Commit 289493a1e58c
Changed files (2)
modules
flux-generate
systems
okinawa
modules/flux-generate/default.nix
@@ -0,0 +1,112 @@
+# Flux website auto-generate and deploy service
+# Clones/updates the www repo, runs `make deploy`, commits entries.json
+#
+# Requirements on the host:
+# - gh auth (GitHub API token — runs as vincent)
+# - SSH access to carthage.vpn (for rsync deploy)
+# - git push access to www repo
+# - ~/desktop/org/{til,bookmarks}.org (optional, entries persist)
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+let
+ cfg = config.services.flux-generate;
+in
+{
+ options.services.flux-generate = {
+ enable = lib.mkEnableOption "flux website generator";
+
+ repoUrl = lib.mkOption {
+ type = lib.types.str;
+ default = "git@github.com:vdemeester/www.git";
+ description = "Git repository URL for the www repo";
+ };
+
+ workDir = lib.mkOption {
+ type = lib.types.str;
+ default = "/var/lib/flux/www";
+ description = "Working directory for the repo checkout";
+ };
+
+ calendar = lib.mkOption {
+ type = lib.types.str;
+ default = "hourly";
+ description = "systemd OnCalendar schedule";
+ };
+ };
+
+ config = lib.mkIf cfg.enable {
+ systemd.tmpfiles.rules = [
+ "d /var/lib/flux 0755 vincent users -"
+ ];
+
+ systemd.services.flux-generate = {
+ description = "Generate and deploy vincent.demeester.fr";
+ after = [ "network-online.target" ];
+ wants = [ "network-online.target" ];
+
+ script = ''
+ set -euo pipefail
+ WORK_DIR="${cfg.workDir}"
+
+ if [ -d "$WORK_DIR/.git" ]; then
+ cd "$WORK_DIR"
+ git fetch origin
+ git reset --hard origin/main
+ git clean -fdx -e bin/
+ else
+ mkdir -p "$(dirname "$WORK_DIR")"
+ git clone "${cfg.repoUrl}" "$WORK_DIR"
+ cd "$WORK_DIR"
+ fi
+
+ make deploy
+
+ if ! git diff --quiet flux/entries.json 2>/dev/null; then
+ git add flux/entries.json
+ git commit -m "flux: auto-update entries $(date +%Y-%m-%d)"
+ git push origin main:main
+ fi
+ '';
+
+ serviceConfig = {
+ Type = "oneshot";
+ User = "vincent";
+ Group = "users";
+ WorkingDirectory = "/var/lib/flux";
+ TimeoutStartSec = "10min";
+ };
+
+ path = with pkgs; [
+ git
+ gh
+ nix
+ openssh
+ rsync
+ gnumake
+ coreutils
+ bash
+ findutils
+ gnused
+ gnugrep
+ ];
+
+ environment = {
+ HOME = "/home/vincent";
+ };
+ };
+
+ systemd.timers.flux-generate = {
+ description = "Generate website on schedule";
+ wantedBy = [ "timers.target" ];
+ timerConfig = {
+ OnCalendar = cfg.calendar;
+ Persistent = true;
+ RandomizedDelaySec = "5min";
+ };
+ };
+ };
+}
systems/okinawa/extra.nix
@@ -21,6 +21,8 @@
# Build and cache infrastructure
../../modules/harmonia
../../modules/job-notify
+ ../../modules/flux-generate
+
];
# Disable built-in MediaTek MT7922 WiFi (using USB TP-Link AC600 instead)
@@ -150,6 +152,9 @@
defaultTopic = "builds";
};
+ # Website flux auto-generate and deploy (hourly)
+ services.flux-generate.enable = true;
+
# OpenCode web interface for remote AI coding
# Accessible via opencode.sbr.pm through rhea's Traefik reverse proxy
systemd.services.opencode-web =