Merge pull request #26 from archtika/devel

Refactoring
2025-11-22 02:41:35 +01:00 · 2025-01-07 19:53:15 +01:00
parent 7d79d60132 d570fb6906
commit eba317f8de
13 changed files with 89 additions and 60 deletions
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -23,7 +23,7 @@ jobs:
      run: |
        wait_for_postgres() {
          echo "Waiting for PostgreSQL to be ready..."
-          while ! nix shell nixpkgs#postgresql_16 -c pg_isready -h localhost -p 15432 -U postgres; do
+          while ! nix shell nixpkgs#postgresql_16 -c pg_isready -h 127.0.0.1 -p 15432 -U postgres; do
            sleep 1
          done
          echo "PostgreSQL is ready."
@@ -31,10 +31,10 @@ jobs:

        wait_for_postgrest() {
          echo "Waiting for PostgREST to be live and ready..."
-          while ! curl -s -I "http://localhost:3001/live" | grep "OK"; do
+          while ! curl -s -I "http://127.0.0.1:3001/live" | grep "OK"; do
            sleep 1
          done
-          while ! curl -s -I "http://localhost:3001/ready" | grep "OK"; do
+          while ! curl -s -I "http://127.0.0.1:3001/ready" | grep "OK"; do
            sleep 1
          done
          echo "PostgREST is live and ready."
--- a/flake.lock
+++ b/flake.lock
@@ -2,11 +2,11 @@
  "nodes": {
    "nixpkgs": {
      "locked": {
-        "lastModified": 1729256560,
-        "narHash": "sha256-/uilDXvCIEs3C9l73JTACm4quuHUsIHcns1c+cHUJwA=",
+        "lastModified": 1735471104,
+        "narHash": "sha256-0q9NGQySwDQc7RhAV2ukfnu7Gxa5/ybJ2ANT8DQrQrs=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "4c2fcb090b1f3e5b47eaa7bd33913b574a11e0a0",
+        "rev": "88195a94f390381c6afcdaa933c2f6ff93959cb4",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -14,6 +14,8 @@
      ];

      forAllSystems = nixpkgs.lib.genAttrs allSystems;
+
+      dbUrl = user: "postgres://${user}@127.0.0.1:15432/archtika";
    in
    {
      devShells = forAllSystems (
@@ -24,13 +26,13 @@
        {
          api = pkgs.mkShell {
            packages = with pkgs; [
-              postgresql_16
+              postgresql
              postgrest
            ];
            shellHook = ''
-              alias dbmate="${pkgs.dbmate}/bin/dbmate --no-dump-schema --url postgres://postgres@localhost:15432/archtika?sslmode=disable"
+              alias dbmate="${pkgs.dbmate}/bin/dbmate --no-dump-schema --url ${dbUrl "postgres"}?sslmode=disable"
              alias formatsql="${pkgs.pgformatter}/bin/pg_format -s 2 -f 2 -U 2 -i db/migrations/*.sql"
-              alias dbconnect="${pkgs.postgresql_16}/bin/psql postgres://postgres@localhost:15432/archtika"
+              alias dbconnect="${pkgs.postgresql_16}/bin/psql ${dbUrl "postgres"}"
            '';
          };
          web = pkgs.mkShell {
@@ -65,19 +67,32 @@
        {
          api = {
            type = "app";
-            program = "${pkgs.writeShellScriptBin "api-setup" ''
-              JWT_SECRET=$(tr -dc 'A-Za-z0-9' < /dev/urandom | head -c64)
-              WEBSITE_MAX_STORAGE_SIZE=100
-              WEBSITE_MAX_NUMBER_USER=3
+            program =
+              let
+                settings = {
+                  maxStorage = 100;
+                  maxWebsites = 3;
+                };
+                jwtSecret = "BMlgCY9fEzmf7jhQpNnxlS6TM8E6xk2vS08C3ukm5LM2aTooaF5PfxT3o2K9uKzq";
+              in
+              "${pkgs.writeShellScriptBin "api-setup" ''
+                psql ${dbUrl "postgres"} \
+                  -c "ALTER DATABASE archtika SET \"app.jwt_secret\" TO '${jwtSecret}'" \
+                  -c "ALTER DATABASE archtika SET \"app.website_max_storage_size\" TO ${toString settings.maxStorage}" \
+                  -c "ALTER DATABASE archtika SET \"app.website_max_number_user\" TO ${toString settings.maxWebsites}"

-              ${pkgs.postgresql_16}/bin/psql postgres://postgres@localhost:15432/archtika -c "ALTER DATABASE archtika SET \"app.jwt_secret\" TO '$JWT_SECRET'"
-              ${pkgs.postgresql_16}/bin/psql postgres://postgres@localhost:15432/archtika -c "ALTER DATABASE archtika SET \"app.website_max_storage_size\" TO $WEBSITE_MAX_STORAGE_SIZE"
-              ${pkgs.postgresql_16}/bin/psql postgres://postgres@localhost:15432/archtika -c "ALTER DATABASE archtika SET \"app.website_max_number_user\" TO $WEBSITE_MAX_NUMBER_USER"
+                ${pkgs.dbmate}/bin/dbmate --no-dump-schema \
+                  --url ${dbUrl "postgres"}?sslmode=disable \
+                  --migrations-dir ${self.outPath}/rest-api/db/migrations up

-              ${pkgs.dbmate}/bin/dbmate --url postgres://postgres@localhost:15432/archtika?sslmode=disable --migrations-dir ${self.outPath}/rest-api/db/migrations up
-
-              PGRST_ADMIN_SERVER_PORT=3001 PGRST_DB_SCHEMAS="api" PGRST_DB_ANON_ROLE="anon" PGRST_OPENAPI_MODE="ignore-privileges" PGRST_DB_URI="postgres://authenticator@localhost:15432/archtika" PGRST_JWT_SECRET="$JWT_SECRET" ${pkgs.postgrest}/bin/postgrest
-            ''}/bin/api-setup";
+                PGRST_ADMIN_SERVER_PORT=3001 \
+                PGRST_DB_SCHEMAS="api" \
+                PGRST_DB_ANON_ROLE="anon" \
+                PGRST_OPENAPI_MODE="ignore-privileges" \
+                PGRST_DB_URI="${dbUrl "authenticator"}" \
+                PGRST_JWT_SECRET="${jwtSecret}" \
+                ${pkgs.postgrest}/bin/postgrest
+              ''}/bin/api-setup";
          };
        }
      );
--- a/nix/deploy/prod/default.nix
+++ b/nix/deploy/prod/default.nix
@@ -1,4 +1,7 @@
 { pkgs, localArchtikaPackage, ... }:
+let
+  domain = "demo.archtika.com";
+in
 {
  imports = [
    ./hardware-configuration.nix
@@ -6,19 +9,26 @@
    ../../module.nix
  ];

-  networking.hostName = "archtika-demo";
+  networking.hostName = "archtika-qs";

  services.archtika = {
    enable = true;
    package = localArchtikaPackage;
-    domain = "demo.archtika.com";
-    acmeEmail = "thilo.hohlt@tutanota.com";
-    dnsProvider = "porkbun";
-    dnsEnvironmentFile = /var/lib/porkbun.env;
+    inherit domain;
    settings = {
      disableRegistration = true;
-      maxWebsiteStorageSize = 50;
-      maxUserWebsites = 2;
+    };
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "thilo.hohlt@tutanota.com";
+    certs."${domain}" = {
+      inherit domain;
+      extraDomainNames = [ "*.${domain}" ];
+      dnsProvider = "porkbun";
+      environmentFile = /var/lib/porkbun.env;
+      group = "nginx";
    };
  };
 }
--- a/nix/deploy/qs/default.nix
+++ b/nix/deploy/qs/default.nix
@@ -17,8 +17,6 @@ in
    inherit domain;
    settings = {
      disableRegistration = true;
-      maxWebsiteStorageSize = 50;
-      maxUserWebsites = 2;
    };
  };

--- a/nix/deploy/shared.nix
+++ b/nix/deploy/shared.nix
@@ -32,7 +32,7 @@
    users = {
      root = {
        openssh.authorizedKeys.keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFE42q8e7egSSTs4YJo8vQFDbRWqrGTQkR1weq8nT0Zx thiloho@pc"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlDyJt72c/mxyN9cujc081J3uzWCyKtr4k2faBtgldD thiloho@pc"
        ];
        hashedPassword = "$y$j9T$MuWDs5Ind6VPEM78u5VTy/$XAuRCaOPtS/8Vj8XgpxB/XX2ygftNLql2VrFWcC/sq7";
      };
@@ -44,8 +44,7 @@
        ];
        hashedPassword = "$y$j9T$Y0ffzVb7wrZSdCKbiYHin0$oahgfFqH/Eep6j6f4iKPETEfGZSOkgu74UT2eyG2uI1";
        openssh.authorizedKeys.keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBj6+r+vMXJyy5wvQTLyfd2rIw62WCg9eIpwsciHg4ym thiloho@pc"
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIgfOa8N46PBUO2gj8UeyrV0R+MRZFnJqUzG132UjaFS thiloho@laptop"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlDyJt72c/mxyN9cujc081J3uzWCyKtr4k2faBtgldD thiloho@pc"
        ];
      };
    };
--- a/nix/dev-vm.nix
+++ b/nix/dev-vm.nix
@@ -20,9 +20,20 @@
    password = "dev";
  };

-  systemd.tmpfiles.rules = [ "d /var/www/archtika-websites 0777 root root -" ];
+  systemd.tmpfiles.settings = {
+    "10-archtika" = {
+      "/var/www/archtika-websites" = {
+        d = {
+          mode = "0777";
+          user = "root";
+          group = "root";
+        };
+      };
+    };
+  };

  virtualisation = {
+    msize = 65536;
    graphics = false;
    memorySize = 2048;
    cores = 2;
@@ -51,23 +62,13 @@
  services = {
    postgresql = {
      enable = true;
-      package = pkgs.postgresql_16;
-      /*
-        PL/Perl:
-        overrideAttrs (
-          finalAttrs: previousAttrs: {
-            buildInputs = previousAttrs.buildInputs ++ [ pkgs.perl ];
-            configureFlags = previousAttrs.configureFlags ++ [ "--with-perl" ];
-          }
-        );
-      */
      ensureDatabases = [ "archtika" ];
      authentication = lib.mkForce ''
        local all all trust
        host all all all trust
      '';
      enableTCPIP = true;
-      extraPlugins = with pkgs.postgresql16Packages; [ pgjwt ];
+      extensions = ps: with ps; [ pgjwt ];
    };
    nginx = {
      enable = true;
@@ -105,10 +106,13 @@

  systemd.services.postgresql = {
    path = with pkgs; [
-      # Tar and gzip are needed for tar.gz exports
      gnutar
      gzip
    ];
+
+    serviceConfig = {
+      ReadWritePaths = [ "/var/www/archtika-websites" ];
+    };
  };

  services.getty.autologinUser = "dev";
--- a/nix/docker.nix
+++ b/nix/docker.nix
@@ -26,7 +26,7 @@ pkgs.dockerTools.buildLayeredImage {
  contents = [
    archtika
    entrypoint
-    pkgs.postgresql_16
+    pkgs.postgresql
    pkgs.nginx
    pkgs.acme-sh
    pkgs.bash
--- a/nix/module.nix
+++ b/nix/module.nix
@@ -162,7 +162,6 @@ in
          Group = cfg.group;
          Restart = "always";
          WorkingDirectory = "${cfg.package}/rest-api";
-
          RestrictAddressFamilies = [
            "AF_INET"
            "AF_INET6"
@@ -177,14 +176,14 @@ in
              "postgres://${user}@127.0.0.1:${toString config.services.postgresql.settings.port}/${cfg.databaseName}";
          in
          ''
-            JWT_SECRET=$(tr -dc "A-Za-z0-9" < /dev/urandom | head -c64)
+            JWT_SECRET=$(tr -dc 'A-Za-z0-9' < /dev/urandom | head -c64)

            psql ${dbUrl "postgres"} \
              -c "ALTER DATABASE ${cfg.databaseName} SET \"app.jwt_secret\" TO '$JWT_SECRET'" \
              -c "ALTER DATABASE ${cfg.databaseName} SET \"app.website_max_storage_size\" TO ${toString cfg.settings.maxWebsiteStorageSize}" \
              -c "ALTER DATABASE ${cfg.databaseName} SET \"app.website_max_number_user\" TO ${toString cfg.settings.maxUserWebsites}"

-            dbmate --url ${dbUrl "postgres"}?sslmode=disable --migrations-dir ${cfg.package}/rest-api/db/migrations up
+            ${pkgs.dbmate}/bin/dbmate --url ${dbUrl "postgres"}?sslmode=disable --migrations-dir ${cfg.package}/rest-api/db/migrations up

            PGRST_SERVER_CORS_ALLOWED_ORIGINS="https://${cfg.domain}" \
            PGRST_ADMIN_SERVER_PORT=${toString cfg.apiAdminPort} \
@@ -208,7 +207,6 @@ in
          Group = cfg.group;
          Restart = "always";
          WorkingDirectory = "${cfg.package}/web-app";
-
          RestrictAddressFamilies = [
            "AF_INET"
            "AF_INET6"
@@ -236,8 +234,13 @@ in
        extensions = ps: with ps; [ pgjwt ];
      };

-      systemd.services.postgresql.path = builtins.attrValues {
-        inherit (pkgs) gnutar gzip;
+      systemd.services.postgresql = {
+        path = builtins.attrValues {
+          inherit (pkgs) gnutar gzip;
+        };
+        serviceConfig = {
+          ReadWritePaths = [ "/var/www/archtika-websites" ];
+        };
      };

      services.nginx = {
--- a/web-app/package.json
+++ b/web-app/package.json
@@ -11,7 +11,7 @@
    "check:watch": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json --watch",
    "lint": "prettier --check . && eslint .",
    "format": "prettier --write .",
-    "gents": "pg-to-ts generate -c postgres://postgres@localhost:15432/archtika -o src/lib/db-schema.ts -s internal --datesAsStrings"
+    "gents": "pg-to-ts generate -c postgres://postgres@127.0.0.1:15432/archtika -o src/lib/db-schema.ts -s internal --datesAsStrings"
  },
  "devDependencies": {
    "@playwright/test": "1.47.0",
--- a/web-app/src/lib/db-schema.ts
+++ b/web-app/src/lib/db-schema.ts
@@ -5,7 +5,7 @@
 * AUTO-GENERATED FILE - DO NOT EDIT!
 *
 * This file was automatically generated by pg-to-ts v.4.1.1
- * $ pg-to-ts generate -c postgres://username:password@localhost:15432/archtika -t article -t change_log -t collab -t docs_category -t footer -t header -t home -t media -t settings -t user -t website -s internal
+ * $ pg-to-ts generate -c postgres://username:password@127.0.0.1:15432/archtika -t article -t change_log -t collab -t docs_category -t footer -t header -t home -t media -t settings -t user -t website -s internal
 *
 */

--- a/web-app/src/lib/server/utils.ts
+++ b/web-app/src/lib/server/utils.ts
@@ -1,8 +1,8 @@
 import { dev } from "$app/environment";

 export const API_BASE_PREFIX = dev
-  ? "http://localhost:3000"
-  : `${process.env.ORIGIN ? `${process.env.ORIGIN}/api` : "http://localhost:3000"}`;
+  ? "http://127.0.0.1:3000"
+  : `${process.env.ORIGIN ? `${process.env.ORIGIN}/api` : "http://127.0.0.1:3000"}`;

 export const REGISTRATION_IS_DISABLED = dev
  ? false
--- a/web-app/src/routes/(authenticated)/website/[websiteId]/publish/+page.server.ts
+++ b/web-app/src/routes/(authenticated)/website/[websiteId]/publish/+page.server.ts
@@ -98,17 +98,17 @@ const generateStaticFiles = async (
 ) => {
  const websitePreviewUrl = `${
    dev
-      ? "http://localhost:18000"
+      ? "http://127.0.0.1:18000"
      : process.env.ORIGIN
        ? process.env.ORIGIN
-        : "http://localhost:18000"
+        : "http://127.0.0.1:18000"
  }/previews/${websiteData.id}/`;

  const websiteProdUrl = dev
-    ? `http://localhost:18000/${websiteData.user.username}/${websiteData.slug}`
+    ? `http://127.0.0.1:18000/${websiteData.user.username}/${websiteData.slug}`
    : process.env.ORIGIN
      ? `${process.env.ORIGIN.replace("//", `//${websiteData.user.username}.`)}/${websiteData.slug}`
-      : `http://localhost:18000/${websiteData.user.username}/${websiteData.slug}`;
+      : `http://127.0.0.1:18000/${websiteData.user.username}/${websiteData.slug}`;

  const fileContents = (head: string, body: string) => {
    return `