/ flake.nix
flake.nix
1 { 2 description = "Reproducible Environment for anish.lakhwara.com"; 3 4 inputs = { 5 nixpkgs.url = "github:nixos/nixpkgs"; 6 flake-utils.url = "github:numtide/flake-utils"; 7 poonam.url = "git+ssh://gitea@git.sealight.xyz/aynish/kitaab?ref=main"; 8 poonam.inputs.nixpkgs.follows = "nixpkgs"; 9 }; 10 11 outputs = { self, nixpkgs, flake-utils, poonam }: 12 flake-utils.lib.eachDefaultSystem 13 (system: 14 let 15 pkgs = nixpkgs.legacyPackages.${system}; 16 finalPython = pkgs.python3.override { packageOverrides = poonam.overlays.default; self = finalPython; }; 17 python-with-my-packages = finalPython.withPackages (p: with p; [ 18 jinja2 19 click 20 pytest 21 poonam 22 python-ctags3 23 # other python packages you want in the devShell 24 ]); 25 in 26 { 27 devShell = pkgs.mkShell { 28 buildInputs = [ 29 python-with-my-packages 30 pkgs.pandoc 31 self.packages.x86_64-linux.basant 32 poonam.packages.${system}.poonam 33 ]; 34 shellHook = '' 35 # PYTHONPATH=${python-with-my-packages}/${python-with-my-packages.sitePackages} 36 # maybe set more env-vars 37 ''; 38 }; 39 packages.basant = with finalPython.pkgs; buildPythonApplication { 40 pname = "basant"; 41 src = ./.; 42 version = "0.3"; 43 propagatedBuildInputs = [ poonam.packages.${system}.poonam jinja2 python-ctags3 ]; 44 passthru = { 45 python = finalPython; # for running? 46 }; 47 doCheck = false; 48 }; 49 packages.site = pkgs.stdenv.mkDerivation { 50 name = "anish-lakhwara-site"; 51 src = ./.; 52 buildInputs = [ poonam.defaultPackage.${system} self.packages.${system}.basant ]; 53 configurePhase = '' 54 cp -r ${poonam.defaultPackage.${system}}/public/ ./ 55 cp -r ${poonam.defaultPackage.${system}}/media/ ./ 56 ''; 57 buildPhase = '' 58 ${self.packages.${system}.basant}/bin/main.py 59 ''; 60 installPhase = '' 61 mkdir -p $out 62 cp -R output/* $out/ 63 ''; 64 }; 65 defaultPackage = self.packages.${system}.site; 66 }) // { 67 # also need a module that refreshes this flake.lock, but maybe that shouldn't live here? 68 nixosModule = { options, lib, config, pkgs, ... }: 69 let 70 serverName = "anish.lakhwara.com"; 71 webRoot = "/var/www/"; 72 73 serviceConfig = config.services."${serverName}"; 74 options = { 75 enable = lib.mkEnableOption "${serverName} service"; 76 enableSSL = lib.mkEnableOption "${serverName} SSL for Nginx"; 77 }; 78 in 79 { 80 options.services.${serverName} = options; 81 config = lib.mkIf serviceConfig.enable { 82 systemd.services."source-${serverName}" = { 83 description = '' 84 https://${serverName} source 85 ''; 86 wantedBy = [ "multi-user.target" ]; 87 serviceConfig = { 88 Type = "oneshot"; 89 }; 90 startAt = "*00:00:00"; 91 path = with pkgs; [ nix ] ++ [ self.packages.${system}.site ]; 92 script = '' 93 set -ex 94 95 mkdir -p ${webRoot} 96 ln -sfT ${self.packages.${pkgs.system}.site} ${webRoot}${serverName} 97 ''; 98 }; 99 # Allow nginx through the firewall 100 networking.firewall.allowedTCPPorts = [ 80 ]; 101 services.nginx.enable = true; 102 services.nginx.virtualHosts.${serverName} = { 103 forceSSL = serviceConfig.enableSSL; 104 enableACME = serviceConfig.enableSSL; 105 locations."/" = { root = "${webRoot}${serverName}"; index = "/home.html"; }; 106 }; 107 }; 108 }; 109 # Test container 110 nixosConfigurations."test" = nixpkgs.lib.nixosSystem { 111 system = "x86_64-linux"; 112 modules = [ 113 self.nixosModule 114 ({ pkgs, ... }: { 115 # Only allow this to boot as a container 116 boot.isContainer = true; 117 networking.hostName = "basant"; 118 services."anish.lakhwara.com".enable = true; 119 }) 120 ]; 121 }; 122 }; 123 }