Merge pull request #27 from archtika/devel

Allow removing images and wrap tables with scroll container
2025-11-22 10:51:36 +01:00 · 2025-01-11 21:15:04 +01:00 · 2025-01-11 20:59:36 +01:00 · 2025-01-07 19:53:15 +01:00 · 2025-01-07 19:33:26 +01:00 · 2025-01-04 20:47:29 +01:00
22 changed files with 404 additions and 292 deletions
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -23,7 +23,7 @@ jobs:
      run: |
        wait_for_postgres() {
          echo "Waiting for PostgreSQL to be ready..."
-          while ! nix shell nixpkgs#postgresql_16 -c pg_isready -h localhost -p 15432 -U postgres; do
+          while ! nix shell nixpkgs#postgresql_16 -c pg_isready -h 127.0.0.1 -p 15432 -U postgres; do
            sleep 1
          done
          echo "PostgreSQL is ready."
@@ -31,10 +31,10 @@ jobs:

        wait_for_postgrest() {
          echo "Waiting for PostgREST to be live and ready..."
-          while ! curl -s -I "http://localhost:3001/live" | grep "OK"; do
+          while ! curl -s -I "http://127.0.0.1:3001/live" | grep "OK"; do
            sleep 1
          done
-          while ! curl -s -I "http://localhost:3001/ready" | grep "OK"; do
+          while ! curl -s -I "http://127.0.0.1:3001/ready" | grep "OK"; do
            sleep 1
          done
          echo "PostgREST is live and ready."
--- a/flake.lock
+++ b/flake.lock
@@ -2,11 +2,11 @@
  "nodes": {
    "nixpkgs": {
      "locked": {
-        "lastModified": 1729256560,
-        "narHash": "sha256-/uilDXvCIEs3C9l73JTACm4quuHUsIHcns1c+cHUJwA=",
+        "lastModified": 1735471104,
+        "narHash": "sha256-0q9NGQySwDQc7RhAV2ukfnu7Gxa5/ybJ2ANT8DQrQrs=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "4c2fcb090b1f3e5b47eaa7bd33913b574a11e0a0",
+        "rev": "88195a94f390381c6afcdaa933c2f6ff93959cb4",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -14,6 +14,8 @@
      ];

      forAllSystems = nixpkgs.lib.genAttrs allSystems;
+
+      dbUrl = user: "postgres://${user}@127.0.0.1:15432/archtika";
    in
    {
      devShells = forAllSystems (
@@ -24,13 +26,13 @@
        {
          api = pkgs.mkShell {
            packages = with pkgs; [
-              postgresql_16
+              postgresql
              postgrest
            ];
            shellHook = ''
-              alias dbmate="${pkgs.dbmate}/bin/dbmate --no-dump-schema --url postgres://postgres@localhost:15432/archtika?sslmode=disable"
+              alias dbmate="${pkgs.dbmate}/bin/dbmate --no-dump-schema --url ${dbUrl "postgres"}?sslmode=disable"
              alias formatsql="${pkgs.pgformatter}/bin/pg_format -s 2 -f 2 -U 2 -i db/migrations/*.sql"
-              alias dbconnect="${pkgs.postgresql_16}/bin/psql postgres://postgres@localhost:15432/archtika"
+              alias dbconnect="${pkgs.postgresql}/bin/psql ${dbUrl "postgres"}"
            '';
          };
          web = pkgs.mkShell {
@@ -65,18 +67,31 @@
        {
          api = {
            type = "app";
-            program = "${pkgs.writeShellScriptBin "api-setup" ''
-              JWT_SECRET=$(tr -dc 'A-Za-z0-9' < /dev/urandom | head -c64)
-              WEBSITE_MAX_STORAGE_SIZE=100
-              WEBSITE_MAX_NUMBER_USER=3
+            program =
+              let
+                settings = {
+                  maxStorage = 100;
+                  maxWebsites = 3;
+                };
+                jwtSecret = "BMlgCY9fEzmf7jhQpNnxlS6TM8E6xk2vS08C3ukm5LM2aTooaF5PfxT3o2K9uKzq";
+              in
+              "${pkgs.writeShellScriptBin "api-setup" ''
+                ${pkgs.postgresql}/bin/psql ${dbUrl "postgres"} \
+                  -c "ALTER DATABASE archtika SET \"app.jwt_secret\" TO '${jwtSecret}'" \
+                  -c "ALTER DATABASE archtika SET \"app.website_max_storage_size\" TO ${toString settings.maxStorage}" \
+                  -c "ALTER DATABASE archtika SET \"app.website_max_number_user\" TO ${toString settings.maxWebsites}"

-              ${pkgs.postgresql_16}/bin/psql postgres://postgres@localhost:15432/archtika -c "ALTER DATABASE archtika SET \"app.jwt_secret\" TO '$JWT_SECRET'"
-              ${pkgs.postgresql_16}/bin/psql postgres://postgres@localhost:15432/archtika -c "ALTER DATABASE archtika SET \"app.website_max_storage_size\" TO $WEBSITE_MAX_STORAGE_SIZE"
-              ${pkgs.postgresql_16}/bin/psql postgres://postgres@localhost:15432/archtika -c "ALTER DATABASE archtika SET \"app.website_max_number_user\" TO $WEBSITE_MAX_NUMBER_USER"
+                ${pkgs.dbmate}/bin/dbmate --no-dump-schema \
+                  --url ${dbUrl "postgres"}?sslmode=disable \
+                  --migrations-dir ${self.outPath}/rest-api/db/migrations up

-              ${pkgs.dbmate}/bin/dbmate --url postgres://postgres@localhost:15432/archtika?sslmode=disable --migrations-dir ${self.outPath}/rest-api/db/migrations up
-
-              PGRST_ADMIN_SERVER_PORT=3001 PGRST_DB_SCHEMAS="api" PGRST_DB_ANON_ROLE="anon" PGRST_OPENAPI_MODE="ignore-privileges" PGRST_DB_URI="postgres://authenticator@localhost:15432/archtika" PGRST_JWT_SECRET="$JWT_SECRET" ${pkgs.postgrest}/bin/postgrest
+                PGRST_ADMIN_SERVER_PORT=3001 \
+                PGRST_DB_SCHEMAS="api" \
+                PGRST_DB_ANON_ROLE="anon" \
+                PGRST_OPENAPI_MODE="ignore-privileges" \
+                PGRST_DB_URI="${dbUrl "authenticator"}" \
+                PGRST_JWT_SECRET="${jwtSecret}" \
+                ${pkgs.postgrest}/bin/postgrest
              ''}/bin/api-setup";
          };
        }
--- a/nix/deploy/prod/default.nix
+++ b/nix/deploy/prod/default.nix
@@ -1,4 +1,7 @@
 { pkgs, localArchtikaPackage, ... }:
+let
+  domain = "demo.archtika.com";
+in
 {
  imports = [
    ./hardware-configuration.nix
@@ -11,14 +14,21 @@
  services.archtika = {
    enable = true;
    package = localArchtikaPackage;
-    domain = "demo.archtika.com";
-    acmeEmail = "thilo.hohlt@tutanota.com";
-    dnsProvider = "porkbun";
-    dnsEnvironmentFile = /var/lib/porkbun.env;
+    inherit domain;
    settings = {
      disableRegistration = true;
-      maxWebsiteStorageSize = 50;
-      maxUserWebsites = 2;
+    };
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "thilo.hohlt@tutanota.com";
+    certs."${domain}" = {
+      inherit domain;
+      extraDomainNames = [ "*.${domain}" ];
+      dnsProvider = "porkbun";
+      environmentFile = /var/lib/porkbun.env;
+      group = "nginx";
    };
  };
 }
--- a/nix/deploy/qs/default.nix
+++ b/nix/deploy/qs/default.nix
@@ -1,4 +1,7 @@
 { pkgs, localArchtikaPackage, ... }:
+let
+  domain = "qs.archtika.com";
+in
 {
  imports = [
    ./hardware-configuration.nix
@@ -11,14 +14,21 @@
  services.archtika = {
    enable = true;
    package = localArchtikaPackage;
-    domain = "qs.archtika.com";
-    acmeEmail = "thilo.hohlt@tutanota.com";
-    dnsProvider = "porkbun";
-    dnsEnvironmentFile = /var/lib/porkbun.env;
+    inherit domain;
    settings = {
      disableRegistration = true;
-      maxWebsiteStorageSize = 250;
-      maxUserWebsites = 3;
+    };
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "thilo.hohlt@tutanota.com";
+    certs."${domain}" = {
+      inherit domain;
+      extraDomainNames = [ "*.${domain}" ];
+      dnsProvider = "porkbun";
+      environmentFile = /var/lib/porkbun.env;
+      group = "nginx";
    };
  };
 }
--- a/nix/deploy/shared.nix
+++ b/nix/deploy/shared.nix
@@ -32,7 +32,7 @@
    users = {
      root = {
        openssh.authorizedKeys.keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFE42q8e7egSSTs4YJo8vQFDbRWqrGTQkR1weq8nT0Zx thiloho@pc"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlDyJt72c/mxyN9cujc081J3uzWCyKtr4k2faBtgldD thiloho@pc"
        ];
        hashedPassword = "$y$j9T$MuWDs5Ind6VPEM78u5VTy/$XAuRCaOPtS/8Vj8XgpxB/XX2ygftNLql2VrFWcC/sq7";
      };
@@ -44,8 +44,7 @@
        ];
        hashedPassword = "$y$j9T$Y0ffzVb7wrZSdCKbiYHin0$oahgfFqH/Eep6j6f4iKPETEfGZSOkgu74UT2eyG2uI1";
        openssh.authorizedKeys.keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBj6+r+vMXJyy5wvQTLyfd2rIw62WCg9eIpwsciHg4ym thiloho@pc"
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIgfOa8N46PBUO2gj8UeyrV0R+MRZFnJqUzG132UjaFS thiloho@laptop"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlDyJt72c/mxyN9cujc081J3uzWCyKtr4k2faBtgldD thiloho@pc"
        ];
      };
    };
--- a/nix/dev-vm.nix
+++ b/nix/dev-vm.nix
@@ -20,9 +20,20 @@
    password = "dev";
  };

-  systemd.tmpfiles.rules = [ "d /var/www/archtika-websites 0777 root root -" ];
+  systemd.tmpfiles.settings = {
+    "10-archtika" = {
+      "/var/www/archtika-websites" = {
+        d = {
+          mode = "0777";
+          user = "root";
+          group = "root";
+        };
+      };
+    };
+  };

  virtualisation = {
+    msize = 65536;
    graphics = false;
    memorySize = 2048;
    cores = 2;
@@ -51,23 +62,13 @@
  services = {
    postgresql = {
      enable = true;
-      package = pkgs.postgresql_16;
-      /*
-        PL/Perl:
-        overrideAttrs (
-          finalAttrs: previousAttrs: {
-            buildInputs = previousAttrs.buildInputs ++ [ pkgs.perl ];
-            configureFlags = previousAttrs.configureFlags ++ [ "--with-perl" ];
-          }
-        );
-      */
      ensureDatabases = [ "archtika" ];
      authentication = lib.mkForce ''
        local all all trust
        host all all all trust
      '';
      enableTCPIP = true;
-      extraPlugins = with pkgs.postgresql16Packages; [ pgjwt ];
+      extensions = ps: with ps; [ pgjwt ];
    };
    nginx = {
      enable = true;
@@ -105,10 +106,13 @@

  systemd.services.postgresql = {
    path = with pkgs; [
-      # Tar and gzip are needed for tar.gz exports
      gnutar
      gzip
    ];
+
+    serviceConfig = {
+      ReadWritePaths = [ "/var/www/archtika-websites" ];
+    };
  };

  services.getty.autologinUser = "dev";
--- a/nix/docker.nix
+++ b/nix/docker.nix
@@ -26,7 +26,7 @@ pkgs.dockerTools.buildLayeredImage {
  contents = [
    archtika
    entrypoint
-    pkgs.postgresql_16
+    pkgs.postgresql
    pkgs.nginx
    pkgs.acme-sh
    pkgs.bash
--- a/nix/module.nix
+++ b/nix/module.nix
@@ -5,41 +5,19 @@
  ...
 }:

-with lib;
-
 let
+  inherit (lib)
+    mkEnableOption
+    mkOption
+    mkIf
+    mkPackageOption
+    types
+    ;
  cfg = config.services.archtika;
-  baseHardenedSystemdOptions = {
-    CapabilityBoundingSet = "";
-    LockPersonality = true;
-    NoNewPrivileges = true;
-    PrivateDevices = true;
-    PrivateTmp = true;
-    ProtectClock = true;
-    ProtectControlGroups = true;
-    ProtectHome = true;
-    ProtectHostname = true;
-    ProtectKernelLogs = true;
-    ProtectKernelModules = true;
-    ProtectKernelTunables = true;
-    ProtectSystem = "strict";
-    RemoveIPC = true;
-    RestrictNamespaces = true;
-    RestrictRealtime = true;
-    RestrictSUIDSGID = true;
-    SystemCallArchitectures = "native";
-    SystemCallFilter = [
-      "@system-service"
-      "~@privileged"
-      "~@resources"
-    ];
-
-    ReadWritePaths = [ "/var/www/archtika-websites" ];
-  };
 in
 {
  options.services.archtika = {
-    enable = mkEnableOption "archtika service";
+    enable = mkEnableOption "Whether to enable the archtika service";

    package = mkPackageOption pkgs "archtika" { };

@@ -81,29 +59,11 @@ in

    domain = mkOption {
      type = types.str;
-      default = null;
      description = "Domain to use for the application.";
    };

-    acmeEmail = mkOption {
-      type = types.str;
-      default = null;
-      description = "Email to notify for the SSL certificate renewal process.";
-    };
-
-    dnsProvider = mkOption {
-      type = types.str;
-      default = null;
-      description = "DNS provider for the DNS-01 challenge (required for wildcard domains).";
-    };
-
-    dnsEnvironmentFile = mkOption {
-      type = types.path;
-      default = null;
-      description = "API secrets for the DNS-01 challenge (required for wildcard domains).";
-    };
-
    settings = mkOption {
+      description = "Settings for the running archtika application.";
      type = types.submodule {
        options = {
          disableRegistration = mkOption {
@@ -112,13 +72,13 @@ in
            description = "By default any user can create an account. That behavior can be disabled by using this option.";
          };
          maxUserWebsites = mkOption {
-            type = types.int;
+            type = types.ints.positive;
            default = 2;
            description = "Maximum number of websites allowed per user by default.";
          };
          maxWebsiteStorageSize = mkOption {
-            type = types.int;
-            default = 500;
+            type = types.ints.positive;
+            default = 50;
            description = "Maximum amount of disk space in MB allowed per user website by default.";
          };
        };
@@ -126,7 +86,36 @@ in
    };
  };

-  config = mkIf cfg.enable {
+  config = mkIf cfg.enable (
+    let
+      baseHardenedSystemdOptions = {
+        CapabilityBoundingSet = "";
+        LockPersonality = true;
+        NoNewPrivileges = true;
+        PrivateDevices = true;
+        PrivateTmp = true;
+        ProtectClock = true;
+        ProtectControlGroups = true;
+        ProtectHome = true;
+        ProtectHostname = true;
+        ProtectKernelLogs = true;
+        ProtectKernelModules = true;
+        ProtectKernelTunables = true;
+        ProtectSystem = "strict";
+        RemoveIPC = true;
+        RestrictNamespaces = true;
+        RestrictRealtime = true;
+        RestrictSUIDSGID = true;
+        SystemCallArchitectures = "native";
+        SystemCallFilter = [
+          "@system-service"
+          "~@privileged"
+          "~@resources"
+        ];
+        ReadWritePaths = [ "/var/www/archtika-websites" ];
+      };
+    in
+    {
      users.users.${cfg.user} = {
        isSystemUser = true;
        group = cfg.group;
@@ -139,10 +128,24 @@ in
        ];
      };

-    systemd.tmpfiles.rules = [
-      "d /var/www 0755 root root -"
-      "d /var/www/archtika-websites 0770 ${cfg.user} ${cfg.group} -"
-    ];
+      systemd.tmpfiles.settings = {
+        "10-archtika" = {
+          "/var/www" = {
+            d = {
+              mode = "0755";
+              user = "root";
+              group = "root";
+            };
+          };
+          "/var/www/archtika-websites" = {
+            d = {
+              mode = "0770";
+              user = cfg.user;
+              group = cfg.group;
+            };
+          };
+        };
+      };

      systemd.services.archtika-api = {
        description = "archtika API service";
@@ -152,12 +155,13 @@ in
          "postgresql.service"
        ];

+        path = [ config.services.postgresql.package ];
+
        serviceConfig = baseHardenedSystemdOptions // {
          User = cfg.user;
          Group = cfg.group;
          Restart = "always";
          WorkingDirectory = "${cfg.package}/rest-api";
-
          RestrictAddressFamilies = [
            "AF_INET"
            "AF_INET6"
@@ -165,16 +169,31 @@ in
          ];
        };

-      script = ''
+        script =
+          let
+            dbUrl =
+              user:
+              "postgres://${user}@127.0.0.1:${toString config.services.postgresql.settings.port}/${cfg.databaseName}";
+          in
+          ''
            JWT_SECRET=$(tr -dc 'A-Za-z0-9' < /dev/urandom | head -c64)

-        ${pkgs.postgresql_16}/bin/psql postgres://postgres@localhost:5432/${cfg.databaseName} -c "ALTER DATABASE ${cfg.databaseName} SET \"app.jwt_secret\" TO '$JWT_SECRET'"
-        ${pkgs.postgresql_16}/bin/psql postgres://postgres@localhost:5432/${cfg.databaseName} -c "ALTER DATABASE ${cfg.databaseName} SET \"app.website_max_storage_size\" TO ${toString cfg.settings.maxWebsiteStorageSize}"
-        ${pkgs.postgresql_16}/bin/psql postgres://postgres@localhost:5432/${cfg.databaseName} -c "ALTER DATABASE ${cfg.databaseName} SET \"app.website_max_number_user\" TO ${toString cfg.settings.maxUserWebsites}"
+            psql ${dbUrl "postgres"} \
+              -c "ALTER DATABASE ${cfg.databaseName} SET \"app.jwt_secret\" TO '$JWT_SECRET'" \
+              -c "ALTER DATABASE ${cfg.databaseName} SET \"app.website_max_storage_size\" TO ${toString cfg.settings.maxWebsiteStorageSize}" \
+              -c "ALTER DATABASE ${cfg.databaseName} SET \"app.website_max_number_user\" TO ${toString cfg.settings.maxUserWebsites}"

-        ${pkgs.dbmate}/bin/dbmate --url postgres://postgres@localhost:5432/archtika?sslmode=disable --migrations-dir ${cfg.package}/rest-api/db/migrations up
+            ${pkgs.dbmate}/bin/dbmate --url ${dbUrl "postgres"}?sslmode=disable --migrations-dir ${cfg.package}/rest-api/db/migrations up

-        PGRST_SERVER_CORS_ALLOWED_ORIGINS="https://${cfg.domain}" PGRST_ADMIN_SERVER_PORT=${toString cfg.apiAdminPort} PGRST_SERVER_PORT=${toString cfg.apiPort} PGRST_DB_SCHEMAS="api" PGRST_DB_ANON_ROLE="anon" PGRST_OPENAPI_MODE="ignore-privileges" PGRST_DB_URI="postgres://authenticator@localhost:5432/${cfg.databaseName}" PGRST_JWT_SECRET="$JWT_SECRET" ${pkgs.postgrest}/bin/postgrest
+            PGRST_SERVER_CORS_ALLOWED_ORIGINS="https://${cfg.domain}" \
+            PGRST_ADMIN_SERVER_PORT=${toString cfg.apiAdminPort} \
+            PGRST_SERVER_PORT=${toString cfg.apiPort} \
+            PGRST_DB_SCHEMAS="api" \
+            PGRST_DB_ANON_ROLE="anon" \
+            PGRST_OPENAPI_MODE="ignore-privileges" \
+            PGRST_DB_URI=${dbUrl "authenticator"} \
+            PGRST_JWT_SECRET="$JWT_SECRET" \
+            ${pkgs.postgrest}/bin/postgrest
          '';
      };

@@ -188,39 +207,41 @@ in
          Group = cfg.group;
          Restart = "always";
          WorkingDirectory = "${cfg.package}/web-app";
-
          RestrictAddressFamilies = [
            "AF_INET"
            "AF_INET6"
          ];
        };

-      script = ''
-        REGISTRATION_IS_DISABLED=${toString cfg.settings.disableRegistration} BODY_SIZE_LIMIT=10M ORIGIN=https://${cfg.domain} PORT=${toString cfg.webAppPort} ${pkgs.nodejs_22}/bin/node ${cfg.package}/web-app
-      '';
+        environment = {
+          REGISTRATION_IS_DISABLED = toString cfg.settings.disableRegistration;
+          BODY_SIZE_LIMIT = "10M";
+          ORIGIN = "https://${cfg.domain}";
+          PORT = toString cfg.webAppPort;
+        };
+
+        script = "${pkgs.nodejs_22}/bin/node ${cfg.package}/web-app";
      };

      services.postgresql = {
        enable = true;
-      package = pkgs.postgresql_16;
        ensureDatabases = [ cfg.databaseName ];
-      authentication = lib.mkForce ''
-        # IPv4 local connections:
+        authentication = lib.mkOverride 51 ''
          host    all    all    127.0.0.1/32    trust
-        # IPv6 local connections:
          host    all    all    ::1/128         trust
-        # Local socket connections:
          local   all    all                    trust
        '';
-      extraPlugins = with pkgs.postgresql16Packages; [ pgjwt ];
+        extensions = ps: with ps; [ pgjwt ];
      };

      systemd.services.postgresql = {
-      path = with pkgs; [
-        # Tar and gzip are needed for tar.gz exports
-        gnutar
-        gzip
-      ];
+        path = builtins.attrValues {
+          inherit (pkgs) gnutar gzip;
+        };
+        serviceConfig = {
+          ReadWritePaths = [ "/var/www/archtika-websites" ];
+          SystemCallFilter = [ "@system-service" ];
+        };
      };

      services.nginx = {
@@ -231,10 +252,6 @@ in
        recommendedOptimisation = true;

        appendHttpConfig = ''
-        limit_req_zone $binary_remote_addr zone=requestLimit:10m rate=5r/s;
-        limit_req_status 429;
-        limit_req zone=requestLimit burst=20 nodelay;
-
          add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
          add_header X-Frame-Options "SAMEORIGIN" always;
          add_header X-Content-Type-Options "nosniff" always;
@@ -253,7 +270,7 @@ in
            forceSSL = true;
            locations = {
              "/" = {
-              proxyPass = "http://localhost:${toString cfg.webAppPort}";
+                proxyPass = "http://127.0.0.1:${toString cfg.webAppPort}";
              };
              "/previews/" = {
                alias = "/var/www/archtika-websites/previews/";
@@ -261,14 +278,14 @@ in
                tryFiles = "$uri $uri/ $uri.html =404";
              };
              "/api/rpc/export_articles_zip" = {
-              proxyPass = "http://localhost:${toString cfg.apiPort}/rpc/export_articles_zip";
+                proxyPass = "http://127.0.0.1:${toString cfg.apiPort}/rpc/export_articles_zip";
                extraConfig = ''
                  default_type application/json;
                  proxy_set_header Authorization $auth_header;
                '';
              };
              "/api/" = {
-              proxyPass = "http://localhost:${toString cfg.apiPort}/";
+                proxyPass = "http://127.0.0.1:${toString cfg.apiPort}/";
                extraConfig = ''
                  default_type application/json;
                '';
@@ -293,17 +310,6 @@ in
          };
        };
      };
-
-    security.acme = {
-      acceptTerms = true;
-      defaults.email = cfg.acmeEmail;
-      certs."${cfg.domain}" = {
-        domain = cfg.domain;
-        extraDomainNames = [ "*.${cfg.domain}" ];
-        dnsProvider = cfg.dnsProvider;
-        environmentFile = cfg.dnsEnvironmentFile;
-        group = config.services.nginx.group;
-      };
-    };
-  };
+    }
+  );
 }
--- a/nix/package.nix
+++ b/nix/package.nix
@@ -10,8 +10,7 @@ let
  web = buildNpmPackage {
    name = "web-app";
    src = ../web-app;
-    npmDeps = importNpmLock { npmRoot = ../web-app; };
-    npmConfigHook = importNpmLock.npmConfigHook;
+    npmDepsHash = "sha256-RTyo7K/Hr1hBGtcBKynrziUInl91JqZl84NkJg16ufA=";
    npmFlags = [ "--legacy-peer-deps" ];
    installPhase = ''
      mkdir -p $out/web-app
@@ -34,18 +33,9 @@ in
 symlinkJoin {
  name = "archtika";
  pname = "archtika";
-  version = "1.0.0";

  paths = [
    web
    api
  ];
-
-  meta = with lib; {
-    description = "A modern, performant and lightweight CMS";
-    homepage = "https://archtika.com";
-    license = licenses.mit;
-    maintainers = with maintainers; [ thiloho ];
-    platforms = platforms.unix;
-  };
 }
--- a/web-app/package.json
+++ b/web-app/package.json
@@ -11,7 +11,7 @@
    "check:watch": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json --watch",
    "lint": "prettier --check . && eslint .",
    "format": "prettier --write .",
-    "gents": "pg-to-ts generate -c postgres://postgres@localhost:15432/archtika -o src/lib/db-schema.ts -s internal --datesAsStrings"
+    "gents": "pg-to-ts generate -c postgres://postgres@127.0.0.1:15432/archtika -o src/lib/db-schema.ts -s internal --datesAsStrings"
  },
  "devDependencies": {
    "@playwright/test": "1.47.0",
--- a/web-app/src/lib/db-schema.ts
+++ b/web-app/src/lib/db-schema.ts
@@ -5,7 +5,7 @@
 * AUTO-GENERATED FILE - DO NOT EDIT!
 *
 * This file was automatically generated by pg-to-ts v.4.1.1
- * $ pg-to-ts generate -c postgres://username:password@localhost:15432/archtika -t article -t change_log -t collab -t docs_category -t footer -t header -t home -t media -t settings -t user -t website -s internal
+ * $ pg-to-ts generate -c postgres://username:password@127.0.0.1:15432/archtika -t article -t change_log -t collab -t docs_category -t footer -t header -t home -t media -t settings -t user -t website -s internal
 *
 */

--- a/web-app/src/lib/server/utils.ts
+++ b/web-app/src/lib/server/utils.ts
@@ -1,8 +1,8 @@
 import { dev } from "$app/environment";

 export const API_BASE_PREFIX = dev
-  ? "http://localhost:3000"
-  : `${process.env.ORIGIN ? `${process.env.ORIGIN}/api` : "http://localhost:3000"}`;
+  ? "http://127.0.0.1:3000"
+  : `${process.env.ORIGIN ? `${process.env.ORIGIN}/api` : "http://127.0.0.1:3000"}`;

 export const REGISTRATION_IS_DISABLED = dev
  ? false
--- a/web-app/src/lib/templates/Nav.svelte
+++ b/web-app/src/lib/templates/Nav.svelte
@@ -75,9 +75,8 @@
        <strong>{websiteOverview.header.logo_text}</strong>
      {:else}
        <img
+          class="top-nav-logo"
          src="{apiUrl}/rpc/retrieve_file?id={websiteOverview.header.logo_image}"
-          width="32"
-          height="32"
          alt=""
        />
      {/if}
--- a/web-app/src/lib/utils.ts
+++ b/web-app/src/lib/utils.ts
@@ -1,5 +1,5 @@
-import { Marked } from "marked";
-import type { Renderer, Token } from "marked";
+import { Marked, Renderer } from "marked";
+import type { Token } from "marked";
 import { markedHighlight } from "marked-highlight";
 import hljs from "highlight.js";
 import DOMPurify from "isomorphic-dompurify";
@@ -40,6 +40,7 @@ const slugify = (string: string) => {

 const createMarkdownParser = (showToc = true) => {
  const marked = new Marked();
+  const renderer = new Renderer();

  marked.use({
    async: false,
@@ -58,6 +59,14 @@ const createMarkdownParser = (showToc = true) => {
    })
  );

+  marked.use({
+    renderer: {
+      table(...args) {
+        return `<div class="scroll-container">${renderer.table.apply(this, args)}</div>`;
+      }
+    }
+  });
+
  const gfmHeadingId = ({ prefix = "", showToc = true } = {}) => {
    const headings: { text: string; level: number; id: string }[] = [];
    const sectionStack: { level: number; id: string }[] = [];
--- a/web-app/src/routes/(authenticated)/website/[websiteId]/+page.server.ts
+++ b/web-app/src/routes/(authenticated)/website/[websiteId]/+page.server.ts
@@ -72,6 +72,19 @@ export const actions: Actions = {
      }
    );
  },
+  removeFavicon: async ({ fetch, params }) => {
+    return await apiRequest(
+      fetch,
+      `${API_BASE_PREFIX}/settings?website_id=eq.${params.websiteId}`,
+      "PATCH",
+      {
+        body: {
+          favicon_image: null
+        },
+        successMessage: "Successfully removed favicon"
+      }
+    );
+  },
  updateHeader: async ({ request, fetch, params }) => {
    const data = await request.formData();
    const logoImage = data.get("logo-image") as File;
@@ -110,6 +123,19 @@ export const actions: Actions = {
      }
    );
  },
+  removeLogoImage: async ({ fetch, params }) => {
+    return await apiRequest(
+      fetch,
+      `${API_BASE_PREFIX}/header?website_id=eq.${params.websiteId}`,
+      "PATCH",
+      {
+        body: {
+          logo_image: null
+        },
+        successMessage: "Successfully removed logo image"
+      }
+    );
+  },
  updateHome: async ({ request, fetch, params }) => {
    const data = await request.formData();

--- a/web-app/src/routes/(authenticated)/website/[websiteId]/+page.svelte
+++ b/web-app/src/routes/(authenticated)/website/[websiteId]/+page.svelte
@@ -91,6 +91,13 @@
              src={`${data.API_BASE_PREFIX}/rpc/retrieve_file?id=${data.globalSettings.favicon_image}`}
              alt=""
            />
+            <form
+              method="POST"
+              action="?/removeFavicon"
+              use:enhance={enhanceForm({ reset: false, closeModal: true })}
+            >
+              <button type="submit">Remove</button>
+            </form>
          </Modal>
        {/if}
      </div>
@@ -138,6 +145,13 @@
              src={`${data.API_BASE_PREFIX}/rpc/retrieve_file?id=${data.header.logo_image}`}
              alt=""
            />
+            <form
+              method="POST"
+              action="?/removeLogoImage"
+              use:enhance={enhanceForm({ reset: false, closeModal: true })}
+            >
+              <button type="submit">Remove</button>
+            </form>
          </Modal>
        {/if}
      </div>
--- a/web-app/src/routes/(authenticated)/website/[websiteId]/articles/[articleId]/+page.server.ts
+++ b/web-app/src/routes/(authenticated)/website/[websiteId]/articles/[articleId]/+page.server.ts
@@ -72,6 +72,19 @@ export const actions: Actions = {
      }
    );
  },
+  removeCoverImage: async ({ fetch, params }) => {
+    return await apiRequest(
+      fetch,
+      `${API_BASE_PREFIX}/article?id=eq.${params.articleId}`,
+      "PATCH",
+      {
+        body: {
+          cover_image: null
+        },
+        successMessage: "Successfully removed cover image"
+      }
+    );
+  },
  pasteImage: async ({ request, fetch, params }) => {
    const data = await request.formData();
    const file = data.get("file") as File;
--- a/web-app/src/routes/(authenticated)/website/[websiteId]/articles/[articleId]/+page.svelte
+++ b/web-app/src/routes/(authenticated)/website/[websiteId]/articles/[articleId]/+page.svelte
@@ -107,6 +107,13 @@
                src={`${data.API_BASE_PREFIX}/rpc/retrieve_file?id=${data.article.cover_image}`}
                alt=""
              />
+              <form
+                method="POST"
+                action="?/removeCoverImage"
+                use:enhance={enhanceForm({ reset: false, closeModal: true })}
+              >
+                <button type="submit">Remove</button>
+              </form>
            </Modal>
          {/if}
        </div>
--- a/web-app/src/routes/(authenticated)/website/[websiteId]/publish/+page.server.ts
+++ b/web-app/src/routes/(authenticated)/website/[websiteId]/publish/+page.server.ts
@@ -98,17 +98,17 @@ const generateStaticFiles = async (
 ) => {
  const websitePreviewUrl = `${
    dev
-      ? "http://localhost:18000"
+      ? "http://127.0.0.1:18000"
      : process.env.ORIGIN
        ? process.env.ORIGIN
-        : "http://localhost:18000"
+        : "http://127.0.0.1:18000"
  }/previews/${websiteData.id}/`;

  const websiteProdUrl = dev
-    ? `http://localhost:18000/${websiteData.user.username}/${websiteData.slug}`
+    ? `http://127.0.0.1:18000/${websiteData.user.username}/${websiteData.slug}`
    : process.env.ORIGIN
      ? `${process.env.ORIGIN.replace("//", `//${websiteData.user.username}.`)}/${websiteData.slug}`
-      : `http://localhost:18000/${websiteData.user.username}/${websiteData.slug}`;
+      : `http://127.0.0.1:18000/${websiteData.user.username}/${websiteData.slug}`;

  const fileContents = (head: string, body: string) => {
    return `
--- a/web-app/template-styles/blog-styles.css
+++ b/web-app/template-styles/blog-styles.css
@@ -71,6 +71,11 @@ section {
  scroll-margin-block-start: var(--space-xl);
 }

+.top-nav-logo {
+  max-block-size: var(--space-xl);
+  padding-block: var(--space-xs);
+}
+
@media (min-width: 1525px) {
  #table-of-contents {
    position: fixed;
--- a/web-app/template-styles/docs-styles.css
+++ b/web-app/template-styles/docs-styles.css
@@ -49,6 +49,11 @@ section {
  scroll-margin-block-start: var(--space-xl);
 }

+.top-nav-logo {
+  max-block-size: var(--space-xl);
+  padding-block: var(--space-xs);
+}
+
 .docs-navigation {
  display: none;
  position: fixed;
Author	SHA1	Message	Date
Thilo Hohlt	94c1f46d0c	Merge pull request #27 from archtika/devel Allow removing images and wrap tables with scroll container	2025-01-11 21:15:04 +01:00
thiloho	24d81a8e4d	Allow removing images and wrap tables with scroll container	2025-01-11 20:59:36 +01:00
Thilo Hohlt	eba317f8de	Merge pull request #26 from archtika/devel Refactoring	2025-01-07 19:53:15 +01:00
thiloho	d570fb6906	Update SSH public keys for servers	2025-01-07 19:33:26 +01:00
thiloho	32a3e7f694	Adjust playwright config options back to localhost	2025-01-04 20:47:29 +01:00
thiloho	4af15717f4	Refactor flake api package and adjust prod nix config	2025-01-04 20:33:00 +01:00
thiloho	f0ebb94d82	Give read permissions to restricted postgres service in module	2025-01-03 17:28:02 +01:00
thiloho	dd59e995e8	Update module	2025-01-03 16:02:16 +01:00
thiloho	8bb4549fa4	Update dev vm and module	2025-01-03 15:58:12 +01:00
thiloho	79a41f7e49	Update flake nixpkgs commit	2025-01-03 11:44:53 +01:00
thiloho	7d79d60132	Refactor NixOS module	2025-01-03 11:29:48 +01:00
Thilo Hohlt	741ec830a8	Merge pull request #25 from archtika/devel Make nav logo image auto adjust to width	2024-12-20 16:33:01 +01:00
thiloho	56646e8d61	Make nav logo image auto adjustable to width	2024-12-20 16:17:21 +01:00