + "inputs": { + "flake-utils": [ + "website", + "flake-utils" + ], + "nixpkgs": [ + "website", + "nixpkgs" + ], + "scripts": "scripts_2" + }, + "locked": { + "lastModified": 1696175612, + "narHash": "sha256-8V8klzc7T3EdAdS4r8RRjNvTTytQOsvfi7DfK6NFK6M=", + "ref": "refs/heads/main", + "rev": "ac0b0180304bce7683dc8b4466a6e92b339c0b7e", + "revCount": 15, + "type": "git", + "url": "file:/Users/patrick/Desktop/website/static-site-images" + }, + "original": { + "type": "git", + "url": "file:/Users/patrick/Desktop/website/static-site-images" + } + }, + "katex": { + "inputs": { + "flake-utils": [ + "website", + "flake-utils" + ], + "nixpkgs": [ + "website", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1696151934, + "narHash": "sha256-8kihcqdgYjoVuGozfgfcWh81yqMUvns4+C/fgkn+RNQ=", + "owner": "Smaug123", + "repo": "KaTeX", + "rev": "ac1f9b30441f63ea20216a36ffa7148dc0e9a9b3", + "type": "github" + }, + "original": { + "owner": "Smaug123", + "ref": "nix", + "repo": "KaTeX", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1684935479, - "narHash": "sha256-6QMMsXMr2nhmOPHdti2j3KRHt+bai2zw+LJfdCl97Mk=", + "lastModified": 1694859559, + "narHash": "sha256-F3DFxMHFzZxi6uWty3r6rrbEb312S3ozB0Vkh3BAmas=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f91ee3065de91a3531329a674a45ddcb3467a650", + "rev": "697312fb824243bd7bf82d2a3836a11292614109", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", "repo": "nixpkgs", + "rev": "697312fb824243bd7bf82d2a3836a11292614109", "type": "github" } }, "nixpkgs-stable": { "locked": { - "lastModified": 1684632198, - "narHash": "sha256-SdxMPd0WmU9MnDBuuy7ouR++GftrThmSGL7PCQj/uVI=", + "lastModified": 1694908564, + "narHash": "sha256-ducA98AuWWJu5oUElIzN24Q22WlO8bOfixGzBgzYdVc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d0dade110dc7072d67ce27826cfe9ab2ab0cf247", + "rev": "596611941a74be176b98aeba9328aa9d01b8b322", "type": "github" }, "original": { "owner": "NixOS", - "ref": "release-22.11", + "ref": "release-23.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_2": { "locked": { - "lastModified": 1684585791, - "narHash": "sha256-lYPboblKrchmbkGMoAcAivomiOscZCjtGxxTSCY51SM=", + "lastModified": 1694760568, + "narHash": "sha256-3G07BiXrp2YQKxdcdms22MUx6spc6A++MSePtatCYuI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "eea79d584eff53bf7a76aeb63f8845da6d386129", + "rev": "46688f8eb5cd6f1298d873d4d2b9cf245e09e88e", "type": "github" }, "original": { @@ -68,11 +215,113 @@ "type": "github" } }, + "nixpkgs_3": { + "locked": { + "lastModified": 1694021185, + "narHash": "sha256-v5Ie83yfsiQgp4GDRZFIsbkctEynfOdNOi67vBH12XM=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "3e233330d9f88f78c75c2a164a50807e44245007", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "type": "github" + } + }, + "pdfs": { + "inputs": { + "flake-utils": [ + "website", + "flake-utils" + ], + "nixpkgs": [ + "website", + "nixpkgs" + ], + "scripts": "scripts_3" + }, + "locked": { + "lastModified": 1696190787, + "narHash": "sha256-bO/NInpwVefs5Iey8WVwPFnXPt/3WN7WvYXTxzLKmGQ=", + "owner": "Smaug123", + "repo": "static-site-pdfs", + "rev": "a36d3025b9625cc50fc5bd2eca867eacd8a5bcb9", + "type": "github" + }, + "original": { + "owner": "Smaug123", + "repo": "static-site-pdfs", + "type": "github" + } + }, "root": { "inputs": { "home-manager": "home-manager", "nixpkgs": "nixpkgs", - "sops": "sops" + "sops": "sops", + "website": "website" + } + }, + "scripts": { + "locked": { + "lastModified": 1696031019, + "narHash": "sha256-MuKEC8ZZ1Znm2idxQEQYU18z/1l9rjBZaj5gdKd9elQ=", + "owner": "Smaug123", + "repo": "flake-shell-script", + "rev": "05cc0582a193d3b42b6b4e64c6ec7a9bca4bb3c5", + "type": "github" + }, + "original": { + "owner": "Smaug123", + "repo": "flake-shell-script", + "type": "github" + } + }, + "scripts_2": { + "locked": { + "lastModified": 1696031019, + "narHash": "sha256-MuKEC8ZZ1Znm2idxQEQYU18z/1l9rjBZaj5gdKd9elQ=", + "owner": "Smaug123", + "repo": "flake-shell-script", + "rev": "05cc0582a193d3b42b6b4e64c6ec7a9bca4bb3c5", + "type": "github" + }, + "original": { + "owner": "Smaug123", + "repo": "flake-shell-script", + "type": "github" + } + }, + "scripts_3": { + "locked": { + "lastModified": 1696031019, + "narHash": "sha256-MuKEC8ZZ1Znm2idxQEQYU18z/1l9rjBZaj5gdKd9elQ=", + "owner": "Smaug123", + "repo": "flake-shell-script", + "rev": "05cc0582a193d3b42b6b4e64c6ec7a9bca4bb3c5", + "type": "github" + }, + "original": { + "owner": "Smaug123", + "repo": "flake-shell-script", + "type": "github" + } + }, + "scripts_4": { + "locked": { + "lastModified": 1696031019, + "narHash": "sha256-MuKEC8ZZ1Znm2idxQEQYU18z/1l9rjBZaj5gdKd9elQ=", + "owner": "Smaug123", + "repo": "flake-shell-script", + "rev": "05cc0582a193d3b42b6b4e64c6ec7a9bca4bb3c5", + "type": "github" + }, + "original": { + "owner": "Smaug123", + "repo": "flake-shell-script", + "type": "github" } }, "sops": { @@ -81,11 +330,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1684637723, - "narHash": "sha256-0vAxL7MVMhGbTkAyvzLvleELHjVsaS43p+PR1h9gzNQ=", + "lastModified": 1695284550, + "narHash": "sha256-z9fz/wz9qo9XePEvdduf+sBNeoI9QG8NJKl5ssA8Xl4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "4ccdfb573f323a108a44c13bb7730e42baf962a9", + "rev": "2f375ed8702b0d8ee2430885059d5e7975e38f78", "type": "github" }, "original": { @@ -93,6 +342,63 @@ "repo": "sops-nix", "type": "github" } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "website": { + "inputs": { + "anki-decks": "anki-decks", + "extra-content": "extra-content", + "flake-utils": "flake-utils_2", + "images": "images", + "katex": "katex", + "nixpkgs": [ + "nixpkgs" + ], + "pdfs": "pdfs", + "scripts": "scripts_4" + }, + "locked": { + "lastModified": 1696194988, + "narHash": "sha256-oYUlQCuY0c1B6p3VEVISwVbmMRg1ko0nkG3m7iM5yus=", + "owner": "Smaug123", + "repo": "static-site-pipeline", + "rev": "d459266f21c0b5d512f41b7b56dbcd653a3b9488", + "type": "github" + }, + "original": { + "owner": "Smaug123", + "repo": "static-site-pipeline", + "type": "github" + } } }, "root": "root", diff --git a/PulumiWebServer/Nix/flake.nix b/PulumiWebServer/Nix/flake.nix index 8c9b85c..9f66a33 100644 --- a/PulumiWebServer/Nix/flake.nix +++ b/PulumiWebServer/Nix/flake.nix @@ -1,6 +1,10 @@ { inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + nixpkgs.url = "github:NixOS/nixpkgs/697312fb824243bd7bf82d2a3836a11292614109"; + website = { + url = "github:Smaug123/static-site-pipeline"; + inputs.nixpkgs.follows = "nixpkgs"; + }; home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; @@ -13,9 +17,16 @@ nixpkgs, sops, home-manager, - } @ inputs: { + website, + } @ inputs: let + system = "x86_64-linux"; + in { nixosConfigurations.default = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; + inherit system; + specialArgs = { + inherit system; + website = website.packages.${system}.default; + }; modules = [ (import ./configuration.nix (inputs // {inherit inputs;})) sops.nixosModules.sops diff --git a/PulumiWebServer/Nix/nginx/nginx-config.nix b/PulumiWebServer/Nix/nginx/nginx-config.nix index 8eef2b5..88c36ec 100644 --- a/PulumiWebServer/Nix/nginx/nginx-config.nix +++ b/PulumiWebServer/Nix/nginx/nginx-config.nix @@ -2,6 +2,7 @@ pkgs, lib, config, + website, ... }: { options = { @@ -48,6 +49,12 @@ users.users."nginx".extraGroups = [config.users.groups.keys.name]; + system.activationScripts = { + create-website = '' + ln -sfn ${website} /preserve/www/html + ''; + }; + services.nginx = { enable = true; recommendedTlsSettings = true;