Add Website #19

Merged

cameron merged 3 commits from website into main 2026-04-28 21:08:11 -04:00

Conversation 0 Commits 3 Files changed 4 +79 -4

cameron commented 2026-04-28 21:05:29 -04:00

Owner

Copy link

Add vanhouzen.me website

Replaces the placeholder "Hello, World!" Caddy response for vanhouzen.me with the actual vanhouzen-site service, served over a Unix domain socket.

Changes

• flake.nix / flake.lock — Adds vanhouzen-site as a flake input, sourced from code.vanhouzen.me/cameron/website, with nixpkgs and flake-parts following the root flake's inputs.
• vanhouzen/configuration.nix — Imports the new website.nix module and removes the old placeholder Caddy virtual host config.
• vanhouzen/website.nix — New module that:
  • Creates a vanhouzen-site group and adds caddy to it so Caddy can access the socket.
  • Uses systemd-tmpfiles to pre-create /run/vanhouzen-site with correct ownership before socket activation, avoiding a race condition where Caddy couldn't traverse a root-owned directory on first boot.
  • Enables the vanhouzen-site NixOS service.
  • Configures Caddy to reverse-proxy vanhouzen.me to the service's Unix socket at /run/vanhouzen-site/site.sock.

Notes

The tmpfiles.d rule is required because RuntimeDirectory only fixes ownership once the service starts, which is too late for socket-activated units — Caddy can receive a request before the service process is up. Running tmpfiles.d before sockets.target ensures the directory is correctly owned from the start.

## Add vanhouzen.me website Replaces the placeholder `"Hello, World!"` Caddy response for `vanhouzen.me` with the actual `vanhouzen-site` service, served over a Unix domain socket. ### Changes - **`flake.nix` / `flake.lock`** — Adds `vanhouzen-site` as a flake input, sourced from `code.vanhouzen.me/cameron/website`, with `nixpkgs` and `flake-parts` following the root flake's inputs. - **`vanhouzen/configuration.nix`** — Imports the new `website.nix` module and removes the old placeholder Caddy virtual host config. - **`vanhouzen/website.nix`** — New module that: - Creates a `vanhouzen-site` group and adds `caddy` to it so Caddy can access the socket. - Uses `systemd-tmpfiles` to pre-create `/run/vanhouzen-site` with correct ownership before socket activation, avoiding a race condition where Caddy couldn't traverse a root-owned directory on first boot. - Enables the `vanhouzen-site` NixOS service. - Configures Caddy to reverse-proxy `vanhouzen.me` to the service's Unix socket at `/run/vanhouzen-site/site.sock`. ### Notes The `tmpfiles.d` rule is required because `RuntimeDirectory` only fixes ownership once the service starts, which is too late for socket-activated units — Caddy can receive a request before the service process is up. Running `tmpfiles.d` before `sockets.target` ensures the directory is correctly owned from the start.

cameron added 3 commits 2026-04-28 21:05:29 -04:00

add vanhouzen.me website c49d313c48

bump vanhouzen-site version to fix socket permissions 3292618ced

fix socket permissions to be properly owned by vanhouzen-site f4b6dfc6a4

cameron force-pushed website from f4b6dfc6a4 to dd48e4ce17 2026-04-28 21:07:47 -04:00 Compare

cameron merged commit d589ce4bba into main 2026-04-28 21:08:11 -04:00

cameron deleted branch website 2026-04-28 21:08:11 -04:00

cameron referenced this pull request from a commit 2026-04-28 21:08:12 -04:00

Add Website (#19)

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

cameron/infrastructure!19

No description provided.