kopia lustrzana https://git.sr.ht/~edwardloveall/scribe
Add Nix package and NixOS moodule
Add a Scribe Nix package and NixOS module to the flake that a user can build and install. Includes the following supporting changes: - Adding a name and version to package.json to make Nix's mkYarnPackage happy - Update laravel-mix to fix ERR_OSSL_EVP_UNSUPPORTED on newer nodejs versionsmain
rodzic
10af5c91c3
commit
5d33b071b0
|
@ -0,0 +1,58 @@
|
||||||
|
{ crystal
|
||||||
|
, mkYarnPackage
|
||||||
|
, fetchYarnDeps
|
||||||
|
}:
|
||||||
|
|
||||||
|
let
|
||||||
|
version = "1.0.0";
|
||||||
|
|
||||||
|
ui = mkYarnPackage {
|
||||||
|
pname = "scribe-ui";
|
||||||
|
inherit version;
|
||||||
|
src = ./.;
|
||||||
|
packageJSON = ./package.json;
|
||||||
|
|
||||||
|
offlineCache = fetchYarnDeps {
|
||||||
|
yarnLock = ./yarn.lock;
|
||||||
|
sha256 = "sha256-PuxfuqgqJHh6NnyrQiFCxixGry9yGBSeSIPpa4jamKw=";
|
||||||
|
};
|
||||||
|
|
||||||
|
configurePhase = ''
|
||||||
|
runHook preConfigure
|
||||||
|
cp -r $node_modules node_modules
|
||||||
|
chmod +w node_modules
|
||||||
|
runHook postConfigure
|
||||||
|
'';
|
||||||
|
|
||||||
|
buildPhase = ''
|
||||||
|
runHook preBuild
|
||||||
|
export HOME=$(mktemp -d)
|
||||||
|
OUTPUT_DIR=$out yarn --offline prod
|
||||||
|
runHook postBuild
|
||||||
|
'';
|
||||||
|
|
||||||
|
installPhase = ''
|
||||||
|
mkdir -p "$out"
|
||||||
|
mv public "$out/public"
|
||||||
|
'';
|
||||||
|
distPhase = "true";
|
||||||
|
};
|
||||||
|
in
|
||||||
|
crystal.buildCrystalPackage rec {
|
||||||
|
pname = "scribe";
|
||||||
|
inherit version;
|
||||||
|
|
||||||
|
src = ./.;
|
||||||
|
shardsFile = ./shards.nix;
|
||||||
|
|
||||||
|
preBuild = ''
|
||||||
|
cp -a ${ui}/public/mix-manifest.json public/mix-manifest.json
|
||||||
|
'';
|
||||||
|
|
||||||
|
doCheck = false;
|
||||||
|
doInstallCheck = false;
|
||||||
|
format = "shards";
|
||||||
|
postInstall = ''
|
||||||
|
cp -r ${ui}/public "$out/public"
|
||||||
|
'';
|
||||||
|
}
|
|
@ -17,15 +17,16 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1634282420,
|
"lastModified": 1701253981,
|
||||||
"narHash": "sha256-YOI78SSF4Q/ZFoEgfO8Xy3EnjCW/F9VgB2Qz9YljzhI=",
|
"narHash": "sha256-ztaDIyZ7HrTAfEEUt9AtTDNoCYxUdSd6NrRHaYOIxtk=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "0a68ef410b40f49de76aecb5c8b5cc5111bac91d",
|
"rev": "e92039b55bcd58469325ded85d4f58dd5a4eaf58",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"id": "nixpkgs",
|
"id": "nixpkgs",
|
||||||
|
"ref": "nixos-unstable",
|
||||||
"type": "indirect"
|
"type": "indirect"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
21
flake.nix
21
flake.nix
|
@ -1,8 +1,21 @@
|
||||||
{
|
{
|
||||||
inputs = { flake-utils.url = "github:numtide/flake-utils"; };
|
description = "Scribe";
|
||||||
|
|
||||||
|
inputs = {
|
||||||
|
nixpkgs.url = "nixpkgs/nixos-unstable";
|
||||||
|
flake-utils.url = "github:numtide/flake-utils";
|
||||||
|
};
|
||||||
|
|
||||||
outputs = { self, nixpkgs, flake-utils }:
|
outputs = { self, nixpkgs, flake-utils }:
|
||||||
flake-utils.lib.eachDefaultSystem (system:
|
flake-utils.lib.eachDefaultSystem
|
||||||
let pkgs = nixpkgs.legacyPackages.${system};
|
(system:
|
||||||
in { devShell = import ./shell.nix { inherit pkgs; }; });
|
let pkgs = nixpkgs.legacyPackages.${system};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
devShell = import ./shell.nix { inherit pkgs; };
|
||||||
|
packages.default = pkgs.callPackage ./default.nix { };
|
||||||
|
})
|
||||||
|
// {
|
||||||
|
nixosModules.default = import ./module.nix self;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,111 @@
|
||||||
|
self: { config, lib, pkgs, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.services.scribe;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.services.scribe = {
|
||||||
|
enable = lib.mkEnableOption (lib.mdDoc "Enable or disable the Scribe service");
|
||||||
|
|
||||||
|
package = lib.mkOption {
|
||||||
|
type = lib.types.package;
|
||||||
|
default = self.packages."${pkgs.system}".default;
|
||||||
|
description = lib.mdDoc "Overridable attribute of the scribe package to use.";
|
||||||
|
};
|
||||||
|
|
||||||
|
user = lib.mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
default = "scribe";
|
||||||
|
description = lib.mdDoc "User to run the Scribe service as.";
|
||||||
|
};
|
||||||
|
|
||||||
|
group = lib.mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
default = "scribe";
|
||||||
|
description = lib.mdDoc "Group to run the Scribe service as.";
|
||||||
|
};
|
||||||
|
|
||||||
|
appDomain = lib.mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
The domain that Scribe is being run on. This will appear on the Scribe homepage.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
port = lib.mkOption {
|
||||||
|
type = lib.types.port;
|
||||||
|
description = lib.mdDoc "Port for the Scribe service to use.";
|
||||||
|
};
|
||||||
|
|
||||||
|
environmentFile = lib.mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
The path to a file containing environment varible to be set in Scribes environment.
|
||||||
|
This should be user to set SECRET_KEY_BASE, GITHUB_USERNAME, and GITHUB_PERSONAL_ACCESS_TOKEN.
|
||||||
|
Descriptions of these settings can be found
|
||||||
|
[in the official docs](https://sr.ht/~edwardloveall/Scribe/#configuration).
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
systemd.services.scribe = {
|
||||||
|
description = "Scribe";
|
||||||
|
after = [ "network.target" ];
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
environment = {
|
||||||
|
LUCKY_ENV = "production";
|
||||||
|
APP_DOMAIN = cfg.appDomain;
|
||||||
|
PORT = (toString cfg.port);
|
||||||
|
};
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = "${cfg.package}/bin/scribe";
|
||||||
|
EnvironmentFile = cfg.environmentFile;
|
||||||
|
Restart = "on-failure";
|
||||||
|
User = cfg.user;
|
||||||
|
Group = cfg.group;
|
||||||
|
UMask = "0007";
|
||||||
|
ProtectSystem = "strict";
|
||||||
|
ProtectClock = true;
|
||||||
|
ProtectKernelLogs = true;
|
||||||
|
SystemCallArchitectures = "native";
|
||||||
|
ProtectHome = true;
|
||||||
|
ProtectProc = "noaccess";
|
||||||
|
MemoryDenyWriteExecute = true;
|
||||||
|
NoNewPrivileges = true;
|
||||||
|
PrivateDevices = true;
|
||||||
|
PrivateMounts = true;
|
||||||
|
PrivateTmp = true;
|
||||||
|
ProtectControlGroups = true;
|
||||||
|
ProtectHostname = true;
|
||||||
|
ProtectKernelModules = true;
|
||||||
|
ProtectKernelTunables = true;
|
||||||
|
RestrictNamespaces = true;
|
||||||
|
RestrictRealtime = true;
|
||||||
|
RestrictSUIDSGID = true;
|
||||||
|
CapabilityBoundingSet = [
|
||||||
|
"~CAP_SYS_PTRACE"
|
||||||
|
"~CAP_SYS_ADMIN"
|
||||||
|
"~CAP_SETGID"
|
||||||
|
"~CAP_SETUID"
|
||||||
|
"~CAP_SETPCAP"
|
||||||
|
"~CAP_SYS_TIME"
|
||||||
|
"~CAP_KILL"
|
||||||
|
"~CAP_SYS_PACCT"
|
||||||
|
"~CAP_SYS_TTY_CONFIG "
|
||||||
|
"~CAP_SYS_CHROOT"
|
||||||
|
"~CAP_SYS_BOOT"
|
||||||
|
"~CAP_NET_ADMIN"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
users.users = lib.optionalAttrs (cfg.user == "scribe") {
|
||||||
|
"scribe" = {
|
||||||
|
group = "scribe";
|
||||||
|
isSystemUser = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
users.groups = lib.optionalAttrs (cfg.group == "scribe") {
|
||||||
|
"scribe" = { };
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,10 +1,11 @@
|
||||||
{
|
{
|
||||||
|
"name": "scribe-ui",
|
||||||
"license": "UNLICENSED",
|
"license": "UNLICENSED",
|
||||||
"private": true,
|
"private": true,
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"@rails/ujs": "^6.0.0",
|
"@rails/ujs": "^6.0.0",
|
||||||
"compression-webpack-plugin": "^8.0.1",
|
"compression-webpack-plugin": "^8.0.1",
|
||||||
"laravel-mix": "^6.0.28",
|
"laravel-mix": "^6.0.49",
|
||||||
"modern-normalize": "^1.1.0",
|
"modern-normalize": "^1.1.0",
|
||||||
"postcss": "^8.3.6",
|
"postcss": "^8.3.6",
|
||||||
"tufte-css": "^1.8.0",
|
"tufte-css": "^1.8.0",
|
||||||
|
@ -22,5 +23,6 @@
|
||||||
"resolve-url-loader": "^3.1.1",
|
"resolve-url-loader": "^3.1.1",
|
||||||
"sass": "^1.26.10",
|
"sass": "^1.26.10",
|
||||||
"sass-loader": "^10.0.2"
|
"sass-loader": "^10.0.2"
|
||||||
}
|
},
|
||||||
|
"version": "0.0.0"
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,176 @@
|
||||||
|
{
|
||||||
|
authentic = {
|
||||||
|
owner = "luckyframework";
|
||||||
|
repo = "authentic";
|
||||||
|
rev = "v1.0.0";
|
||||||
|
sha256 = "0mc7xqh0zm4jg8vc1awlzr249fviiy1y40w4fvyvq959hlpd6zx4";
|
||||||
|
};
|
||||||
|
avram = {
|
||||||
|
owner = "luckyframework";
|
||||||
|
repo = "avram";
|
||||||
|
rev = "v1.0.0";
|
||||||
|
sha256 = "18w90m5iq0jy026zma05swh2am936j132fs3j730lq7x5yr8289c";
|
||||||
|
};
|
||||||
|
backtracer = {
|
||||||
|
owner = "sija";
|
||||||
|
repo = "backtracer.cr";
|
||||||
|
rev = "v1.2.2";
|
||||||
|
sha256 = "1rknyylsi14m7i77x7c3138wdw27i4f6sd78m3srw851p47bwr20";
|
||||||
|
};
|
||||||
|
cadmium_transliterator = {
|
||||||
|
owner = "cadmiumcr";
|
||||||
|
repo = "transliterator";
|
||||||
|
rev = "46c4c14594057dbcfaf27e7e7c8c164d3f0ce3f1";
|
||||||
|
sha256 = "15x9xbgybqrmqb7s5cpx3fgwysp5ld97vlvz8b196lqmyqnnp3d3";
|
||||||
|
};
|
||||||
|
cry = {
|
||||||
|
owner = "luckyframework";
|
||||||
|
repo = "cry";
|
||||||
|
rev = "v0.4.3";
|
||||||
|
sha256 = "0bcvpbi418855cq1jq911dv6r9wmg81rcvcirqrbw8fv2a093ss5";
|
||||||
|
};
|
||||||
|
crystar = {
|
||||||
|
owner = "naqvis";
|
||||||
|
repo = "crystar";
|
||||||
|
rev = "56db8bb9dfbd5ed6d7908353405a5fae632a6561";
|
||||||
|
sha256 = "0bzq7im3z3asr22wzwyj1z0m3m5aq5hh1kscp5gd8vjw192w2z2a";
|
||||||
|
};
|
||||||
|
db = {
|
||||||
|
owner = "crystal-lang";
|
||||||
|
repo = "crystal-db";
|
||||||
|
rev = "v0.11.0";
|
||||||
|
sha256 = "1ylfhpn64p72ywi39niqb179f61z08q4qd4hhjza05z18mdaghl3";
|
||||||
|
};
|
||||||
|
dexter = {
|
||||||
|
owner = "luckyframework";
|
||||||
|
repo = "dexter";
|
||||||
|
rev = "v0.3.4";
|
||||||
|
sha256 = "08fv3ns0wxkyr2rcifj3ihyaf7g4lsmfamfhdxbkdkmxa9l1z6cj";
|
||||||
|
};
|
||||||
|
exception_page = {
|
||||||
|
owner = "crystal-loot";
|
||||||
|
repo = "exception_page";
|
||||||
|
rev = "v0.3.0";
|
||||||
|
sha256 = "1w82283mgaaw1hy5xk997a1av4sxaa01ydipbxm5nb9nq7fgfydk";
|
||||||
|
};
|
||||||
|
fnv = {
|
||||||
|
owner = "naqvis";
|
||||||
|
repo = "crystal-fnv";
|
||||||
|
rev = "v0.1.3";
|
||||||
|
sha256 = "1vhy3j0ifc0rlrx5b6wbpcvjzw15k303jrz3bzvnxqvi600fvv2b";
|
||||||
|
};
|
||||||
|
habitat = {
|
||||||
|
owner = "luckyframework";
|
||||||
|
repo = "habitat";
|
||||||
|
rev = "v0.4.7";
|
||||||
|
sha256 = "0d183pnswgjwqg388zmnx7s41ai88ca96nl5cybi0z6icr5npw64";
|
||||||
|
};
|
||||||
|
html5 = {
|
||||||
|
owner = "naqvis";
|
||||||
|
repo = "crystal-html5";
|
||||||
|
rev = "v0.4.0";
|
||||||
|
sha256 = "0mr4vd4bl3a22jl8h698zrh8rz6m5lm2lcyx11055gn6fw0yq57k";
|
||||||
|
};
|
||||||
|
lucky = {
|
||||||
|
owner = "luckyframework";
|
||||||
|
repo = "lucky";
|
||||||
|
rev = "v1.0.0";
|
||||||
|
sha256 = "13by6bbgpbbbdncgj87cqy5y6z7s9zb3nr88dh3fwl5mfgygk66z";
|
||||||
|
};
|
||||||
|
lucky_cache = {
|
||||||
|
owner = "luckyframework";
|
||||||
|
repo = "lucky_cache";
|
||||||
|
rev = "v0.1.1";
|
||||||
|
sha256 = "1ic9nfmiv89q5v82ybshd9xqnwv62bv8a5n8rhmsm9cwvdhgc92x";
|
||||||
|
};
|
||||||
|
lucky_env = {
|
||||||
|
owner = "luckyframework";
|
||||||
|
repo = "lucky_env";
|
||||||
|
rev = "v0.1.4";
|
||||||
|
sha256 = "0rcz0kh9rkypgm34r7maqqmgirxblhwzycwxpp0y9ai68lq71qxk";
|
||||||
|
};
|
||||||
|
lucky_flow = {
|
||||||
|
owner = "luckyframework";
|
||||||
|
repo = "lucky_flow";
|
||||||
|
rev = "v0.9.0";
|
||||||
|
sha256 = "1gyxba7lbjhzbd7a5hcswr3i04mz6rqypihhpgx213aa2685c0mw";
|
||||||
|
};
|
||||||
|
lucky_router = {
|
||||||
|
owner = "luckyframework";
|
||||||
|
repo = "lucky_router";
|
||||||
|
rev = "v0.5.2";
|
||||||
|
sha256 = "1gl93rijnbaqybpry19rn951kbx1q1bb5w0npdp4fm0r212b3yh8";
|
||||||
|
};
|
||||||
|
lucky_task = {
|
||||||
|
owner = "luckyframework";
|
||||||
|
repo = "lucky_task";
|
||||||
|
rev = "v0.1.1";
|
||||||
|
sha256 = "0w0rnf22pvj3lp5z8c4sshzwhqgwpbjpm7nry9mf0iz3fa0v48f7";
|
||||||
|
};
|
||||||
|
monads = {
|
||||||
|
owner = "alex-lairan";
|
||||||
|
repo = "monads";
|
||||||
|
rev = "v1.0.0";
|
||||||
|
sha256 = "0wwhsmnzsmw03dn2j4n75sprp4baxg24i1hn1xhfzz9b33rmlxxf";
|
||||||
|
};
|
||||||
|
pg = {
|
||||||
|
owner = "will";
|
||||||
|
repo = "crystal-pg";
|
||||||
|
rev = "v0.26.0";
|
||||||
|
sha256 = "04fwbgrlf2nzma0p2c8ki7p8sk113jhziq2al3ivif2lpmhr39fy";
|
||||||
|
};
|
||||||
|
pulsar = {
|
||||||
|
owner = "luckyframework";
|
||||||
|
repo = "pulsar";
|
||||||
|
rev = "v0.2.3";
|
||||||
|
sha256 = "03pp0r1klqk49fkzjwg9mnxqplv6pdfjn6a1p59f2w1ha5piyy90";
|
||||||
|
};
|
||||||
|
selenium = {
|
||||||
|
owner = "matthewmcgarvey";
|
||||||
|
repo = "selenium.cr";
|
||||||
|
rev = "v0.10.0";
|
||||||
|
sha256 = "062baqafz2rn9czaj8wl2b1l7ngxdph2j8xcr088f2kd8bb0hj7v";
|
||||||
|
};
|
||||||
|
shell-table = {
|
||||||
|
owner = "luckyframework";
|
||||||
|
repo = "shell-table.cr";
|
||||||
|
rev = "v0.9.3";
|
||||||
|
sha256 = "046vymm2r37c6j5bqyjzxdgg5h62slsannzvfhbckkv2r9chwd3w";
|
||||||
|
};
|
||||||
|
splay_tree_map = {
|
||||||
|
owner = "wyhaines";
|
||||||
|
repo = "splay_tree_map.cr";
|
||||||
|
rev = "v0.2.2";
|
||||||
|
sha256 = "0196zpg0v190dv23mwnbia35znxz2j2g8dqynd2b8827qiwmz1vn";
|
||||||
|
};
|
||||||
|
teeplate = {
|
||||||
|
owner = "luckyframework";
|
||||||
|
repo = "teeplate";
|
||||||
|
rev = "v0.8.5";
|
||||||
|
sha256 = "1kr05qrp674rph1324wry57gzvgvcvlz0w27brlvdgd3gi4s8sdj";
|
||||||
|
};
|
||||||
|
webdrivers = {
|
||||||
|
owner = "matthewmcgarvey";
|
||||||
|
repo = "webdrivers.cr";
|
||||||
|
rev = "v0.4.1";
|
||||||
|
sha256 = "05q6z1rv29hrwq77wpas2ki4alwhx4fpallb94q4m9g5h5vfn6ag";
|
||||||
|
};
|
||||||
|
webless = {
|
||||||
|
owner = "matthewmcgarvey";
|
||||||
|
repo = "webless";
|
||||||
|
rev = "v0.1.0";
|
||||||
|
sha256 = "0fg79wy3fq0af77jm121pqfm43dzb7l5rlx13vrl74pgqagms0ih";
|
||||||
|
};
|
||||||
|
wordsmith = {
|
||||||
|
owner = "luckyframework";
|
||||||
|
repo = "wordsmith";
|
||||||
|
rev = "v0.4.0";
|
||||||
|
sha256 = "13fsmwdh431smbmsv869pa8p34g1hqd84za33xsymsycq5459xq2";
|
||||||
|
};
|
||||||
|
xpath2 = {
|
||||||
|
owner = "naqvis";
|
||||||
|
repo = "crystal-xpath2";
|
||||||
|
rev = "v0.1.3";
|
||||||
|
sha256 = "17jl0br2fibc22sz9qdpsqd17rsmnar0jwh4iq25y8rg64pgb1h0";
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,16 +1,16 @@
|
||||||
{ pkgs ? import <nixpkgs> { } }:
|
{ pkgs ? import <nixpkgs> { } }:
|
||||||
|
|
||||||
pkgs.mkShell {
|
pkgs.mkShell {
|
||||||
shellHook = ''
|
|
||||||
export PKG_CONFIG_PATH=${pkgs.openssl.dev}/lib/pkgconfig
|
|
||||||
'';
|
|
||||||
buildInputs = with pkgs; [
|
buildInputs = with pkgs; [
|
||||||
crystal
|
crystal
|
||||||
lucky-cli
|
lucky-cli
|
||||||
overmind
|
overmind
|
||||||
nodejs
|
nodejs
|
||||||
openssl.dev
|
openssl
|
||||||
|
pkg-config
|
||||||
shards
|
shards
|
||||||
yarn
|
yarn
|
||||||
|
crystal2nix
|
||||||
|
pcre
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
Ładowanie…
Reference in New Issue