From 39f73ef2f21e4d2b578da80524ac95b49b294aba Mon Sep 17 00:00:00 2001
From: Nettika <git@nettika.cat>
Date: Wed, 15 Oct 2025 17:43:36 -0700
Subject: [PATCH] Use caddy-exec to handling Forgejo webhooks on astral

---
 hosts/astral/default.nix |  5 +++++
 hosts/astral/links.nix   | 48 +++++++++++++---------------------------
 2 files changed, 20 insertions(+), 33 deletions(-)

diff --git a/hosts/astral/default.nix b/hosts/astral/default.nix
index 3ad498a..c600557 100644
--- a/hosts/astral/default.nix
+++ b/hosts/astral/default.nix
@@ -36,6 +36,11 @@
 
   services.caddy = {
     enable = true;
+    package = pkgs.caddy.withPlugins {
+      plugins =
+        [ "github.com/abiosoft/caddy-exec@v0.0.0-20240914124740-521d8736cb4d" ];
+      hash = "sha256-ef6/x7wjKk0axjX6MfAzTTwPM2FTOTSSyI9zLLrczV0=";
+    };
     virtualHosts = {
       "astral.leaf.ninja".extraConfig = ''
         respond "astral is online"
diff --git a/hosts/astral/links.nix b/hosts/astral/links.nix
index eb70571..fe836be 100644
--- a/hosts/astral/links.nix
+++ b/hosts/astral/links.nix
@@ -1,39 +1,21 @@
-{ pkgs, ... }:
+{ pkgs, lib, ... }:
 let
   domain = "nettika.leaf.ninja";
   root = "/srv/links";
-  webhookHandler = pkgs.writeScript "webhook-handler.py" ''
-    #!${pkgs.python3}/bin/python3
-
-    import http.server
-    import socketserver
-    import subprocess
-    import os
-
-    class WebhookHandler(http.server.SimpleHTTPRequestHandler):
-        def do_POST(self):
-            os.chdir('${root}')
-            subprocess.run(['${pkgs.git}/bin/git', 'pull'], check=True)
-            self.send_response(200)
-            self.end_headers()
-            self.wfile.write(b'OK')
-
-    with socketserver.TCPServer(("127.0.0.1", 8081), WebhookHandler) as httpd:
-        httpd.serve_forever()
-  '';
 in {
-  systemd.services.links-webhook = {
-    wantedBy = [ "multi-user.target" ];
-    after = [ "network.target" ];
-    serviceConfig = {
-      Type = "simple";
-      ExecStart = "${pkgs.python3}/bin/python3 ${webhookHandler}";
-      Restart = "always";
-    };
+  services.caddy.virtualHosts = {
+    ${domain}.extraConfig = ''
+      root * ${root}
+      file_server
+    '';
+    "http://localhost:8081".extraConfig = let git = lib.getExe pkgs.git;
+    in ''
+      route {
+        exec {
+          command ${git} pull --rebase 
+          directory ${root}
+        }
+      }
+    '';
   };
-
-  services.caddy.virtualHosts.${domain}.extraConfig = ''
-    root * ${root}
-    file_server
-  '';
 }