Periodic/system-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[webhook] Adds webhook for redeploying npm projects

Browse Source
This commit is contained in:
Drew Haven
2025-06-04 17:35:31 -07:00
parent 104cd2fd2e
commit f8378354fb
4 changed files with 138 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
system/hosts/mcp/containers.nix
View File

@@ -3,6 +3,7 @@
{
# Additional configuration
imports = [
# Docker containers
./containers/dm-companion.nix
./containers/freshrss.nix
./containers/gitea.nix
@@ -21,6 +22,9 @@
./containers/timetagger.nix
./containers/traefik.nix
./containers/users.nix
# NixOS Containers
./static-site-hooks.nix
];
# Enable common container config files in /etc/containers

77
system/hosts/mcp/containers/public-homepage.nix
View File

@@ -1,30 +1,59 @@
# Static websites
{ lib, config, ... }:
let
inherit (import ./lib.nix config) terakoda havenisms blazestar;
mkStaticSite = domain: let
cleanDomain = lib.strings.stringAsChars (c: if c == "." then "-" else c) domain;
in {
"${cleanDomain}-static" = {
image = "nginx:alpine";
autoStart = true;
volumes = [
"/tank/web/${domain}/public:/usr/share/nginx/html:ro"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${cleanDomain}.rule" = "Host(`${domain}`) || Host(`www.${domain}`)";
"traefik.http.routers.${cleanDomain}.middlewares" = "${cleanDomain}-add-www@docker";
"traefik.http.services.${cleanDomain}.loadbalancer.server.port" = "80";
"traefik.http.middlewares.${cleanDomain}-add-www.redirectregex.regex" = "^https://${domain}/(.*)";
"traefik.http.middlewares.${cleanDomain}-add-www.redirectregex.replacement" = "https://www.${domain}/\${1}";
"traefik.http.middlewares.${cleanDomain}-add-www.redirectregex.permanent" = "true";
inherit (import ./lib.nix config)
terakoda
havenisms
blazestar
;
mkStaticSite =
host:
let
cleanHost = lib.strings.stringAsChars (c: if c == "." then "-" else c) host;
in
{
"${cleanHost}-static" = {
image = "nginx:alpine";
autoStart = true;
volumes = [
"/tank/web/${host}/public:/usr/share/nginx/html:ro"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${cleanHost}.rule" = "Host(`${host}`) || Host(`www.${host}`)";
"traefik.http.routers.${cleanHost}.middlewares" = "${cleanHost}-add-www@docker";
"traefik.http.services.${cleanHost}.loadbalancer.server.port" = "80";
"traefik.http.middlewares.${cleanHost}-add-www.redirectregex.regex" = "^https://${host}/(.*)";
"traefik.http.middlewares.${cleanHost}-add-www.redirectregex.replacement" =
"https://www.${host}/\${1}";
"traefik.http.middlewares.${cleanHost}-add-www.redirectregex.permanent" = "true";
};
};
};
};
in {
virtualisation.oci-containers.containers =
mkStaticSite terakoda //
mkStaticSite havenisms //
mkStaticSite blazestar;
in
{
virtualisation.oci-containers.containers =
mkStaticSite terakoda
// mkStaticSite havenisms
// mkStaticSite blazestar
// (
let
host = "www2.terakoda.com";
cleanHost = lib.strings.stringAsChars (c: if c == "." then "-" else c) host;
in
{
"${cleanHost}-static" = {
image = "nginx:alpine";
autoStart = true;
volumes = [
"/tank/web/www2.terakoda.com/dist:/usr/share/nginx/html:ro"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${cleanHost}.rule" = "Host(`${host}`)";
"traefik.http.services.${cleanHost}.loadbalancer.server.port" = "80";
};
};
}
);
}

77
system/hosts/mcp/static-site-hooks.nix Normal file
View File

@@ -0,0 +1,77 @@
{ config, pkgs, ... }:
let
gitKnownHosts = pkgs.writeText "known_hosts" ''
[git.blazestar.net]:2222 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDSikNAZDAbdQ5TA6Eg95FBM3sdPfAfghG+n56akCal8XXV/vOnXgqfeDASfXVOu+PZqCHnpGTxsym7hf2naFC0enznhS2sqahdQKKcsHvSfyQxpYFYyB2Zp8YDbnbRNGl2SbnqOajzk1SxJrJ0fFXmfrRIMnGNz+uFtIqc+T52CM051nd5Gj3f9a8xCwg7hedvSCynobsW9IOCmCc9rZ99TRd+m0kO74pUbgVqLv/+aSuW40K1uCkKgyh6PQsmkZd5GY0URwoJvLZauZLSPxl6DEU6lYz8S/hPrTP/e6fOPZsavQBYC+3Q/akoFnY+qlKgWLQy/Om6hz0EfYuuzNPRhf1jaGKjHgEri1f3OMgXcRMvjovRgbbu0JRGANmN8FMe20S4AAvbxmsQdQci+QcXZPDPbcmT3XJv8e8p4HNQyLxHyh0u9dLBE2ccTv5gdf/6iZy6WXlYEf1UAKC2lExRuKBV3lrnuyHhOj+iL09gUMYFuIyHuX2Hsw9yKZbO8J2+STNIVQfAJ0Upa2cJ33a6RlOxGiHXi4UbZTPguNgQaQdM0CuklVTynBfWr1Hfd8c8hVtT+HLz+XOU2Nrmgq90/w7g7mo5JxXHkcfBlqlXKONTkDUG3KHbwKtQNVC6l3bhpvPc32Mys6e7JeWnrb1zXojopnPvoct54qDVlwc5xQ==
'';
testHook =
with pkgs;
writeShellApplication {
name = "deploy-astro-app";
runtimeInputs = [
openssh
gitFull
nodejs_22
bashNonInteractive
];
text = ''
set -e
id
pwd
export GIT_SSH_COMMAND='ssh -v -o "UserKnownHostsFile ${gitKnownHosts}" -i "${
config.sops.secrets."deploy-key/terakoda.com".path
}"'
# Disable astro telemetry otherwise it will try to write to `~/.config/astro/config.json`
export ASTRO_TELEMETRY_DISABLED=1
# Fetch the repository and make sure we are reset to HEAD
git fetch origin main
git reset --hard
git checkout main
git reset --hard origin/main
# Use a local cache with --cache .npm
npm ci --cache .npm
npm run build
'';
};
in
{
# [ ] Make sure the hook can operate on that directory
# [ ] Run the build command
sops.secrets = {
"deploy-key/terakoda.com" = {
restartUnits = [ "webhook.service" ];
owner = config.users.users.webhook.name;
};
};
services.webhook = {
enable = true;
verbose = true;
port = 9000;
openFirewall = true;
hooks = {
"deploy-www2-terakoda-com" = {
id = "deploy-www2-terakoda-com";
http-methods = [ "POST" ];
command-working-directory = "/tank/web/www2.terakoda.com";
include-command-output-in-response = true;
include-command-output-in-response-on-error = true;
execute-command = "${testHook}/bin/deploy-astro-app";
trigger-rule = {
match = {
type = "payload-mac-sha256";
secret = "test123";
parameter = {
source = "header";
name = "X-Hub-Signature-256";
};
};
};
};
};
};
}