c3d2-web: add gemini with molly-brown

hosts/containers/c3d2-web/default.nix

@@ -1,6 +1,7 @@
 { zentralwerk, nixpkgs, config, pkgs, ... }:
 let
   webroot = "/var/www";
+  geminiRoot = "/var/gemini";
   deployCommand = "${pkgs.systemd}/bin/systemctl start deploy-c3d2-web.service";
 in
 {
@@ -13,7 +14,12 @@ in
     prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
   }];
   networking.defaultGateway = "172.20.73.1";
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  networking.firewall.allowedTCPPorts = [
+    # nginx
+    80 443
+    # molly-brown
+    1965
+  ];
 
   # Web server
   services.nginx = {
@@ -76,6 +82,20 @@ in
       };
     };
   };
+  # Gemini server
+  services.molly-brown = {
+    enable = true;
+    hostName = "c3d2.de";
+    certPath = "/var/lib/acme/www.c3d2.de/cert.pem";
+    keyPath = "/var/lib/acme/www.c3d2.de/key.pem";
+    docBase = geminiRoot;
+    settings = {
+      DefaultLang = "de";
+      ReadMollyFiles = true;
+    };
+  };
+  # let molly-brown access the tls certs
+  systemd.services.molly-brown.serviceConfig.Group = config.services.nginx.group;
 
   # Build user
   users.groups.c3d2-web = {};
@@ -88,6 +108,7 @@ in
   systemd.tmpfiles.rules = [
     "d ${webroot}/c3d2 0755 c3d2-web ${config.users.users.c3d2-web.group} -"
     "d ${webroot}/log 0755 c3d2-web ${config.users.users.c3d2-web.group} -"
+    "d ${geminiRoot} 0755 c3d2-web ${config.users.users.c3d2-web.group} -"
     "d ${config.users.users.c3d2-web.home} 0700 c3d2-web ${config.users.users.c3d2-web.group} -"
   ];
 
@@ -111,6 +132,7 @@ in
         git pull
         REV=$(git rev-parse HEAD)
 
+        # web
         set +e
         curl -X POST \
           "https://gitea.c3d2.de/api/v1/repos/c3d2/c3d2-web/statuses/$REV?token=${pkgs.c3d2-web.giteaToken}" \
@@ -135,6 +157,30 @@ in
           -H "Content-Type: application/json" \
           -d "$STATUS"
 
+        git clean -fx
+        # gemini
+        curl -X POST \
+          "https://gitea.c3d2.de/api/v1/repos/c3d2/c3d2-web/statuses/$REV?token=${pkgs.c3d2-web.giteaToken}" \
+          -H "accept: application/json" \
+          -H "Content-Type: application/json" \
+          -d "{ \"context\": \"c3d2-gemini\", \"description\": \"building...\", \"state\": \"pending\", \"target_url\": \"https://c3d2-web.serv.zentralwerk.org/log/build-gemini-$REV.txt\"}"
+
+        nix-shell shell.nix \
+          -I nixpkgs=${nixpkgs} \
+          --run "make -f Makefile.gemini -j$(nproc) export DESTDIR=${geminiRoot}" \
+          2>&1 \
+          >${webroot}/log/build-gemini-$REV.txt
+
+        if [ $? = 0 ]; then
+          STATUS="{ \"context\": \"c3d2-gemini\", \"description\": \"deployed\", \"state\": \"success\", \"target_url\": \"https://c3d2-web.serv.zentralwerk.org/log/build-gemini-$REV.txt\"}"
+        else
+          STATUS="{ \"context\": \"c3d2-gemini\", \"description\": \"build failure\", \"state\": \"failure\", \"target_url\": \"https://c3d2-web.serv.zentralwerk.org/log/build-gemini-$REV.txt\"}"
+        fi
+        curl -X POST \
+          "https://gitea.c3d2.de/api/v1/repos/c3d2/c3d2-web/statuses/$REV?token=${pkgs.c3d2-web.giteaToken}" \
+          -H "accept: application/json" \
+          -H "Content-Type: application/json" \
+          -d "$STATUS"
         set -e
       done
     '';