add adam site option

flake.nix

@@ -44,15 +44,18 @@
         , system ? "x86_64-linux", minimal ? false }:
         nixpkgs-unstable.lib.nixosSystem {
           inherit system;
-          modules = modules ++ [ ./modules agenix.nixosModules.default ]
+          modules = modules ++ [
-            ++ (if !minimal then [
+            ./modules
+            agenix.nixosModules.default
             ({ outputs, ... }: {
               nixpkgs.overlays = with outputs.overlays; [
                 additions
                 modifications
                 unstable-packages
-                  nur.overlay
               ];
+            })
+          ] ++ (if !minimal then [
+            ({ ... }: {
               # stylix compains if image is not set...
               stylix.autoEnable = true;
               stylix.image = ./yuyukowallpaper1809.png;
@@ -68,7 +71,8 @@
           specialArgs = specialArgs // { inherit inputs outputs; };
         };
     in flake-utils.lib.eachDefaultSystem (system: {
-      packages = import ./pkgs { pkgs = nixpkgs-unstable.legacyPackages.${system}; };
+      packages =
+        import ./pkgs { pkgs = nixpkgs-unstable.legacyPackages.${system}; };
     }) // {
 
       overlays = import ./overlays.nix { inherit inputs; };
@@ -141,7 +145,7 @@
           ];
         };
         #initial install done with nix run github:nix-community/nixos-anywhere/73a6d3fef4c5b4ab9e4ac868f468ec8f9436afa7 -- --flake .#adam-site root@<ip>
-        #build with nixos-rebuild switch --flake .#adam-site --target-host "root@<ip>"
+        #update with nixos-rebuild switch --flake .#adam-site --target-host "root@<ip>"
         "adam-site" = mkHost {
           minimal = true;
           system = "aarch64-linux";

modules/services/adam-site.nix

@@ -0,0 +1,46 @@
+
+{ config, pkgs, lib, inputs, ... }:
+with lib;
+let cfg = config.custom.services.adam-site;
+in {
+  options.custom.services.adam-site = {
+    enable = mkEnableOption "Enables adams website";
+  };
+  config = lib.mkIf cfg.enable {
+    systemd.services.adam-site = {
+      description = "Adams Website";
+      wants = [ "network-online.target" ];
+      after = [ "network.target" "network-online.target" ];
+      wantedBy = [ "multi-user.target" ];
+      preStart = ''
+        if [ ! -d "$STATE_DIRECTORY/data" ]; then
+          mkdir -p "$STATE_DIRECTORY/data"
+          chmod 700 "$STATE_DIRECTORY/data"
+        fi
+      '';
+      serviceConfig = {
+        Type = "simple";
+        ExecStart = "${pkgs.nodejs_20}/bin/node ${pkgs.adam-site}/server/server.mjs";
+        DynamicUser = true;
+        StateDirectory = "adam-site";
+        WorkingDirectory = "/var/lib/private/adam-site";
+        Restart = "on-failure";
+        RestartSec = "5s";
+        PrivateMounts = mkDefault true;
+        PrivateTmp = mkDefault true;
+        PrivateUsers = mkDefault true;
+        ProtectClock = mkDefault true;
+        ProtectControlGroups = mkDefault true;
+        ProtectHome = mkDefault true;
+        ProtectHostname = mkDefault true;
+        ProtectKernelLogs = mkDefault true;
+        ProtectKernelModules = mkDefault true;
+        ProtectKernelTunables = mkDefault true;
+        ProtectSystem = mkDefault "strict";
+        # Needs network access
+        PrivateNetwork = mkDefault false;
+      };
+
+    };
+  };
+}

modules/services/default.nix

@@ -11,5 +11,6 @@
     ./fileshelter.nix
     ./wireguard.nix
     ./kop-monitor.nix
+    ./adam-site.nix
   ];
 }

pkgs/adam-site/default.nix

@@ -6,7 +6,7 @@ buildNpmPackage rec {
   src = fetchGit {
     url = "git@github.com:oberprofis/adams.git";
     ref = "main";
-    rev = "0d1d5003bd5681c5dbe2ad12ed1ef7e56bb4c197";
+    rev = "4f5ef5db79878e0bc244b71a979bb14e6b6177d6";
   };
   npmDepsHash="sha256-ndpuIqMAitnx0rswYD60l5JhDMdaKH77Qdu7zNgwj/o=";
   installPhase = ''

systems/adam-site/configuration.nix

@@ -4,39 +4,21 @@
     (modulesPath + "/profiles/qemu-guest.nix")
     ./disk-config.nix
   ];
-  boot.loader.grub = {
+
-    efiSupport = true;
-    efiInstallAsRemovable = true;
-  };
   services.openssh.enable = true;
   networking.firewall.allowedTCPPorts = [ 22 80 443 ];
   custom = {
-    services.acme.enable = true;
+    services = {
+      acme.enable = true;
+      adam-site.enable = true;
+    };
     nftables.enable = true;
     nix = { settings.enable = true; };
   };
 
-  environment.systemPackages = map lib.lowPrio [ pkgs.curl pkgs.gitMinimal ];
-
-  users.users.root.openssh.authorizedKeys.keys = [
-    # change this to your ssh key
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeP6qtVqE/gu72ZUZE8cdRi3INiUW9NqDR7SjXIzTw2"
-    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMypKJQvn68s8iNk9J9zghFlW4nrd03FwqfvGQ9sAmWojXe6pKrkat++8grIfB60aiIwNjHeXigVdZrpIb0QiR7+maPLPtxySTmgD7GeyAbwJrAymgKAzJcQvq5tKHtjH60KhLe4QzGXXpjoGIhl/8FhepRT6306JE8OfMwBUwOa3wcEdeJ7eK4JZdELCne3Gj16eWHy8iNIQswNtvJ70M7RACyDJARuazde3zFqkRYCP9Rqinegg/DVd+ykC2qHqM/yCersCOGn+I3hPCS1tz/AhDTQ7T9A7j5CLjv6ZbRS+B7a7u7z5qOAla468sELaiAEo2+fovlh8kib5zzWM2pK3rSEfUzFVGAAfHtrdR8pYynl3DBNC5XGzDT8xqa4B/qJIRoPmr8CMroLBOGGZQm9TJbmhfl8vT96RUwOA6qUmLQl6b0qJRRMkvlgCvKZyZ3d6pPfizQigTn1evBveqO9dgGcCAyAi0Ob6JZisTWUn5nAqe7CR1h2EKC0lqdCc="
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJTpEPKK38MQHcLHkJ6TCqrhSQ9B2ruVx6ONRVQYJC6"
-  ];
-
-  system.stateVersion = "23.11";
-
-  systemd.tmpfiles.rules = [
-    "d /data 0770 github-actions-runner nginx -"
-    "d /data/website 0770 github-actions-runner nginx -"
-  ];
-
-
   services.nginx = {
     enable = true;
 
-    # Use recommended settings
     recommendedGzipSettings = true;
     recommendedOptimisation = true;
     recommendedProxySettings = true;
@@ -46,14 +28,23 @@
     sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
 
     virtualHosts = {
-      #discord bot for tracking useractivity public version 
       "imbissaggsbachdorf.at" = {
         forceSSL = true;
         enableACME = true;
-        locations."/".extraConfig = ''
+        locations."/".proxyPass = "http://127.0.0.1:4000";
-          return 200 "Hello, world!";
-        '';
       };
     };
   };
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeP6qtVqE/gu72ZUZE8cdRi3INiUW9NqDR7SjXIzTw2"
+    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMypKJQvn68s8iNk9J9zghFlW4nrd03FwqfvGQ9sAmWojXe6pKrkat++8grIfB60aiIwNjHeXigVdZrpIb0QiR7+maPLPtxySTmgD7GeyAbwJrAymgKAzJcQvq5tKHtjH60KhLe4QzGXXpjoGIhl/8FhepRT6306JE8OfMwBUwOa3wcEdeJ7eK4JZdELCne3Gj16eWHy8iNIQswNtvJ70M7RACyDJARuazde3zFqkRYCP9Rqinegg/DVd+ykC2qHqM/yCersCOGn+I3hPCS1tz/AhDTQ7T9A7j5CLjv6ZbRS+B7a7u7z5qOAla468sELaiAEo2+fovlh8kib5zzWM2pK3rSEfUzFVGAAfHtrdR8pYynl3DBNC5XGzDT8xqa4B/qJIRoPmr8CMroLBOGGZQm9TJbmhfl8vT96RUwOA6qUmLQl6b0qJRRMkvlgCvKZyZ3d6pPfizQigTn1evBveqO9dgGcCAyAi0Ob6JZisTWUn5nAqe7CR1h2EKC0lqdCc="
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJTpEPKK38MQHcLHkJ6TCqrhSQ9B2ruVx6ONRVQYJC6"
+  ];
+  environment.systemPackages = map lib.lowPrio [ pkgs.curl pkgs.gitMinimal ];
+  boot.loader.grub = {
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+  };
+  system.stateVersion = "23.11";
 }

systems/vm/configuration.nix

@@ -1,5 +1,4 @@
-{pkgs, config, ...}:
+{ pkgs, config, ... }: {
-{
 
   age.identityPaths = [ /home/kopatz/.ssh/id_rsa ];
   mainUser.layout = "de";
@@ -16,8 +15,19 @@
       ld.enable = true;
       settings.enable = true;
     };
-    graphical = {
+    services = { adam-site.enable = true; };
-      lxqt.enable = true;
+    graphical = { lxqt.enable = true; };
+  };
+
+  environment.systemPackages = [ pkgs.firefox ];
+  services.nginx = {
+    enable = true;
+    virtualHosts = {
+      "localhost" = {
+        forceSSL = false;
+        enableACME = false;
+        locations."/".proxyPass = "http://127.0.0.1:4000";
+      };
     };
   };
 }