main
1# Flux website auto-generate and deploy service
2# Clones/updates the www repo, runs `make deploy`, commits entries.json
3#
4# Requirements on the host:
5# - gh auth (GitHub API token — runs as vincent)
6# - SSH access to carthage.vpn (for rsync deploy)
7# - git push access to www repo
8# - ~/desktop/org/{til,bookmarks}.org (optional, entries persist)
9{
10 config,
11 lib,
12 pkgs,
13 ...
14}:
15let
16 cfg = config.services.flux-generate;
17in
18{
19 options.services.flux-generate = {
20 enable = lib.mkEnableOption "flux website generator";
21
22 repoUrl = lib.mkOption {
23 type = lib.types.str;
24 default = "vincent@carthage.vpn:git/public/www.git";
25 description = "Git repository URL for the www repo";
26 };
27
28 workDir = lib.mkOption {
29 type = lib.types.str;
30 default = "/var/lib/flux/www";
31 description = "Working directory for the repo checkout";
32 };
33
34 calendar = lib.mkOption {
35 type = lib.types.str;
36 default = "hourly";
37 description = "systemd OnCalendar schedule";
38 };
39 };
40
41 config = lib.mkIf cfg.enable {
42 systemd.tmpfiles.rules = [
43 "d /var/lib/flux 0755 vincent users -"
44 ];
45
46 systemd.services.flux-generate = {
47 description = "Generate and deploy vincent.demeester.fr";
48 after = [ "network-online.target" ];
49 wants = [ "network-online.target" ];
50
51 script = ''
52 set -euo pipefail
53 WORK_DIR="${cfg.workDir}"
54
55 if [ -d "$WORK_DIR/.git" ]; then
56 cd "$WORK_DIR"
57 git fetch origin
58 git reset --hard origin/main
59 git clean -fdx -e bin/
60 else
61 mkdir -p "$(dirname "$WORK_DIR")"
62 git clone "${cfg.repoUrl}" "$WORK_DIR"
63 cd "$WORK_DIR"
64 fi
65
66 make deploy
67
68 if [ -f flux/entries.json ] && ! git diff --quiet flux/entries.json 2>/dev/null; then
69 git add flux/entries.json
70 git -c commit.gpgsign=false commit -m "flux: auto-update entries $(date +%Y-%m-%d)"
71 git push origin main:main
72 fi
73 '';
74
75 serviceConfig = {
76 Type = "oneshot";
77 User = "vincent";
78 Group = "users";
79 WorkingDirectory = "/var/lib/flux";
80 TimeoutStartSec = "10min";
81 };
82
83 path = with pkgs; [
84 git
85 gh
86 nix
87 openssh
88 rsync
89 gnumake
90 coreutils
91 bash
92 findutils
93 gnused
94 gnugrep
95 ];
96
97 environment = {
98 HOME = "/home/vincent";
99 NIX_PATH = "nixpkgs=${pkgs.path}";
100 GIT_SSH_COMMAND = "ssh -o IdentitiesOnly=yes -i /home/vincent/.ssh/id_passage";
101 };
102 };
103
104 systemd.timers.flux-generate = {
105 description = "Generate website on schedule";
106 wantedBy = [ "timers.target" ];
107 timerConfig = {
108 OnCalendar = cfg.calendar;
109 Persistent = true;
110 RandomizedDelaySec = "5min";
111 };
112 };
113 };
114}