diff --git a/config.toml b/config.toml index 68177db..01e2389 100644 --- a/config.toml +++ b/config.toml @@ -12,9 +12,9 @@ pygmentsUseClasses = true [menu] [[menu.main]] - identifier = "info" - name = "info" - title = "info" + identifier = "--help" + name = "--help" + title = "--help" url = "/info/" weight = 20 diff --git a/content/info/index.md b/content/info/index.md index f094293..f49b687 100644 --- a/content/info/index.md +++ b/content/info/index.md @@ -1,3 +1,5 @@ This is a place to document bits and bobs I've been up to that have interested me. Expect linux and self-hosting tinkering, some novice programming, and maybe the occasional recipe. I tend to be a fool so take anything written here with a pinch of salt :) + +- [rss HERE!!](../index.xml) diff --git a/content/posts/nixos-remote-auto-static-site-deploy.md b/content/posts/nixos-remote-auto-static-site-deploy.md new file mode 100644 index 0000000..582c18b --- /dev/null +++ b/content/posts/nixos-remote-auto-static-site-deploy.md @@ -0,0 +1,115 @@ +--- +title: over-engineered (?) nixos blog deployment setup +date: 2025-08-11 +tags: + - nixos +draft: false +--- + +As is traditional with people hosting their own blog I'm going to do a post detailing EXACTLY how I'm hosting my blog. +Down to the last dirty detail. +I have nothing better to talk about. +Here is a diagram I edited to illustrate (credit to xkcd I think?). + +![self-hosting](/image/self-hosting.png) + +I host my site on a hetzner vps running nixos. +I also have a git repo where all the static files for my blog live. +I had previously been manually rsyncing the website up to my vps from my laptop. +Qute an easy, efficient solution; it worked well. +But not very nixos; far too simple, not sufficiently over-engineered. +So in true nixos fashion I decided I'd spend a couple of hours sorting the problem so I'd maybe save a minute once a year when I write a blog post. + +### Remote Rebuilds + +First, I'll show the fancy way to rebuild your remote nixos systems via ssh. +In my case, this means I can rebuild my hetzner box from my laptop. +You can read the wiki about it [here](https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines). + +This sets up ssh with key-based authentication and lets our local user in. +This config belongs on the remote machine. + +```nix +users.users.blog-king.openssh.authorizedKeys.keys = [ + # ssh public key on computer you're deploying from + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa" +]; + +nix.settings.trusted-users = [ "blog-king" ]; + +# ssh daemon +services.openssh = { + enable = true; + openFirewall = true; + settings = { + PasswordAuthentication = false; + PermitRootLogin = "no"; + }; +}; + +``` + +Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with `nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch`. +The `--ask-sudo-password` is not required if you ssh in as root though that would be a touch gauche. + +### Caddy + +You can do this with whatever your preferred webserver is. +I am a caddy stan. +This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at `/etc/blog`. + +```nix +networking.firewall.allowedTCPPorts = [ + 80 + 443 +]; + +services.caddy = { + enable = true; + extraConfig = '' + blog.example.org { + root * /etc/blog + file_server + } + ''; +}; +``` + +### Getting the files from git + +We have a web server pointing at `/etc/blog`. +The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory. + +I'm using the `fetchFromGitea` helper here which works for gitea and forgejo instances. +The `fetchFromGitHub` helper would look very similar. + +You can get the `rev` and `sha256` of the commit using `nix-prefetch-git`. + +Also note the little `/public` at the end of the `source` string. +That's the directory of the git repo that the website source lives. + +```nix +environment.etc."blog" = { + enable = true; + target = "blog"; + source = "${ + pkgs.fetchFromGitea { + domain = "git.example.org"; + owner = "james"; + repo = "blog"; + rev = "32d81f01388c88a259eed2ba52f4545dbcb1eb07"; + sha256 = "173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8"; + } + }/public"; + user = "caddy"; + group = "caddy"; +}; +``` + +So now with all that setup the blog post work flow is: + +- Commit rebuilt website to repo +- Update the `rev` and `sha256` to the new commit (this is annoying and I'm trying to work out a good way to automate it) +- Rebuild vps from laptop + +Not necessarily faster than the old rsync method but it's pretty damn declarative, that's for sure. diff --git a/public/categories/index.html b/public/categories/index.html index 7da7204..2665ac9 100644 --- a/public/categories/index.html +++ b/public/categories/index.html @@ -16,7 +16,7 @@ @@ -27,7 +27,7 @@ diff --git a/public/categories/index.xml b/public/categories/index.xml index e288b0c..e7fd74d 100644 --- a/public/categories/index.xml +++ b/public/categories/index.xml @@ -11,6 +11,100 @@ + + over-engineered (?) nixos blog deployment setup + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + Mon, 11 Aug 2025 00:00:00 +0000 + + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + <p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog. +Down to the last dirty detail. +I have nothing better to talk about. +Here is a diagram I edited to illustrate (credit to xkcd I think?).</p> +<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p> +<p>I host my site on a hetzner vps running nixos. +I also have a git repo where all the static files for my blog live. +I had previously been manually rsyncing the website up to my vps from my laptop. +Qute an easy, efficient solution; it worked well. +But not very nixos; far too simple, not sufficiently over-engineered. +So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p> +<h3 id="remote-rebuilds">Remote Rebuilds</h3> +<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh. +In my case, this means I can rebuild my hetzner box from my laptop. +You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p> +<p>This sets up ssh with key-based authentication and lets our local user in. +This config belongs on the remote machine.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span> +</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">};</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>. +The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p> +<h3 id="caddy">Caddy</h3> +<p>You can do this with whatever your preferred webserver is. +I am a caddy stan. +This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="mi">80</span> +</span></span><span class="line"><span class="cl"> <span class="mi">443</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39; +</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org { +</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog +</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server +</span></span></span><span class="line"><span class="cl"><span class="s1"> } +</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3> +<p>We have a web server pointing at <code>/etc/blog</code>. +The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p> +<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances. +The <code>fetchFromGitHub</code> helper would look very similar.</p> +<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p> +<p>Also note the little <code>/public</code> at the end of the <code>source</code> string. +That&rsquo;s the directory of the git repo that the website source lives.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span> +</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">}</span> +</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p> +<ul> +<li>Commit rebuilt website to repo</li> +<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li> +<li>Rebuild vps from laptop</li> +</ul> +<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p> + + + + + so you want to write a neovim plugin with lua https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/ diff --git a/public/chess.com-api-and-the-continuing-search-for-en-passant-checkmate/index.html b/public/chess.com-api-and-the-continuing-search-for-en-passant-checkmate/index.html index a931498..99c1e5e 100644 --- a/public/chess.com-api-and-the-continuing-search-for-en-passant-checkmate/index.html +++ b/public/chess.com-api-and-the-continuing-search-for-en-passant-checkmate/index.html @@ -15,7 +15,7 @@ @@ -74,7 +74,7 @@ diff --git a/public/chess.com-api-and-the-search-for-en-passant-checkmate/index.html b/public/chess.com-api-and-the-search-for-en-passant-checkmate/index.html index 7a6b73d..57f791a 100644 --- a/public/chess.com-api-and-the-search-for-en-passant-checkmate/index.html +++ b/public/chess.com-api-and-the-search-for-en-passant-checkmate/index.html @@ -15,7 +15,7 @@ @@ -65,7 +65,7 @@ diff --git a/public/declarative-firefox-config-with-home-manager-on-nixos/index.html b/public/declarative-firefox-config-with-home-manager-on-nixos/index.html index 284b7e4..22e7061 100644 --- a/public/declarative-firefox-config-with-home-manager-on-nixos/index.html +++ b/public/declarative-firefox-config-with-home-manager-on-nixos/index.html @@ -15,7 +15,7 @@ @@ -85,7 +85,7 @@ diff --git a/public/elite-bread-dough-for-lazy-boys/index.html b/public/elite-bread-dough-for-lazy-boys/index.html index 69d8608..c741ed5 100644 --- a/public/elite-bread-dough-for-lazy-boys/index.html +++ b/public/elite-bread-dough-for-lazy-boys/index.html @@ -15,7 +15,7 @@ @@ -65,7 +65,7 @@ diff --git a/public/get-the-thoughts-out-of-your-head-and-into-a-digital-format-with-this-python-journal-script/index.html b/public/get-the-thoughts-out-of-your-head-and-into-a-digital-format-with-this-python-journal-script/index.html index 91dca20..a1764e3 100644 --- a/public/get-the-thoughts-out-of-your-head-and-into-a-digital-format-with-this-python-journal-script/index.html +++ b/public/get-the-thoughts-out-of-your-head-and-into-a-digital-format-with-this-python-journal-script/index.html @@ -15,7 +15,7 @@ @@ -83,7 +83,7 @@ diff --git a/public/image/self-hosting.png b/public/image/self-hosting.png new file mode 100644 index 0000000..7b190fe Binary files /dev/null and b/public/image/self-hosting.png differ diff --git a/public/index.html b/public/index.html index 140d230..6dfea15 100644 --- a/public/index.html +++ b/public/index.html @@ -17,7 +17,7 @@ @@ -25,6 +25,10 @@
diff --git a/public/index.xml b/public/index.xml index 6941e59..8a0d9e8 100644 --- a/public/index.xml +++ b/public/index.xml @@ -6,12 +6,106 @@ Recent content on James' Blog :-) Hugo -- gohugo.io en-GB - Tue, 25 Jun 2024 00:00:00 +0000 + Mon, 11 Aug 2025 00:00:00 +0000 + + over-engineered (?) nixos blog deployment setup + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + Mon, 11 Aug 2025 00:00:00 +0000 + + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + <p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog. +Down to the last dirty detail. +I have nothing better to talk about. +Here is a diagram I edited to illustrate (credit to xkcd I think?).</p> +<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p> +<p>I host my site on a hetzner vps running nixos. +I also have a git repo where all the static files for my blog live. +I had previously been manually rsyncing the website up to my vps from my laptop. +Qute an easy, efficient solution; it worked well. +But not very nixos; far too simple, not sufficiently over-engineered. +So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p> +<h3 id="remote-rebuilds">Remote Rebuilds</h3> +<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh. +In my case, this means I can rebuild my hetzner box from my laptop. +You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p> +<p>This sets up ssh with key-based authentication and lets our local user in. +This config belongs on the remote machine.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span> +</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">};</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>. +The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p> +<h3 id="caddy">Caddy</h3> +<p>You can do this with whatever your preferred webserver is. +I am a caddy stan. +This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="mi">80</span> +</span></span><span class="line"><span class="cl"> <span class="mi">443</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39; +</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org { +</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog +</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server +</span></span></span><span class="line"><span class="cl"><span class="s1"> } +</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3> +<p>We have a web server pointing at <code>/etc/blog</code>. +The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p> +<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances. +The <code>fetchFromGitHub</code> helper would look very similar.</p> +<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p> +<p>Also note the little <code>/public</code> at the end of the <code>source</code> string. +That&rsquo;s the directory of the git repo that the website source lives.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span> +</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">}</span> +</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p> +<ul> +<li>Commit rebuilt website to repo</li> +<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li> +<li>Rebuild vps from laptop</li> +</ul> +<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p> + + + + + so you want to write a neovim plugin with lua https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/ diff --git a/public/info/index.html b/public/info/index.html index ce49634..89e8008 100644 --- a/public/info/index.html +++ b/public/info/index.html @@ -15,7 +15,7 @@ @@ -28,10 +28,13 @@

This is a place to document bits and bobs I’ve been up to that have interested me. Expect linux and self-hosting tinkering, some novice programming, and maybe the occasional recipe. I tend to be a fool so take anything written here with a pinch of salt :)

+ diff --git a/public/learning-about-qtile-widgets-via-the-medium-of-cricket/index.html b/public/learning-about-qtile-widgets-via-the-medium-of-cricket/index.html index 71f4004..846d4fa 100644 --- a/public/learning-about-qtile-widgets-via-the-medium-of-cricket/index.html +++ b/public/learning-about-qtile-widgets-via-the-medium-of-cricket/index.html @@ -15,7 +15,7 @@ @@ -131,7 +131,7 @@ diff --git a/public/lowkey-emacs-setup/index.html b/public/lowkey-emacs-setup/index.html index 0a8b92a..046e8bd 100644 --- a/public/lowkey-emacs-setup/index.html +++ b/public/lowkey-emacs-setup/index.html @@ -15,7 +15,7 @@ @@ -103,7 +103,7 @@ diff --git a/public/making-nix-colors-talk-to-neovim/index.html b/public/making-nix-colors-talk-to-neovim/index.html index 977aaac..534c87e 100644 --- a/public/making-nix-colors-talk-to-neovim/index.html +++ b/public/making-nix-colors-talk-to-neovim/index.html @@ -15,7 +15,7 @@ @@ -73,7 +73,7 @@ After moving across most of my stuff I came across the problem of how to hook th diff --git a/public/multi-user-qtile-fiddling/index.html b/public/multi-user-qtile-fiddling/index.html index 2b757e2..00ba6f7 100644 --- a/public/multi-user-qtile-fiddling/index.html +++ b/public/multi-user-qtile-fiddling/index.html @@ -15,7 +15,7 @@ @@ -99,7 +99,7 @@ diff --git a/public/over-engieered-nixos-blog-deployment-setup/index.html b/public/over-engieered-nixos-blog-deployment-setup/index.html new file mode 100644 index 0000000..00d9d8e --- /dev/null +++ b/public/over-engieered-nixos-blog-deployment-setup/index.html @@ -0,0 +1,119 @@ + + + + + + + + + + + Over-engieered nixos blog deployment setup + + +
+
+
+

Over-engieered nixos blog deployment setup

+
+ +
+

As is traditional with people hosting their own blog I’m going to do a post detailing EXACTLY how I’m hosting my blog. +Down to the last dirty detail. +I have nothing better to talk about. +Here is a diagram I edited to illustrate (credit to xkcd I think?).

+

self-hosting

+

I host my site on a hetzner vps running nixos. +I also have a git repo where all the static files for my blog live. +I had previously been manually rsyncing the website up to my vps from my laptop. +Qute an easy, efficient solution; it worked well. +But not very nixos; far too simple, not sufficiently over-engieered. +So in true nixos fashion I decided I’d spend a couple of hours sorting the problem so I’d maybe save a minute once a year when I write a blog post.

+

Remote Rebuilds

+

First, I’ll show the fancy way to rebuild your remote nixos systems via ssh. +In my case, this means I can rebuild my hetzner box from my laptop. +You can read the wiki about it here.

+

This sets up ssh with key-based authentication and lets our local user in. +This config belongs on the remote machine.

+
users.users.blog-king.openssh.authorizedKeys.keys = [ 
+  # ssh public key on computer you're deploying from
+  "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa"
+];
+
+nix.settings.trusted-users = [ "blog-king" ];
+
+# ssh daemon
+services.openssh = {
+  enable = true;
+  openFirewall = true;
+  settings = {
+    PasswordAuthentication = false;
+    PermitRootLogin = "no";
+  };
+};
+

Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch. +The --ask-sudo-password is not required if you ssh in as root though that would be a touch gauche.

+

Caddy

+

You can do this with whatever your preferred webserver is. +I am a caddy stan. +This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at /etc/blog.

+
networking.firewall.allowedTCPPorts = [
+  80
+  443
+];
+
+services.caddy = {
+  enable = true;
+  extraConfig = ''
+    blog.example.org {
+      root * /etc/blog
+      file_server
+    }
+  '';
+};
+

Getting the files from git

+

We have a web server pointing at /etc/blog. +The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.

+

I’m using the fetchFromGitea helper here which works for gitea and forgejo instances. +The fetchFromGitHub helper would look very similar.

+

You can get the rev and sha256 of the commit using nix-prefetch-git. +Also note the little /public at the end of the source string. +That’s the directory of the git repo that the wesite source lives.

+
environment.etc."blog" = {
+  enable = true;
+  target = "blog";
+  source = "${
+    pkgs.fetchFromGitea {
+      domain = "git.dymc.win";
+      owner = "james";
+      repo = "blog";
+      rev = "32d81f01388c88a259eed2ba52f4545dbcb1eb07";
+      sha256 = "173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8";
+    }
+  }/public";
+  user = "caddy";
+  group = "caddy";
+};
+

So now with all that setup the blog post work flow is:

+
    +
  • Commit rebuilt website to repo
    • +
  • Update the rev and sha256 to the new commit (this is annoying and I’m trying to work out a good way to automate it)
    • +
  • Rebuild vps from laptop
    • +
+

Not necessarily faster than the old rsync method but it’s pretty damn declarative.

+
+ +
+ + diff --git a/public/over-engineered-nixos-blog-deployment-setup/index.html b/public/over-engineered-nixos-blog-deployment-setup/index.html new file mode 100644 index 0000000..695d792 --- /dev/null +++ b/public/over-engineered-nixos-blog-deployment-setup/index.html @@ -0,0 +1,119 @@ + + + + + + + + + + + over-engineered (?) nixos blog deployment setup + + +
+
+
+

over-engineered (?) nixos blog deployment setup

+
+ +
+

As is traditional with people hosting their own blog I’m going to do a post detailing EXACTLY how I’m hosting my blog. +Down to the last dirty detail. +I have nothing better to talk about. +Here is a diagram I edited to illustrate (credit to xkcd I think?).

+

self-hosting

+

I host my site on a hetzner vps running nixos. +I also have a git repo where all the static files for my blog live. +I had previously been manually rsyncing the website up to my vps from my laptop. +Qute an easy, efficient solution; it worked well. +But not very nixos; far too simple, not sufficiently over-engineered. +So in true nixos fashion I decided I’d spend a couple of hours sorting the problem so I’d maybe save a minute once a year when I write a blog post.

+

Remote Rebuilds

+

First, I’ll show the fancy way to rebuild your remote nixos systems via ssh. +In my case, this means I can rebuild my hetzner box from my laptop. +You can read the wiki about it here.

+

This sets up ssh with key-based authentication and lets our local user in. +This config belongs on the remote machine.

+
users.users.blog-king.openssh.authorizedKeys.keys = [ 
+  # ssh public key on computer you're deploying from
+  "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa"
+];
+
+nix.settings.trusted-users = [ "blog-king" ];
+
+# ssh daemon
+services.openssh = {
+  enable = true;
+  openFirewall = true;
+  settings = {
+    PasswordAuthentication = false;
+    PermitRootLogin = "no";
+  };
+};
+

Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch. +The --ask-sudo-password is not required if you ssh in as root though that would be a touch gauche.

+

Caddy

+

You can do this with whatever your preferred webserver is. +I am a caddy stan. +This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at /etc/blog.

+
networking.firewall.allowedTCPPorts = [
+  80
+  443
+];
+
+services.caddy = {
+  enable = true;
+  extraConfig = ''
+    blog.example.org {
+      root * /etc/blog
+      file_server
+    }
+  '';
+};
+

Getting the files from git

+

We have a web server pointing at /etc/blog. +The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.

+

I’m using the fetchFromGitea helper here which works for gitea and forgejo instances. +The fetchFromGitHub helper would look very similar.

+

You can get the rev and sha256 of the commit using nix-prefetch-git.

+

Also note the little /public at the end of the source string. +That’s the directory of the git repo that the website source lives.

+
environment.etc."blog" = {
+  enable = true;
+  target = "blog";
+  source = "${
+    pkgs.fetchFromGitea {
+      domain = "git.example.org";
+      owner = "james";
+      repo = "blog";
+      rev = "32d81f01388c88a259eed2ba52f4545dbcb1eb07";
+      sha256 = "173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8";
+    }
+  }/public";
+  user = "caddy";
+  group = "caddy";
+};
+

So now with all that setup the blog post work flow is:

+
    +
  • Commit rebuilt website to repo
    • +
  • Update the rev and sha256 to the new commit (this is annoying and I’m trying to work out a good way to automate it)
    • +
  • Rebuild vps from laptop
    • +
+

Not necessarily faster than the old rsync method but it’s pretty damn declarative, that’s for sure.

+
+ +
+ + diff --git a/public/podcast-setup-for-broke-boys-whose-trash-phone-cant-hack-modern-apps/index.html b/public/podcast-setup-for-broke-boys-whose-trash-phone-cant-hack-modern-apps/index.html index 9b8f151..55b2d33 100644 --- a/public/podcast-setup-for-broke-boys-whose-trash-phone-cant-hack-modern-apps/index.html +++ b/public/podcast-setup-for-broke-boys-whose-trash-phone-cant-hack-modern-apps/index.html @@ -15,7 +15,7 @@ @@ -111,7 +111,7 @@ diff --git a/public/posts/index.html b/public/posts/index.html index c556a6a..8601287 100644 --- a/public/posts/index.html +++ b/public/posts/index.html @@ -16,12 +16,16 @@
diff --git a/public/posts/index.xml b/public/posts/index.xml index e7fb5fc..2e8efd7 100644 --- a/public/posts/index.xml +++ b/public/posts/index.xml @@ -6,12 +6,106 @@ Recent content in Posts on James' Blog :-) Hugo -- gohugo.io en-GB - Tue, 25 Jun 2024 00:00:00 +0000 + Mon, 11 Aug 2025 00:00:00 +0000 + + over-engineered (?) nixos blog deployment setup + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + Mon, 11 Aug 2025 00:00:00 +0000 + + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + <p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog. +Down to the last dirty detail. +I have nothing better to talk about. +Here is a diagram I edited to illustrate (credit to xkcd I think?).</p> +<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p> +<p>I host my site on a hetzner vps running nixos. +I also have a git repo where all the static files for my blog live. +I had previously been manually rsyncing the website up to my vps from my laptop. +Qute an easy, efficient solution; it worked well. +But not very nixos; far too simple, not sufficiently over-engineered. +So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p> +<h3 id="remote-rebuilds">Remote Rebuilds</h3> +<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh. +In my case, this means I can rebuild my hetzner box from my laptop. +You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p> +<p>This sets up ssh with key-based authentication and lets our local user in. +This config belongs on the remote machine.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span> +</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">};</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>. +The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p> +<h3 id="caddy">Caddy</h3> +<p>You can do this with whatever your preferred webserver is. +I am a caddy stan. +This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="mi">80</span> +</span></span><span class="line"><span class="cl"> <span class="mi">443</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39; +</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org { +</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog +</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server +</span></span></span><span class="line"><span class="cl"><span class="s1"> } +</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3> +<p>We have a web server pointing at <code>/etc/blog</code>. +The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p> +<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances. +The <code>fetchFromGitHub</code> helper would look very similar.</p> +<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p> +<p>Also note the little <code>/public</code> at the end of the <code>source</code> string. +That&rsquo;s the directory of the git repo that the website source lives.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span> +</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">}</span> +</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p> +<ul> +<li>Commit rebuilt website to repo</li> +<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li> +<li>Rebuild vps from laptop</li> +</ul> +<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p> + + + + + so you want to write a neovim plugin with lua https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/ diff --git a/public/rudimentary-local-scrobbling-with-bash/index.html b/public/rudimentary-local-scrobbling-with-bash/index.html index 3dfe7b3..2ad7475 100644 --- a/public/rudimentary-local-scrobbling-with-bash/index.html +++ b/public/rudimentary-local-scrobbling-with-bash/index.html @@ -15,7 +15,7 @@ @@ -53,7 +53,7 @@ diff --git a/public/setting-up-a-lean-mean-hugo-blogging-theme/index.html b/public/setting-up-a-lean-mean-hugo-blogging-theme/index.html index 3827d3f..db4720a 100644 --- a/public/setting-up-a-lean-mean-hugo-blogging-theme/index.html +++ b/public/setting-up-a-lean-mean-hugo-blogging-theme/index.html @@ -15,7 +15,7 @@ @@ -105,7 +105,7 @@ diff --git a/public/simple-nixos-config-for-vps-static-site/index.html b/public/simple-nixos-config-for-vps-static-site/index.html index cd9a45a..ed259d2 100644 --- a/public/simple-nixos-config-for-vps-static-site/index.html +++ b/public/simple-nixos-config-for-vps-static-site/index.html @@ -15,7 +15,7 @@ @@ -79,7 +79,7 @@ diff --git a/public/sitemap.xml b/public/sitemap.xml index 72a6b52..2101e50 100644 --- a/public/sitemap.xml +++ b/public/sitemap.xml @@ -3,10 +3,19 @@ xmlns:xhtml="http://www.w3.org/1999/xhtml"> https://nonsense.dymc.win/ - 2024-06-25T00:00:00+00:00 + 2025-08-11T00:00:00+00:00 + + https://nonsense.dymc.win/tags/nixos/ + 2025-08-11T00:00:00+00:00 + + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + 2025-08-11T00:00:00+00:00 https://nonsense.dymc.win/posts/ - 2024-06-25T00:00:00+00:00 + 2025-08-11T00:00:00+00:00 + + https://nonsense.dymc.win/tags/ + 2025-08-11T00:00:00+00:00 https://nonsense.dymc.win/tags/lua/ 2024-04-06T00:00:00+00:00 @@ -16,9 +25,6 @@ https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/ 2024-04-06T00:00:00+00:00 - - https://nonsense.dymc.win/tags/ - 2024-04-06T00:00:00+00:00 https://nonsense.dymc.win/tags/home-manager/ 2023-08-18T00:00:00+00:00 @@ -28,9 +34,6 @@ https://nonsense.dymc.win/tags/nix-colors/ 2023-08-18T00:00:00+00:00 - - https://nonsense.dymc.win/tags/nixos/ - 2023-08-18T00:00:00+00:00 https://nonsense.dymc.win/tags/css/ 2023-06-26T00:00:00+00:00 diff --git a/public/so-you-want-to-write-a-neovim-plugin-with-lua/index.html b/public/so-you-want-to-write-a-neovim-plugin-with-lua/index.html index f28e661..89396cd 100644 --- a/public/so-you-want-to-write-a-neovim-plugin-with-lua/index.html +++ b/public/so-you-want-to-write-a-neovim-plugin-with-lua/index.html @@ -15,7 +15,7 @@ @@ -96,7 +96,7 @@ As a little coda, this is how you can use your fancy new plugin using -

~~~ made with hugo and my bastardised version of this nice theme ~~~

+

made with hugo and my bastardised version of this nice theme

diff --git a/public/tags/bash/index.html b/public/tags/bash/index.html index af67343..7cd78a9 100644 --- a/public/tags/bash/index.html +++ b/public/tags/bash/index.html @@ -16,7 +16,7 @@ @@ -35,7 +35,7 @@ diff --git a/public/tags/bash/index.xml b/public/tags/bash/index.xml index 70cd1ab..769bfcd 100644 --- a/public/tags/bash/index.xml +++ b/public/tags/bash/index.xml @@ -12,6 +12,100 @@ + + over-engineered (?) nixos blog deployment setup + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + Mon, 11 Aug 2025 00:00:00 +0000 + + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + <p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog. +Down to the last dirty detail. +I have nothing better to talk about. +Here is a diagram I edited to illustrate (credit to xkcd I think?).</p> +<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p> +<p>I host my site on a hetzner vps running nixos. +I also have a git repo where all the static files for my blog live. +I had previously been manually rsyncing the website up to my vps from my laptop. +Qute an easy, efficient solution; it worked well. +But not very nixos; far too simple, not sufficiently over-engineered. +So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p> +<h3 id="remote-rebuilds">Remote Rebuilds</h3> +<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh. +In my case, this means I can rebuild my hetzner box from my laptop. +You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p> +<p>This sets up ssh with key-based authentication and lets our local user in. +This config belongs on the remote machine.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span> +</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">};</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>. +The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p> +<h3 id="caddy">Caddy</h3> +<p>You can do this with whatever your preferred webserver is. +I am a caddy stan. +This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="mi">80</span> +</span></span><span class="line"><span class="cl"> <span class="mi">443</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39; +</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org { +</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog +</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server +</span></span></span><span class="line"><span class="cl"><span class="s1"> } +</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3> +<p>We have a web server pointing at <code>/etc/blog</code>. +The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p> +<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances. +The <code>fetchFromGitHub</code> helper would look very similar.</p> +<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p> +<p>Also note the little <code>/public</code> at the end of the <code>source</code> string. +That&rsquo;s the directory of the git repo that the website source lives.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span> +</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">}</span> +</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p> +<ul> +<li>Commit rebuilt website to repo</li> +<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li> +<li>Rebuild vps from laptop</li> +</ul> +<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p> + + + + + so you want to write a neovim plugin with lua https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/ diff --git a/public/tags/caddy/index.html b/public/tags/caddy/index.html index bdc063e..00b27d4 100644 --- a/public/tags/caddy/index.html +++ b/public/tags/caddy/index.html @@ -16,7 +16,7 @@ @@ -31,7 +31,7 @@ diff --git a/public/tags/caddy/index.xml b/public/tags/caddy/index.xml index e44309d..20d0e96 100644 --- a/public/tags/caddy/index.xml +++ b/public/tags/caddy/index.xml @@ -12,6 +12,100 @@ + + over-engineered (?) nixos blog deployment setup + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + Mon, 11 Aug 2025 00:00:00 +0000 + + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + <p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog. +Down to the last dirty detail. +I have nothing better to talk about. +Here is a diagram I edited to illustrate (credit to xkcd I think?).</p> +<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p> +<p>I host my site on a hetzner vps running nixos. +I also have a git repo where all the static files for my blog live. +I had previously been manually rsyncing the website up to my vps from my laptop. +Qute an easy, efficient solution; it worked well. +But not very nixos; far too simple, not sufficiently over-engineered. +So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p> +<h3 id="remote-rebuilds">Remote Rebuilds</h3> +<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh. +In my case, this means I can rebuild my hetzner box from my laptop. +You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p> +<p>This sets up ssh with key-based authentication and lets our local user in. +This config belongs on the remote machine.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span> +</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">};</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>. +The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p> +<h3 id="caddy">Caddy</h3> +<p>You can do this with whatever your preferred webserver is. +I am a caddy stan. +This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="mi">80</span> +</span></span><span class="line"><span class="cl"> <span class="mi">443</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39; +</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org { +</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog +</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server +</span></span></span><span class="line"><span class="cl"><span class="s1"> } +</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3> +<p>We have a web server pointing at <code>/etc/blog</code>. +The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p> +<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances. +The <code>fetchFromGitHub</code> helper would look very similar.</p> +<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p> +<p>Also note the little <code>/public</code> at the end of the <code>source</code> string. +That&rsquo;s the directory of the git repo that the website source lives.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span> +</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">}</span> +</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p> +<ul> +<li>Commit rebuilt website to repo</li> +<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li> +<li>Rebuild vps from laptop</li> +</ul> +<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p> + + + + + so you want to write a neovim plugin with lua https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/ diff --git a/public/tags/chess/index.html b/public/tags/chess/index.html index 60cdd97..085bd95 100644 --- a/public/tags/chess/index.html +++ b/public/tags/chess/index.html @@ -16,7 +16,7 @@ @@ -35,7 +35,7 @@ diff --git a/public/tags/chess/index.xml b/public/tags/chess/index.xml index 0b91b1b..3fe3425 100644 --- a/public/tags/chess/index.xml +++ b/public/tags/chess/index.xml @@ -12,6 +12,100 @@ + + over-engineered (?) nixos blog deployment setup + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + Mon, 11 Aug 2025 00:00:00 +0000 + + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + <p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog. +Down to the last dirty detail. +I have nothing better to talk about. +Here is a diagram I edited to illustrate (credit to xkcd I think?).</p> +<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p> +<p>I host my site on a hetzner vps running nixos. +I also have a git repo where all the static files for my blog live. +I had previously been manually rsyncing the website up to my vps from my laptop. +Qute an easy, efficient solution; it worked well. +But not very nixos; far too simple, not sufficiently over-engineered. +So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p> +<h3 id="remote-rebuilds">Remote Rebuilds</h3> +<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh. +In my case, this means I can rebuild my hetzner box from my laptop. +You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p> +<p>This sets up ssh with key-based authentication and lets our local user in. +This config belongs on the remote machine.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span> +</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">};</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>. +The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p> +<h3 id="caddy">Caddy</h3> +<p>You can do this with whatever your preferred webserver is. +I am a caddy stan. +This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="mi">80</span> +</span></span><span class="line"><span class="cl"> <span class="mi">443</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39; +</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org { +</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog +</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server +</span></span></span><span class="line"><span class="cl"><span class="s1"> } +</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3> +<p>We have a web server pointing at <code>/etc/blog</code>. +The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p> +<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances. +The <code>fetchFromGitHub</code> helper would look very similar.</p> +<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p> +<p>Also note the little <code>/public</code> at the end of the <code>source</code> string. +That&rsquo;s the directory of the git repo that the website source lives.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span> +</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">}</span> +</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p> +<ul> +<li>Commit rebuilt website to repo</li> +<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li> +<li>Rebuild vps from laptop</li> +</ul> +<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p> + + + + + so you want to write a neovim plugin with lua https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/ diff --git a/public/tags/cooking/index.html b/public/tags/cooking/index.html index acb2d06..667953e 100644 --- a/public/tags/cooking/index.html +++ b/public/tags/cooking/index.html @@ -16,7 +16,7 @@ @@ -31,7 +31,7 @@ diff --git a/public/tags/cooking/index.xml b/public/tags/cooking/index.xml index e095db4..82553a1 100644 --- a/public/tags/cooking/index.xml +++ b/public/tags/cooking/index.xml @@ -12,6 +12,100 @@ + + over-engineered (?) nixos blog deployment setup + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + Mon, 11 Aug 2025 00:00:00 +0000 + + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + <p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog. +Down to the last dirty detail. +I have nothing better to talk about. +Here is a diagram I edited to illustrate (credit to xkcd I think?).</p> +<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p> +<p>I host my site on a hetzner vps running nixos. +I also have a git repo where all the static files for my blog live. +I had previously been manually rsyncing the website up to my vps from my laptop. +Qute an easy, efficient solution; it worked well. +But not very nixos; far too simple, not sufficiently over-engineered. +So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p> +<h3 id="remote-rebuilds">Remote Rebuilds</h3> +<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh. +In my case, this means I can rebuild my hetzner box from my laptop. +You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p> +<p>This sets up ssh with key-based authentication and lets our local user in. +This config belongs on the remote machine.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span> +</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">};</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>. +The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p> +<h3 id="caddy">Caddy</h3> +<p>You can do this with whatever your preferred webserver is. +I am a caddy stan. +This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="mi">80</span> +</span></span><span class="line"><span class="cl"> <span class="mi">443</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39; +</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org { +</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog +</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server +</span></span></span><span class="line"><span class="cl"><span class="s1"> } +</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3> +<p>We have a web server pointing at <code>/etc/blog</code>. +The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p> +<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances. +The <code>fetchFromGitHub</code> helper would look very similar.</p> +<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p> +<p>Also note the little <code>/public</code> at the end of the <code>source</code> string. +That&rsquo;s the directory of the git repo that the website source lives.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span> +</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">}</span> +</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p> +<ul> +<li>Commit rebuilt website to repo</li> +<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li> +<li>Rebuild vps from laptop</li> +</ul> +<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p> + + + + + so you want to write a neovim plugin with lua https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/ diff --git a/public/tags/css/index.html b/public/tags/css/index.html index b26eb60..a537f0e 100644 --- a/public/tags/css/index.html +++ b/public/tags/css/index.html @@ -16,7 +16,7 @@ @@ -31,7 +31,7 @@ diff --git a/public/tags/css/index.xml b/public/tags/css/index.xml index 442ffbc..5bff4c2 100644 --- a/public/tags/css/index.xml +++ b/public/tags/css/index.xml @@ -12,6 +12,100 @@ + + over-engineered (?) nixos blog deployment setup + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + Mon, 11 Aug 2025 00:00:00 +0000 + + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + <p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog. +Down to the last dirty detail. +I have nothing better to talk about. +Here is a diagram I edited to illustrate (credit to xkcd I think?).</p> +<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p> +<p>I host my site on a hetzner vps running nixos. +I also have a git repo where all the static files for my blog live. +I had previously been manually rsyncing the website up to my vps from my laptop. +Qute an easy, efficient solution; it worked well. +But not very nixos; far too simple, not sufficiently over-engineered. +So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p> +<h3 id="remote-rebuilds">Remote Rebuilds</h3> +<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh. +In my case, this means I can rebuild my hetzner box from my laptop. +You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p> +<p>This sets up ssh with key-based authentication and lets our local user in. +This config belongs on the remote machine.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span> +</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">};</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>. +The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p> +<h3 id="caddy">Caddy</h3> +<p>You can do this with whatever your preferred webserver is. +I am a caddy stan. +This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="mi">80</span> +</span></span><span class="line"><span class="cl"> <span class="mi">443</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39; +</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org { +</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog +</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server +</span></span></span><span class="line"><span class="cl"><span class="s1"> } +</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3> +<p>We have a web server pointing at <code>/etc/blog</code>. +The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p> +<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances. +The <code>fetchFromGitHub</code> helper would look very similar.</p> +<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p> +<p>Also note the little <code>/public</code> at the end of the <code>source</code> string. +That&rsquo;s the directory of the git repo that the website source lives.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span> +</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">}</span> +</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p> +<ul> +<li>Commit rebuilt website to repo</li> +<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li> +<li>Rebuild vps from laptop</li> +</ul> +<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p> + + + + + so you want to write a neovim plugin with lua https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/ diff --git a/public/tags/docker/index.html b/public/tags/docker/index.html index e9845fd..2281beb 100644 --- a/public/tags/docker/index.html +++ b/public/tags/docker/index.html @@ -16,7 +16,7 @@ @@ -31,7 +31,7 @@ diff --git a/public/tags/docker/index.xml b/public/tags/docker/index.xml index 38c6531..65d9edb 100644 --- a/public/tags/docker/index.xml +++ b/public/tags/docker/index.xml @@ -12,6 +12,100 @@ + + over-engineered (?) nixos blog deployment setup + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + Mon, 11 Aug 2025 00:00:00 +0000 + + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + <p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog. +Down to the last dirty detail. +I have nothing better to talk about. +Here is a diagram I edited to illustrate (credit to xkcd I think?).</p> +<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p> +<p>I host my site on a hetzner vps running nixos. +I also have a git repo where all the static files for my blog live. +I had previously been manually rsyncing the website up to my vps from my laptop. +Qute an easy, efficient solution; it worked well. +But not very nixos; far too simple, not sufficiently over-engineered. +So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p> +<h3 id="remote-rebuilds">Remote Rebuilds</h3> +<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh. +In my case, this means I can rebuild my hetzner box from my laptop. +You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p> +<p>This sets up ssh with key-based authentication and lets our local user in. +This config belongs on the remote machine.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span> +</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">};</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>. +The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p> +<h3 id="caddy">Caddy</h3> +<p>You can do this with whatever your preferred webserver is. +I am a caddy stan. +This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="mi">80</span> +</span></span><span class="line"><span class="cl"> <span class="mi">443</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39; +</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org { +</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog +</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server +</span></span></span><span class="line"><span class="cl"><span class="s1"> } +</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3> +<p>We have a web server pointing at <code>/etc/blog</code>. +The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p> +<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances. +The <code>fetchFromGitHub</code> helper would look very similar.</p> +<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p> +<p>Also note the little <code>/public</code> at the end of the <code>source</code> string. +That&rsquo;s the directory of the git repo that the website source lives.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span> +</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">}</span> +</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p> +<ul> +<li>Commit rebuilt website to repo</li> +<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li> +<li>Rebuild vps from laptop</li> +</ul> +<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p> + + + + + so you want to write a neovim plugin with lua https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/ diff --git a/public/tags/emacs/index.html b/public/tags/emacs/index.html index 21ce3f8..c68479f 100644 --- a/public/tags/emacs/index.html +++ b/public/tags/emacs/index.html @@ -16,7 +16,7 @@ @@ -31,7 +31,7 @@ diff --git a/public/tags/emacs/index.xml b/public/tags/emacs/index.xml index ee429d3..81a9db2 100644 --- a/public/tags/emacs/index.xml +++ b/public/tags/emacs/index.xml @@ -12,6 +12,100 @@ + + over-engineered (?) nixos blog deployment setup + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + Mon, 11 Aug 2025 00:00:00 +0000 + + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + <p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog. +Down to the last dirty detail. +I have nothing better to talk about. +Here is a diagram I edited to illustrate (credit to xkcd I think?).</p> +<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p> +<p>I host my site on a hetzner vps running nixos. +I also have a git repo where all the static files for my blog live. +I had previously been manually rsyncing the website up to my vps from my laptop. +Qute an easy, efficient solution; it worked well. +But not very nixos; far too simple, not sufficiently over-engineered. +So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p> +<h3 id="remote-rebuilds">Remote Rebuilds</h3> +<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh. +In my case, this means I can rebuild my hetzner box from my laptop. +You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p> +<p>This sets up ssh with key-based authentication and lets our local user in. +This config belongs on the remote machine.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span> +</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">};</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>. +The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p> +<h3 id="caddy">Caddy</h3> +<p>You can do this with whatever your preferred webserver is. +I am a caddy stan. +This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="mi">80</span> +</span></span><span class="line"><span class="cl"> <span class="mi">443</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39; +</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org { +</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog +</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server +</span></span></span><span class="line"><span class="cl"><span class="s1"> } +</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3> +<p>We have a web server pointing at <code>/etc/blog</code>. +The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p> +<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances. +The <code>fetchFromGitHub</code> helper would look very similar.</p> +<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p> +<p>Also note the little <code>/public</code> at the end of the <code>source</code> string. +That&rsquo;s the directory of the git repo that the website source lives.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span> +</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">}</span> +</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p> +<ul> +<li>Commit rebuilt website to repo</li> +<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li> +<li>Rebuild vps from laptop</li> +</ul> +<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p> + + + + + so you want to write a neovim plugin with lua https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/ diff --git a/public/tags/home-manager/index.html b/public/tags/home-manager/index.html index be53f05..a46c6b2 100644 --- a/public/tags/home-manager/index.html +++ b/public/tags/home-manager/index.html @@ -16,7 +16,7 @@ @@ -43,7 +43,7 @@ diff --git a/public/tags/home-manager/index.xml b/public/tags/home-manager/index.xml index 33ae1b8..8c0ae3e 100644 --- a/public/tags/home-manager/index.xml +++ b/public/tags/home-manager/index.xml @@ -12,6 +12,100 @@ + + over-engineered (?) nixos blog deployment setup + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + Mon, 11 Aug 2025 00:00:00 +0000 + + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + <p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog. +Down to the last dirty detail. +I have nothing better to talk about. +Here is a diagram I edited to illustrate (credit to xkcd I think?).</p> +<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p> +<p>I host my site on a hetzner vps running nixos. +I also have a git repo where all the static files for my blog live. +I had previously been manually rsyncing the website up to my vps from my laptop. +Qute an easy, efficient solution; it worked well. +But not very nixos; far too simple, not sufficiently over-engineered. +So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p> +<h3 id="remote-rebuilds">Remote Rebuilds</h3> +<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh. +In my case, this means I can rebuild my hetzner box from my laptop. +You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p> +<p>This sets up ssh with key-based authentication and lets our local user in. +This config belongs on the remote machine.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span> +</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">};</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>. +The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p> +<h3 id="caddy">Caddy</h3> +<p>You can do this with whatever your preferred webserver is. +I am a caddy stan. +This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="mi">80</span> +</span></span><span class="line"><span class="cl"> <span class="mi">443</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39; +</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org { +</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog +</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server +</span></span></span><span class="line"><span class="cl"><span class="s1"> } +</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3> +<p>We have a web server pointing at <code>/etc/blog</code>. +The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p> +<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances. +The <code>fetchFromGitHub</code> helper would look very similar.</p> +<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p> +<p>Also note the little <code>/public</code> at the end of the <code>source</code> string. +That&rsquo;s the directory of the git repo that the website source lives.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span> +</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">}</span> +</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p> +<ul> +<li>Commit rebuilt website to repo</li> +<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li> +<li>Rebuild vps from laptop</li> +</ul> +<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p> + + + + + so you want to write a neovim plugin with lua https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/ diff --git a/public/tags/hugo/index.html b/public/tags/hugo/index.html index 94a88d4..a16ee59 100644 --- a/public/tags/hugo/index.html +++ b/public/tags/hugo/index.html @@ -16,7 +16,7 @@ @@ -31,7 +31,7 @@ diff --git a/public/tags/hugo/index.xml b/public/tags/hugo/index.xml index fb7f0e2..6538ba9 100644 --- a/public/tags/hugo/index.xml +++ b/public/tags/hugo/index.xml @@ -12,6 +12,100 @@ + + over-engineered (?) nixos blog deployment setup + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + Mon, 11 Aug 2025 00:00:00 +0000 + + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + <p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog. +Down to the last dirty detail. +I have nothing better to talk about. +Here is a diagram I edited to illustrate (credit to xkcd I think?).</p> +<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p> +<p>I host my site on a hetzner vps running nixos. +I also have a git repo where all the static files for my blog live. +I had previously been manually rsyncing the website up to my vps from my laptop. +Qute an easy, efficient solution; it worked well. +But not very nixos; far too simple, not sufficiently over-engineered. +So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p> +<h3 id="remote-rebuilds">Remote Rebuilds</h3> +<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh. +In my case, this means I can rebuild my hetzner box from my laptop. +You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p> +<p>This sets up ssh with key-based authentication and lets our local user in. +This config belongs on the remote machine.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span> +</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">};</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>. +The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p> +<h3 id="caddy">Caddy</h3> +<p>You can do this with whatever your preferred webserver is. +I am a caddy stan. +This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="mi">80</span> +</span></span><span class="line"><span class="cl"> <span class="mi">443</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39; +</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org { +</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog +</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server +</span></span></span><span class="line"><span class="cl"><span class="s1"> } +</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3> +<p>We have a web server pointing at <code>/etc/blog</code>. +The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p> +<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances. +The <code>fetchFromGitHub</code> helper would look very similar.</p> +<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p> +<p>Also note the little <code>/public</code> at the end of the <code>source</code> string. +That&rsquo;s the directory of the git repo that the website source lives.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span> +</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">}</span> +</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p> +<ul> +<li>Commit rebuilt website to repo</li> +<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li> +<li>Rebuild vps from laptop</li> +</ul> +<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p> + + + + + so you want to write a neovim plugin with lua https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/ diff --git a/public/tags/index.html b/public/tags/index.html index f893249..90bf9aa 100644 --- a/public/tags/index.html +++ b/public/tags/index.html @@ -16,7 +16,7 @@ @@ -24,6 +24,10 @@

Tags

    +
  • + Nixos - +
    • +
  • Lua -
    • @@ -40,10 +44,6 @@ Nix-Colors - -
  • - Nixos - -
    • -
  • Css -
    • @@ -107,7 +107,7 @@
diff --git a/public/tags/index.xml b/public/tags/index.xml index 4d0a742..a3b0527 100644 --- a/public/tags/index.xml +++ b/public/tags/index.xml @@ -6,12 +6,106 @@ Recent content in Tags on James' Blog :-) Hugo -- gohugo.io en-GB - Sat, 06 Apr 2024 00:00:00 +0000 + Mon, 11 Aug 2025 00:00:00 +0000 + + over-engineered (?) nixos blog deployment setup + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + Mon, 11 Aug 2025 00:00:00 +0000 + + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + <p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog. +Down to the last dirty detail. +I have nothing better to talk about. +Here is a diagram I edited to illustrate (credit to xkcd I think?).</p> +<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p> +<p>I host my site on a hetzner vps running nixos. +I also have a git repo where all the static files for my blog live. +I had previously been manually rsyncing the website up to my vps from my laptop. +Qute an easy, efficient solution; it worked well. +But not very nixos; far too simple, not sufficiently over-engineered. +So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p> +<h3 id="remote-rebuilds">Remote Rebuilds</h3> +<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh. +In my case, this means I can rebuild my hetzner box from my laptop. +You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p> +<p>This sets up ssh with key-based authentication and lets our local user in. +This config belongs on the remote machine.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span> +</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">};</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>. +The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p> +<h3 id="caddy">Caddy</h3> +<p>You can do this with whatever your preferred webserver is. +I am a caddy stan. +This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="mi">80</span> +</span></span><span class="line"><span class="cl"> <span class="mi">443</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39; +</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org { +</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog +</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server +</span></span></span><span class="line"><span class="cl"><span class="s1"> } +</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3> +<p>We have a web server pointing at <code>/etc/blog</code>. +The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p> +<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances. +The <code>fetchFromGitHub</code> helper would look very similar.</p> +<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p> +<p>Also note the little <code>/public</code> at the end of the <code>source</code> string. +That&rsquo;s the directory of the git repo that the website source lives.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span> +</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">}</span> +</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p> +<ul> +<li>Commit rebuilt website to repo</li> +<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li> +<li>Rebuild vps from laptop</li> +</ul> +<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p> + + + + + so you want to write a neovim plugin with lua https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/ diff --git a/public/tags/javascript/index.html b/public/tags/javascript/index.html index a6f946e..a5ddc4e 100644 --- a/public/tags/javascript/index.html +++ b/public/tags/javascript/index.html @@ -16,7 +16,7 @@ @@ -31,7 +31,7 @@ diff --git a/public/tags/javascript/index.xml b/public/tags/javascript/index.xml index 0cb74d5..4bcfecf 100644 --- a/public/tags/javascript/index.xml +++ b/public/tags/javascript/index.xml @@ -12,6 +12,100 @@ + + over-engineered (?) nixos blog deployment setup + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + Mon, 11 Aug 2025 00:00:00 +0000 + + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + <p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog. +Down to the last dirty detail. +I have nothing better to talk about. +Here is a diagram I edited to illustrate (credit to xkcd I think?).</p> +<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p> +<p>I host my site on a hetzner vps running nixos. +I also have a git repo where all the static files for my blog live. +I had previously been manually rsyncing the website up to my vps from my laptop. +Qute an easy, efficient solution; it worked well. +But not very nixos; far too simple, not sufficiently over-engineered. +So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p> +<h3 id="remote-rebuilds">Remote Rebuilds</h3> +<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh. +In my case, this means I can rebuild my hetzner box from my laptop. +You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p> +<p>This sets up ssh with key-based authentication and lets our local user in. +This config belongs on the remote machine.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span> +</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">};</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>. +The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p> +<h3 id="caddy">Caddy</h3> +<p>You can do this with whatever your preferred webserver is. +I am a caddy stan. +This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="mi">80</span> +</span></span><span class="line"><span class="cl"> <span class="mi">443</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39; +</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org { +</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog +</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server +</span></span></span><span class="line"><span class="cl"><span class="s1"> } +</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3> +<p>We have a web server pointing at <code>/etc/blog</code>. +The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p> +<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances. +The <code>fetchFromGitHub</code> helper would look very similar.</p> +<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p> +<p>Also note the little <code>/public</code> at the end of the <code>source</code> string. +That&rsquo;s the directory of the git repo that the website source lives.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span> +</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">}</span> +</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p> +<ul> +<li>Commit rebuilt website to repo</li> +<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li> +<li>Rebuild vps from laptop</li> +</ul> +<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p> + + + + + so you want to write a neovim plugin with lua https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/ diff --git a/public/tags/lua/index.html b/public/tags/lua/index.html index 4304673..f517467 100644 --- a/public/tags/lua/index.html +++ b/public/tags/lua/index.html @@ -16,7 +16,7 @@ @@ -31,7 +31,7 @@ diff --git a/public/tags/lua/index.xml b/public/tags/lua/index.xml index ced128c..58e2a4e 100644 --- a/public/tags/lua/index.xml +++ b/public/tags/lua/index.xml @@ -12,6 +12,100 @@ + + over-engineered (?) nixos blog deployment setup + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + Mon, 11 Aug 2025 00:00:00 +0000 + + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + <p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog. +Down to the last dirty detail. +I have nothing better to talk about. +Here is a diagram I edited to illustrate (credit to xkcd I think?).</p> +<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p> +<p>I host my site on a hetzner vps running nixos. +I also have a git repo where all the static files for my blog live. +I had previously been manually rsyncing the website up to my vps from my laptop. +Qute an easy, efficient solution; it worked well. +But not very nixos; far too simple, not sufficiently over-engineered. +So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p> +<h3 id="remote-rebuilds">Remote Rebuilds</h3> +<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh. +In my case, this means I can rebuild my hetzner box from my laptop. +You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p> +<p>This sets up ssh with key-based authentication and lets our local user in. +This config belongs on the remote machine.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span> +</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">};</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>. +The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p> +<h3 id="caddy">Caddy</h3> +<p>You can do this with whatever your preferred webserver is. +I am a caddy stan. +This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="mi">80</span> +</span></span><span class="line"><span class="cl"> <span class="mi">443</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39; +</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org { +</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog +</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server +</span></span></span><span class="line"><span class="cl"><span class="s1"> } +</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3> +<p>We have a web server pointing at <code>/etc/blog</code>. +The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p> +<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances. +The <code>fetchFromGitHub</code> helper would look very similar.</p> +<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p> +<p>Also note the little <code>/public</code> at the end of the <code>source</code> string. +That&rsquo;s the directory of the git repo that the website source lives.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span> +</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">}</span> +</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p> +<ul> +<li>Commit rebuilt website to repo</li> +<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li> +<li>Rebuild vps from laptop</li> +</ul> +<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p> + + + + + so you want to write a neovim plugin with lua https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/ diff --git a/public/tags/music/index.html b/public/tags/music/index.html index 70f8601..d4203ac 100644 --- a/public/tags/music/index.html +++ b/public/tags/music/index.html @@ -16,7 +16,7 @@ @@ -31,7 +31,7 @@ diff --git a/public/tags/music/index.xml b/public/tags/music/index.xml index 9064777..b18b13d 100644 --- a/public/tags/music/index.xml +++ b/public/tags/music/index.xml @@ -12,6 +12,100 @@ + + over-engineered (?) nixos blog deployment setup + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + Mon, 11 Aug 2025 00:00:00 +0000 + + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + <p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog. +Down to the last dirty detail. +I have nothing better to talk about. +Here is a diagram I edited to illustrate (credit to xkcd I think?).</p> +<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p> +<p>I host my site on a hetzner vps running nixos. +I also have a git repo where all the static files for my blog live. +I had previously been manually rsyncing the website up to my vps from my laptop. +Qute an easy, efficient solution; it worked well. +But not very nixos; far too simple, not sufficiently over-engineered. +So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p> +<h3 id="remote-rebuilds">Remote Rebuilds</h3> +<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh. +In my case, this means I can rebuild my hetzner box from my laptop. +You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p> +<p>This sets up ssh with key-based authentication and lets our local user in. +This config belongs on the remote machine.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span> +</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">};</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>. +The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p> +<h3 id="caddy">Caddy</h3> +<p>You can do this with whatever your preferred webserver is. +I am a caddy stan. +This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="mi">80</span> +</span></span><span class="line"><span class="cl"> <span class="mi">443</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39; +</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org { +</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog +</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server +</span></span></span><span class="line"><span class="cl"><span class="s1"> } +</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3> +<p>We have a web server pointing at <code>/etc/blog</code>. +The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p> +<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances. +The <code>fetchFromGitHub</code> helper would look very similar.</p> +<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p> +<p>Also note the little <code>/public</code> at the end of the <code>source</code> string. +That&rsquo;s the directory of the git repo that the website source lives.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span> +</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">}</span> +</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p> +<ul> +<li>Commit rebuilt website to repo</li> +<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li> +<li>Rebuild vps from laptop</li> +</ul> +<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p> + + + + + so you want to write a neovim plugin with lua https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/ diff --git a/public/tags/neovim/index.html b/public/tags/neovim/index.html index cfb597f..0dbe89a 100644 --- a/public/tags/neovim/index.html +++ b/public/tags/neovim/index.html @@ -16,7 +16,7 @@ @@ -35,7 +35,7 @@ diff --git a/public/tags/neovim/index.xml b/public/tags/neovim/index.xml index a840dd4..09091fe 100644 --- a/public/tags/neovim/index.xml +++ b/public/tags/neovim/index.xml @@ -12,6 +12,100 @@ + + over-engineered (?) nixos blog deployment setup + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + Mon, 11 Aug 2025 00:00:00 +0000 + + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + <p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog. +Down to the last dirty detail. +I have nothing better to talk about. +Here is a diagram I edited to illustrate (credit to xkcd I think?).</p> +<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p> +<p>I host my site on a hetzner vps running nixos. +I also have a git repo where all the static files for my blog live. +I had previously been manually rsyncing the website up to my vps from my laptop. +Qute an easy, efficient solution; it worked well. +But not very nixos; far too simple, not sufficiently over-engineered. +So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p> +<h3 id="remote-rebuilds">Remote Rebuilds</h3> +<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh. +In my case, this means I can rebuild my hetzner box from my laptop. +You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p> +<p>This sets up ssh with key-based authentication and lets our local user in. +This config belongs on the remote machine.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span> +</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">};</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>. +The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p> +<h3 id="caddy">Caddy</h3> +<p>You can do this with whatever your preferred webserver is. +I am a caddy stan. +This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="mi">80</span> +</span></span><span class="line"><span class="cl"> <span class="mi">443</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39; +</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org { +</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog +</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server +</span></span></span><span class="line"><span class="cl"><span class="s1"> } +</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3> +<p>We have a web server pointing at <code>/etc/blog</code>. +The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p> +<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances. +The <code>fetchFromGitHub</code> helper would look very similar.</p> +<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p> +<p>Also note the little <code>/public</code> at the end of the <code>source</code> string. +That&rsquo;s the directory of the git repo that the website source lives.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span> +</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">}</span> +</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p> +<ul> +<li>Commit rebuilt website to repo</li> +<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li> +<li>Rebuild vps from laptop</li> +</ul> +<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p> + + + + + so you want to write a neovim plugin with lua https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/ diff --git a/public/tags/nix-colors/index.html b/public/tags/nix-colors/index.html index 40f3773..fa969cb 100644 --- a/public/tags/nix-colors/index.html +++ b/public/tags/nix-colors/index.html @@ -16,7 +16,7 @@ @@ -35,7 +35,7 @@ diff --git a/public/tags/nix-colors/index.xml b/public/tags/nix-colors/index.xml index 7782cdc..1141ac4 100644 --- a/public/tags/nix-colors/index.xml +++ b/public/tags/nix-colors/index.xml @@ -12,6 +12,100 @@ + + over-engineered (?) nixos blog deployment setup + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + Mon, 11 Aug 2025 00:00:00 +0000 + + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + <p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog. +Down to the last dirty detail. +I have nothing better to talk about. +Here is a diagram I edited to illustrate (credit to xkcd I think?).</p> +<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p> +<p>I host my site on a hetzner vps running nixos. +I also have a git repo where all the static files for my blog live. +I had previously been manually rsyncing the website up to my vps from my laptop. +Qute an easy, efficient solution; it worked well. +But not very nixos; far too simple, not sufficiently over-engineered. +So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p> +<h3 id="remote-rebuilds">Remote Rebuilds</h3> +<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh. +In my case, this means I can rebuild my hetzner box from my laptop. +You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p> +<p>This sets up ssh with key-based authentication and lets our local user in. +This config belongs on the remote machine.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span> +</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">};</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>. +The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p> +<h3 id="caddy">Caddy</h3> +<p>You can do this with whatever your preferred webserver is. +I am a caddy stan. +This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="mi">80</span> +</span></span><span class="line"><span class="cl"> <span class="mi">443</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39; +</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org { +</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog +</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server +</span></span></span><span class="line"><span class="cl"><span class="s1"> } +</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3> +<p>We have a web server pointing at <code>/etc/blog</code>. +The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p> +<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances. +The <code>fetchFromGitHub</code> helper would look very similar.</p> +<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p> +<p>Also note the little <code>/public</code> at the end of the <code>source</code> string. +That&rsquo;s the directory of the git repo that the website source lives.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span> +</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">}</span> +</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p> +<ul> +<li>Commit rebuilt website to repo</li> +<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li> +<li>Rebuild vps from laptop</li> +</ul> +<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p> + + + + + so you want to write a neovim plugin with lua https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/ diff --git a/public/tags/nixos/index.html b/public/tags/nixos/index.html index 26b37b6..549d575 100644 --- a/public/tags/nixos/index.html +++ b/public/tags/nixos/index.html @@ -16,7 +16,7 @@ @@ -24,6 +24,10 @@

Nixos

diff --git a/public/tags/nixos/index.xml b/public/tags/nixos/index.xml index f403965..13eb9f2 100644 --- a/public/tags/nixos/index.xml +++ b/public/tags/nixos/index.xml @@ -6,12 +6,106 @@ Recent content in Nixos on James' Blog :-) Hugo -- gohugo.io en-GB - Fri, 18 Aug 2023 00:00:00 +0000 + Mon, 11 Aug 2025 00:00:00 +0000 + + over-engineered (?) nixos blog deployment setup + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + Mon, 11 Aug 2025 00:00:00 +0000 + + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + <p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog. +Down to the last dirty detail. +I have nothing better to talk about. +Here is a diagram I edited to illustrate (credit to xkcd I think?).</p> +<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p> +<p>I host my site on a hetzner vps running nixos. +I also have a git repo where all the static files for my blog live. +I had previously been manually rsyncing the website up to my vps from my laptop. +Qute an easy, efficient solution; it worked well. +But not very nixos; far too simple, not sufficiently over-engineered. +So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p> +<h3 id="remote-rebuilds">Remote Rebuilds</h3> +<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh. +In my case, this means I can rebuild my hetzner box from my laptop. +You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p> +<p>This sets up ssh with key-based authentication and lets our local user in. +This config belongs on the remote machine.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span> +</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">};</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>. +The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p> +<h3 id="caddy">Caddy</h3> +<p>You can do this with whatever your preferred webserver is. +I am a caddy stan. +This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="mi">80</span> +</span></span><span class="line"><span class="cl"> <span class="mi">443</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39; +</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org { +</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog +</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server +</span></span></span><span class="line"><span class="cl"><span class="s1"> } +</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3> +<p>We have a web server pointing at <code>/etc/blog</code>. +The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p> +<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances. +The <code>fetchFromGitHub</code> helper would look very similar.</p> +<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p> +<p>Also note the little <code>/public</code> at the end of the <code>source</code> string. +That&rsquo;s the directory of the git repo that the website source lives.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span> +</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">}</span> +</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p> +<ul> +<li>Commit rebuilt website to repo</li> +<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li> +<li>Rebuild vps from laptop</li> +</ul> +<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p> + + + + + so you want to write a neovim plugin with lua https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/ diff --git a/public/tags/podman/index.html b/public/tags/podman/index.html index ee82a9d..a2b7666 100644 --- a/public/tags/podman/index.html +++ b/public/tags/podman/index.html @@ -16,7 +16,7 @@ @@ -31,7 +31,7 @@ diff --git a/public/tags/podman/index.xml b/public/tags/podman/index.xml index 1440607..d1bc9d0 100644 --- a/public/tags/podman/index.xml +++ b/public/tags/podman/index.xml @@ -12,6 +12,100 @@ + + over-engineered (?) nixos blog deployment setup + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + Mon, 11 Aug 2025 00:00:00 +0000 + + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + <p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog. +Down to the last dirty detail. +I have nothing better to talk about. +Here is a diagram I edited to illustrate (credit to xkcd I think?).</p> +<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p> +<p>I host my site on a hetzner vps running nixos. +I also have a git repo where all the static files for my blog live. +I had previously been manually rsyncing the website up to my vps from my laptop. +Qute an easy, efficient solution; it worked well. +But not very nixos; far too simple, not sufficiently over-engineered. +So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p> +<h3 id="remote-rebuilds">Remote Rebuilds</h3> +<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh. +In my case, this means I can rebuild my hetzner box from my laptop. +You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p> +<p>This sets up ssh with key-based authentication and lets our local user in. +This config belongs on the remote machine.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span> +</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">};</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>. +The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p> +<h3 id="caddy">Caddy</h3> +<p>You can do this with whatever your preferred webserver is. +I am a caddy stan. +This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="mi">80</span> +</span></span><span class="line"><span class="cl"> <span class="mi">443</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39; +</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org { +</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog +</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server +</span></span></span><span class="line"><span class="cl"><span class="s1"> } +</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3> +<p>We have a web server pointing at <code>/etc/blog</code>. +The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p> +<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances. +The <code>fetchFromGitHub</code> helper would look very similar.</p> +<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p> +<p>Also note the little <code>/public</code> at the end of the <code>source</code> string. +That&rsquo;s the directory of the git repo that the website source lives.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span> +</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">}</span> +</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p> +<ul> +<li>Commit rebuilt website to repo</li> +<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li> +<li>Rebuild vps from laptop</li> +</ul> +<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p> + + + + + so you want to write a neovim plugin with lua https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/ diff --git a/public/tags/python/index.html b/public/tags/python/index.html index d85449b..cf857c6 100644 --- a/public/tags/python/index.html +++ b/public/tags/python/index.html @@ -16,7 +16,7 @@ @@ -55,7 +55,7 @@ diff --git a/public/tags/python/index.xml b/public/tags/python/index.xml index bd85ff0..a1bae67 100644 --- a/public/tags/python/index.xml +++ b/public/tags/python/index.xml @@ -12,6 +12,100 @@ + + over-engineered (?) nixos blog deployment setup + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + Mon, 11 Aug 2025 00:00:00 +0000 + + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + <p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog. +Down to the last dirty detail. +I have nothing better to talk about. +Here is a diagram I edited to illustrate (credit to xkcd I think?).</p> +<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p> +<p>I host my site on a hetzner vps running nixos. +I also have a git repo where all the static files for my blog live. +I had previously been manually rsyncing the website up to my vps from my laptop. +Qute an easy, efficient solution; it worked well. +But not very nixos; far too simple, not sufficiently over-engineered. +So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p> +<h3 id="remote-rebuilds">Remote Rebuilds</h3> +<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh. +In my case, this means I can rebuild my hetzner box from my laptop. +You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p> +<p>This sets up ssh with key-based authentication and lets our local user in. +This config belongs on the remote machine.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span> +</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">};</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>. +The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p> +<h3 id="caddy">Caddy</h3> +<p>You can do this with whatever your preferred webserver is. +I am a caddy stan. +This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="mi">80</span> +</span></span><span class="line"><span class="cl"> <span class="mi">443</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39; +</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org { +</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog +</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server +</span></span></span><span class="line"><span class="cl"><span class="s1"> } +</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3> +<p>We have a web server pointing at <code>/etc/blog</code>. +The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p> +<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances. +The <code>fetchFromGitHub</code> helper would look very similar.</p> +<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p> +<p>Also note the little <code>/public</code> at the end of the <code>source</code> string. +That&rsquo;s the directory of the git repo that the website source lives.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span> +</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">}</span> +</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p> +<ul> +<li>Commit rebuilt website to repo</li> +<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li> +<li>Rebuild vps from laptop</li> +</ul> +<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p> + + + + + so you want to write a neovim plugin with lua https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/ diff --git a/public/tags/qtile/index.html b/public/tags/qtile/index.html index c926b6a..5827774 100644 --- a/public/tags/qtile/index.html +++ b/public/tags/qtile/index.html @@ -16,7 +16,7 @@ @@ -39,7 +39,7 @@ diff --git a/public/tags/qtile/index.xml b/public/tags/qtile/index.xml index 92d1a8a..e8240b4 100644 --- a/public/tags/qtile/index.xml +++ b/public/tags/qtile/index.xml @@ -12,6 +12,100 @@ + + over-engineered (?) nixos blog deployment setup + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + Mon, 11 Aug 2025 00:00:00 +0000 + + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + <p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog. +Down to the last dirty detail. +I have nothing better to talk about. +Here is a diagram I edited to illustrate (credit to xkcd I think?).</p> +<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p> +<p>I host my site on a hetzner vps running nixos. +I also have a git repo where all the static files for my blog live. +I had previously been manually rsyncing the website up to my vps from my laptop. +Qute an easy, efficient solution; it worked well. +But not very nixos; far too simple, not sufficiently over-engineered. +So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p> +<h3 id="remote-rebuilds">Remote Rebuilds</h3> +<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh. +In my case, this means I can rebuild my hetzner box from my laptop. +You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p> +<p>This sets up ssh with key-based authentication and lets our local user in. +This config belongs on the remote machine.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span> +</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">};</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>. +The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p> +<h3 id="caddy">Caddy</h3> +<p>You can do this with whatever your preferred webserver is. +I am a caddy stan. +This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="mi">80</span> +</span></span><span class="line"><span class="cl"> <span class="mi">443</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39; +</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org { +</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog +</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server +</span></span></span><span class="line"><span class="cl"><span class="s1"> } +</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3> +<p>We have a web server pointing at <code>/etc/blog</code>. +The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p> +<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances. +The <code>fetchFromGitHub</code> helper would look very similar.</p> +<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p> +<p>Also note the little <code>/public</code> at the end of the <code>source</code> string. +That&rsquo;s the directory of the git repo that the website source lives.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span> +</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">}</span> +</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p> +<ul> +<li>Commit rebuilt website to repo</li> +<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li> +<li>Rebuild vps from laptop</li> +</ul> +<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p> + + + + + so you want to write a neovim plugin with lua https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/ diff --git a/public/tags/self-hosting/index.html b/public/tags/self-hosting/index.html index a3aeab5..58d1cc2 100644 --- a/public/tags/self-hosting/index.html +++ b/public/tags/self-hosting/index.html @@ -16,7 +16,7 @@ @@ -31,7 +31,7 @@ diff --git a/public/tags/self-hosting/index.xml b/public/tags/self-hosting/index.xml index 1d69522..d6b9014 100644 --- a/public/tags/self-hosting/index.xml +++ b/public/tags/self-hosting/index.xml @@ -12,6 +12,100 @@ + + over-engineered (?) nixos blog deployment setup + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + Mon, 11 Aug 2025 00:00:00 +0000 + + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + <p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog. +Down to the last dirty detail. +I have nothing better to talk about. +Here is a diagram I edited to illustrate (credit to xkcd I think?).</p> +<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p> +<p>I host my site on a hetzner vps running nixos. +I also have a git repo where all the static files for my blog live. +I had previously been manually rsyncing the website up to my vps from my laptop. +Qute an easy, efficient solution; it worked well. +But not very nixos; far too simple, not sufficiently over-engineered. +So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p> +<h3 id="remote-rebuilds">Remote Rebuilds</h3> +<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh. +In my case, this means I can rebuild my hetzner box from my laptop. +You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p> +<p>This sets up ssh with key-based authentication and lets our local user in. +This config belongs on the remote machine.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span> +</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">};</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>. +The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p> +<h3 id="caddy">Caddy</h3> +<p>You can do this with whatever your preferred webserver is. +I am a caddy stan. +This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="mi">80</span> +</span></span><span class="line"><span class="cl"> <span class="mi">443</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39; +</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org { +</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog +</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server +</span></span></span><span class="line"><span class="cl"><span class="s1"> } +</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3> +<p>We have a web server pointing at <code>/etc/blog</code>. +The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p> +<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances. +The <code>fetchFromGitHub</code> helper would look very similar.</p> +<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p> +<p>Also note the little <code>/public</code> at the end of the <code>source</code> string. +That&rsquo;s the directory of the git repo that the website source lives.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span> +</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">}</span> +</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p> +<ul> +<li>Commit rebuilt website to repo</li> +<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li> +<li>Rebuild vps from laptop</li> +</ul> +<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p> + + + + + so you want to write a neovim plugin with lua https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/ diff --git a/public/tags/tailscale/index.html b/public/tags/tailscale/index.html index 3c180e5..43e489c 100644 --- a/public/tags/tailscale/index.html +++ b/public/tags/tailscale/index.html @@ -16,7 +16,7 @@ @@ -31,7 +31,7 @@ diff --git a/public/tags/tailscale/index.xml b/public/tags/tailscale/index.xml index 72da0b2..f5a5ab2 100644 --- a/public/tags/tailscale/index.xml +++ b/public/tags/tailscale/index.xml @@ -12,6 +12,100 @@ + + over-engineered (?) nixos blog deployment setup + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + Mon, 11 Aug 2025 00:00:00 +0000 + + https://nonsense.dymc.win/over-engineered-nixos-blog-deployment-setup/ + <p>As is traditional with people hosting their own blog I&rsquo;m going to do a post detailing EXACTLY how I&rsquo;m hosting my blog. +Down to the last dirty detail. +I have nothing better to talk about. +Here is a diagram I edited to illustrate (credit to xkcd I think?).</p> +<p><img src="https://nonsense.dymc.win/image/self-hosting.png" alt="self-hosting"></p> +<p>I host my site on a hetzner vps running nixos. +I also have a git repo where all the static files for my blog live. +I had previously been manually rsyncing the website up to my vps from my laptop. +Qute an easy, efficient solution; it worked well. +But not very nixos; far too simple, not sufficiently over-engineered. +So in true nixos fashion I decided I&rsquo;d spend a couple of hours sorting the problem so I&rsquo;d maybe save a minute once a year when I write a blog post.</p> +<h3 id="remote-rebuilds">Remote Rebuilds</h3> +<p>First, I&rsquo;ll show the fancy way to rebuild your remote nixos systems via ssh. +In my case, this means I can rebuild my hetzner box from my laptop. +You can read the wiki about it <a href="https://wiki.nixos.org/wiki/Nixos-rebuild#Deploying_on_other_machines">here</a>.</p> +<p>This sets up ssh with key-based authentication and lets our local user in. +This config belongs on the remote machine.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span><span class="o">.</span><span class="n">blog-king</span><span class="o">.</span><span class="n">openssh</span><span class="o">.</span><span class="n">authorizedKeys</span><span class="o">.</span><span class="n">keys</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="c1"># ssh public key on computer you&#39;re deploying from</span> +</span></span><span class="line"><span class="cl"> <span class="s2">&#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzFa1hmmmmmPL5HvJZhXVEaWiZIMi34oR6AOcaaaaaaa&#34;</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">nix</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">trusted-users</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&#34;blog-king&#34;</span> <span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="c1"># ssh daemon</span> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">openFirewall</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">PasswordAuthentication</span> <span class="o">=</span> <span class="no">false</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">PermitRootLogin</span> <span class="o">=</span> <span class="s2">&#34;no&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">};</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>Once you have this going on your remote machine (in my case the hetzner vps) you should be able to rebuild the remote machine with <code>nixos-rebuild --target-host blog-king@remote-ip-here --ask-sudo-password switch</code>. +The <code>--ask-sudo-password</code> is not required if you ssh in as root though that would be a touch gauche.</p> +<h3 id="caddy">Caddy</h3> +<p>You can do this with whatever your preferred webserver is. +I am a caddy stan. +This opens the necessary ports in the firewall and sets up caddy in file server mode pointing at <code>/etc/blog</code>.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> +</span></span><span class="line"><span class="cl"> <span class="mi">80</span> +</span></span><span class="line"><span class="cl"> <span class="mi">443</span> +</span></span><span class="line"><span class="cl"><span class="p">];</span> +</span></span><span class="line"><span class="cl"> +</span></span><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">caddy</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">extraConfig</span> <span class="o">=</span> <span class="s1">&#39;&#39; +</span></span></span><span class="line"><span class="cl"><span class="s1"> blog.example.org { +</span></span></span><span class="line"><span class="cl"><span class="s1"> root * /etc/blog +</span></span></span><span class="line"><span class="cl"><span class="s1"> file_server +</span></span></span><span class="line"><span class="cl"><span class="s1"> } +</span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><h3 id="getting-the-files-from-git">Getting the files from git</h3> +<p>We have a web server pointing at <code>/etc/blog</code>. +The last piece of the puzzle is to get the static files from our git repo and spit them out in that directory.</p> +<p>I&rsquo;m using the <code>fetchFromGitea</code> helper here which works for gitea and forgejo instances. +The <code>fetchFromGitHub</code> helper would look very similar.</p> +<p>You can get the <code>rev</code> and <code>sha256</code> of the commit using <code>nix-prefetch-git</code>.</p> +<p>Also note the little <code>/public</code> at the end of the <code>source</code> string. +That&rsquo;s the directory of the git repo that the website source lives.</p> +<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">environment</span><span class="o">.</span><span class="n">etc</span><span class="o">.</span><span class="s2">&#34;blog&#34;</span> <span class="o">=</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;</span><span class="si">${</span> +</span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">fetchFromGitea</span> <span class="p">{</span> +</span></span><span class="line"><span class="cl"> <span class="n">domain</span> <span class="o">=</span> <span class="s2">&#34;git.example.org&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">owner</span> <span class="o">=</span> <span class="s2">&#34;james&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">repo</span> <span class="o">=</span> <span class="s2">&#34;blog&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">rev</span> <span class="o">=</span> <span class="s2">&#34;32d81f01388c88a259eed2ba52f4545dbcb1eb07&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">sha256</span> <span class="o">=</span> <span class="s2">&#34;173g99dj8y4sw1v7f1s5f7zgcrrlr6dly9n6ysr2i4jg095lkxw8&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="p">}</span> +</span></span><span class="line"><span class="cl"> <span class="si">}</span><span class="s2">/public&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">user</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"> <span class="n">group</span> <span class="o">=</span> <span class="s2">&#34;caddy&#34;</span><span class="p">;</span> +</span></span><span class="line"><span class="cl"><span class="p">};</span> +</span></span></code></pre></div><p>So now with all that setup the blog post work flow is:</p> +<ul> +<li>Commit rebuilt website to repo</li> +<li>Update the <code>rev</code> and <code>sha256</code> to the new commit (this is annoying and I&rsquo;m trying to work out a good way to automate it)</li> +<li>Rebuild vps from laptop</li> +</ul> +<p>Not necessarily faster than the old rsync method but it&rsquo;s pretty damn declarative, that&rsquo;s for sure.</p> + + + + + so you want to write a neovim plugin with lua https://nonsense.dymc.win/so-you-want-to-write-a-neovim-plugin-with-lua/ diff --git a/public/tailscale-caddy-and-nixos-containers-a-match-made-in-heaven/index.html b/public/tailscale-caddy-and-nixos-containers-a-match-made-in-heaven/index.html index 312042a..ff1440b 100644 --- a/public/tailscale-caddy-and-nixos-containers-a-match-made-in-heaven/index.html +++ b/public/tailscale-caddy-and-nixos-containers-a-match-made-in-heaven/index.html @@ -15,7 +15,7 @@ @@ -88,7 +88,7 @@ diff --git a/public/teeny-tiny-bash-fetch-script/index.html b/public/teeny-tiny-bash-fetch-script/index.html index 850a4f1..566ac16 100644 --- a/public/teeny-tiny-bash-fetch-script/index.html +++ b/public/teeny-tiny-bash-fetch-script/index.html @@ -15,7 +15,7 @@ @@ -99,7 +99,7 @@ diff --git a/public/theming-nirvana/index.html b/public/theming-nirvana/index.html index 798071d..10e7572 100644 --- a/public/theming-nirvana/index.html +++ b/public/theming-nirvana/index.html @@ -15,7 +15,7 @@ @@ -118,7 +118,7 @@ diff --git a/public/translating-docker-to-nix/index.html b/public/translating-docker-to-nix/index.html index 3b335c3..c68f6a1 100644 --- a/public/translating-docker-to-nix/index.html +++ b/public/translating-docker-to-nix/index.html @@ -15,7 +15,7 @@ @@ -73,7 +73,7 @@ diff --git a/public/upgrade-your-qtile-setup-with-a-cute-dropdown-terminal/index.html b/public/upgrade-your-qtile-setup-with-a-cute-dropdown-terminal/index.html index 82963ab..e0475c8 100644 --- a/public/upgrade-your-qtile-setup-with-a-cute-dropdown-terminal/index.html +++ b/public/upgrade-your-qtile-setup-with-a-cute-dropdown-terminal/index.html @@ -15,7 +15,7 @@ @@ -71,7 +71,7 @@ diff --git a/public/vanilla-javascript-theme-toggle-for-simpletons/index.html b/public/vanilla-javascript-theme-toggle-for-simpletons/index.html index 5fde248..c126992 100644 --- a/public/vanilla-javascript-theme-toggle-for-simpletons/index.html +++ b/public/vanilla-javascript-theme-toggle-for-simpletons/index.html @@ -15,7 +15,7 @@ @@ -106,7 +106,7 @@ diff --git a/static/image/self-hosting.png b/static/image/self-hosting.png new file mode 100644 index 0000000..7b190fe Binary files /dev/null and b/static/image/self-hosting.png differ diff --git a/themes/etch/layouts/partials/footer.html b/themes/etch/layouts/partials/footer.html index 33933c1..52985c0 100644 --- a/themes/etch/layouts/partials/footer.html +++ b/themes/etch/layouts/partials/footer.html @@ -1,3 +1,3 @@