rallly: build from source now + removed podman

thank you for the nerdsnipe @rasmus

machines/gerd.nix

@@ -6,7 +6,7 @@
     ./../shared/applications/server/nginx.nix
     ./../shared/applications/server/postgresql.nix # INCLUDES DATABASE BACKUPS
     ./../shared/applications/server/restic.nix # EXTERNAL BACKUP
-    ./../shared/applications/server/podman.nix
+    # ./../shared/applications/server/podman.nix
     ./../shared/applications/state/postgresql.nix
     ./../shared/applications/state/ssh.nix
 

machines/gerd/services/rallly.nix

@@ -12,30 +12,21 @@ let
   internal_port = port;
 
   rally_version = "3.11";
+
+  ralllyPkgs = pkgs.callPackage ./../../../shared/pkgs/rallly {};
 in {
-  # setup container
-  virtualisation.oci-containers.containers.rallly = {
-    autoStart = true;
-    image = "lukevella/rallly:${rally_version}";
+  systemd.services.rallly = {
+    description = "rallly";
+    wantedBy = [ "multi-user.target" ];
+    after = [ "networking.target" ];
 
-    podman.user = user;
-
-    extraOptions = let
-      uid = config.users.users."${user}".uid;
-      gid = config.users.groups."${group}".gid;
-    in [
-      "--userns=keep-id:uid=${builtins.toString uid},gid=${builtins.toString gid}"
-      # TODO(eyJhb): required, otherwise rallly container cannot access authelia well-known openid configuration
-      "--network=host"
-    ];
-
-    environmentFiles = [
-      config.age.secrets.rallly-env.path
-    ];
-    environment = {
+    environment = let
+      rallly-prisma-engines = ralllyPkgs.passthru.rallly-prisma-engines;
+    in rec {
       PORT = builtins.toString internal_port;
       DATABASE_URL = "postgresql://${user}@localhost/${user}?host=${psqlSocket}";
       NEXT_PUBLIC_BASE_URL = "https://${svc_domain}";
+      NEXTAUTH_URL = NEXT_PUBLIC_BASE_URL;
       # SECRET_PASSWORD = "specified-in-env";
 
       # limit signup even further
@@ -55,16 +46,29 @@ in {
       OIDC_DISCOVERY_URL = "https://${config.mine.shared.settings.authelia.domain}/.well-known/openid-configuration";
       OIDC_CLIENT_ID = "rallly";
       # OIDC_CLIENT_SECRET = "specified-in-env";
+
+      # prisma things
+      PRISMA_SCHEMA_ENGINE_BINARY = "${rallly-prisma-engines}/bin/schema-engine";
+      PRISMA_QUERY_ENGINE_BINARY = "${rallly-prisma-engines}/bin/query-engine";
+      PRISMA_QUERY_ENGINE_LIBRARY = "${rallly-prisma-engines}/lib/libquery_engine.node";
+      PRISMA_INTROSPECTION_ENGINE_BINARY = "${rallly-prisma-engines}/bin/introspection-engine";
+      PRISMA_FMT_BINARY = "${rallly-prisma-engines}/bin/prisma-fmt";
     };
 
-    volumes = [
-      "${psqlSocket}:${psqlSocket}"
-    ];
+    path = [ pkgs.openssl ];
 
-    # TODO(eyJhb): likely not needed, because of the tmp network=host
-    ports = [
-      "127.0.0.1:${builtins.toString port}:${builtins.toString internal_port}"
-    ];
+    serviceConfig = {
+      ExecStartPre = "${ralllyPkgs}/bin/rallly-prisma migrate deploy";
+      ExecStart = "${ralllyPkgs}/bin/rallly";
+
+      EnvironmentFile = [ config.age.secrets.rallly-env.path ];
+
+      CacheDirectory = "rallly";
+      CacheDirectoryMode = "0750";
+
+      DynamicUser = true;
+      Restart = "always";
+    };
   };
 
   # setup postgresql
@@ -81,17 +85,6 @@ in {
     "${svc_name}" = llib.mkProvisionUserSystem "${svc_name}" config.age.secrets.rallly-ldap-pass.path;
   });
 
-  # give rallly user access to the secrets
-  age.secrets.rallly-env.owner = user;
-
-  # setup users
-  users.users."${user}" = {
-    isNormalUser = true;
-    group = group;
-    uid = 1001;
-  };
-  users.groups."${group}".gid = 974;
-
   # authelia
   services.authelia.instances.main.settings.identity_providers.oidc.clients = [{
     client_id = "rallly";
@@ -122,20 +115,18 @@ in {
     };
   };
 
+  # meta information!
   mine.shared.meta.rallly = {
     name = "Rallly";
     description = ''Rallly is an open-source scheduling and collaboration tool designed to make organizing events and meetings easier. Please do not try to use the register or normal login, only try to sign in using the SSO method. '';
     url = "https://${svc_domain}";
 
-    package = {
-      name = "rallly";
-      version = "v${rally_version}";
-      meta = with lib; {
-        description = "Rallly is an open-source scheduling and collaboration tool designed to make organizing events and meetings easier.";
-        license = licenses.agpl3Plus;
-        homepage = "https://github.com/lukevella/rallly";
-        platforms = platforms.all;
-      };
+    package = let
+      pkg = ralllyPkgs;
+    in {
+      name = pkg.pname;
+      version = pkg.version;
+      meta = pkg.meta;
     };
   };
 }

shared/applications/server/podman.nix

@@ -1,6 +0,0 @@
-{
-  virtualisation.podman = {
-    enable = true;
-    dockerCompat = true;
-  };
-}

shared/pkgs/rallly/default.nix

@@ -0,0 +1,124 @@
+{
+  lib
+, buildNpmPackage
+, fetchFromGitHub
+, yarn
+, nodejs_20
+, inter # icons
+# , prisma-old ? null
+, oldpkgs ? (import (builtins.fetchTarball {
+      url = "https://github.com/NixOS/nixpkgs/archive/ab7b6889ae9d484eed2876868209e33eb262511d.tar.gz";
+  }) {})
+, rallly-prisma ? oldpkgs.prisma
+, rallly-prisma-engines ? oldpkgs.prisma-engines
+}:
+
+
+buildNpmPackage rec {
+  pname = "rallly";
+  version = "3.11.2";
+
+  src = fetchFromGitHub {
+    owner = "lukevella";
+    repo = "rallly";
+    rev = "v${version}";
+    hash = "sha256-ej6Y0ouiheoH6dSBWsSIW6qt9UvsLh9ODDQA5Fqt3zs=";
+  };
+
+  nodejs = nodejs_20;
+
+  npmDepsHash = "sha256-sAs1DhegfI1YbE/Xy2Jzjx1RKYOUgc1Ww7hLL7+f8ZU=";
+
+  patches = [
+    ./font.patch
+  ];
+
+  postPatch = ''
+    cp ${./package-lock.json} package-lock.json
+  '';
+
+  SKIP_ENV_VALIDATION = 1;
+  NEXT_PUBLIC_SELF_HOSTED = "true";
+  NEXT_PUBLIC_APP_VERSION = version;
+
+  preBuild = ''
+    # We have to pass and bake in the Ollama URL into the package
+
+    # Replace the googleapis.com Inter font with a local copy from nixpkgs
+    cp "${inter}/share/fonts/truetype/InterVariable.ttf" apps/web/Inter.ttf
+
+    cp -a packages/database/prisma .
+    ${rallly-prisma}/bin/prisma generate
+  '';
+
+  postBuild = ''
+    # Add a shebang to the server js file, then patch the shebang to use a nixpkgs nodejs binary.
+    sed -i '1s|^|#!/usr/bin/env node\n|' apps/web/.next/standalone/apps/web/server.js
+    patchShebangs ./apps/web/.next/standalone/apps/web/server.js
+  '';
+
+  installPhase = ''
+    runHook preInstall
+
+    cd apps/web
+
+    mkdir -p $out/{share,bin}
+
+    cp -r .next/standalone $out/share/rallly
+    cp -a public/. $out/share/rallly/apps/web/public
+
+    mkdir -p $out/share/rallly/.next
+    cp -r .next/static $out/share/rallly/apps/web/.next/static
+
+    cp -r ../../prisma $out/share/rallly/apps/web
+
+    chmod +x $out/share/rallly/apps/web/server.js
+
+    # This patch must be applied here, as it's patching the `dist` directory
+    # of NextJS. Without this, homepage-dashboard errors when trying to
+    # write its prerender cache.
+    #
+    # This patch ensures that the cache implementation respects the env
+    # variable `NIXPKGS_HOMEPAGE_CACHE_DIR`, which is set by default in the
+    # wrapper below.
+    (cd "$out" && patch -p1 <${./prerender_cache_path.patch})
+
+    # we set a default port to support "nix run ..."
+    makeWrapper $out/share/rallly/apps/web/server.js $out/bin/rallly \
+      --set-default NIXPKGS_RALLLY_CACHE_DIR /var/cache/rallly
+
+    makeWrapper ${rallly-prisma}/bin/prisma $out/bin/rallly-prisma \
+      --chdir $out/share/rallly/apps/web/prisma \
+      --append-flags --schema=./schema.prisma 
+
+
+    runHook postInstall
+  '';
+
+  nativeBuildInputs = [
+    (yarn.override {nodejs = nodejs_20; })
+    rallly-prisma
+  ];
+
+  passthru = {
+    inherit rallly-prisma rallly-prisma-engines;
+  };
+
+  meta = with lib; {
+    homepage = "https://rallly.co/";
+    changelog = "https://github.com/lukevella/rallly/releases/tag/v${version}";
+    description = "Rallly is an open-source scheduling and collaboration tool designed to make organizing events and meetings easier";
+    longDescription = ''
+      Rallly is an open-source scheduling and collaboration tool
+      designed to make organizing events and meetings easier.
+      Schedule group meetings with friends, colleagues and teams.
+      Create meeting polls to find the best date and time to organize an event
+      based on your participants' availability. Save time and avoid back-and-forth emails.
+    '';
+    license = licenses.agpl3Plus;
+    maintainers = with maintainers; [
+      eyjhb
+    ];
+    mainProgram = "rallly";
+  };
+}

shared/pkgs/rallly/font.patch

@@ -0,0 +1,48 @@
+diff --git a/apps/web/src/app/[locale]/layout.tsx b/apps/web/src/app/[locale]/layout.tsx
+index ee7d143c..d70ecdfd 100644
+--- a/apps/web/src/app/[locale]/layout.tsx
++++ b/apps/web/src/app/[locale]/layout.tsx
+@@ -4,16 +4,13 @@ import "../../style.css";
+ import languages from "@rallly/languages";
+ import { Toaster } from "@rallly/ui/toaster";
+ import { Viewport } from "next";
+-import { Inter } from "next/font/google";
++import localFont from "next/font/local";
+ import React from "react";
+ 
+ import { TimeZoneChangeDetector } from "@/app/[locale]/timezone-change-detector";
+ import { Providers } from "@/app/providers";
+ 
+-const inter = Inter({
+-  subsets: ["latin"],
+-  display: "swap",
+-});
++const inter = localFont({ src: './../../../Inter.ttf' });
+ 
+ export async function generateStaticParams() {
+   return Object.keys(languages).map((locale) => ({ locale }));
+diff --git a/apps/web/src/pages/_app.tsx b/apps/web/src/pages/_app.tsx
+index b3d67d0e..16ee65a1 100644
+--- a/apps/web/src/pages/_app.tsx
++++ b/apps/web/src/pages/_app.tsx
+@@ -6,7 +6,7 @@ import { TooltipProvider } from "@rallly/ui/tooltip";
+ import { domMax, LazyMotion } from "framer-motion";
+ import { NextPage } from "next";
+ import { AppProps } from "next/app";
+-import { Inter } from "next/font/google";
++import localFont from "next/font/local";
+ import Head from "next/head";
+ import { SessionProvider, signIn, useSession } from "next-auth/react";
+ import React from "react";
+@@ -19,10 +19,7 @@ import { trpc } from "@/utils/trpc/client";
+ 
+ import { NextPageWithLayout } from "../types";
+ 
+-const inter = Inter({
+-  subsets: ["latin"],
+-  display: "swap",
+-});
++const inter = localFont({ src: './../../Inter.ttf' });
+ 
+ type AppPropsWithLayout = AppProps & {
+   Component: NextPageWithLayout;

shared/pkgs/rallly/prerender_cache_path.patch

@@ -0,0 +1,21 @@
+diff --git a/share/rallly/node_modules/next/dist/server/lib/incremental-cache/file-system-cache.js b/share/rallly/node_modules/next/dist/server/lib/incremental-cache/file-system-cache.js
+index f3be830..fdafb45 100755
+--- a/share/rallly/node_modules/next/dist/server/lib/incremental-cache/file-system-cache.js
++++ b/share/rallly/node_modules/next/dist/server/lib/incremental-cache/file-system-cache.js
+@@ -10,6 +10,7 @@ Object.defineProperty(exports, "default", {
+ });
+ const _lrucache = /*#__PURE__*/ _interop_require_default(require("next/dist/compiled/lru-cache"));
+ const _path = /*#__PURE__*/ _interop_require_default(require("../../../shared/lib/isomorphic/path"));
++var path = require('node:path');
+ const _constants = require("../../../lib/constants");
+ function _interop_require_default(obj) {
+     return obj && obj.__esModule ? obj : {
+@@ -22,7 +23,7 @@ class FileSystemCache {
+     constructor(ctx){
+         this.fs = ctx.fs;
+         this.flushToDisk = ctx.flushToDisk;
+-        this.serverDistDir = ctx.serverDistDir;
++        this.serverDistDir = path.join(process.env.NIXPKGS_RALLLY_CACHE_DIR, "rallly");
+         this.appDir = !!ctx._appDir;
+         this.pagesDir = !!ctx._pagesDir;
+         this.revalidatedTags = ctx.revalidatedTags;