From 997b93d6ca3badf66ddc13e403e4ecfc6ebbe004 Mon Sep 17 00:00:00 2001 From: Fern Garden Date: Wed, 9 Jul 2025 12:02:55 +0800 Subject: [PATCH] Add webone, misc changes. --- flake.lock | 7 ++--- flake.nix | 34 +++++++++++++-------- hosts/server/weebill.nix | 12 ++++++-- modules/webone.nix | 65 ++++++++++++++++++++++++++++++++++++++++ suites/laptop.nix | 6 ++-- 5 files changed, 102 insertions(+), 22 deletions(-) create mode 100644 modules/webone.nix diff --git a/flake.lock b/flake.lock index d0e01e1..929b18d 100755 --- a/flake.lock +++ b/flake.lock @@ -307,17 +307,16 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1752022159, - "narHash": "sha256-WFkQ1WA+BRLuwfmh6uMym3IoUSXOu2sSM5XzalsLeUQ=", + "lastModified": 1752031448, + "narHash": "sha256-5cWr89OO+rt0saYETbLOIsKG0XYQqlgZ33xUMeQ1a1M=", "owner": "firewalkwithm3", "repo": "webone", - "rev": "256f5e115ceffb71fd2d61e0c7cb9b6b55c7571a", + "rev": "04cbb02463e52fd917944ee3f7174218d6fa42a5", "type": "github" }, "original": { "owner": "firewalkwithm3", "repo": "webone", - "rev": "256f5e115ceffb71fd2d61e0c7cb9b6b55c7571a", "type": "github" } } diff --git a/flake.nix b/flake.nix index cb43779..5f8283e 100755 --- a/flake.nix +++ b/flake.nix @@ -11,11 +11,11 @@ url = "git+ssh://git@docker.local:222/fern/secrets?ref=main"; flake = false; }; - + # Packages. fluffychat2.url = "github:NixOS/nixpkgs?ref=pull/419632/head"; # FluffyChat 2.0.0 feishin0_17.url = "github:NixOS/nixpkgs?ref=pull/414929/head"; # Feishin 0.17.0 - webone.url = "github:firewalkwithm3/webone?rev=256f5e115ceffb71fd2d61e0c7cb9b6b55c7571a"; # WebOne HTTP proxy. + webone.url = "github:firewalkwithm3/webone"; # WebOne HTTP proxy. }; outputs = @@ -27,11 +27,12 @@ sops-nix, fluffychat2, feishin0_17, + webone, ... }: + with nixpkgs.lib; let mkHost = - with nixpkgs.lib; { hostname, suite, @@ -43,21 +44,30 @@ system = platform; specialArgs = { - inherit hostname suite platform user; # Inherit variables. - secrets = builtins.toString inputs.secrets; # Secrets directory. - # Packages - userPkgs = { + inherit + hostname + suite + platform + user + ; # Inherit variables. + + userPackages = { fluffychat = fluffychat2.legacyPackages.${system}.fluffychat; feishin = feishin0_17.legacyPackages.${system}.feishin; webone = webone.packages.${system}.default; }; + + secrets = builtins.toString inputs.secrets; # Secrets directory. }; - modules = [ - ./suites/common.nix - ./suites/${suite}.nix - ./hosts/${suite}/${hostname}.nix - ] ++ extraModules; + modules = + [ + ./suites/common.nix + ./suites/${suite}.nix + ./hosts/${suite}/${hostname}.nix + ] + ++ (filesystem.listFilesRecursive ./modules) + ++ extraModules; }; in { diff --git a/hosts/server/weebill.nix b/hosts/server/weebill.nix index 01a8731..76ff233 100644 --- a/hosts/server/weebill.nix +++ b/hosts/server/weebill.nix @@ -21,6 +21,12 @@ }; }; - # Open ports for DHCP server. - networking.firewall.allowedUDPPorts = [ 53 67 ]; -} + # Open ports for DHCP server. + networking.firewall.allowedUDPPorts = [ + 53 + 67 + ]; + + # Enable WebOne HTTP proxy. + services.webone.enable = true; +} diff --git a/modules/webone.nix b/modules/webone.nix new file mode 100644 index 0000000..53f4a58 --- /dev/null +++ b/modules/webone.nix @@ -0,0 +1,65 @@ +{ + config, + lib, + userPackages, + ... +}: +with lib; +let + cfg = config.services.webone; +in +{ + options.services.webone.enable = mkEnableOption "Enable WebOne HTTP proxy."; + + config = mkIf cfg.enable { + users.groups.webone = { }; + + users.users.webone = { + createHome = true; + isSystemUser = true; + home = "/var/lib/webone"; + group = "webone"; + }; + + systemd.tmpfiles.settings = { + "10-webone" = { + "/var/log/webone.log" = { + f = { + group = "webone"; + mode = "0664"; + user = "webone"; + }; + }; + "/etc/webone.conf.d" = { + d = { + group = "webone"; + mode = "0755"; + user = "webone"; + }; + }; + }; + }; + + systemd.services.webone = { + description = "WebOne HTTP Proxy Server"; + documentation = [ "https://github.com/atauenis/webone/wiki/" ]; + requires = [ "network-online.target" ]; + after = [ "network-online.target" ]; + wantedBy = [ "default.target" ]; + startLimitIntervalSec = 5; + startLimitBurst = 3; + environment = { + OPENSSL_CONF = "${userPackages.webone}/lib/webone/openssl_webone.cnf"; + }; + serviceConfig = { + Type = "simple"; + User = "webone"; + Group = "webone"; + ExecStart = "${userPackages.webone}/bin/webone"; + TimeoutStopSec = "10"; + Restart = "on-failure"; + RestartSec = "5"; + }; + }; + }; +} diff --git a/suites/laptop.nix b/suites/laptop.nix index cada81b..058ef83 100755 --- a/suites/laptop.nix +++ b/suites/laptop.nix @@ -1,6 +1,6 @@ { pkgs, - userPkgs, + userPackages, lib, ... }: @@ -109,7 +109,7 @@ with lib; caligula celluloid discord - userPkgs.feishin + userPackages.feishin ghostty gimp3 glabels-qt @@ -137,7 +137,7 @@ with lib; }) # FluffyChat 2.0.0 with fixed desktop item. - (userPkgs.fluffychat.overrideAttrs ( + (userPackages.fluffychat.overrideAttrs ( finalAttrs: previousAttrs: { desktopItems = [ ((builtins.elemAt previousAttrs.desktopItems 0).override { startupWMClass = "fluffychat"; })