Suitable for nix deploy, embedded resources, relative paths

12 months ago · 5d811ec353
parent 6e13604ebf
commit 5d811ec353
7 changed files with 191 additions and 41 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,4 @@
 /target
 /uploads
-/data
+/data
+result
--- a/24
+++ b/24
@ -1,24 +0,0 @@
-from rust:1.57.0 as builder
-
-run cd /opt && USER=root cargo new --bin app
-workdir /opt/app
-
-run apt-get update
-run apt install -y libgexiv2-dev
-run rustup default stable
-run cargo install cargo-build-deps
-
-copy Cargo.toml Cargo.lock ./
-run cargo build-deps --release
-
-copy . .
-run cargo build --release
-
-from rust:1.57.0-slim
-env ROCKET_ADDRESS=0.0.0.0
-env ROCKET_PORT=3000
-run apt-get update && apt install -y libgexiv2-dev && rm -rf /var/lib/apt/lists/*
-workdir /opt/app
-copy --from=builder /opt/app/target/release/tempest-tmp /opt/app/tempest-tmp
-copy ./ui ./ui
-cmd /opt/app/tempest-tmp
--- a/Rocket.toml
+++ b/Rocket.toml
@ -1,5 +0,0 @@
-[global]
-limits.file = 150000000
-limits.form = 150000000
-limits.data-form = 150000000
-address = "0.0.0.0"
--- a/flake.lock
+++ b/flake.lock
@ -0,0 +1,94 @@
+{
+  "nodes": {
+    "naersk": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      },
+      "locked": {
+        "lastModified": 1679567394,
+        "narHash": "sha256-ZvLuzPeARDLiQUt6zSZFGOs+HZmE+3g4QURc8mkBsfM=",
+        "owner": "nix-community",
+        "repo": "naersk",
+        "rev": "88cd22380154a2c36799fe8098888f0f59861a15",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "naersk",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1684759798,
+        "narHash": "sha256-Kpbf5yKvKcj/yPqE1zYC6gju4JwTsYxTIZEvOII0jr4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "c7eb65213bd7d95eafb8c5e2e181f04da103d054",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1684759798,
+        "narHash": "sha256-Kpbf5yKvKcj/yPqE1zYC6gju4JwTsYxTIZEvOII0jr4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "c7eb65213bd7d95eafb8c5e2e181f04da103d054",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "naersk": "naersk",
+        "nixpkgs": "nixpkgs_2",
+        "utils": "utils"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1681202837,
+        "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "cfacdce06f30d2b68473a46042957675eebb3401",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
--- a/flake.nix
+++ b/flake.nix
@ -0,0 +1,85 @@
+{
+  inputs = {
+    utils.url = "github:numtide/flake-utils";
+    naersk.url = "github:nix-community/naersk";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+  };
+
+  outputs = { self, utils, naersk, nixpkgs }:
+    utils.lib.eachSystem [
+      "x86_64-linux"
+      "aarch64-linux"
+    ] (system:
+      let
+        pkgs = (import nixpkgs) {
+          inherit system;
+        };
+
+        naersk' = pkgs.callPackage naersk {};
+        
+      in {
+        packages = {
+          default = naersk'.buildPackage {
+            nativeBuildInputs = with pkgs; [ glib gexiv2 pkg-config ];
+            src = ./.;
+          };
+        };
+
+        # For `nix develop` (optional, can be skipped):
+        devShell = pkgs.mkShell {
+          nativeBuildInputs = with pkgs; [ rustc cargo ];
+        };
+      }
+    ) // {
+      nixosModule = {config, lib, pkgs, ... }:
+        with lib;
+        let cfg = config.ashe.services.tmpfiles;
+
+        in {
+          options.ashe.services.tmpfiles = {
+            enable = mkEnableOption "Enables the tmpfiles HTTP service";
+
+            port = mkOption rec {
+              type = types.int;
+              default = 8000;
+              example = default;
+              description = "The port for this service to listen on";
+
+            };
+
+            domain = mkOption rec {
+              type = types.str;
+              default = "files.tempest.dev";
+              example = default;
+              description = "The domain name for tmpfiles";
+            };
+          };
+
+          config = mkIf cfg.enable {
+            systemd.services."ashe.tmpfiles" = {
+              wantedBy = [ "multi-user.target" ];
+
+              serviceConfig = let pkg = self.packages.${pkgs.system}.default;
+              in {
+                Restart = "on-failure";
+                ExecStart = "${pkg}/bin/tempest-tmp";
+                DynamicUser = "yes";
+                StateDirectory = "ashe.tmpfiles";
+                StateDirectoryMode = "0700";
+                WorkingDirectory = "/var/lib/private/ashe.tmpfiles";
+                Environment = [
+                  "ROCKET_LIMITS={file=15000000,data-form=15000000,form=15000000}"
+                  "ROCKET_PORT=${toString cfg.port}"
+                ];
+              };
+            };
+
+            services.nginx.virtualHosts.${cfg.domain} = {
+              locations."/" = { proxyPass = "http://127.0.0.1:${toString cfg.port}"; };
+              forceSSL = true;
+              enableACME = true;
+            };
+          };
+        };
+    };
+}
--- a/src/main.rs
+++ b/src/main.rs
@ -68,8 +68,7 @@ async fn start(sessions : Sessions) {
            ui::login_unauthenticated,
            ui::style_file
        ])
-        .mount("/", FileServer::from(relative!("ui/")))
-        .mount("/~/", FileServer::from(relative!("uploads/")).rank(5))
+        .mount("/~/", FileServer::from(Path::new("uploads/")).rank(5))
        .launch();

    if let Err(e) = launch_result.await {
@ -122,4 +121,4 @@ async fn remove(arg : Option<String>) {
        .join("\n");

    fs::write("./data/shadow", updated).unwrap();
-}
+}
--- a/src/ui.rs
+++ b/src/ui.rs
@ -1,18 +1,18 @@
 use std::path::Path;

-use rocket::{fs::{NamedFile, relative}, response::Redirect};
+use rocket::response::{Redirect, content};

 use crate::sessions::{Session};

 #[get("/style.css")]
-pub async fn style_file() -> NamedFile {
-  NamedFile::open(Path::new(relative!("./ui/style.css"))).await.unwrap()
+pub async fn style_file() -> content::Css<&'static str> {
+  content::Css(include_str!("../ui/style.css"))
 }


 #[get("/", rank = 1)]
-pub async fn index_authenticated(_session : Session) -> NamedFile {
-  NamedFile::open(Path::new(relative!("./ui/index.html"))).await.unwrap()
+pub async fn index_authenticated(_session : Session) -> content::Html<&'static str> {
+  content::Html(include_str!("../ui/index.html"))
 }

 #[get("/", rank = 2)]
@ -22,11 +22,11 @@ pub async fn index_unauthenticated() -> Redirect {


 #[get("/login", rank = 2)]
-pub async fn login_unauthenticated() -> NamedFile {
-  NamedFile::open(Path::new(relative!("./ui/login.html"))).await.unwrap()
+pub async fn login_unauthenticated() -> content::Html<&'static str> {
+  content::Html(include_str!("../ui/login.html"))
 }

 #[get("/login", rank = 1)]
 pub async fn login_authenticated(_session : Session) -> Redirect{
  Redirect::temporary("/")
-}
+}