kopia lustrzana https://git.sr.ht/~edwardloveall/scribe
Add Nix package and NixOS moodule
Add a Scribe Nix package and NixOS module to the flake that a user can build and install. Includes the following supporting changes: - Adding a name and version to package.json to make Nix's mkYarnPackage happy - Update laravel-mix to fix ERR_OSSL_EVP_UNSUPPORTED on newer nodejs versionsmain
rodzic
10af5c91c3
commit
5d33b071b0
|
@ -0,0 +1,58 @@
|
|||
{ crystal
|
||||
, mkYarnPackage
|
||||
, fetchYarnDeps
|
||||
}:
|
||||
|
||||
let
|
||||
version = "1.0.0";
|
||||
|
||||
ui = mkYarnPackage {
|
||||
pname = "scribe-ui";
|
||||
inherit version;
|
||||
src = ./.;
|
||||
packageJSON = ./package.json;
|
||||
|
||||
offlineCache = fetchYarnDeps {
|
||||
yarnLock = ./yarn.lock;
|
||||
sha256 = "sha256-PuxfuqgqJHh6NnyrQiFCxixGry9yGBSeSIPpa4jamKw=";
|
||||
};
|
||||
|
||||
configurePhase = ''
|
||||
runHook preConfigure
|
||||
cp -r $node_modules node_modules
|
||||
chmod +w node_modules
|
||||
runHook postConfigure
|
||||
'';
|
||||
|
||||
buildPhase = ''
|
||||
runHook preBuild
|
||||
export HOME=$(mktemp -d)
|
||||
OUTPUT_DIR=$out yarn --offline prod
|
||||
runHook postBuild
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p "$out"
|
||||
mv public "$out/public"
|
||||
'';
|
||||
distPhase = "true";
|
||||
};
|
||||
in
|
||||
crystal.buildCrystalPackage rec {
|
||||
pname = "scribe";
|
||||
inherit version;
|
||||
|
||||
src = ./.;
|
||||
shardsFile = ./shards.nix;
|
||||
|
||||
preBuild = ''
|
||||
cp -a ${ui}/public/mix-manifest.json public/mix-manifest.json
|
||||
'';
|
||||
|
||||
doCheck = false;
|
||||
doInstallCheck = false;
|
||||
format = "shards";
|
||||
postInstall = ''
|
||||
cp -r ${ui}/public "$out/public"
|
||||
'';
|
||||
}
|
|
@ -17,15 +17,16 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1634282420,
|
||||
"narHash": "sha256-YOI78SSF4Q/ZFoEgfO8Xy3EnjCW/F9VgB2Qz9YljzhI=",
|
||||
"lastModified": 1701253981,
|
||||
"narHash": "sha256-ztaDIyZ7HrTAfEEUt9AtTDNoCYxUdSd6NrRHaYOIxtk=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "0a68ef410b40f49de76aecb5c8b5cc5111bac91d",
|
||||
"rev": "e92039b55bcd58469325ded85d4f58dd5a4eaf58",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"ref": "nixos-unstable",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
|
|
21
flake.nix
21
flake.nix
|
@ -1,8 +1,21 @@
|
|||
{
|
||||
inputs = { flake-utils.url = "github:numtide/flake-utils"; };
|
||||
description = "Scribe";
|
||||
|
||||
inputs = {
|
||||
nixpkgs.url = "nixpkgs/nixos-unstable";
|
||||
flake-utils.url = "github:numtide/flake-utils";
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, flake-utils }:
|
||||
flake-utils.lib.eachDefaultSystem (system:
|
||||
let pkgs = nixpkgs.legacyPackages.${system};
|
||||
in { devShell = import ./shell.nix { inherit pkgs; }; });
|
||||
flake-utils.lib.eachDefaultSystem
|
||||
(system:
|
||||
let pkgs = nixpkgs.legacyPackages.${system};
|
||||
in
|
||||
{
|
||||
devShell = import ./shell.nix { inherit pkgs; };
|
||||
packages.default = pkgs.callPackage ./default.nix { };
|
||||
})
|
||||
// {
|
||||
nixosModules.default = import ./module.nix self;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -0,0 +1,111 @@
|
|||
self: { config, lib, pkgs, ... }:
|
||||
let
|
||||
cfg = config.services.scribe;
|
||||
in
|
||||
{
|
||||
options.services.scribe = {
|
||||
enable = lib.mkEnableOption (lib.mdDoc "Enable or disable the Scribe service");
|
||||
|
||||
package = lib.mkOption {
|
||||
type = lib.types.package;
|
||||
default = self.packages."${pkgs.system}".default;
|
||||
description = lib.mdDoc "Overridable attribute of the scribe package to use.";
|
||||
};
|
||||
|
||||
user = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "scribe";
|
||||
description = lib.mdDoc "User to run the Scribe service as.";
|
||||
};
|
||||
|
||||
group = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "scribe";
|
||||
description = lib.mdDoc "Group to run the Scribe service as.";
|
||||
};
|
||||
|
||||
appDomain = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = lib.mdDoc ''
|
||||
The domain that Scribe is being run on. This will appear on the Scribe homepage.
|
||||
'';
|
||||
};
|
||||
|
||||
port = lib.mkOption {
|
||||
type = lib.types.port;
|
||||
description = lib.mdDoc "Port for the Scribe service to use.";
|
||||
};
|
||||
|
||||
environmentFile = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = lib.mdDoc ''
|
||||
The path to a file containing environment varible to be set in Scribes environment.
|
||||
This should be user to set SECRET_KEY_BASE, GITHUB_USERNAME, and GITHUB_PERSONAL_ACCESS_TOKEN.
|
||||
Descriptions of these settings can be found
|
||||
[in the official docs](https://sr.ht/~edwardloveall/Scribe/#configuration).
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
systemd.services.scribe = {
|
||||
description = "Scribe";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
environment = {
|
||||
LUCKY_ENV = "production";
|
||||
APP_DOMAIN = cfg.appDomain;
|
||||
PORT = (toString cfg.port);
|
||||
};
|
||||
serviceConfig = {
|
||||
ExecStart = "${cfg.package}/bin/scribe";
|
||||
EnvironmentFile = cfg.environmentFile;
|
||||
Restart = "on-failure";
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
UMask = "0007";
|
||||
ProtectSystem = "strict";
|
||||
ProtectClock = true;
|
||||
ProtectKernelLogs = true;
|
||||
SystemCallArchitectures = "native";
|
||||
ProtectHome = true;
|
||||
ProtectProc = "noaccess";
|
||||
MemoryDenyWriteExecute = true;
|
||||
NoNewPrivileges = true;
|
||||
PrivateDevices = true;
|
||||
PrivateMounts = true;
|
||||
PrivateTmp = true;
|
||||
ProtectControlGroups = true;
|
||||
ProtectHostname = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelTunables = true;
|
||||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
CapabilityBoundingSet = [
|
||||
"~CAP_SYS_PTRACE"
|
||||
"~CAP_SYS_ADMIN"
|
||||
"~CAP_SETGID"
|
||||
"~CAP_SETUID"
|
||||
"~CAP_SETPCAP"
|
||||
"~CAP_SYS_TIME"
|
||||
"~CAP_KILL"
|
||||
"~CAP_SYS_PACCT"
|
||||
"~CAP_SYS_TTY_CONFIG "
|
||||
"~CAP_SYS_CHROOT"
|
||||
"~CAP_SYS_BOOT"
|
||||
"~CAP_NET_ADMIN"
|
||||
];
|
||||
};
|
||||
};
|
||||
users.users = lib.optionalAttrs (cfg.user == "scribe") {
|
||||
"scribe" = {
|
||||
group = "scribe";
|
||||
isSystemUser = true;
|
||||
};
|
||||
};
|
||||
users.groups = lib.optionalAttrs (cfg.group == "scribe") {
|
||||
"scribe" = { };
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,10 +1,11 @@
|
|||
{
|
||||
"name": "scribe-ui",
|
||||
"license": "UNLICENSED",
|
||||
"private": true,
|
||||
"dependencies": {
|
||||
"@rails/ujs": "^6.0.0",
|
||||
"compression-webpack-plugin": "^8.0.1",
|
||||
"laravel-mix": "^6.0.28",
|
||||
"laravel-mix": "^6.0.49",
|
||||
"modern-normalize": "^1.1.0",
|
||||
"postcss": "^8.3.6",
|
||||
"tufte-css": "^1.8.0",
|
||||
|
@ -22,5 +23,6 @@
|
|||
"resolve-url-loader": "^3.1.1",
|
||||
"sass": "^1.26.10",
|
||||
"sass-loader": "^10.0.2"
|
||||
}
|
||||
},
|
||||
"version": "0.0.0"
|
||||
}
|
||||
|
|
|
@ -0,0 +1,176 @@
|
|||
{
|
||||
authentic = {
|
||||
owner = "luckyframework";
|
||||
repo = "authentic";
|
||||
rev = "v1.0.0";
|
||||
sha256 = "0mc7xqh0zm4jg8vc1awlzr249fviiy1y40w4fvyvq959hlpd6zx4";
|
||||
};
|
||||
avram = {
|
||||
owner = "luckyframework";
|
||||
repo = "avram";
|
||||
rev = "v1.0.0";
|
||||
sha256 = "18w90m5iq0jy026zma05swh2am936j132fs3j730lq7x5yr8289c";
|
||||
};
|
||||
backtracer = {
|
||||
owner = "sija";
|
||||
repo = "backtracer.cr";
|
||||
rev = "v1.2.2";
|
||||
sha256 = "1rknyylsi14m7i77x7c3138wdw27i4f6sd78m3srw851p47bwr20";
|
||||
};
|
||||
cadmium_transliterator = {
|
||||
owner = "cadmiumcr";
|
||||
repo = "transliterator";
|
||||
rev = "46c4c14594057dbcfaf27e7e7c8c164d3f0ce3f1";
|
||||
sha256 = "15x9xbgybqrmqb7s5cpx3fgwysp5ld97vlvz8b196lqmyqnnp3d3";
|
||||
};
|
||||
cry = {
|
||||
owner = "luckyframework";
|
||||
repo = "cry";
|
||||
rev = "v0.4.3";
|
||||
sha256 = "0bcvpbi418855cq1jq911dv6r9wmg81rcvcirqrbw8fv2a093ss5";
|
||||
};
|
||||
crystar = {
|
||||
owner = "naqvis";
|
||||
repo = "crystar";
|
||||
rev = "56db8bb9dfbd5ed6d7908353405a5fae632a6561";
|
||||
sha256 = "0bzq7im3z3asr22wzwyj1z0m3m5aq5hh1kscp5gd8vjw192w2z2a";
|
||||
};
|
||||
db = {
|
||||
owner = "crystal-lang";
|
||||
repo = "crystal-db";
|
||||
rev = "v0.11.0";
|
||||
sha256 = "1ylfhpn64p72ywi39niqb179f61z08q4qd4hhjza05z18mdaghl3";
|
||||
};
|
||||
dexter = {
|
||||
owner = "luckyframework";
|
||||
repo = "dexter";
|
||||
rev = "v0.3.4";
|
||||
sha256 = "08fv3ns0wxkyr2rcifj3ihyaf7g4lsmfamfhdxbkdkmxa9l1z6cj";
|
||||
};
|
||||
exception_page = {
|
||||
owner = "crystal-loot";
|
||||
repo = "exception_page";
|
||||
rev = "v0.3.0";
|
||||
sha256 = "1w82283mgaaw1hy5xk997a1av4sxaa01ydipbxm5nb9nq7fgfydk";
|
||||
};
|
||||
fnv = {
|
||||
owner = "naqvis";
|
||||
repo = "crystal-fnv";
|
||||
rev = "v0.1.3";
|
||||
sha256 = "1vhy3j0ifc0rlrx5b6wbpcvjzw15k303jrz3bzvnxqvi600fvv2b";
|
||||
};
|
||||
habitat = {
|
||||
owner = "luckyframework";
|
||||
repo = "habitat";
|
||||
rev = "v0.4.7";
|
||||
sha256 = "0d183pnswgjwqg388zmnx7s41ai88ca96nl5cybi0z6icr5npw64";
|
||||
};
|
||||
html5 = {
|
||||
owner = "naqvis";
|
||||
repo = "crystal-html5";
|
||||
rev = "v0.4.0";
|
||||
sha256 = "0mr4vd4bl3a22jl8h698zrh8rz6m5lm2lcyx11055gn6fw0yq57k";
|
||||
};
|
||||
lucky = {
|
||||
owner = "luckyframework";
|
||||
repo = "lucky";
|
||||
rev = "v1.0.0";
|
||||
sha256 = "13by6bbgpbbbdncgj87cqy5y6z7s9zb3nr88dh3fwl5mfgygk66z";
|
||||
};
|
||||
lucky_cache = {
|
||||
owner = "luckyframework";
|
||||
repo = "lucky_cache";
|
||||
rev = "v0.1.1";
|
||||
sha256 = "1ic9nfmiv89q5v82ybshd9xqnwv62bv8a5n8rhmsm9cwvdhgc92x";
|
||||
};
|
||||
lucky_env = {
|
||||
owner = "luckyframework";
|
||||
repo = "lucky_env";
|
||||
rev = "v0.1.4";
|
||||
sha256 = "0rcz0kh9rkypgm34r7maqqmgirxblhwzycwxpp0y9ai68lq71qxk";
|
||||
};
|
||||
lucky_flow = {
|
||||
owner = "luckyframework";
|
||||
repo = "lucky_flow";
|
||||
rev = "v0.9.0";
|
||||
sha256 = "1gyxba7lbjhzbd7a5hcswr3i04mz6rqypihhpgx213aa2685c0mw";
|
||||
};
|
||||
lucky_router = {
|
||||
owner = "luckyframework";
|
||||
repo = "lucky_router";
|
||||
rev = "v0.5.2";
|
||||
sha256 = "1gl93rijnbaqybpry19rn951kbx1q1bb5w0npdp4fm0r212b3yh8";
|
||||
};
|
||||
lucky_task = {
|
||||
owner = "luckyframework";
|
||||
repo = "lucky_task";
|
||||
rev = "v0.1.1";
|
||||
sha256 = "0w0rnf22pvj3lp5z8c4sshzwhqgwpbjpm7nry9mf0iz3fa0v48f7";
|
||||
};
|
||||
monads = {
|
||||
owner = "alex-lairan";
|
||||
repo = "monads";
|
||||
rev = "v1.0.0";
|
||||
sha256 = "0wwhsmnzsmw03dn2j4n75sprp4baxg24i1hn1xhfzz9b33rmlxxf";
|
||||
};
|
||||
pg = {
|
||||
owner = "will";
|
||||
repo = "crystal-pg";
|
||||
rev = "v0.26.0";
|
||||
sha256 = "04fwbgrlf2nzma0p2c8ki7p8sk113jhziq2al3ivif2lpmhr39fy";
|
||||
};
|
||||
pulsar = {
|
||||
owner = "luckyframework";
|
||||
repo = "pulsar";
|
||||
rev = "v0.2.3";
|
||||
sha256 = "03pp0r1klqk49fkzjwg9mnxqplv6pdfjn6a1p59f2w1ha5piyy90";
|
||||
};
|
||||
selenium = {
|
||||
owner = "matthewmcgarvey";
|
||||
repo = "selenium.cr";
|
||||
rev = "v0.10.0";
|
||||
sha256 = "062baqafz2rn9czaj8wl2b1l7ngxdph2j8xcr088f2kd8bb0hj7v";
|
||||
};
|
||||
shell-table = {
|
||||
owner = "luckyframework";
|
||||
repo = "shell-table.cr";
|
||||
rev = "v0.9.3";
|
||||
sha256 = "046vymm2r37c6j5bqyjzxdgg5h62slsannzvfhbckkv2r9chwd3w";
|
||||
};
|
||||
splay_tree_map = {
|
||||
owner = "wyhaines";
|
||||
repo = "splay_tree_map.cr";
|
||||
rev = "v0.2.2";
|
||||
sha256 = "0196zpg0v190dv23mwnbia35znxz2j2g8dqynd2b8827qiwmz1vn";
|
||||
};
|
||||
teeplate = {
|
||||
owner = "luckyframework";
|
||||
repo = "teeplate";
|
||||
rev = "v0.8.5";
|
||||
sha256 = "1kr05qrp674rph1324wry57gzvgvcvlz0w27brlvdgd3gi4s8sdj";
|
||||
};
|
||||
webdrivers = {
|
||||
owner = "matthewmcgarvey";
|
||||
repo = "webdrivers.cr";
|
||||
rev = "v0.4.1";
|
||||
sha256 = "05q6z1rv29hrwq77wpas2ki4alwhx4fpallb94q4m9g5h5vfn6ag";
|
||||
};
|
||||
webless = {
|
||||
owner = "matthewmcgarvey";
|
||||
repo = "webless";
|
||||
rev = "v0.1.0";
|
||||
sha256 = "0fg79wy3fq0af77jm121pqfm43dzb7l5rlx13vrl74pgqagms0ih";
|
||||
};
|
||||
wordsmith = {
|
||||
owner = "luckyframework";
|
||||
repo = "wordsmith";
|
||||
rev = "v0.4.0";
|
||||
sha256 = "13fsmwdh431smbmsv869pa8p34g1hqd84za33xsymsycq5459xq2";
|
||||
};
|
||||
xpath2 = {
|
||||
owner = "naqvis";
|
||||
repo = "crystal-xpath2";
|
||||
rev = "v0.1.3";
|
||||
sha256 = "17jl0br2fibc22sz9qdpsqd17rsmnar0jwh4iq25y8rg64pgb1h0";
|
||||
};
|
||||
}
|
|
@ -1,16 +1,16 @@
|
|||
{ pkgs ? import <nixpkgs> { } }:
|
||||
|
||||
pkgs.mkShell {
|
||||
shellHook = ''
|
||||
export PKG_CONFIG_PATH=${pkgs.openssl.dev}/lib/pkgconfig
|
||||
'';
|
||||
buildInputs = with pkgs; [
|
||||
crystal
|
||||
lucky-cli
|
||||
overmind
|
||||
nodejs
|
||||
openssl.dev
|
||||
openssl
|
||||
pkg-config
|
||||
shards
|
||||
yarn
|
||||
crystal2nix
|
||||
pcre
|
||||
];
|
||||
}
|
||||
|
|
Ładowanie…
Reference in New Issue