From fba3aef8aa9fa7bb52a5608db0d11e31c38f716f Mon Sep 17 00:00:00 2001 From: thiloho <123883702+thiloho@users.noreply.github.com> Date: Wed, 29 Jan 2025 19:53:38 +0100 Subject: [PATCH 1/2] Update nix module, add resizing to WebsiteEditor and make preview load without JS --- .github/workflows/test.yml | 2 +- nix/deploy/prod/default.nix | 5 +- nix/module.nix | 69 ++++++++----------- .../src/lib/components/WebsiteEditor.svelte | 8 ++- 4 files changed, 38 insertions(+), 46 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 44eea8f..dc2aca9 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -23,7 +23,7 @@ jobs: run: | wait_for_postgres() { echo "Waiting for PostgreSQL to be ready..." - while ! nix shell nixpkgs#postgresql_16 -c pg_isready -h 127.0.0.1 -p 15432 -U postgres; do + while ! nix shell nixpkgs#postgresql -c pg_isready -h 127.0.0.1 -p 15432 -U postgres; do sleep 1 done echo "PostgreSQL is ready." diff --git a/nix/deploy/prod/default.nix b/nix/deploy/prod/default.nix index 1a6616d..9a5ebc4 100644 --- a/nix/deploy/prod/default.nix +++ b/nix/deploy/prod/default.nix @@ -27,7 +27,10 @@ in defaults.email = "thilo.hohlt@tutanota.com"; certs."${domain}" = { inherit domain; - extraDomainNames = [ "*.${domain}" docsSubdomain ]; + extraDomainNames = [ + "*.${domain}" + docsSubdomain + ]; dnsProvider = "porkbun"; environmentFile = /var/lib/porkbun.env; group = "nginx"; diff --git a/nix/module.nix b/nix/module.nix index 9397df2..9d3089c 100644 --- a/nix/module.nix +++ b/nix/module.nix @@ -69,7 +69,7 @@ in disableRegistration = mkOption { type = types.bool; default = false; - description = "By default any user can create an account. That behavior can be disabled by using this option."; + description = "By default any user can create an account. That behavior can be disabled with this option."; }; maxUserWebsites = mkOption { type = types.ints.positive; @@ -128,21 +128,19 @@ in ]; }; - systemd.tmpfiles.settings = { - "10-archtika" = { - "/var/www" = { - d = { - mode = "0755"; - user = "root"; - group = "root"; - }; + systemd.tmpfiles.settings."10-archtika" = { + "/var/www" = { + d = { + mode = "0755"; + user = "root"; + group = "root"; }; - "/var/www/archtika-websites" = { - d = { - mode = "0770"; - user = cfg.user; - group = cfg.group; - }; + }; + "/var/www/archtika-websites" = { + d = { + mode = "0770"; + user = cfg.user; + group = cfg.group; }; }; }; @@ -171,9 +169,7 @@ in script = let - dbUrl = - user: - "postgres://${user}@127.0.0.1:${toString config.services.postgresql.settings.port}/${cfg.databaseName}"; + dbUrl = user: "postgres://${user}@/${cfg.databaseName}?host=/var/run/postgresql"; in '' JWT_SECRET=$(tr -dc 'A-Za-z0-9' < /dev/urandom | head -c64) @@ -183,7 +179,7 @@ in -c "ALTER DATABASE ${cfg.databaseName} SET \"app.website_max_storage_size\" TO ${toString cfg.settings.maxWebsiteStorageSize}" \ -c "ALTER DATABASE ${cfg.databaseName} SET \"app.website_max_number_user\" TO ${toString cfg.settings.maxUserWebsites}" - ${pkgs.dbmate}/bin/dbmate --url ${dbUrl "postgres"}?sslmode=disable --migrations-dir ${cfg.package}/rest-api/db/migrations up + ${lib.getExe pkgs.dbmate} --url ${dbUrl "postgres"}?sslmode=disable --migrations-dir ${cfg.package}/rest-api/db/migrations up PGRST_SERVER_CORS_ALLOWED_ORIGINS="https://${cfg.domain}" \ PGRST_ADMIN_SERVER_PORT=${toString cfg.apiAdminPort} \ @@ -193,7 +189,7 @@ in PGRST_OPENAPI_MODE="ignore-privileges" \ PGRST_DB_URI=${dbUrl "authenticator"} \ PGRST_JWT_SECRET="$JWT_SECRET" \ - ${pkgs.postgrest}/bin/postgrest + ${lib.getExe pkgs.postgrest} ''; }; @@ -220,24 +216,20 @@ in PORT = toString cfg.webAppPort; }; - script = "${pkgs.nodejs_22}/bin/node ${cfg.package}/web-app"; + script = "${lib.getExe pkgs.nodejs_22} ${cfg.package}/web-app"; }; services.postgresql = { enable = true; ensureDatabases = [ cfg.databaseName ]; - authentication = lib.mkOverride 51 '' - host all all 127.0.0.1/32 trust - host all all ::1/128 trust - local all all trust - ''; extensions = ps: with ps; [ pgjwt ]; }; systemd.services.postgresql = { - path = builtins.attrValues { - inherit (pkgs) gnutar gzip; - }; + path = with pkgs; [ + gnutar + gzip + ]; serviceConfig = { ReadWritePaths = [ "/var/www/archtika-websites" ]; SystemCallFilter = [ "@system-service" ]; @@ -251,23 +243,16 @@ in recommendedZstdSettings = true; recommendedOptimisation = true; - appendHttpConfig = '' - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Content-Type-Options "nosniff" always; - add_header Referrer-Policy "strict-origin-when-cross-origin" always; - add_header Permissions-Policy "accelerometer=(),autoplay=(),camera=(),cross-origin-isolated=(),display-capture=(),encrypted-media=(),fullscreen=(self),geolocation=(),gyroscope=(),keyboard-map=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(self),publickey-credentials-get=(),screen-wake-lock=(),sync-xhr=(self),usb=(),xr-spatial-tracking=(),clipboard-read=(self),clipboard-write=(self),gamepad=(),hid=(),idle-detection=(),interest-cohort=(),serial=(),unload=()" always; - - map $http_cookie $auth_header { - default ""; - "~*session_token=([^;]+)" "Bearer $1"; - } - ''; - virtualHosts = { "${cfg.domain}" = { useACMEHost = cfg.domain; forceSSL = true; + extraConfig = '' + map $http_cookie $auth_header { + default ""; + "~*session_token=([^;]+)" "Bearer $1"; + } + ''; locations = { "/" = { proxyPass = "http://127.0.0.1:${toString cfg.webAppPort}"; diff --git a/web-app/src/lib/components/WebsiteEditor.svelte b/web-app/src/lib/components/WebsiteEditor.svelte index cbecd43..e0f15ed 100644 --- a/web-app/src/lib/components/WebsiteEditor.svelte +++ b/web-app/src/lib/components/WebsiteEditor.svelte @@ -3,6 +3,7 @@ import { md } from "$lib/utils"; import { page } from "$app/stores"; import { previewContent, textareaScrollTop } from "$lib/runes.svelte"; + import { browser } from "$app/environment"; const { id, @@ -57,14 +58,14 @@
{#if fullPreview} - {#if !iframeLoaded} + {#if !iframeLoaded && browser}

Loading preview...

{/if} {:else} {@html md( @@ -131,6 +132,9 @@ .operations { padding-block-start: var(--space-s); + resize: horizontal; + min-inline-size: 100%; + max-inline-size: calc(1536px - 320px); } .preview { From c97347e7605eda29070651a66cb5cab68f7c72d5 Mon Sep 17 00:00:00 2001 From: thiloho <123883702+thiloho@users.noreply.github.com> Date: Thu, 30 Jan 2025 00:16:50 +0100 Subject: [PATCH 2/2] Update Nix module --- flake.nix | 2 +- nix/module.nix | 22 +++++++++++++--------- 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/flake.nix b/flake.nix index 303b6e1..711b492 100644 --- a/flake.nix +++ b/flake.nix @@ -36,7 +36,7 @@ ''; }; web = pkgs.mkShell { - packages = with pkgs; [ nodejs_22 ]; + packages = with pkgs; [ nodejs ]; shellHook = '' export PLAYWRIGHT_BROWSERS_PATH=${pkgs.playwright-driver.browsers} export PLAYWRIGHT_SKIP_VALIDATE_HOST_REQUIREMENTS=true diff --git a/nix/module.nix b/nix/module.nix index 9d3089c..14b8e43 100644 --- a/nix/module.nix +++ b/nix/module.nix @@ -179,7 +179,7 @@ in -c "ALTER DATABASE ${cfg.databaseName} SET \"app.website_max_storage_size\" TO ${toString cfg.settings.maxWebsiteStorageSize}" \ -c "ALTER DATABASE ${cfg.databaseName} SET \"app.website_max_number_user\" TO ${toString cfg.settings.maxUserWebsites}" - ${lib.getExe pkgs.dbmate} --url ${dbUrl "postgres"}?sslmode=disable --migrations-dir ${cfg.package}/rest-api/db/migrations up + ${lib.getExe pkgs.dbmate} --url "${dbUrl "postgres"}&sslmode=disable" --migrations-dir ${cfg.package}/rest-api/db/migrations up PGRST_SERVER_CORS_ALLOWED_ORIGINS="https://${cfg.domain}" \ PGRST_ADMIN_SERVER_PORT=${toString cfg.apiAdminPort} \ @@ -216,13 +216,16 @@ in PORT = toString cfg.webAppPort; }; - script = "${lib.getExe pkgs.nodejs_22} ${cfg.package}/web-app"; + script = "${lib.getExe pkgs.nodejs} ${cfg.package}/web-app"; }; services.postgresql = { enable = true; ensureDatabases = [ cfg.databaseName ]; extensions = ps: with ps; [ pgjwt ]; + authentication = lib.mkOverride 11 '' + local all all trust + ''; }; systemd.services.postgresql = { @@ -243,16 +246,17 @@ in recommendedZstdSettings = true; recommendedOptimisation = true; + appendHttpConfig = '' + map $http_cookie $archtika_auth_header { + default ""; + "~*session_token=([^;]+)" "Bearer $1"; + } + ''; + virtualHosts = { "${cfg.domain}" = { useACMEHost = cfg.domain; forceSSL = true; - extraConfig = '' - map $http_cookie $auth_header { - default ""; - "~*session_token=([^;]+)" "Bearer $1"; - } - ''; locations = { "/" = { proxyPass = "http://127.0.0.1:${toString cfg.webAppPort}"; @@ -266,7 +270,7 @@ in proxyPass = "http://127.0.0.1:${toString cfg.apiPort}/rpc/export_articles_zip"; extraConfig = '' default_type application/json; - proxy_set_header Authorization $auth_header; + proxy_set_header Authorization $archtika_auth_header; ''; }; "/api/" = {