thohlt/archtika
1
0
Fork 0
mirror of https://github.com/thiloho/archtika.git synced 2025-11-22 02:41:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #26 from archtika/devel

Browse Source 
Refactoring
This commit is contained in:
Thilo Hohlt
2025-01-07 19:53:15 +01:00
committed by GitHub
parent 7d79d60132 d570fb6906
commit eba317f8de
13 changed files with 89 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/test.yml vendored
View File

@@ -23,7 +23,7 @@ jobs:
run: | run: |
wait_for_postgres() { wait_for_postgres() {
echo "Waiting for PostgreSQL to be ready..." echo "Waiting for PostgreSQL to be ready..."
while ! nix shell nixpkgs#postgresql_16 -c pg_isready -h localhost -p 15432 -U postgres; do while ! nix shell nixpkgs#postgresql_16 -c pg_isready -h 127.0.0.1 -p 15432 -U postgres; do
sleep 1 sleep 1
done done
echo "PostgreSQL is ready." echo "PostgreSQL is ready."
@@ -31,10 +31,10 @@ jobs:
wait_for_postgrest() { wait_for_postgrest() {
echo "Waiting for PostgREST to be live and ready..." echo "Waiting for PostgREST to be live and ready..."
while ! curl -s -I "http://localhost:3001/live" | grep "OK"; do while ! curl -s -I "http://127.0.0.1:3001/live" | grep "OK"; do
sleep 1 sleep 1
done done
while ! curl -s -I "http://localhost:3001/ready" | grep "OK"; do while ! curl -s -I "http://127.0.0.1:3001/ready" | grep "OK"; do
sleep 1 sleep 1
done done
echo "PostgREST is live and ready." echo "PostgREST is live and ready."

6
flake.lock generated
View File

@@ -2,11 +2,11 @@
"nodes": { "nodes": {
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1729256560, "lastModified": 1735471104,
"narHash": "sha256-/uilDXvCIEs3C9l73JTACm4quuHUsIHcns1c+cHUJwA=", "narHash": "sha256-0q9NGQySwDQc7RhAV2ukfnu7Gxa5/ybJ2ANT8DQrQrs=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "4c2fcb090b1f3e5b47eaa7bd33913b574a11e0a0", "rev": "88195a94f390381c6afcdaa933c2f6ff93959cb4",
"type": "github" "type": "github"
}, },
"original": { "original": {

43
flake.nix
View File

@@ -14,6 +14,8 @@
]; ];
forAllSystems = nixpkgs.lib.genAttrs allSystems; forAllSystems = nixpkgs.lib.genAttrs allSystems;
dbUrl = user: "postgres://${user}@127.0.0.1:15432/archtika";
in in
{ {
devShells = forAllSystems ( devShells = forAllSystems (
@@ -24,13 +26,13 @@
{ {
api = pkgs.mkShell { api = pkgs.mkShell {
packages = with pkgs; [ packages = with pkgs; [
postgresql_16 postgresql
postgrest postgrest
]; ];
shellHook = '' shellHook = ''
alias dbmate="${pkgs.dbmate}/bin/dbmate --no-dump-schema --url postgres://postgres@localhost:15432/archtika?sslmode=disable" alias dbmate="${pkgs.dbmate}/bin/dbmate --no-dump-schema --url ${dbUrl "postgres"}?sslmode=disable"
alias formatsql="${pkgs.pgformatter}/bin/pg_format -s 2 -f 2 -U 2 -i db/migrations/*.sql" alias formatsql="${pkgs.pgformatter}/bin/pg_format -s 2 -f 2 -U 2 -i db/migrations/*.sql"
alias dbconnect="${pkgs.postgresql_16}/bin/psql postgres://postgres@localhost:15432/archtika" alias dbconnect="${pkgs.postgresql_16}/bin/psql ${dbUrl "postgres"}"
''; '';
}; };
web = pkgs.mkShell { web = pkgs.mkShell {
@@ -65,19 +67,32 @@
{ {
api = { api = {
type = "app"; type = "app";
program = "${pkgs.writeShellScriptBin "api-setup" '' program =
JWT_SECRET=$(tr -dc 'A-Za-z0-9' < /dev/urandom | head -c64) let
WEBSITE_MAX_STORAGE_SIZE=100 settings = {
WEBSITE_MAX_NUMBER_USER=3 maxStorage = 100;
maxWebsites = 3;
};
jwtSecret = "BMlgCY9fEzmf7jhQpNnxlS6TM8E6xk2vS08C3ukm5LM2aTooaF5PfxT3o2K9uKzq";
in
"${pkgs.writeShellScriptBin "api-setup" ''
psql ${dbUrl "postgres"} \
-c "ALTER DATABASE archtika SET \"app.jwt_secret\" TO '${jwtSecret}'" \
-c "ALTER DATABASE archtika SET \"app.website_max_storage_size\" TO ${toString settings.maxStorage}" \
-c "ALTER DATABASE archtika SET \"app.website_max_number_user\" TO ${toString settings.maxWebsites}"
${pkgs.postgresql_16}/bin/psql postgres://postgres@localhost:15432/archtika -c "ALTER DATABASE archtika SET \"app.jwt_secret\" TO '$JWT_SECRET'" ${pkgs.dbmate}/bin/dbmate --no-dump-schema \
${pkgs.postgresql_16}/bin/psql postgres://postgres@localhost:15432/archtika -c "ALTER DATABASE archtika SET \"app.website_max_storage_size\" TO $WEBSITE_MAX_STORAGE_SIZE" --url ${dbUrl "postgres"}?sslmode=disable \
${pkgs.postgresql_16}/bin/psql postgres://postgres@localhost:15432/archtika -c "ALTER DATABASE archtika SET \"app.website_max_number_user\" TO $WEBSITE_MAX_NUMBER_USER" --migrations-dir ${self.outPath}/rest-api/db/migrations up
${pkgs.dbmate}/bin/dbmate --url postgres://postgres@localhost:15432/archtika?sslmode=disable --migrations-dir ${self.outPath}/rest-api/db/migrations up PGRST_ADMIN_SERVER_PORT=3001 \
PGRST_DB_SCHEMAS="api" \
PGRST_ADMIN_SERVER_PORT=3001 PGRST_DB_SCHEMAS="api" PGRST_DB_ANON_ROLE="anon" PGRST_OPENAPI_MODE="ignore-privileges" PGRST_DB_URI="postgres://authenticator@localhost:15432/archtika" PGRST_JWT_SECRET="$JWT_SECRET" ${pkgs.postgrest}/bin/postgrest PGRST_DB_ANON_ROLE="anon" \
''}/bin/api-setup"; PGRST_OPENAPI_MODE="ignore-privileges" \
PGRST_DB_URI="${dbUrl "authenticator"}" \
PGRST_JWT_SECRET="${jwtSecret}" \
${pkgs.postgrest}/bin/postgrest
''}/bin/api-setup";
}; };
} }
); );

24
nix/deploy/prod/default.nix
View File

@@ -1,4 +1,7 @@
{ pkgs, localArchtikaPackage, ... }: { pkgs, localArchtikaPackage, ... }:
let
domain = "demo.archtika.com";
in
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
@@ -6,19 +9,26 @@
../../module.nix ../../module.nix
]; ];
networking.hostName = "archtika-demo"; networking.hostName = "archtika-qs";
services.archtika = { services.archtika = {
enable = true; enable = true;
package = localArchtikaPackage; package = localArchtikaPackage;
domain = "demo.archtika.com"; inherit domain;
acmeEmail = "thilo.hohlt@tutanota.com";
dnsProvider = "porkbun";
dnsEnvironmentFile = /var/lib/porkbun.env;
settings = { settings = {
disableRegistration = true; disableRegistration = true;
maxWebsiteStorageSize = 50; };
maxUserWebsites = 2; };
security.acme = {
acceptTerms = true;
defaults.email = "thilo.hohlt@tutanota.com";
certs."${domain}" = {
inherit domain;
extraDomainNames = [ "*.${domain}" ];
dnsProvider = "porkbun";
environmentFile = /var/lib/porkbun.env;
group = "nginx";
}; };
}; };
} }

2
nix/deploy/qs/default.nix
View File

@@ -17,8 +17,6 @@ in
inherit domain; inherit domain;
settings = { settings = {
disableRegistration = true; disableRegistration = true;
maxWebsiteStorageSize = 50;
maxUserWebsites = 2;
}; };
}; };

5
nix/deploy/shared.nix
View File

@@ -32,7 +32,7 @@
users = { users = {
root = { root = {
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFE42q8e7egSSTs4YJo8vQFDbRWqrGTQkR1weq8nT0Zx thiloho@pc" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlDyJt72c/mxyN9cujc081J3uzWCyKtr4k2faBtgldD thiloho@pc"
]; ];
hashedPassword = "$y$j9T$MuWDs5Ind6VPEM78u5VTy/$XAuRCaOPtS/8Vj8XgpxB/XX2ygftNLql2VrFWcC/sq7"; hashedPassword = "$y$j9T$MuWDs5Ind6VPEM78u5VTy/$XAuRCaOPtS/8Vj8XgpxB/XX2ygftNLql2VrFWcC/sq7";
}; };
@@ -44,8 +44,7 @@
]; ];
hashedPassword = "$y$j9T$Y0ffzVb7wrZSdCKbiYHin0$oahgfFqH/Eep6j6f4iKPETEfGZSOkgu74UT2eyG2uI1"; hashedPassword = "$y$j9T$Y0ffzVb7wrZSdCKbiYHin0$oahgfFqH/Eep6j6f4iKPETEfGZSOkgu74UT2eyG2uI1";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBj6+r+vMXJyy5wvQTLyfd2rIw62WCg9eIpwsciHg4ym thiloho@pc" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlDyJt72c/mxyN9cujc081J3uzWCyKtr4k2faBtgldD thiloho@pc"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIgfOa8N46PBUO2gj8UeyrV0R+MRZFnJqUzG132UjaFS thiloho@laptop"
]; ];
}; };
}; };

30
nix/dev-vm.nix
View File

@@ -20,9 +20,20 @@
password = "dev"; password = "dev";
}; };
systemd.tmpfiles.rules = [ "d /var/www/archtika-websites 0777 root root -" ]; systemd.tmpfiles.settings = {
"10-archtika" = {
"/var/www/archtika-websites" = {
d = {
mode = "0777";
user = "root";
group = "root";
};
};
};
};
virtualisation = { virtualisation = {
msize = 65536;
graphics = false; graphics = false;
memorySize = 2048; memorySize = 2048;
cores = 2; cores = 2;
@@ -51,23 +62,13 @@
services = { services = {
postgresql = { postgresql = {
enable = true; enable = true;
package = pkgs.postgresql_16;
/*
PL/Perl:
overrideAttrs (
finalAttrs: previousAttrs: {
buildInputs = previousAttrs.buildInputs ++ [ pkgs.perl ];
configureFlags = previousAttrs.configureFlags ++ [ "--with-perl" ];
}
);
*/
ensureDatabases = [ "archtika" ]; ensureDatabases = [ "archtika" ];
authentication = lib.mkForce '' authentication = lib.mkForce ''
local all all trust local all all trust
host all all all trust host all all all trust
''; '';
enableTCPIP = true; enableTCPIP = true;
extraPlugins = with pkgs.postgresql16Packages; [ pgjwt ]; extensions = ps: with ps; [ pgjwt ];
}; };
nginx = { nginx = {
enable = true; enable = true;
@@ -105,10 +106,13 @@
systemd.services.postgresql = { systemd.services.postgresql = {
path = with pkgs; [ path = with pkgs; [
# Tar and gzip are needed for tar.gz exports
gnutar gnutar
gzip gzip
]; ];
serviceConfig = {
ReadWritePaths = [ "/var/www/archtika-websites" ];
};
}; };
services.getty.autologinUser = "dev"; services.getty.autologinUser = "dev";

2
nix/docker.nix
View File

@@ -26,7 +26,7 @@ pkgs.dockerTools.buildLayeredImage {
contents = [ contents = [
archtika archtika
entrypoint entrypoint
pkgs.postgresql_16 pkgs.postgresql
pkgs.nginx pkgs.nginx
pkgs.acme-sh pkgs.acme-sh
pkgs.bash pkgs.bash

15
nix/module.nix
View File

@@ -162,7 +162,6 @@ in
Group = cfg.group; Group = cfg.group;
Restart = "always"; Restart = "always";
WorkingDirectory = "${cfg.package}/rest-api"; WorkingDirectory = "${cfg.package}/rest-api";
RestrictAddressFamilies = [ RestrictAddressFamilies = [
"AF_INET" "AF_INET"
"AF_INET6" "AF_INET6"
@@ -177,14 +176,14 @@ in
"postgres://${user}@127.0.0.1:${toString config.services.postgresql.settings.port}/${cfg.databaseName}"; "postgres://${user}@127.0.0.1:${toString config.services.postgresql.settings.port}/${cfg.databaseName}";
in in
'' ''
JWT_SECRET=$(tr -dc "A-Za-z0-9" < /dev/urandom | head -c64) JWT_SECRET=$(tr -dc 'A-Za-z0-9' < /dev/urandom | head -c64)
psql ${dbUrl "postgres"} \ psql ${dbUrl "postgres"} \
-c "ALTER DATABASE ${cfg.databaseName} SET \"app.jwt_secret\" TO '$JWT_SECRET'" \ -c "ALTER DATABASE ${cfg.databaseName} SET \"app.jwt_secret\" TO '$JWT_SECRET'" \
-c "ALTER DATABASE ${cfg.databaseName} SET \"app.website_max_storage_size\" TO ${toString cfg.settings.maxWebsiteStorageSize}" \ -c "ALTER DATABASE ${cfg.databaseName} SET \"app.website_max_storage_size\" TO ${toString cfg.settings.maxWebsiteStorageSize}" \
-c "ALTER DATABASE ${cfg.databaseName} SET \"app.website_max_number_user\" TO ${toString cfg.settings.maxUserWebsites}" -c "ALTER DATABASE ${cfg.databaseName} SET \"app.website_max_number_user\" TO ${toString cfg.settings.maxUserWebsites}"
dbmate --url ${dbUrl "postgres"}?sslmode=disable --migrations-dir ${cfg.package}/rest-api/db/migrations up ${pkgs.dbmate}/bin/dbmate --url ${dbUrl "postgres"}?sslmode=disable --migrations-dir ${cfg.package}/rest-api/db/migrations up
PGRST_SERVER_CORS_ALLOWED_ORIGINS="https://${cfg.domain}" \ PGRST_SERVER_CORS_ALLOWED_ORIGINS="https://${cfg.domain}" \
PGRST_ADMIN_SERVER_PORT=${toString cfg.apiAdminPort} \ PGRST_ADMIN_SERVER_PORT=${toString cfg.apiAdminPort} \
@@ -208,7 +207,6 @@ in
Group = cfg.group; Group = cfg.group;
Restart = "always"; Restart = "always";
WorkingDirectory = "${cfg.package}/web-app"; WorkingDirectory = "${cfg.package}/web-app";
RestrictAddressFamilies = [ RestrictAddressFamilies = [
"AF_INET" "AF_INET"
"AF_INET6" "AF_INET6"
@@ -236,8 +234,13 @@ in
extensions = ps: with ps; [ pgjwt ]; extensions = ps: with ps; [ pgjwt ];
}; };
systemd.services.postgresql.path = builtins.attrValues { systemd.services.postgresql = {
inherit (pkgs) gnutar gzip; path = builtins.attrValues {
inherit (pkgs) gnutar gzip;
};
serviceConfig = {
ReadWritePaths = [ "/var/www/archtika-websites" ];
};
}; };
services.nginx = { services.nginx = {

2
web-app/package.json
View File

@@ -11,7 +11,7 @@
"check:watch": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json --watch", "check:watch": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json --watch",
"lint": "prettier --check . && eslint .", "lint": "prettier --check . && eslint .",
"format": "prettier --write .", "format": "prettier --write .",
"gents": "pg-to-ts generate -c postgres://postgres@localhost:15432/archtika -o src/lib/db-schema.ts -s internal --datesAsStrings" "gents": "pg-to-ts generate -c postgres://postgres@127.0.0.1:15432/archtika -o src/lib/db-schema.ts -s internal --datesAsStrings"
}, },
"devDependencies": { "devDependencies": {
"@playwright/test": "1.47.0", "@playwright/test": "1.47.0",

2
web-app/src/lib/db-schema.ts
View File

@@ -5,7 +5,7 @@
* AUTO-GENERATED FILE - DO NOT EDIT! * AUTO-GENERATED FILE - DO NOT EDIT!
* *
* This file was automatically generated by pg-to-ts v.4.1.1 * This file was automatically generated by pg-to-ts v.4.1.1
* $ pg-to-ts generate -c postgres://username:password@localhost:15432/archtika -t article -t change_log -t collab -t docs_category -t footer -t header -t home -t media -t settings -t user -t website -s internal * $ pg-to-ts generate -c postgres://username:password@127.0.0.1:15432/archtika -t article -t change_log -t collab -t docs_category -t footer -t header -t home -t media -t settings -t user -t website -s internal
* *
*/ */

4
web-app/src/lib/server/utils.ts
View File

@@ -1,8 +1,8 @@
import { dev } from "$app/environment"; import { dev } from "$app/environment";
export const API_BASE_PREFIX = dev export const API_BASE_PREFIX = dev
? "http://localhost:3000" ? "http://127.0.0.1:3000"
: `${process.env.ORIGIN ? `${process.env.ORIGIN}/api` : "http://localhost:3000"}`; : `${process.env.ORIGIN ? `${process.env.ORIGIN}/api` : "http://127.0.0.1:3000"}`;
export const REGISTRATION_IS_DISABLED = dev export const REGISTRATION_IS_DISABLED = dev
? false ? false

8
web-app/src/routes/(authenticated)/website/[websiteId]/publish/+page.server.ts
View File

@@ -98,17 +98,17 @@ const generateStaticFiles = async (
) => { ) => {
const websitePreviewUrl = `${ const websitePreviewUrl = `${
dev dev
? "http://localhost:18000" ? "http://127.0.0.1:18000"
: process.env.ORIGIN : process.env.ORIGIN
? process.env.ORIGIN ? process.env.ORIGIN
: "http://localhost:18000" : "http://127.0.0.1:18000"
}/previews/${websiteData.id}/`; }/previews/${websiteData.id}/`;
const websiteProdUrl = dev const websiteProdUrl = dev
? `http://localhost:18000/${websiteData.user.username}/${websiteData.slug}` ? `http://127.0.0.1:18000/${websiteData.user.username}/${websiteData.slug}`
: process.env.ORIGIN : process.env.ORIGIN
? `${process.env.ORIGIN.replace("//", `//${websiteData.user.username}.`)}/${websiteData.slug}` ? `${process.env.ORIGIN.replace("//", `//${websiteData.user.username}.`)}/${websiteData.slug}`
: `http://localhost:18000/${websiteData.user.username}/${websiteData.slug}`; : `http://127.0.0.1:18000/${websiteData.user.username}/${websiteData.slug}`;
const fileContents = (head: string, body: string) => { const fileContents = (head: string, body: string) => {
return ` return `