mat
/
mat.services
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Attempt to get Docker build working

pull/1/head
mat ess 2022-09-06 00:36:55 -04:00
parent 708609b6d2
commit 91e24c5672
4 changed files with 44 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
Caddyfile
View File

@ -20,10 +20,6 @@ http://static-mat-services.fly.dev {
file_server file_server
} }
log {
output stdout
}
header { header {
# disable FLoC tracking # disable FLoC tracking
Permissions-Policy interest-cohort=() Permissions-Policy interest-cohort=()
@ -40,22 +36,28 @@ http://static-mat-services.fly.dev {
# style-src 'unsafe-inline': syntax highlighting in codefences # style-src 'unsafe-inline': syntax highlighting in codefences
# sandbox allow-popups: enable target="_blank" links to open in new tabs # sandbox allow-popups: enable target="_blank" links to open in new tabs
Content-Security-Policy "default-src 'none'; Content-Security-Policy "default-src 'none';
img-src 'self'; img-src 'self' https://stats.mat.services;
style-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';
font-src 'self'; font-src 'self';
script-src 'self'; script-src 'self' https://stats.mat.services;
form-action 'none'; form-action 'none';
frame-ancestors 'none'; frame-ancestors 'none';
base-uri 'none'; base-uri 'none';
upgrade-insecure-requests; upgrade-insecure-requests;
sandbox allow-same-origin allow-popups allow-popups-to-escape-sandbox" sandbox
allow-same-origin
allow-scripts
allow-popups
allow-popups-to-escape-sandbox"
} }
# caching # caching
@static {
path *.bmp *.jpg *.png *.svg *.gif *.pdf *.css *.js *.woff *.woff2
}
route { route {
header /style/* Cache-Control max-age=31536000, immutable
header /image/* Cache-Control max-age=31536000, immutable
header /font/* Cache-Control max-age=31536000, immutable
header Cache-Control max-age=180 header Cache-Control max-age=180
header /sitemap.xml Cache-Control max-age=0
header @static Cache-Control max-age=31536000, immutable
} }
} }

21
flake.lock
View File

@ -36,6 +36,26 @@
"type": "github" "type": "github"
} }
}, },
"gitignore": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1660459072,
"narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1661450036, "lastModified": 1661450036,
@ -56,6 +76,7 @@
"inputs": { "inputs": {
"apollo": "apollo", "apollo": "apollo",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"gitignore": "gitignore",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
} }
} }

13
flake.nix
View File

@ -5,18 +5,21 @@
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.url = "github:hercules-ci/flake-parts";
flake-parts.inputs.nixpkgs.follows = "nixpkgs"; flake-parts.inputs.nixpkgs.follows = "nixpkgs";
gitignore.url = "github:hercules-ci/gitignore.nix";
gitignore.inputs.nixpkgs.follows = "nixpkgs";
# theme - inlined now, not used # theme - inlined now, not used
apollo.url = "github:not-matthias/apollo"; apollo.url = "github:not-matthias/apollo";
apollo.flake = false; apollo.flake = false;
}; };
outputs = { self, flake-parts, ... }@inputs: outputs = { self, flake-parts, gitignore, ... }@inputs:
flake-parts.lib.mkFlake { inherit self; } { flake-parts.lib.mkFlake { inherit self; } {
imports = [ ]; imports = [ ];
systems = inputs.nixpkgs.lib.systems.flakeExposed; systems = inputs.nixpkgs.lib.systems.flakeExposed;
perSystem = { config, self', inputs', pkgs, system, ... }: perSystem = { config, self', inputs', pkgs, system, ... }:
let let
inherit (gitignore.lib) gitignoreSource;
# TODO: move these to a flake-module # TODO: move these to a flake-module
inherit (pkgs.callPackage ./nix { }) container deploy fonts optimize-images themes; inherit (pkgs.callPackage ./nix { }) container deploy fonts optimize-images themes;
inherit (fonts) copyFonts linkFonts; inherit (fonts) copyFonts linkFonts;
@ -28,8 +31,8 @@
{ {
packages.default = with pkgs; stdenv.mkDerivation { packages.default = with pkgs; stdenv.mkDerivation {
pname = "personal-site"; pname = "personal-site";
version = "2022-08-27"; version = "2022-09-06";
src = ./.; src = gitignoreSource ./.;
nativeBuildInputs = [ optimize-images zola ]; nativeBuildInputs = [ optimize-images zola ];
configurePhase = copyTheme + copyFonts; configurePhase = copyTheme + copyFonts;
buildPhase = '' buildPhase = ''
@ -45,11 +48,11 @@
shellHook = linkTheme + linkFonts; shellHook = linkTheme + linkFonts;
}; };
packages.container = container { packages.container = container {
caddyfile = builtins.readFile ./Caddyfile; caddyfile = ./Caddyfile;
site = config.packages.default; site = config.packages.default;
}; };
apps.deploy.program = apps.deploy.program =
let deploy' = deploy { dockerImage = config.packages.container; }; let deploy' = deploy { dockerImage = self.packages.x86_64-linux.container; };
in "${deploy'}/bin/deploy"; in "${deploy'}/bin/deploy";
}; };
}; };

5
nix/deploy.nix
View File

@ -4,6 +4,7 @@ writeShellScriptBin "deploy" ''
set -euxo pipefail set -euxo pipefail
export PATH="${lib.makeBinPath [(docker.override { clientOnly = true; }) flyctl]}:$PATH" export PATH="${lib.makeBinPath [(docker.override { clientOnly = true; }) flyctl]}:$PATH"
archive=${dockerImage} archive=${dockerImage}
image=$(docker load < $archive | awk '{ print $3; }') # load archive, drop all output except last line (in case of warnings), print image name
flyctl deploy -i $image image=$(docker load < $archive | tail -n1 | awk '{ print $3; }')
flyctl deploy --image $image --local-only
'' ''