From 28b0f67914b11069d3afddd42b574197126b846d Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Sat, 15 Nov 2025 12:27:46 -0800 Subject: rename fcuny-net to website --- flake.nix | 6 ++--- nix/modules/fcuny.net.nix | 66 ---------------------------------------------- nix/modules/website.nix | 66 ++++++++++++++++++++++++++++++++++++++++++++++ nix/packages/default.nix | 2 +- nix/packages/fcuny.net.nix | 31 ---------------------- nix/packages/website.nix | 31 ++++++++++++++++++++++ 6 files changed, 101 insertions(+), 101 deletions(-) delete mode 100644 nix/modules/fcuny.net.nix create mode 100644 nix/modules/website.nix delete mode 100644 nix/packages/fcuny.net.nix create mode 100644 nix/packages/website.nix diff --git a/flake.nix b/flake.nix index f96be8b..1bb3e90 100644 --- a/flake.nix +++ b/flake.nix @@ -25,10 +25,10 @@ # Import NixOS modules nixosModules = { - fcuny-net = import ./nix/modules/fcuny.net.nix; + website = import ./nix/modules/website.nix; default = { imports = [ - ./nix/modules/fcuny.net.nix + ./nix/modules/website.nix ]; }; }; @@ -68,7 +68,7 @@ in { packages = packages // { - default = packages.fcuny-net; + default = packages.website; }; formatter = treefmtEval.config.build.wrapper; diff --git a/nix/modules/fcuny.net.nix b/nix/modules/fcuny.net.nix deleted file mode 100644 index eaab7d2..0000000 --- a/nix/modules/fcuny.net.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: - -with lib; - -let - cfg = config.services.fcuny-net; -in -{ - options.services.fcuny-net = { - enable = mkEnableOption "fcuny.net service"; - - package = mkPackageOption pkgs "fcuny.net" { }; - - port = mkOption { - type = types.port; - default = 8070; - description = "Port to listen on"; - }; - - openFirewall = mkOption { - type = types.bool; - default = false; - description = "Whether to open the firewall for the goget service"; - }; - }; - - config = mkIf cfg.enable { - systemd.services.fcuny-net = { - description = "fcuny.net service"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - wants = [ "network.target" ]; - - serviceConfig = { - Type = "exec"; - DynamicUser = true; - ExecStart = "${cfg.package}/bin/fcuny-net"; - Restart = "always"; - RestartSec = "5"; - - # Security settings - NoNewPrivileges = true; - ProtectSystem = "strict"; - ProtectHome = true; - PrivateTmp = true; - ProtectKernelTunables = true; - ProtectKernelModules = true; - ProtectControlGroups = true; - RestrictSUIDSGID = true; - RestrictRealtime = true; - RestrictNamespaces = true; - LockPersonality = true; - MemoryDenyWriteExecute = true; - }; - }; - - networking.firewall = mkIf cfg.openFirewall { - allowedTCPPorts = [ cfg.port ]; - }; - }; -} diff --git a/nix/modules/website.nix b/nix/modules/website.nix new file mode 100644 index 0000000..5c82e34 --- /dev/null +++ b/nix/modules/website.nix @@ -0,0 +1,66 @@ +{ + config, + lib, + pkgs, + ... +}: + +with lib; + +let + cfg = config.services.website; +in +{ + options.services.website = { + enable = mkEnableOption "fcuny.net service"; + + package = mkPackageOption pkgs "website" { }; + + port = mkOption { + type = types.port; + default = 8070; + description = "Port to listen on"; + }; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = "Whether to open the firewall for the goget service"; + }; + }; + + config = mkIf cfg.enable { + systemd.services.website = { + description = "fcuny.net service"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + wants = [ "network.target" ]; + + serviceConfig = { + Type = "exec"; + DynamicUser = true; + ExecStart = "${cfg.package}/bin/fcuny-net"; + Restart = "always"; + RestartSec = "5"; + + # Security settings + NoNewPrivileges = true; + ProtectSystem = "strict"; + ProtectHome = true; + PrivateTmp = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectControlGroups = true; + RestrictSUIDSGID = true; + RestrictRealtime = true; + RestrictNamespaces = true; + LockPersonality = true; + MemoryDenyWriteExecute = true; + }; + }; + + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPorts = [ cfg.port ]; + }; + }; +} diff --git a/nix/packages/default.nix b/nix/packages/default.nix index 81fb9eb..87c1b99 100644 --- a/nix/packages/default.nix +++ b/nix/packages/default.nix @@ -1,5 +1,5 @@ { pkgs }: { - fcuny.net = pkgs.callPackage ./fcuny.net.nix { }; + website = pkgs.callPackage ./website.nix { }; } diff --git a/nix/packages/fcuny.net.nix b/nix/packages/fcuny.net.nix deleted file mode 100644 index e9ce950..0000000 --- a/nix/packages/fcuny.net.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ - lib, - buildGoModule, -}: - -buildGoModule rec { - pname = "fcuny.net"; - version = "0.1.0"; # Consider deriving from git tags: version = builtins.substring 0 8 self.rev; - - src = ../..; - - vendorHash = "sha256-mpwboru/KBCJ8Fuy8kpicKgbmhHDlj7ZNXrfdIUkilg="; - - subPackages = [ "app/fcuny-net" ]; - - ldflags = [ - "-s" - "-w" - ]; - - doCheck = false; - - meta = with lib; { - description = "My personal website"; - homepage = "https://code.fcuny.net/fcuny/x/app/fcuny-net"; - license = licenses.mit; - maintainers = with maintainers; [ fcuny ]; - platforms = platforms.unix; - mainProgram = "fcuny-net"; - }; -} diff --git a/nix/packages/website.nix b/nix/packages/website.nix new file mode 100644 index 0000000..880c93b --- /dev/null +++ b/nix/packages/website.nix @@ -0,0 +1,31 @@ +{ + lib, + buildGoModule, +}: + +buildGoModule rec { + pname = "fcuny-net"; + version = "0.1.0"; # Consider deriving from git tags: version = builtins.substring 0 8 self.rev; + + src = ../..; + + vendorHash = "sha256-mpwboru/KBCJ8Fuy8kpicKgbmhHDlj7ZNXrfdIUkilg="; + + subPackages = [ "app/fcuny-net" ]; + + ldflags = [ + "-s" + "-w" + ]; + + doCheck = false; + + meta = with lib; { + description = "My personal website"; + homepage = "https://code.fcuny.net/x/tree/app/fcuny-net"; + license = licenses.mit; + maintainers = with maintainers; [ fcuny ]; + platforms = platforms.unix; + mainProgram = "bin/fcuny-net"; + }; +} -- cgit v1.2.3