Decouple static site generation from system config

Updating various hashes and regenerating the whole system config for
each content update doesn't feel quite right.

Instead nginx now serves Nix store links placed in the home directory
of a separte `public` user.This user maintains local clones of page
source repositories and generates them using their respective Nix
expressions. This allows for greater flexibility while maintaining most
of the benefits of declarative configuration. Re-building static site
derivations may also be automated using e.g. post-receive hooks.

2 files changed, 67 insertions, 0 deletions

diff --git a/host/software/server/git.nix b/host/software/server/git.nix
new file mode 100644
index 0000000..4eedb53
--- /dev/null
+++ b/host/software/server/git.nix
@@ -0,0 +1,38 @@
+{ pkgs, ... }:
+
+{
+  services = {
+    gitea = {
+      enable = true;
+      database.type = "sqlite3";
+
+      appName = "~/projects";
+      domain  = "code.kummerlaender.eu";
+      rootUrl = "https://code.kummerlaender.eu/";
+      httpPort = 3000;
+
+      extraConfig = ''
+        [server]
+        LANDING_PAGE = "explore"
+        [service]
+        DISABLE_REGISTRATION = true
+        SHOW_REGISTRATION_BUTTON = false
+        [other]
+        SHOW_FOOTER_VERSION = false
+        SHOW_FOOTER_TEMPLATE_LOAD_TIME = false
+        [api]
+        ENABLE_SWAGGER_ENDPOINT = false
+        [picture]
+        DISABLE_GRAVATAR = true
+        [indexer]
+        REPO_INDEXER_ENABLED = true
+      '';
+    };
+
+    nginx.virtualHosts."code.kummerlaender.eu" = {
+      addSSL     = true;
+      enableACME = true;
+      locations."/".proxyPass = "http://localhost:3000/";
+    };
+  };
+}
diff --git a/host/software/server/website.nix b/host/software/server/website.nix
new file mode 100644
index 0000000..d518d3a
--- /dev/null
+++ b/host/software/server/website.nix
@@ -0,0 +1,29 @@
+{ pkgs, ... }:
+
+{
+  users.extraUsers.public = {
+    isNormalUser = true;
+    uid          = 2000;
+    shell        = pkgs.fish;
+    home         = "/home/public";
+  };
+
+  # `public` generates websites using their custom derivations via `nix-build`
+  services.nginx.virtualHosts = let
+    default = locations: {
+      inherit locations;
+      addSSL     = true;
+      enableACME = true;
+    };
+    website = sub: default {
+      "/".root = "/home/public/${sub}/result";
+    };
+  in {
+    "blog.kummerlaender.eu" = website "blog";
+    "tree.kummerlaender.eu" = website "tree";
+    "pkgs.kummerlaender.eu" = default {
+      "/".root                     = "/home/public/pkgs/result";
+      "/nixexprs.tar.gz".proxyPass = "http://localhost:3000/adrian/pkgs/archive/master.tar.gz";
+    };
+  };
+}