.
This commit is contained in:
parent
32d81f0138
commit
c4dcb6e38b
78 changed files with 2739 additions and 110 deletions
|
|
@ -12,9 +12,9 @@ pygmentsUseClasses = true
|
|||
|
||||
[menu]
|
||||
[[menu.main]]
|
||||
identifier = "info"
|
||||
name = "info"
|
||||
title = "info"
|
||||
identifier = "--help"
|
||||
name = "--help"
|
||||
title = "--help"
|
||||
url = "/info/"
|
||||
weight = 20
|
||||
|
||||
|
|
|
|||
|
|
@ -1,3 +1,5 @@
|
|||
This is a place to document bits and bobs I've been up to that have interested me.
|
||||
Expect linux and self-hosting tinkering, some novice programming, and maybe the occasional recipe.
|
||||
I tend to be a fool so take anything written here with a pinch of salt :)
|
||||
|
||||
- [rss HERE!!](../index.xml)
|
||||
|
|
|
|||
115
content/posts/nixos-remote-auto-static-site-deploy.md
Normal file
115
content/posts/nixos-remote-auto-static-site-deploy.md
Normal file
|
|
@ -0,0 +1,115 @@
|
|||
---
|
||||
title: over-engineered (?) nixos blog deployment setup
|
||||
date: 2025-08-11
|
||||
tags:
|
||||
- nixos
|
||||
draft: false
|
||||
---
|
||||
|
||||
As is traditional with people hosting their own blog I'm going to do a post detailing EXACTLY how I'm hosting my blog.
|
||||
Down to the last dirty detail.
|
||||
I have nothing better to talk about.
|
||||
Here is a diagram I edited to illustrate (credit to xkcd I think?).
|
||||
|
||||
|
||||
|
||||
I host my site on a hetzner vps running nixos.
|
||||
I also have a git repo where all the static files for my blog live.
|
||||
I had previously been manually rsyncing the website up to my vps from my laptop.
|
||||
Qute an easy, efficient solution; it worked well.
|
||||
But not very nixos; far too simple, not sufficiently over-engineered.
|
||||
So in true nixos fashion I decided I'd spend a couple of hours sorting the problem so I'd maybe save a minute once a year when I write a blog post.
|
||||
|
||||
### Remote Rebuilds
|
||||
|
||||
First, I'll show the fancy way to rebuild your remote nixos systems via ssh.
|
||||
In my case, this means I can rebuild my hetzner box from my laptop.
|
||||
You can read the wiki about it [here](https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines).
|
||||
|
||||
This sets up ssh with key-based authentication and lets our local user in.
|
||||
This config belongs on the remote machine.
|
||||
|
||||
```nix
|
||||
users.users.blog-king.openssh.authorizedKeys.keys = [
|
||||
# ssh public key on computer you're deploying from
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa"
|
||||
];
|
||||
|
||||
nix.settings.trusted-users = [ "blog-king" ];
|
||||
|
||||
# ssh daemon
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
settings = {
|
||||
PasswordAuthentication = false;
|
||||
PermitRootLogin = "no";
|
||||
};
|
||||
};
|
||||
|
||||
```
|
||||
|
||||
Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with `nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch`.
|
||||
The `--ask-sudo-password` is not required if you ssh in as root though that would be a touch gauche.
|
||||
|
||||
### Caddy
|
||||
|
||||
You can do this with whatever your preferred webserver is.
|
||||
I am a caddy stan.
|
||||
This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at `/etc/blog`.
|
||||
|
||||
```nix
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
80
|
||||
443
|
||||
];
|
||||
|
||||
services.caddy = {
|
||||
enable = true;
|
||||
extraConfig = ''
|
||||
blog.example.org {
|
||||
root * /etc/blog
|
||||
file_server
|
||||
}
|
||||
'';
|
||||
};
|
||||
```
|
||||
|
||||
### Getting the files from git
|
||||
|
||||
We have a web server pointing at `/etc/blog`.
|
||||
The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.
|
||||
|
||||
I'm using the `fetchFromGitea` helper here which works for gitea and forgejo instances.
|
||||
The `fetchFromGitHub` helper would look very similar.
|
||||
|
||||
You can get the `rev` and `sha256` of the commit using `nix-prefetch-git`.
|
||||
|
||||
Also note the little `/public` at the end of the `source` string.
|
||||
That's the directory of the git repo that the website source lives.
|
||||
|
||||
```nix
|
||||
environment.etc."blog" = {
|
||||
enable = true;
|
||||
target = "blog";
|
||||
source = "${
|
||||
pkgs.fetchFromGitea {
|
||||
domain = "git.example.org";
|
||||
owner = "james";
|
||||
repo = "blog";
|
||||
rev = "32d81f01388c88a259eed2ba52f4545dbcb1eb07";
|
||||
sha256 = "173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8";
|
||||
}
|
||||
}/public";
|
||||
user = "caddy";
|
||||
group = "caddy";
|
||||
};
|
||||
```
|
||||
|
||||
So now with all that setup the blog post work flow is:
|
||||
|
||||
- Commit rebuilt website to repo
|
||||
- Update the `rev` and `sha256` to the new commit (this is annoying and I'm trying to work out a good way to automate it)
|
||||
- Rebuild vps from laptop
|
||||
|
||||
Not necessarily faster than the old rsync method but it's pretty damn declarative, that's for sure.
|
||||
|
|
@ -16,7 +16,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -27,7 +27,7 @@
|
|||
</ul>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -11,6 +11,100 @@
|
|||
|
||||
|
||||
|
||||
<item>
|
||||
<title>over-engineered (?) nixos blog deployment setup</title>
|
||||
<link>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</link>
|
||||
<pubDate>Mon, 11 Aug 2025 00:00:00 +0000</pubDate>
|
||||
|
||||
<guid>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</guid>
|
||||
<description><p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog.
|
||||
Down to the last dirty detail.
|
||||
I have nothing better to talk about.
|
||||
Here is a diagram I edited to illustrate (credit to xkcd I think?).</p>
|
||||
<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p>
|
||||
<p>I host my site on a hetzner vps running nixos.
|
||||
I also have a git repo where all the static files for my blog live.
|
||||
I had previously been manually rsyncing the website up to my vps from my laptop.
|
||||
Qute an easy, efficient solution; it worked well.
|
||||
But not very nixos; far too simple, not sufficiently over-engineered.
|
||||
So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p>
|
||||
<h3 id="remote-rebuilds">Remote Rebuilds</h3>
|
||||
<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh.
|
||||
In my case, this means I can rebuild my hetzner box from my laptop.
|
||||
You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p>
|
||||
<p>This sets up ssh with key-based authentication and lets our local user in.
|
||||
This config belongs on the remote machine.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>.
|
||||
The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p>
|
||||
<h3 id="caddy">Caddy</h3>
|
||||
<p>You can do this with whatever your preferred webserver is.
|
||||
I am a caddy stan.
|
||||
This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">80</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">443</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39;
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org {
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> }
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3>
|
||||
<p>We have a web server pointing at <code>/etc/blog</code>.
|
||||
The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p>
|
||||
<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances.
|
||||
The <code>fetchFromGitHub</code> helper would look very similar.</p>
|
||||
<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p>
|
||||
<p>Also note the little <code>/public</code> at the end of the <code>source</code> string.
|
||||
That&rsquo;s the directory of the git repo that the website source lives.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p>
|
||||
<ul>
|
||||
<li>Commit rebuilt website to repo</li>
|
||||
<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li>
|
||||
<li>Rebuild vps from laptop</li>
|
||||
</ul>
|
||||
<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
|
||||
|
||||
<item>
|
||||
<title>so you want to write a neovim plugin with lua</title>
|
||||
<link>https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/</link>
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -74,7 +74,7 @@
|
|||
</article>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -65,7 +65,7 @@
|
|||
</article>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -85,7 +85,7 @@
|
|||
</article>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -65,7 +65,7 @@
|
|||
</article>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -83,7 +83,7 @@
|
|||
</article>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
BIN
public/image/self-hosting.png
Normal file
BIN
public/image/self-hosting.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 71 KiB |
|
|
@ -17,7 +17,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -25,6 +25,10 @@
|
|||
<main id="content">
|
||||
|
||||
<ul id="posts">
|
||||
<li>
|
||||
<a href="https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/">over-engineered (?) nixos blog deployment setup</a> -<small><time>Aug 11, 2025</time></small>
|
||||
</li>
|
||||
|
||||
<li>
|
||||
<a href="https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/">so you want to write a neovim plugin with lua</a> -<small><time>Apr 6, 2024</time></small>
|
||||
</li>
|
||||
|
|
@ -109,7 +113,7 @@
|
|||
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -6,12 +6,106 @@
|
|||
<description>Recent content on James' Blog :-)</description>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<language>en-GB</language>
|
||||
<lastBuildDate>Tue, 25 Jun 2024 00:00:00 +0000</lastBuildDate>
|
||||
<lastBuildDate>Mon, 11 Aug 2025 00:00:00 +0000</lastBuildDate>
|
||||
|
||||
<atom:link href="https://nonsense.dymc.win/index.xml" rel="self" type="application/rss+xml" />
|
||||
|
||||
|
||||
|
||||
<item>
|
||||
<title>over-engineered (?) nixos blog deployment setup</title>
|
||||
<link>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</link>
|
||||
<pubDate>Mon, 11 Aug 2025 00:00:00 +0000</pubDate>
|
||||
|
||||
<guid>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</guid>
|
||||
<description><p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog.
|
||||
Down to the last dirty detail.
|
||||
I have nothing better to talk about.
|
||||
Here is a diagram I edited to illustrate (credit to xkcd I think?).</p>
|
||||
<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p>
|
||||
<p>I host my site on a hetzner vps running nixos.
|
||||
I also have a git repo where all the static files for my blog live.
|
||||
I had previously been manually rsyncing the website up to my vps from my laptop.
|
||||
Qute an easy, efficient solution; it worked well.
|
||||
But not very nixos; far too simple, not sufficiently over-engineered.
|
||||
So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p>
|
||||
<h3 id="remote-rebuilds">Remote Rebuilds</h3>
|
||||
<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh.
|
||||
In my case, this means I can rebuild my hetzner box from my laptop.
|
||||
You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p>
|
||||
<p>This sets up ssh with key-based authentication and lets our local user in.
|
||||
This config belongs on the remote machine.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>.
|
||||
The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p>
|
||||
<h3 id="caddy">Caddy</h3>
|
||||
<p>You can do this with whatever your preferred webserver is.
|
||||
I am a caddy stan.
|
||||
This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">80</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">443</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39;
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org {
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> }
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3>
|
||||
<p>We have a web server pointing at <code>/etc/blog</code>.
|
||||
The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p>
|
||||
<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances.
|
||||
The <code>fetchFromGitHub</code> helper would look very similar.</p>
|
||||
<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p>
|
||||
<p>Also note the little <code>/public</code> at the end of the <code>source</code> string.
|
||||
That&rsquo;s the directory of the git repo that the website source lives.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p>
|
||||
<ul>
|
||||
<li>Commit rebuilt website to repo</li>
|
||||
<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li>
|
||||
<li>Rebuild vps from laptop</li>
|
||||
</ul>
|
||||
<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
|
||||
|
||||
<item>
|
||||
<title>so you want to write a neovim plugin with lua</title>
|
||||
<link>https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/</link>
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -28,10 +28,13 @@
|
|||
</header><p>This is a place to document bits and bobs I’ve been up to that have interested me.
|
||||
Expect linux and self-hosting tinkering, some novice programming, and maybe the occasional recipe.
|
||||
I tend to be a fool so take anything written here with a pinch of salt :)</p>
|
||||
<ul>
|
||||
<li><a href="../index.xml">rss HERE!!</a></li>
|
||||
</ul>
|
||||
</article>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -131,7 +131,7 @@
|
|||
</article>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -103,7 +103,7 @@
|
|||
</article>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -73,7 +73,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</article>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -99,7 +99,7 @@
|
|||
</article>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
119
public/over-engieered-nixos-blog-deployment-setup/index.html
Normal file
119
public/over-engieered-nixos-blog-deployment-setup/index.html
Normal file
|
|
@ -0,0 +1,119 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en"><head><script src="/livereload.js?mindelay=10&v=2&port=1313&path=livereload" data-no-instant defer></script>
|
||||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||
|
||||
<link rel="stylesheet" href="/css/style.min.css">
|
||||
|
||||
<link rel="canonical" href="http://localhost:1313/over-engieered-nixos-blog-deployment-setup/" />
|
||||
<title>Over-engieered nixos blog deployment setup</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
</header>
|
||||
<main id="content">
|
||||
<article>
|
||||
<header id="post-header">
|
||||
<h1>Over-engieered nixos blog deployment setup</h1>
|
||||
<div>
|
||||
<time>August 11, 2025</time>
|
||||
</div>
|
||||
</header><p>As is traditional with people hosting their own blog I’m going to do a post detailing EXACTLY how I’m hosting my blog.
|
||||
Down to the last dirty detail.
|
||||
I have nothing better to talk about.
|
||||
Here is a diagram I edited to illustrate (credit to xkcd I think?).</p>
|
||||
<p><img src="/image/self-hosting.png" alt="self-hosting"></p>
|
||||
<p>I host my site on a hetzner vps running nixos.
|
||||
I also have a git repo where all the static files for my blog live.
|
||||
I had previously been manually rsyncing the website up to my vps from my laptop.
|
||||
Qute an easy, efficient solution; it worked well.
|
||||
But not very nixos; far too simple, not sufficiently over-engieered.
|
||||
So in true nixos fashion I decided I’d spend a couple of hours sorting the problem so I’d maybe save a minute once a year when I write a blog post.</p>
|
||||
<h3 id="remote-rebuilds">Remote Rebuilds</h3>
|
||||
<p>First, I’ll show the fancy way to rebuild your remote nixos systems via ssh.
|
||||
In my case, this means I can rebuild my hetzner box from my laptop.
|
||||
You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p>
|
||||
<p>This sets up ssh with key-based authentication and lets our local user in.
|
||||
This config belongs on the remote machine.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you're deploying from</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa"</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">"blog-king"</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">"no"</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>.
|
||||
The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p>
|
||||
<h3 id="caddy">Caddy</h3>
|
||||
<p>You can do this with whatever your preferred webserver is.
|
||||
I am a caddy stan.
|
||||
This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">80</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">443</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">''
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org {
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> }
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> ''</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3>
|
||||
<p>We have a web server pointing at <code>/etc/blog</code>.
|
||||
The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p>
|
||||
<p>I’m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances.
|
||||
The <code>fetchFromGitHub</code> helper would look very similar.</p>
|
||||
<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.
|
||||
Also note the little <code>/public</code> at the end of the <code>source</code> string.
|
||||
That’s the directory of the git repo that the wesite source lives.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">"blog"</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">"blog"</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">"</span><span class="si">${</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">"git.dymc.win"</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">"james"</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">"blog"</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">"32d81f01388c88a259eed2ba52f4545dbcb1eb07"</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">"173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8"</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public"</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">"caddy"</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">"caddy"</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p>
|
||||
<ul>
|
||||
<li>Commit rebuilt website to repo</li>
|
||||
<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I’m trying to work out a good way to automate it)</li>
|
||||
<li>Rebuild vps from laptop</li>
|
||||
</ul>
|
||||
<p>Not necessarily faster than the old rsync method but it’s pretty damn declarative.</p>
|
||||
</article>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
119
public/over-engineered-nixos-blog-deployment-setup/index.html
Normal file
119
public/over-engineered-nixos-blog-deployment-setup/index.html
Normal file
|
|
@ -0,0 +1,119 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en"><head>
|
||||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<link rel="shortcut icon" href="https://nonsense.dymc.win/favicon.ico">
|
||||
|
||||
<link rel="stylesheet" href="/css/style.min.css">
|
||||
|
||||
<link rel="canonical" href="https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/" />
|
||||
<title>over-engineered (?) nixos blog deployment setup</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="https://nonsense.dymc.win/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
</header>
|
||||
<main id="content">
|
||||
<article>
|
||||
<header id="post-header">
|
||||
<h1>over-engineered (?) nixos blog deployment setup</h1>
|
||||
<div>
|
||||
<time>August 11, 2025</time>
|
||||
</div>
|
||||
</header><p>As is traditional with people hosting their own blog I’m going to do a post detailing EXACTLY how I’m hosting my blog.
|
||||
Down to the last dirty detail.
|
||||
I have nothing better to talk about.
|
||||
Here is a diagram I edited to illustrate (credit to xkcd I think?).</p>
|
||||
<p><img src="/image/self-hosting.png" alt="self-hosting"></p>
|
||||
<p>I host my site on a hetzner vps running nixos.
|
||||
I also have a git repo where all the static files for my blog live.
|
||||
I had previously been manually rsyncing the website up to my vps from my laptop.
|
||||
Qute an easy, efficient solution; it worked well.
|
||||
But not very nixos; far too simple, not sufficiently over-engineered.
|
||||
So in true nixos fashion I decided I’d spend a couple of hours sorting the problem so I’d maybe save a minute once a year when I write a blog post.</p>
|
||||
<h3 id="remote-rebuilds">Remote Rebuilds</h3>
|
||||
<p>First, I’ll show the fancy way to rebuild your remote nixos systems via ssh.
|
||||
In my case, this means I can rebuild my hetzner box from my laptop.
|
||||
You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p>
|
||||
<p>This sets up ssh with key-based authentication and lets our local user in.
|
||||
This config belongs on the remote machine.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you're deploying from</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa"</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">"blog-king"</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">"no"</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>.
|
||||
The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p>
|
||||
<h3 id="caddy">Caddy</h3>
|
||||
<p>You can do this with whatever your preferred webserver is.
|
||||
I am a caddy stan.
|
||||
This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">80</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">443</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">''
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org {
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> }
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> ''</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3>
|
||||
<p>We have a web server pointing at <code>/etc/blog</code>.
|
||||
The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p>
|
||||
<p>I’m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances.
|
||||
The <code>fetchFromGitHub</code> helper would look very similar.</p>
|
||||
<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p>
|
||||
<p>Also note the little <code>/public</code> at the end of the <code>source</code> string.
|
||||
That’s the directory of the git repo that the website source lives.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">"blog"</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">"blog"</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">"</span><span class="si">${</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">"git.example.org"</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">"james"</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">"blog"</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">"32d81f01388c88a259eed2ba52f4545dbcb1eb07"</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">"173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8"</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public"</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">"caddy"</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">"caddy"</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p>
|
||||
<ul>
|
||||
<li>Commit rebuilt website to repo</li>
|
||||
<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I’m trying to work out a good way to automate it)</li>
|
||||
<li>Rebuild vps from laptop</li>
|
||||
</ul>
|
||||
<p>Not necessarily faster than the old rsync method but it’s pretty damn declarative, that’s for sure.</p>
|
||||
</article>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -15,7 +15,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -111,7 +111,7 @@
|
|||
</article>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -16,12 +16,16 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
</header>
|
||||
<main id="content"><ul id="posts">
|
||||
<li>
|
||||
<a href="https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/">over-engineered (?) nixos blog deployment setup</a> -<small><time>Aug 11, 2025</time></small>
|
||||
</li>
|
||||
|
||||
<li>
|
||||
<a href="https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/">so you want to write a neovim plugin with lua</a> -<small><time>Apr 6, 2024</time></small>
|
||||
</li>
|
||||
|
|
@ -105,7 +109,7 @@
|
|||
</ul>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -6,12 +6,106 @@
|
|||
<description>Recent content in Posts on James' Blog :-)</description>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<language>en-GB</language>
|
||||
<lastBuildDate>Tue, 25 Jun 2024 00:00:00 +0000</lastBuildDate>
|
||||
<lastBuildDate>Mon, 11 Aug 2025 00:00:00 +0000</lastBuildDate>
|
||||
|
||||
<atom:link href="https://nonsense.dymc.win/posts/index.xml" rel="self" type="application/rss+xml" />
|
||||
|
||||
|
||||
|
||||
<item>
|
||||
<title>over-engineered (?) nixos blog deployment setup</title>
|
||||
<link>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</link>
|
||||
<pubDate>Mon, 11 Aug 2025 00:00:00 +0000</pubDate>
|
||||
|
||||
<guid>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</guid>
|
||||
<description><p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog.
|
||||
Down to the last dirty detail.
|
||||
I have nothing better to talk about.
|
||||
Here is a diagram I edited to illustrate (credit to xkcd I think?).</p>
|
||||
<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p>
|
||||
<p>I host my site on a hetzner vps running nixos.
|
||||
I also have a git repo where all the static files for my blog live.
|
||||
I had previously been manually rsyncing the website up to my vps from my laptop.
|
||||
Qute an easy, efficient solution; it worked well.
|
||||
But not very nixos; far too simple, not sufficiently over-engineered.
|
||||
So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p>
|
||||
<h3 id="remote-rebuilds">Remote Rebuilds</h3>
|
||||
<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh.
|
||||
In my case, this means I can rebuild my hetzner box from my laptop.
|
||||
You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p>
|
||||
<p>This sets up ssh with key-based authentication and lets our local user in.
|
||||
This config belongs on the remote machine.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>.
|
||||
The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p>
|
||||
<h3 id="caddy">Caddy</h3>
|
||||
<p>You can do this with whatever your preferred webserver is.
|
||||
I am a caddy stan.
|
||||
This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">80</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">443</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39;
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org {
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> }
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3>
|
||||
<p>We have a web server pointing at <code>/etc/blog</code>.
|
||||
The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p>
|
||||
<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances.
|
||||
The <code>fetchFromGitHub</code> helper would look very similar.</p>
|
||||
<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p>
|
||||
<p>Also note the little <code>/public</code> at the end of the <code>source</code> string.
|
||||
That&rsquo;s the directory of the git repo that the website source lives.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p>
|
||||
<ul>
|
||||
<li>Commit rebuilt website to repo</li>
|
||||
<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li>
|
||||
<li>Rebuild vps from laptop</li>
|
||||
</ul>
|
||||
<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
|
||||
|
||||
<item>
|
||||
<title>so you want to write a neovim plugin with lua</title>
|
||||
<link>https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/</link>
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -53,7 +53,7 @@
|
|||
</article>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -105,7 +105,7 @@
|
|||
</article>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -79,7 +79,7 @@
|
|||
</article>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -3,10 +3,19 @@
|
|||
xmlns:xhtml="http://www.w3.org/1999/xhtml">
|
||||
<url>
|
||||
<loc>https://nonsense.dymc.win/</loc>
|
||||
<lastmod>2024-06-25T00:00:00+00:00</lastmod>
|
||||
<lastmod>2025-08-11T00:00:00+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://nonsense.dymc.win/tags/nixos/</loc>
|
||||
<lastmod>2025-08-11T00:00:00+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</loc>
|
||||
<lastmod>2025-08-11T00:00:00+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://nonsense.dymc.win/posts/</loc>
|
||||
<lastmod>2024-06-25T00:00:00+00:00</lastmod>
|
||||
<lastmod>2025-08-11T00:00:00+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://nonsense.dymc.win/tags/</loc>
|
||||
<lastmod>2025-08-11T00:00:00+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://nonsense.dymc.win/tags/lua/</loc>
|
||||
<lastmod>2024-04-06T00:00:00+00:00</lastmod>
|
||||
|
|
@ -16,9 +25,6 @@
|
|||
</url><url>
|
||||
<loc>https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/</loc>
|
||||
<lastmod>2024-04-06T00:00:00+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://nonsense.dymc.win/tags/</loc>
|
||||
<lastmod>2024-04-06T00:00:00+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://nonsense.dymc.win/tags/home-manager/</loc>
|
||||
<lastmod>2023-08-18T00:00:00+00:00</lastmod>
|
||||
|
|
@ -28,9 +34,6 @@
|
|||
</url><url>
|
||||
<loc>https://nonsense.dymc.win/tags/nix-colors/</loc>
|
||||
<lastmod>2023-08-18T00:00:00+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://nonsense.dymc.win/tags/nixos/</loc>
|
||||
<lastmod>2023-08-18T00:00:00+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://nonsense.dymc.win/tags/css/</loc>
|
||||
<lastmod>2023-06-26T00:00:00+00:00</lastmod>
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -96,7 +96,7 @@ As a little coda, this is how you can use your fancy new plugin using <a href="h
|
|||
</article>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -35,7 +35,7 @@
|
|||
</ul>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -12,6 +12,100 @@
|
|||
|
||||
|
||||
|
||||
<item>
|
||||
<title>over-engineered (?) nixos blog deployment setup</title>
|
||||
<link>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</link>
|
||||
<pubDate>Mon, 11 Aug 2025 00:00:00 +0000</pubDate>
|
||||
|
||||
<guid>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</guid>
|
||||
<description><p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog.
|
||||
Down to the last dirty detail.
|
||||
I have nothing better to talk about.
|
||||
Here is a diagram I edited to illustrate (credit to xkcd I think?).</p>
|
||||
<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p>
|
||||
<p>I host my site on a hetzner vps running nixos.
|
||||
I also have a git repo where all the static files for my blog live.
|
||||
I had previously been manually rsyncing the website up to my vps from my laptop.
|
||||
Qute an easy, efficient solution; it worked well.
|
||||
But not very nixos; far too simple, not sufficiently over-engineered.
|
||||
So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p>
|
||||
<h3 id="remote-rebuilds">Remote Rebuilds</h3>
|
||||
<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh.
|
||||
In my case, this means I can rebuild my hetzner box from my laptop.
|
||||
You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p>
|
||||
<p>This sets up ssh with key-based authentication and lets our local user in.
|
||||
This config belongs on the remote machine.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>.
|
||||
The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p>
|
||||
<h3 id="caddy">Caddy</h3>
|
||||
<p>You can do this with whatever your preferred webserver is.
|
||||
I am a caddy stan.
|
||||
This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">80</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">443</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39;
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org {
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> }
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3>
|
||||
<p>We have a web server pointing at <code>/etc/blog</code>.
|
||||
The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p>
|
||||
<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances.
|
||||
The <code>fetchFromGitHub</code> helper would look very similar.</p>
|
||||
<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p>
|
||||
<p>Also note the little <code>/public</code> at the end of the <code>source</code> string.
|
||||
That&rsquo;s the directory of the git repo that the website source lives.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p>
|
||||
<ul>
|
||||
<li>Commit rebuilt website to repo</li>
|
||||
<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li>
|
||||
<li>Rebuild vps from laptop</li>
|
||||
</ul>
|
||||
<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
|
||||
|
||||
<item>
|
||||
<title>so you want to write a neovim plugin with lua</title>
|
||||
<link>https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/</link>
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -31,7 +31,7 @@
|
|||
</ul>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -12,6 +12,100 @@
|
|||
|
||||
|
||||
|
||||
<item>
|
||||
<title>over-engineered (?) nixos blog deployment setup</title>
|
||||
<link>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</link>
|
||||
<pubDate>Mon, 11 Aug 2025 00:00:00 +0000</pubDate>
|
||||
|
||||
<guid>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</guid>
|
||||
<description><p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog.
|
||||
Down to the last dirty detail.
|
||||
I have nothing better to talk about.
|
||||
Here is a diagram I edited to illustrate (credit to xkcd I think?).</p>
|
||||
<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p>
|
||||
<p>I host my site on a hetzner vps running nixos.
|
||||
I also have a git repo where all the static files for my blog live.
|
||||
I had previously been manually rsyncing the website up to my vps from my laptop.
|
||||
Qute an easy, efficient solution; it worked well.
|
||||
But not very nixos; far too simple, not sufficiently over-engineered.
|
||||
So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p>
|
||||
<h3 id="remote-rebuilds">Remote Rebuilds</h3>
|
||||
<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh.
|
||||
In my case, this means I can rebuild my hetzner box from my laptop.
|
||||
You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p>
|
||||
<p>This sets up ssh with key-based authentication and lets our local user in.
|
||||
This config belongs on the remote machine.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>.
|
||||
The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p>
|
||||
<h3 id="caddy">Caddy</h3>
|
||||
<p>You can do this with whatever your preferred webserver is.
|
||||
I am a caddy stan.
|
||||
This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">80</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">443</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39;
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org {
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> }
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3>
|
||||
<p>We have a web server pointing at <code>/etc/blog</code>.
|
||||
The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p>
|
||||
<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances.
|
||||
The <code>fetchFromGitHub</code> helper would look very similar.</p>
|
||||
<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p>
|
||||
<p>Also note the little <code>/public</code> at the end of the <code>source</code> string.
|
||||
That&rsquo;s the directory of the git repo that the website source lives.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p>
|
||||
<ul>
|
||||
<li>Commit rebuilt website to repo</li>
|
||||
<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li>
|
||||
<li>Rebuild vps from laptop</li>
|
||||
</ul>
|
||||
<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
|
||||
|
||||
<item>
|
||||
<title>so you want to write a neovim plugin with lua</title>
|
||||
<link>https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/</link>
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -35,7 +35,7 @@
|
|||
</ul>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -12,6 +12,100 @@
|
|||
|
||||
|
||||
|
||||
<item>
|
||||
<title>over-engineered (?) nixos blog deployment setup</title>
|
||||
<link>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</link>
|
||||
<pubDate>Mon, 11 Aug 2025 00:00:00 +0000</pubDate>
|
||||
|
||||
<guid>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</guid>
|
||||
<description><p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog.
|
||||
Down to the last dirty detail.
|
||||
I have nothing better to talk about.
|
||||
Here is a diagram I edited to illustrate (credit to xkcd I think?).</p>
|
||||
<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p>
|
||||
<p>I host my site on a hetzner vps running nixos.
|
||||
I also have a git repo where all the static files for my blog live.
|
||||
I had previously been manually rsyncing the website up to my vps from my laptop.
|
||||
Qute an easy, efficient solution; it worked well.
|
||||
But not very nixos; far too simple, not sufficiently over-engineered.
|
||||
So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p>
|
||||
<h3 id="remote-rebuilds">Remote Rebuilds</h3>
|
||||
<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh.
|
||||
In my case, this means I can rebuild my hetzner box from my laptop.
|
||||
You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p>
|
||||
<p>This sets up ssh with key-based authentication and lets our local user in.
|
||||
This config belongs on the remote machine.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>.
|
||||
The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p>
|
||||
<h3 id="caddy">Caddy</h3>
|
||||
<p>You can do this with whatever your preferred webserver is.
|
||||
I am a caddy stan.
|
||||
This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">80</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">443</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39;
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org {
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> }
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3>
|
||||
<p>We have a web server pointing at <code>/etc/blog</code>.
|
||||
The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p>
|
||||
<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances.
|
||||
The <code>fetchFromGitHub</code> helper would look very similar.</p>
|
||||
<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p>
|
||||
<p>Also note the little <code>/public</code> at the end of the <code>source</code> string.
|
||||
That&rsquo;s the directory of the git repo that the website source lives.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p>
|
||||
<ul>
|
||||
<li>Commit rebuilt website to repo</li>
|
||||
<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li>
|
||||
<li>Rebuild vps from laptop</li>
|
||||
</ul>
|
||||
<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
|
||||
|
||||
<item>
|
||||
<title>so you want to write a neovim plugin with lua</title>
|
||||
<link>https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/</link>
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -31,7 +31,7 @@
|
|||
</ul>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -12,6 +12,100 @@
|
|||
|
||||
|
||||
|
||||
<item>
|
||||
<title>over-engineered (?) nixos blog deployment setup</title>
|
||||
<link>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</link>
|
||||
<pubDate>Mon, 11 Aug 2025 00:00:00 +0000</pubDate>
|
||||
|
||||
<guid>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</guid>
|
||||
<description><p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog.
|
||||
Down to the last dirty detail.
|
||||
I have nothing better to talk about.
|
||||
Here is a diagram I edited to illustrate (credit to xkcd I think?).</p>
|
||||
<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p>
|
||||
<p>I host my site on a hetzner vps running nixos.
|
||||
I also have a git repo where all the static files for my blog live.
|
||||
I had previously been manually rsyncing the website up to my vps from my laptop.
|
||||
Qute an easy, efficient solution; it worked well.
|
||||
But not very nixos; far too simple, not sufficiently over-engineered.
|
||||
So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p>
|
||||
<h3 id="remote-rebuilds">Remote Rebuilds</h3>
|
||||
<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh.
|
||||
In my case, this means I can rebuild my hetzner box from my laptop.
|
||||
You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p>
|
||||
<p>This sets up ssh with key-based authentication and lets our local user in.
|
||||
This config belongs on the remote machine.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>.
|
||||
The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p>
|
||||
<h3 id="caddy">Caddy</h3>
|
||||
<p>You can do this with whatever your preferred webserver is.
|
||||
I am a caddy stan.
|
||||
This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">80</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">443</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39;
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org {
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> }
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3>
|
||||
<p>We have a web server pointing at <code>/etc/blog</code>.
|
||||
The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p>
|
||||
<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances.
|
||||
The <code>fetchFromGitHub</code> helper would look very similar.</p>
|
||||
<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p>
|
||||
<p>Also note the little <code>/public</code> at the end of the <code>source</code> string.
|
||||
That&rsquo;s the directory of the git repo that the website source lives.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p>
|
||||
<ul>
|
||||
<li>Commit rebuilt website to repo</li>
|
||||
<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li>
|
||||
<li>Rebuild vps from laptop</li>
|
||||
</ul>
|
||||
<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
|
||||
|
||||
<item>
|
||||
<title>so you want to write a neovim plugin with lua</title>
|
||||
<link>https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/</link>
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -31,7 +31,7 @@
|
|||
</ul>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -12,6 +12,100 @@
|
|||
|
||||
|
||||
|
||||
<item>
|
||||
<title>over-engineered (?) nixos blog deployment setup</title>
|
||||
<link>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</link>
|
||||
<pubDate>Mon, 11 Aug 2025 00:00:00 +0000</pubDate>
|
||||
|
||||
<guid>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</guid>
|
||||
<description><p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog.
|
||||
Down to the last dirty detail.
|
||||
I have nothing better to talk about.
|
||||
Here is a diagram I edited to illustrate (credit to xkcd I think?).</p>
|
||||
<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p>
|
||||
<p>I host my site on a hetzner vps running nixos.
|
||||
I also have a git repo where all the static files for my blog live.
|
||||
I had previously been manually rsyncing the website up to my vps from my laptop.
|
||||
Qute an easy, efficient solution; it worked well.
|
||||
But not very nixos; far too simple, not sufficiently over-engineered.
|
||||
So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p>
|
||||
<h3 id="remote-rebuilds">Remote Rebuilds</h3>
|
||||
<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh.
|
||||
In my case, this means I can rebuild my hetzner box from my laptop.
|
||||
You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p>
|
||||
<p>This sets up ssh with key-based authentication and lets our local user in.
|
||||
This config belongs on the remote machine.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>.
|
||||
The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p>
|
||||
<h3 id="caddy">Caddy</h3>
|
||||
<p>You can do this with whatever your preferred webserver is.
|
||||
I am a caddy stan.
|
||||
This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">80</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">443</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39;
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org {
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> }
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3>
|
||||
<p>We have a web server pointing at <code>/etc/blog</code>.
|
||||
The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p>
|
||||
<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances.
|
||||
The <code>fetchFromGitHub</code> helper would look very similar.</p>
|
||||
<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p>
|
||||
<p>Also note the little <code>/public</code> at the end of the <code>source</code> string.
|
||||
That&rsquo;s the directory of the git repo that the website source lives.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p>
|
||||
<ul>
|
||||
<li>Commit rebuilt website to repo</li>
|
||||
<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li>
|
||||
<li>Rebuild vps from laptop</li>
|
||||
</ul>
|
||||
<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
|
||||
|
||||
<item>
|
||||
<title>so you want to write a neovim plugin with lua</title>
|
||||
<link>https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/</link>
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -31,7 +31,7 @@
|
|||
</ul>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -12,6 +12,100 @@
|
|||
|
||||
|
||||
|
||||
<item>
|
||||
<title>over-engineered (?) nixos blog deployment setup</title>
|
||||
<link>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</link>
|
||||
<pubDate>Mon, 11 Aug 2025 00:00:00 +0000</pubDate>
|
||||
|
||||
<guid>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</guid>
|
||||
<description><p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog.
|
||||
Down to the last dirty detail.
|
||||
I have nothing better to talk about.
|
||||
Here is a diagram I edited to illustrate (credit to xkcd I think?).</p>
|
||||
<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p>
|
||||
<p>I host my site on a hetzner vps running nixos.
|
||||
I also have a git repo where all the static files for my blog live.
|
||||
I had previously been manually rsyncing the website up to my vps from my laptop.
|
||||
Qute an easy, efficient solution; it worked well.
|
||||
But not very nixos; far too simple, not sufficiently over-engineered.
|
||||
So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p>
|
||||
<h3 id="remote-rebuilds">Remote Rebuilds</h3>
|
||||
<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh.
|
||||
In my case, this means I can rebuild my hetzner box from my laptop.
|
||||
You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p>
|
||||
<p>This sets up ssh with key-based authentication and lets our local user in.
|
||||
This config belongs on the remote machine.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>.
|
||||
The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p>
|
||||
<h3 id="caddy">Caddy</h3>
|
||||
<p>You can do this with whatever your preferred webserver is.
|
||||
I am a caddy stan.
|
||||
This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">80</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">443</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39;
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org {
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> }
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3>
|
||||
<p>We have a web server pointing at <code>/etc/blog</code>.
|
||||
The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p>
|
||||
<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances.
|
||||
The <code>fetchFromGitHub</code> helper would look very similar.</p>
|
||||
<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p>
|
||||
<p>Also note the little <code>/public</code> at the end of the <code>source</code> string.
|
||||
That&rsquo;s the directory of the git repo that the website source lives.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p>
|
||||
<ul>
|
||||
<li>Commit rebuilt website to repo</li>
|
||||
<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li>
|
||||
<li>Rebuild vps from laptop</li>
|
||||
</ul>
|
||||
<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
|
||||
|
||||
<item>
|
||||
<title>so you want to write a neovim plugin with lua</title>
|
||||
<link>https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/</link>
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -31,7 +31,7 @@
|
|||
</ul>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -12,6 +12,100 @@
|
|||
|
||||
|
||||
|
||||
<item>
|
||||
<title>over-engineered (?) nixos blog deployment setup</title>
|
||||
<link>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</link>
|
||||
<pubDate>Mon, 11 Aug 2025 00:00:00 +0000</pubDate>
|
||||
|
||||
<guid>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</guid>
|
||||
<description><p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog.
|
||||
Down to the last dirty detail.
|
||||
I have nothing better to talk about.
|
||||
Here is a diagram I edited to illustrate (credit to xkcd I think?).</p>
|
||||
<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p>
|
||||
<p>I host my site on a hetzner vps running nixos.
|
||||
I also have a git repo where all the static files for my blog live.
|
||||
I had previously been manually rsyncing the website up to my vps from my laptop.
|
||||
Qute an easy, efficient solution; it worked well.
|
||||
But not very nixos; far too simple, not sufficiently over-engineered.
|
||||
So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p>
|
||||
<h3 id="remote-rebuilds">Remote Rebuilds</h3>
|
||||
<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh.
|
||||
In my case, this means I can rebuild my hetzner box from my laptop.
|
||||
You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p>
|
||||
<p>This sets up ssh with key-based authentication and lets our local user in.
|
||||
This config belongs on the remote machine.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>.
|
||||
The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p>
|
||||
<h3 id="caddy">Caddy</h3>
|
||||
<p>You can do this with whatever your preferred webserver is.
|
||||
I am a caddy stan.
|
||||
This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">80</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">443</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39;
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org {
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> }
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3>
|
||||
<p>We have a web server pointing at <code>/etc/blog</code>.
|
||||
The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p>
|
||||
<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances.
|
||||
The <code>fetchFromGitHub</code> helper would look very similar.</p>
|
||||
<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p>
|
||||
<p>Also note the little <code>/public</code> at the end of the <code>source</code> string.
|
||||
That&rsquo;s the directory of the git repo that the website source lives.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p>
|
||||
<ul>
|
||||
<li>Commit rebuilt website to repo</li>
|
||||
<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li>
|
||||
<li>Rebuild vps from laptop</li>
|
||||
</ul>
|
||||
<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
|
||||
|
||||
<item>
|
||||
<title>so you want to write a neovim plugin with lua</title>
|
||||
<link>https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/</link>
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -43,7 +43,7 @@
|
|||
</ul>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -12,6 +12,100 @@
|
|||
|
||||
|
||||
|
||||
<item>
|
||||
<title>over-engineered (?) nixos blog deployment setup</title>
|
||||
<link>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</link>
|
||||
<pubDate>Mon, 11 Aug 2025 00:00:00 +0000</pubDate>
|
||||
|
||||
<guid>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</guid>
|
||||
<description><p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog.
|
||||
Down to the last dirty detail.
|
||||
I have nothing better to talk about.
|
||||
Here is a diagram I edited to illustrate (credit to xkcd I think?).</p>
|
||||
<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p>
|
||||
<p>I host my site on a hetzner vps running nixos.
|
||||
I also have a git repo where all the static files for my blog live.
|
||||
I had previously been manually rsyncing the website up to my vps from my laptop.
|
||||
Qute an easy, efficient solution; it worked well.
|
||||
But not very nixos; far too simple, not sufficiently over-engineered.
|
||||
So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p>
|
||||
<h3 id="remote-rebuilds">Remote Rebuilds</h3>
|
||||
<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh.
|
||||
In my case, this means I can rebuild my hetzner box from my laptop.
|
||||
You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p>
|
||||
<p>This sets up ssh with key-based authentication and lets our local user in.
|
||||
This config belongs on the remote machine.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>.
|
||||
The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p>
|
||||
<h3 id="caddy">Caddy</h3>
|
||||
<p>You can do this with whatever your preferred webserver is.
|
||||
I am a caddy stan.
|
||||
This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">80</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">443</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39;
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org {
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> }
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3>
|
||||
<p>We have a web server pointing at <code>/etc/blog</code>.
|
||||
The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p>
|
||||
<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances.
|
||||
The <code>fetchFromGitHub</code> helper would look very similar.</p>
|
||||
<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p>
|
||||
<p>Also note the little <code>/public</code> at the end of the <code>source</code> string.
|
||||
That&rsquo;s the directory of the git repo that the website source lives.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p>
|
||||
<ul>
|
||||
<li>Commit rebuilt website to repo</li>
|
||||
<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li>
|
||||
<li>Rebuild vps from laptop</li>
|
||||
</ul>
|
||||
<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
|
||||
|
||||
<item>
|
||||
<title>so you want to write a neovim plugin with lua</title>
|
||||
<link>https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/</link>
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -31,7 +31,7 @@
|
|||
</ul>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -12,6 +12,100 @@
|
|||
|
||||
|
||||
|
||||
<item>
|
||||
<title>over-engineered (?) nixos blog deployment setup</title>
|
||||
<link>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</link>
|
||||
<pubDate>Mon, 11 Aug 2025 00:00:00 +0000</pubDate>
|
||||
|
||||
<guid>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</guid>
|
||||
<description><p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog.
|
||||
Down to the last dirty detail.
|
||||
I have nothing better to talk about.
|
||||
Here is a diagram I edited to illustrate (credit to xkcd I think?).</p>
|
||||
<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p>
|
||||
<p>I host my site on a hetzner vps running nixos.
|
||||
I also have a git repo where all the static files for my blog live.
|
||||
I had previously been manually rsyncing the website up to my vps from my laptop.
|
||||
Qute an easy, efficient solution; it worked well.
|
||||
But not very nixos; far too simple, not sufficiently over-engineered.
|
||||
So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p>
|
||||
<h3 id="remote-rebuilds">Remote Rebuilds</h3>
|
||||
<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh.
|
||||
In my case, this means I can rebuild my hetzner box from my laptop.
|
||||
You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p>
|
||||
<p>This sets up ssh with key-based authentication and lets our local user in.
|
||||
This config belongs on the remote machine.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>.
|
||||
The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p>
|
||||
<h3 id="caddy">Caddy</h3>
|
||||
<p>You can do this with whatever your preferred webserver is.
|
||||
I am a caddy stan.
|
||||
This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">80</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">443</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39;
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org {
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> }
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3>
|
||||
<p>We have a web server pointing at <code>/etc/blog</code>.
|
||||
The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p>
|
||||
<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances.
|
||||
The <code>fetchFromGitHub</code> helper would look very similar.</p>
|
||||
<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p>
|
||||
<p>Also note the little <code>/public</code> at the end of the <code>source</code> string.
|
||||
That&rsquo;s the directory of the git repo that the website source lives.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p>
|
||||
<ul>
|
||||
<li>Commit rebuilt website to repo</li>
|
||||
<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li>
|
||||
<li>Rebuild vps from laptop</li>
|
||||
</ul>
|
||||
<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
|
||||
|
||||
<item>
|
||||
<title>so you want to write a neovim plugin with lua</title>
|
||||
<link>https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/</link>
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -24,6 +24,10 @@
|
|||
<main id="content">
|
||||
<h3>Tags</h3>
|
||||
<ul id="posts">
|
||||
<li>
|
||||
<a href="https://nonsense.dymc.win/tags/nixos/">Nixos</a> -<small><time>Aug 11, 2025</time></small>
|
||||
</li>
|
||||
|
||||
<li>
|
||||
<a href="https://nonsense.dymc.win/tags/lua/">Lua</a> -<small><time>Apr 6, 2024</time></small>
|
||||
</li>
|
||||
|
|
@ -40,10 +44,6 @@
|
|||
<a href="https://nonsense.dymc.win/tags/nix-colors/">Nix-Colors</a> -<small><time>Aug 18, 2023</time></small>
|
||||
</li>
|
||||
|
||||
<li>
|
||||
<a href="https://nonsense.dymc.win/tags/nixos/">Nixos</a> -<small><time>Aug 18, 2023</time></small>
|
||||
</li>
|
||||
|
||||
<li>
|
||||
<a href="https://nonsense.dymc.win/tags/css/">Css</a> -<small><time>Jun 26, 2023</time></small>
|
||||
</li>
|
||||
|
|
@ -107,7 +107,7 @@
|
|||
</ul>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -6,12 +6,106 @@
|
|||
<description>Recent content in Tags on James' Blog :-)</description>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<language>en-GB</language>
|
||||
<lastBuildDate>Sat, 06 Apr 2024 00:00:00 +0000</lastBuildDate>
|
||||
<lastBuildDate>Mon, 11 Aug 2025 00:00:00 +0000</lastBuildDate>
|
||||
|
||||
<atom:link href="https://nonsense.dymc.win/tags/index.xml" rel="self" type="application/rss+xml" />
|
||||
|
||||
|
||||
|
||||
<item>
|
||||
<title>over-engineered (?) nixos blog deployment setup</title>
|
||||
<link>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</link>
|
||||
<pubDate>Mon, 11 Aug 2025 00:00:00 +0000</pubDate>
|
||||
|
||||
<guid>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</guid>
|
||||
<description><p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog.
|
||||
Down to the last dirty detail.
|
||||
I have nothing better to talk about.
|
||||
Here is a diagram I edited to illustrate (credit to xkcd I think?).</p>
|
||||
<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p>
|
||||
<p>I host my site on a hetzner vps running nixos.
|
||||
I also have a git repo where all the static files for my blog live.
|
||||
I had previously been manually rsyncing the website up to my vps from my laptop.
|
||||
Qute an easy, efficient solution; it worked well.
|
||||
But not very nixos; far too simple, not sufficiently over-engineered.
|
||||
So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p>
|
||||
<h3 id="remote-rebuilds">Remote Rebuilds</h3>
|
||||
<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh.
|
||||
In my case, this means I can rebuild my hetzner box from my laptop.
|
||||
You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p>
|
||||
<p>This sets up ssh with key-based authentication and lets our local user in.
|
||||
This config belongs on the remote machine.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>.
|
||||
The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p>
|
||||
<h3 id="caddy">Caddy</h3>
|
||||
<p>You can do this with whatever your preferred webserver is.
|
||||
I am a caddy stan.
|
||||
This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">80</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">443</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39;
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org {
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> }
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3>
|
||||
<p>We have a web server pointing at <code>/etc/blog</code>.
|
||||
The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p>
|
||||
<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances.
|
||||
The <code>fetchFromGitHub</code> helper would look very similar.</p>
|
||||
<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p>
|
||||
<p>Also note the little <code>/public</code> at the end of the <code>source</code> string.
|
||||
That&rsquo;s the directory of the git repo that the website source lives.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p>
|
||||
<ul>
|
||||
<li>Commit rebuilt website to repo</li>
|
||||
<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li>
|
||||
<li>Rebuild vps from laptop</li>
|
||||
</ul>
|
||||
<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
|
||||
|
||||
<item>
|
||||
<title>so you want to write a neovim plugin with lua</title>
|
||||
<link>https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/</link>
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -31,7 +31,7 @@
|
|||
</ul>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -12,6 +12,100 @@
|
|||
|
||||
|
||||
|
||||
<item>
|
||||
<title>over-engineered (?) nixos blog deployment setup</title>
|
||||
<link>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</link>
|
||||
<pubDate>Mon, 11 Aug 2025 00:00:00 +0000</pubDate>
|
||||
|
||||
<guid>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</guid>
|
||||
<description><p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog.
|
||||
Down to the last dirty detail.
|
||||
I have nothing better to talk about.
|
||||
Here is a diagram I edited to illustrate (credit to xkcd I think?).</p>
|
||||
<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p>
|
||||
<p>I host my site on a hetzner vps running nixos.
|
||||
I also have a git repo where all the static files for my blog live.
|
||||
I had previously been manually rsyncing the website up to my vps from my laptop.
|
||||
Qute an easy, efficient solution; it worked well.
|
||||
But not very nixos; far too simple, not sufficiently over-engineered.
|
||||
So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p>
|
||||
<h3 id="remote-rebuilds">Remote Rebuilds</h3>
|
||||
<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh.
|
||||
In my case, this means I can rebuild my hetzner box from my laptop.
|
||||
You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p>
|
||||
<p>This sets up ssh with key-based authentication and lets our local user in.
|
||||
This config belongs on the remote machine.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>.
|
||||
The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p>
|
||||
<h3 id="caddy">Caddy</h3>
|
||||
<p>You can do this with whatever your preferred webserver is.
|
||||
I am a caddy stan.
|
||||
This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">80</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">443</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39;
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org {
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> }
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3>
|
||||
<p>We have a web server pointing at <code>/etc/blog</code>.
|
||||
The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p>
|
||||
<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances.
|
||||
The <code>fetchFromGitHub</code> helper would look very similar.</p>
|
||||
<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p>
|
||||
<p>Also note the little <code>/public</code> at the end of the <code>source</code> string.
|
||||
That&rsquo;s the directory of the git repo that the website source lives.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p>
|
||||
<ul>
|
||||
<li>Commit rebuilt website to repo</li>
|
||||
<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li>
|
||||
<li>Rebuild vps from laptop</li>
|
||||
</ul>
|
||||
<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
|
||||
|
||||
<item>
|
||||
<title>so you want to write a neovim plugin with lua</title>
|
||||
<link>https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/</link>
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -31,7 +31,7 @@
|
|||
</ul>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -12,6 +12,100 @@
|
|||
|
||||
|
||||
|
||||
<item>
|
||||
<title>over-engineered (?) nixos blog deployment setup</title>
|
||||
<link>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</link>
|
||||
<pubDate>Mon, 11 Aug 2025 00:00:00 +0000</pubDate>
|
||||
|
||||
<guid>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</guid>
|
||||
<description><p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog.
|
||||
Down to the last dirty detail.
|
||||
I have nothing better to talk about.
|
||||
Here is a diagram I edited to illustrate (credit to xkcd I think?).</p>
|
||||
<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p>
|
||||
<p>I host my site on a hetzner vps running nixos.
|
||||
I also have a git repo where all the static files for my blog live.
|
||||
I had previously been manually rsyncing the website up to my vps from my laptop.
|
||||
Qute an easy, efficient solution; it worked well.
|
||||
But not very nixos; far too simple, not sufficiently over-engineered.
|
||||
So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p>
|
||||
<h3 id="remote-rebuilds">Remote Rebuilds</h3>
|
||||
<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh.
|
||||
In my case, this means I can rebuild my hetzner box from my laptop.
|
||||
You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p>
|
||||
<p>This sets up ssh with key-based authentication and lets our local user in.
|
||||
This config belongs on the remote machine.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>.
|
||||
The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p>
|
||||
<h3 id="caddy">Caddy</h3>
|
||||
<p>You can do this with whatever your preferred webserver is.
|
||||
I am a caddy stan.
|
||||
This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">80</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">443</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39;
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org {
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> }
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3>
|
||||
<p>We have a web server pointing at <code>/etc/blog</code>.
|
||||
The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p>
|
||||
<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances.
|
||||
The <code>fetchFromGitHub</code> helper would look very similar.</p>
|
||||
<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p>
|
||||
<p>Also note the little <code>/public</code> at the end of the <code>source</code> string.
|
||||
That&rsquo;s the directory of the git repo that the website source lives.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p>
|
||||
<ul>
|
||||
<li>Commit rebuilt website to repo</li>
|
||||
<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li>
|
||||
<li>Rebuild vps from laptop</li>
|
||||
</ul>
|
||||
<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
|
||||
|
||||
<item>
|
||||
<title>so you want to write a neovim plugin with lua</title>
|
||||
<link>https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/</link>
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -31,7 +31,7 @@
|
|||
</ul>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -12,6 +12,100 @@
|
|||
|
||||
|
||||
|
||||
<item>
|
||||
<title>over-engineered (?) nixos blog deployment setup</title>
|
||||
<link>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</link>
|
||||
<pubDate>Mon, 11 Aug 2025 00:00:00 +0000</pubDate>
|
||||
|
||||
<guid>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</guid>
|
||||
<description><p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog.
|
||||
Down to the last dirty detail.
|
||||
I have nothing better to talk about.
|
||||
Here is a diagram I edited to illustrate (credit to xkcd I think?).</p>
|
||||
<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p>
|
||||
<p>I host my site on a hetzner vps running nixos.
|
||||
I also have a git repo where all the static files for my blog live.
|
||||
I had previously been manually rsyncing the website up to my vps from my laptop.
|
||||
Qute an easy, efficient solution; it worked well.
|
||||
But not very nixos; far too simple, not sufficiently over-engineered.
|
||||
So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p>
|
||||
<h3 id="remote-rebuilds">Remote Rebuilds</h3>
|
||||
<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh.
|
||||
In my case, this means I can rebuild my hetzner box from my laptop.
|
||||
You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p>
|
||||
<p>This sets up ssh with key-based authentication and lets our local user in.
|
||||
This config belongs on the remote machine.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>.
|
||||
The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p>
|
||||
<h3 id="caddy">Caddy</h3>
|
||||
<p>You can do this with whatever your preferred webserver is.
|
||||
I am a caddy stan.
|
||||
This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">80</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">443</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39;
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org {
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> }
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3>
|
||||
<p>We have a web server pointing at <code>/etc/blog</code>.
|
||||
The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p>
|
||||
<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances.
|
||||
The <code>fetchFromGitHub</code> helper would look very similar.</p>
|
||||
<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p>
|
||||
<p>Also note the little <code>/public</code> at the end of the <code>source</code> string.
|
||||
That&rsquo;s the directory of the git repo that the website source lives.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p>
|
||||
<ul>
|
||||
<li>Commit rebuilt website to repo</li>
|
||||
<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li>
|
||||
<li>Rebuild vps from laptop</li>
|
||||
</ul>
|
||||
<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
|
||||
|
||||
<item>
|
||||
<title>so you want to write a neovim plugin with lua</title>
|
||||
<link>https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/</link>
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -35,7 +35,7 @@
|
|||
</ul>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -12,6 +12,100 @@
|
|||
|
||||
|
||||
|
||||
<item>
|
||||
<title>over-engineered (?) nixos blog deployment setup</title>
|
||||
<link>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</link>
|
||||
<pubDate>Mon, 11 Aug 2025 00:00:00 +0000</pubDate>
|
||||
|
||||
<guid>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</guid>
|
||||
<description><p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog.
|
||||
Down to the last dirty detail.
|
||||
I have nothing better to talk about.
|
||||
Here is a diagram I edited to illustrate (credit to xkcd I think?).</p>
|
||||
<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p>
|
||||
<p>I host my site on a hetzner vps running nixos.
|
||||
I also have a git repo where all the static files for my blog live.
|
||||
I had previously been manually rsyncing the website up to my vps from my laptop.
|
||||
Qute an easy, efficient solution; it worked well.
|
||||
But not very nixos; far too simple, not sufficiently over-engineered.
|
||||
So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p>
|
||||
<h3 id="remote-rebuilds">Remote Rebuilds</h3>
|
||||
<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh.
|
||||
In my case, this means I can rebuild my hetzner box from my laptop.
|
||||
You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p>
|
||||
<p>This sets up ssh with key-based authentication and lets our local user in.
|
||||
This config belongs on the remote machine.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>.
|
||||
The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p>
|
||||
<h3 id="caddy">Caddy</h3>
|
||||
<p>You can do this with whatever your preferred webserver is.
|
||||
I am a caddy stan.
|
||||
This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">80</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">443</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39;
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org {
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> }
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3>
|
||||
<p>We have a web server pointing at <code>/etc/blog</code>.
|
||||
The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p>
|
||||
<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances.
|
||||
The <code>fetchFromGitHub</code> helper would look very similar.</p>
|
||||
<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p>
|
||||
<p>Also note the little <code>/public</code> at the end of the <code>source</code> string.
|
||||
That&rsquo;s the directory of the git repo that the website source lives.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p>
|
||||
<ul>
|
||||
<li>Commit rebuilt website to repo</li>
|
||||
<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li>
|
||||
<li>Rebuild vps from laptop</li>
|
||||
</ul>
|
||||
<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
|
||||
|
||||
<item>
|
||||
<title>so you want to write a neovim plugin with lua</title>
|
||||
<link>https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/</link>
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -35,7 +35,7 @@
|
|||
</ul>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -12,6 +12,100 @@
|
|||
|
||||
|
||||
|
||||
<item>
|
||||
<title>over-engineered (?) nixos blog deployment setup</title>
|
||||
<link>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</link>
|
||||
<pubDate>Mon, 11 Aug 2025 00:00:00 +0000</pubDate>
|
||||
|
||||
<guid>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</guid>
|
||||
<description><p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog.
|
||||
Down to the last dirty detail.
|
||||
I have nothing better to talk about.
|
||||
Here is a diagram I edited to illustrate (credit to xkcd I think?).</p>
|
||||
<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p>
|
||||
<p>I host my site on a hetzner vps running nixos.
|
||||
I also have a git repo where all the static files for my blog live.
|
||||
I had previously been manually rsyncing the website up to my vps from my laptop.
|
||||
Qute an easy, efficient solution; it worked well.
|
||||
But not very nixos; far too simple, not sufficiently over-engineered.
|
||||
So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p>
|
||||
<h3 id="remote-rebuilds">Remote Rebuilds</h3>
|
||||
<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh.
|
||||
In my case, this means I can rebuild my hetzner box from my laptop.
|
||||
You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p>
|
||||
<p>This sets up ssh with key-based authentication and lets our local user in.
|
||||
This config belongs on the remote machine.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>.
|
||||
The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p>
|
||||
<h3 id="caddy">Caddy</h3>
|
||||
<p>You can do this with whatever your preferred webserver is.
|
||||
I am a caddy stan.
|
||||
This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">80</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">443</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39;
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org {
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> }
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3>
|
||||
<p>We have a web server pointing at <code>/etc/blog</code>.
|
||||
The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p>
|
||||
<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances.
|
||||
The <code>fetchFromGitHub</code> helper would look very similar.</p>
|
||||
<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p>
|
||||
<p>Also note the little <code>/public</code> at the end of the <code>source</code> string.
|
||||
That&rsquo;s the directory of the git repo that the website source lives.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p>
|
||||
<ul>
|
||||
<li>Commit rebuilt website to repo</li>
|
||||
<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li>
|
||||
<li>Rebuild vps from laptop</li>
|
||||
</ul>
|
||||
<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
|
||||
|
||||
<item>
|
||||
<title>so you want to write a neovim plugin with lua</title>
|
||||
<link>https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/</link>
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -24,6 +24,10 @@
|
|||
<main id="content">
|
||||
<h3>Nixos</h3>
|
||||
<ul id="posts">
|
||||
<li>
|
||||
<a href="https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/">over-engineered (?) nixos blog deployment setup</a> -<small><time>Aug 11, 2025</time></small>
|
||||
</li>
|
||||
|
||||
<li>
|
||||
<a href="https://nonsense.dymc.win/making-nix-colors-talk-to-neovim/">making nix-colors talk to neovim</a> -<small><time>Aug 18, 2023</time></small>
|
||||
</li>
|
||||
|
|
@ -55,7 +59,7 @@
|
|||
</ul>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -6,12 +6,106 @@
|
|||
<description>Recent content in Nixos on James' Blog :-)</description>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<language>en-GB</language>
|
||||
<lastBuildDate>Fri, 18 Aug 2023 00:00:00 +0000</lastBuildDate>
|
||||
<lastBuildDate>Mon, 11 Aug 2025 00:00:00 +0000</lastBuildDate>
|
||||
|
||||
<atom:link href="https://nonsense.dymc.win/tags/nixos/index.xml" rel="self" type="application/rss+xml" />
|
||||
|
||||
|
||||
|
||||
<item>
|
||||
<title>over-engineered (?) nixos blog deployment setup</title>
|
||||
<link>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</link>
|
||||
<pubDate>Mon, 11 Aug 2025 00:00:00 +0000</pubDate>
|
||||
|
||||
<guid>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</guid>
|
||||
<description><p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog.
|
||||
Down to the last dirty detail.
|
||||
I have nothing better to talk about.
|
||||
Here is a diagram I edited to illustrate (credit to xkcd I think?).</p>
|
||||
<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p>
|
||||
<p>I host my site on a hetzner vps running nixos.
|
||||
I also have a git repo where all the static files for my blog live.
|
||||
I had previously been manually rsyncing the website up to my vps from my laptop.
|
||||
Qute an easy, efficient solution; it worked well.
|
||||
But not very nixos; far too simple, not sufficiently over-engineered.
|
||||
So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p>
|
||||
<h3 id="remote-rebuilds">Remote Rebuilds</h3>
|
||||
<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh.
|
||||
In my case, this means I can rebuild my hetzner box from my laptop.
|
||||
You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p>
|
||||
<p>This sets up ssh with key-based authentication and lets our local user in.
|
||||
This config belongs on the remote machine.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>.
|
||||
The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p>
|
||||
<h3 id="caddy">Caddy</h3>
|
||||
<p>You can do this with whatever your preferred webserver is.
|
||||
I am a caddy stan.
|
||||
This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">80</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">443</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39;
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org {
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> }
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3>
|
||||
<p>We have a web server pointing at <code>/etc/blog</code>.
|
||||
The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p>
|
||||
<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances.
|
||||
The <code>fetchFromGitHub</code> helper would look very similar.</p>
|
||||
<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p>
|
||||
<p>Also note the little <code>/public</code> at the end of the <code>source</code> string.
|
||||
That&rsquo;s the directory of the git repo that the website source lives.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p>
|
||||
<ul>
|
||||
<li>Commit rebuilt website to repo</li>
|
||||
<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li>
|
||||
<li>Rebuild vps from laptop</li>
|
||||
</ul>
|
||||
<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
|
||||
|
||||
<item>
|
||||
<title>so you want to write a neovim plugin with lua</title>
|
||||
<link>https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/</link>
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -31,7 +31,7 @@
|
|||
</ul>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -12,6 +12,100 @@
|
|||
|
||||
|
||||
|
||||
<item>
|
||||
<title>over-engineered (?) nixos blog deployment setup</title>
|
||||
<link>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</link>
|
||||
<pubDate>Mon, 11 Aug 2025 00:00:00 +0000</pubDate>
|
||||
|
||||
<guid>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</guid>
|
||||
<description><p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog.
|
||||
Down to the last dirty detail.
|
||||
I have nothing better to talk about.
|
||||
Here is a diagram I edited to illustrate (credit to xkcd I think?).</p>
|
||||
<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p>
|
||||
<p>I host my site on a hetzner vps running nixos.
|
||||
I also have a git repo where all the static files for my blog live.
|
||||
I had previously been manually rsyncing the website up to my vps from my laptop.
|
||||
Qute an easy, efficient solution; it worked well.
|
||||
But not very nixos; far too simple, not sufficiently over-engineered.
|
||||
So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p>
|
||||
<h3 id="remote-rebuilds">Remote Rebuilds</h3>
|
||||
<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh.
|
||||
In my case, this means I can rebuild my hetzner box from my laptop.
|
||||
You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p>
|
||||
<p>This sets up ssh with key-based authentication and lets our local user in.
|
||||
This config belongs on the remote machine.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>.
|
||||
The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p>
|
||||
<h3 id="caddy">Caddy</h3>
|
||||
<p>You can do this with whatever your preferred webserver is.
|
||||
I am a caddy stan.
|
||||
This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">80</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">443</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39;
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org {
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> }
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3>
|
||||
<p>We have a web server pointing at <code>/etc/blog</code>.
|
||||
The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p>
|
||||
<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances.
|
||||
The <code>fetchFromGitHub</code> helper would look very similar.</p>
|
||||
<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p>
|
||||
<p>Also note the little <code>/public</code> at the end of the <code>source</code> string.
|
||||
That&rsquo;s the directory of the git repo that the website source lives.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p>
|
||||
<ul>
|
||||
<li>Commit rebuilt website to repo</li>
|
||||
<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li>
|
||||
<li>Rebuild vps from laptop</li>
|
||||
</ul>
|
||||
<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
|
||||
|
||||
<item>
|
||||
<title>so you want to write a neovim plugin with lua</title>
|
||||
<link>https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/</link>
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -55,7 +55,7 @@
|
|||
</ul>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -12,6 +12,100 @@
|
|||
|
||||
|
||||
|
||||
<item>
|
||||
<title>over-engineered (?) nixos blog deployment setup</title>
|
||||
<link>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</link>
|
||||
<pubDate>Mon, 11 Aug 2025 00:00:00 +0000</pubDate>
|
||||
|
||||
<guid>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</guid>
|
||||
<description><p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog.
|
||||
Down to the last dirty detail.
|
||||
I have nothing better to talk about.
|
||||
Here is a diagram I edited to illustrate (credit to xkcd I think?).</p>
|
||||
<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p>
|
||||
<p>I host my site on a hetzner vps running nixos.
|
||||
I also have a git repo where all the static files for my blog live.
|
||||
I had previously been manually rsyncing the website up to my vps from my laptop.
|
||||
Qute an easy, efficient solution; it worked well.
|
||||
But not very nixos; far too simple, not sufficiently over-engineered.
|
||||
So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p>
|
||||
<h3 id="remote-rebuilds">Remote Rebuilds</h3>
|
||||
<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh.
|
||||
In my case, this means I can rebuild my hetzner box from my laptop.
|
||||
You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p>
|
||||
<p>This sets up ssh with key-based authentication and lets our local user in.
|
||||
This config belongs on the remote machine.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>.
|
||||
The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p>
|
||||
<h3 id="caddy">Caddy</h3>
|
||||
<p>You can do this with whatever your preferred webserver is.
|
||||
I am a caddy stan.
|
||||
This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">80</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">443</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39;
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org {
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> }
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3>
|
||||
<p>We have a web server pointing at <code>/etc/blog</code>.
|
||||
The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p>
|
||||
<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances.
|
||||
The <code>fetchFromGitHub</code> helper would look very similar.</p>
|
||||
<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p>
|
||||
<p>Also note the little <code>/public</code> at the end of the <code>source</code> string.
|
||||
That&rsquo;s the directory of the git repo that the website source lives.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p>
|
||||
<ul>
|
||||
<li>Commit rebuilt website to repo</li>
|
||||
<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li>
|
||||
<li>Rebuild vps from laptop</li>
|
||||
</ul>
|
||||
<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
|
||||
|
||||
<item>
|
||||
<title>so you want to write a neovim plugin with lua</title>
|
||||
<link>https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/</link>
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -39,7 +39,7 @@
|
|||
</ul>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -12,6 +12,100 @@
|
|||
|
||||
|
||||
|
||||
<item>
|
||||
<title>over-engineered (?) nixos blog deployment setup</title>
|
||||
<link>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</link>
|
||||
<pubDate>Mon, 11 Aug 2025 00:00:00 +0000</pubDate>
|
||||
|
||||
<guid>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</guid>
|
||||
<description><p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog.
|
||||
Down to the last dirty detail.
|
||||
I have nothing better to talk about.
|
||||
Here is a diagram I edited to illustrate (credit to xkcd I think?).</p>
|
||||
<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p>
|
||||
<p>I host my site on a hetzner vps running nixos.
|
||||
I also have a git repo where all the static files for my blog live.
|
||||
I had previously been manually rsyncing the website up to my vps from my laptop.
|
||||
Qute an easy, efficient solution; it worked well.
|
||||
But not very nixos; far too simple, not sufficiently over-engineered.
|
||||
So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p>
|
||||
<h3 id="remote-rebuilds">Remote Rebuilds</h3>
|
||||
<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh.
|
||||
In my case, this means I can rebuild my hetzner box from my laptop.
|
||||
You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p>
|
||||
<p>This sets up ssh with key-based authentication and lets our local user in.
|
||||
This config belongs on the remote machine.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>.
|
||||
The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p>
|
||||
<h3 id="caddy">Caddy</h3>
|
||||
<p>You can do this with whatever your preferred webserver is.
|
||||
I am a caddy stan.
|
||||
This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">80</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">443</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39;
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org {
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> }
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3>
|
||||
<p>We have a web server pointing at <code>/etc/blog</code>.
|
||||
The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p>
|
||||
<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances.
|
||||
The <code>fetchFromGitHub</code> helper would look very similar.</p>
|
||||
<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p>
|
||||
<p>Also note the little <code>/public</code> at the end of the <code>source</code> string.
|
||||
That&rsquo;s the directory of the git repo that the website source lives.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p>
|
||||
<ul>
|
||||
<li>Commit rebuilt website to repo</li>
|
||||
<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li>
|
||||
<li>Rebuild vps from laptop</li>
|
||||
</ul>
|
||||
<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
|
||||
|
||||
<item>
|
||||
<title>so you want to write a neovim plugin with lua</title>
|
||||
<link>https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/</link>
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -31,7 +31,7 @@
|
|||
</ul>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -12,6 +12,100 @@
|
|||
|
||||
|
||||
|
||||
<item>
|
||||
<title>over-engineered (?) nixos blog deployment setup</title>
|
||||
<link>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</link>
|
||||
<pubDate>Mon, 11 Aug 2025 00:00:00 +0000</pubDate>
|
||||
|
||||
<guid>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</guid>
|
||||
<description><p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog.
|
||||
Down to the last dirty detail.
|
||||
I have nothing better to talk about.
|
||||
Here is a diagram I edited to illustrate (credit to xkcd I think?).</p>
|
||||
<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p>
|
||||
<p>I host my site on a hetzner vps running nixos.
|
||||
I also have a git repo where all the static files for my blog live.
|
||||
I had previously been manually rsyncing the website up to my vps from my laptop.
|
||||
Qute an easy, efficient solution; it worked well.
|
||||
But not very nixos; far too simple, not sufficiently over-engineered.
|
||||
So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p>
|
||||
<h3 id="remote-rebuilds">Remote Rebuilds</h3>
|
||||
<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh.
|
||||
In my case, this means I can rebuild my hetzner box from my laptop.
|
||||
You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p>
|
||||
<p>This sets up ssh with key-based authentication and lets our local user in.
|
||||
This config belongs on the remote machine.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>.
|
||||
The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p>
|
||||
<h3 id="caddy">Caddy</h3>
|
||||
<p>You can do this with whatever your preferred webserver is.
|
||||
I am a caddy stan.
|
||||
This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">80</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">443</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39;
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org {
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> }
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3>
|
||||
<p>We have a web server pointing at <code>/etc/blog</code>.
|
||||
The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p>
|
||||
<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances.
|
||||
The <code>fetchFromGitHub</code> helper would look very similar.</p>
|
||||
<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p>
|
||||
<p>Also note the little <code>/public</code> at the end of the <code>source</code> string.
|
||||
That&rsquo;s the directory of the git repo that the website source lives.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p>
|
||||
<ul>
|
||||
<li>Commit rebuilt website to repo</li>
|
||||
<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li>
|
||||
<li>Rebuild vps from laptop</li>
|
||||
</ul>
|
||||
<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
|
||||
|
||||
<item>
|
||||
<title>so you want to write a neovim plugin with lua</title>
|
||||
<link>https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/</link>
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -31,7 +31,7 @@
|
|||
</ul>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -12,6 +12,100 @@
|
|||
|
||||
|
||||
|
||||
<item>
|
||||
<title>over-engineered (?) nixos blog deployment setup</title>
|
||||
<link>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</link>
|
||||
<pubDate>Mon, 11 Aug 2025 00:00:00 +0000</pubDate>
|
||||
|
||||
<guid>https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/</guid>
|
||||
<description><p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog.
|
||||
Down to the last dirty detail.
|
||||
I have nothing better to talk about.
|
||||
Here is a diagram I edited to illustrate (credit to xkcd I think?).</p>
|
||||
<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p>
|
||||
<p>I host my site on a hetzner vps running nixos.
|
||||
I also have a git repo where all the static files for my blog live.
|
||||
I had previously been manually rsyncing the website up to my vps from my laptop.
|
||||
Qute an easy, efficient solution; it worked well.
|
||||
But not very nixos; far too simple, not sufficiently over-engineered.
|
||||
So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p>
|
||||
<h3 id="remote-rebuilds">Remote Rebuilds</h3>
|
||||
<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh.
|
||||
In my case, this means I can rebuild my hetzner box from my laptop.
|
||||
You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p>
|
||||
<p>This sets up ssh with key-based authentication and lets our local user in.
|
||||
This config belongs on the remote machine.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>.
|
||||
The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p>
|
||||
<h3 id="caddy">Caddy</h3>
|
||||
<p>You can do this with whatever your preferred webserver is.
|
||||
I am a caddy stan.
|
||||
This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">80</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="mi">443</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39;
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org {
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> }
|
||||
</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3>
|
||||
<p>We have a web server pointing at <code>/etc/blog</code>.
|
||||
The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p>
|
||||
<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances.
|
||||
The <code>fetchFromGitHub</code> helper would look very similar.</p>
|
||||
<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p>
|
||||
<p>Also note the little <code>/public</code> at the end of the <code>source</code> string.
|
||||
That&rsquo;s the directory of the git repo that the website source lives.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p>
|
||||
<ul>
|
||||
<li>Commit rebuilt website to repo</li>
|
||||
<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li>
|
||||
<li>Rebuild vps from laptop</li>
|
||||
</ul>
|
||||
<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
|
||||
|
||||
<item>
|
||||
<title>so you want to write a neovim plugin with lua</title>
|
||||
<link>https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/</link>
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -88,7 +88,7 @@
|
|||
</article>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -99,7 +99,7 @@
|
|||
</article>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -118,7 +118,7 @@
|
|||
</article>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -73,7 +73,7 @@
|
|||
</article>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -71,7 +71,7 @@
|
|||
</article>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/info/" title="info">info</a>
|
||||
<a href="/info/" title="--help">--help</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
@ -106,7 +106,7 @@
|
|||
</article>
|
||||
|
||||
</main><footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
BIN
static/image/self-hosting.png
Normal file
BIN
static/image/self-hosting.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 71 KiB |
|
|
@ -1,3 +1,3 @@
|
|||
<footer id="footer">
|
||||
<p>~~~ made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a> ~~~</p>
|
||||
<p>made with <a href="https://gohugo.io">hugo</a> and my bastardised version of <a href="https://github.com/LukasJoswiak/etch">this nice theme</a></p>
|
||||
</footer>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue