diff --git a/hosts/astral/default.nix b/hosts/astral/default.nix index 1e85c02..cc03584 100644 --- a/hosts/astral/default.nix +++ b/hosts/astral/default.nix @@ -6,6 +6,7 @@ nixosModules.promptmoji agenix.nixosModules.default ./forgejo.nix + ./links.nix ./vaultwarden.nix ]; diff --git a/hosts/astral/forgejo.nix b/hosts/astral/forgejo.nix index 8c29daf..366bf7b 100644 --- a/hosts/astral/forgejo.nix +++ b/hosts/astral/forgejo.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, pkgs, ... }: let domain = "git.leaf.ninja"; in { services.forgejo = { @@ -18,6 +18,8 @@ in { FROM = "forgejo@leaf.ninja"; USER = "forgejo@$leaf.ninja"; }; + webhook.ALLOWED_HOST_LIST = + pkgs.lib.concatStringsSep "," [ "localhost" "::1" ]; }; secrets = { mailer.PASSWD = config.age.secrets.forgejo-mailer-password.path; diff --git a/hosts/astral/links.nix b/hosts/astral/links.nix new file mode 100644 index 0000000..eb70571 --- /dev/null +++ b/hosts/astral/links.nix @@ -0,0 +1,39 @@ +{ pkgs, ... }: +let + domain = "nettika.leaf.ninja"; + root = "/srv/links"; + webhookHandler = pkgs.writeScript "webhook-handler.py" '' + #!${pkgs.python3}/bin/python3 + + import http.server + import socketserver + import subprocess + import os + + class WebhookHandler(http.server.SimpleHTTPRequestHandler): + def do_POST(self): + os.chdir('${root}') + subprocess.run(['${pkgs.git}/bin/git', 'pull'], check=True) + self.send_response(200) + self.end_headers() + self.wfile.write(b'OK') + + with socketserver.TCPServer(("127.0.0.1", 8081), WebhookHandler) as httpd: + httpd.serve_forever() + ''; +in { + systemd.services.links-webhook = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + Type = "simple"; + ExecStart = "${pkgs.python3}/bin/python3 ${webhookHandler}"; + Restart = "always"; + }; + }; + + services.caddy.virtualHosts.${domain}.extraConfig = '' + root * ${root} + file_server + ''; +}