Update script: cd into fdroid repo before updating

.envrc

@@ -1,10 +1 @@
-export DIRENV_WARN_TIMEOUT=20s
+use flake
-
-eval "$(devenv direnvrc)"
-
-# `use devenv` supports the same options as the `devenv shell` command.
-#
-# To silence the output, use `--quiet`.
-#
-# Example usage: use devenv --quiet --impure --option services.postgres.enable:bool true
-use devenv

devenv.lock

@@ -1,102 +0,0 @@
-{
-  "nodes": {
-    "devenv": {
-      "locked": {
-        "dir": "src/modules",
-        "lastModified": 1781195293,
-        "narHash": "sha256-C9OFghpvf3RzK2rGsZjjNNrTrHgFOecEkpDhFnU4QGs=",
-        "owner": "cachix",
-        "repo": "devenv",
-        "rev": "5f5109c83854577191634f7b86fc6e0c8fd44964",
-        "type": "github"
-      },
-      "original": {
-        "dir": "src/modules",
-        "owner": "cachix",
-        "repo": "devenv",
-        "type": "github"
-      }
-    },
-    "mk-shell-bin": {
-      "locked": {
-        "lastModified": 1677004959,
-        "narHash": "sha256-/uEkr1UkJrh11vD02aqufCxtbF5YnhRTIKlx5kyvf+I=",
-        "owner": "rrbutani",
-        "repo": "nix-mk-shell-bin",
-        "rev": "ff5d8bd4d68a347be5042e2f16caee391cd75887",
-        "type": "github"
-      },
-      "original": {
-        "owner": "rrbutani",
-        "repo": "nix-mk-shell-bin",
-        "type": "github"
-      }
-    },
-    "nix2container": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1775487831,
-        "narHash": "sha256-2lguQpLPQaxpQCJjXhmEEAfabwsAhkP29Z7fgLzHARA=",
-        "owner": "nlewo",
-        "repo": "nix2container",
-        "rev": "76be9608a7f4d6c985d28b0e7be903ae2547df3e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nlewo",
-        "repo": "nix2container",
-        "type": "github"
-      }
-    },
-    "nixpkgs": {
-      "inputs": {
-        "nixpkgs-src": "nixpkgs-src"
-      },
-      "locked": {
-        "lastModified": 1778507786,
-        "narHash": "sha256-HzSQCKMsMr8r55LwM1JuzIOB+8bzk0FEv6sItKvsfoY=",
-        "owner": "cachix",
-        "repo": "devenv-nixpkgs",
-        "rev": "8f24a228a782e24576b155d1e39f0d914b380691",
-        "type": "github"
-      },
-      "original": {
-        "owner": "cachix",
-        "ref": "rolling",
-        "repo": "devenv-nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs-src": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1778274207,
-        "narHash": "sha256-I4puXmX1iovcCHZlRmztO3vW0mAbbRvq4F8wgIMQ1MM=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "b3da656039dc7a6240f27b2ef8cc6a3ef3bccae7",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixpkgs-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "root": {
-      "inputs": {
-        "devenv": "devenv",
-        "mk-shell-bin": "mk-shell-bin",
-        "nix2container": "nix2container",
-        "nixpkgs": "nixpkgs"
-      }
-    }
-  },
-  "root": "root",
-  "version": 7
-}

devenv.nix

@@ -1,41 +0,0 @@
-{pkgs, ...}: {
-  packages = with pkgs; [
-    coreutils
-    curl
-    fdroidserver
-    sops
-    git
-    cacert
-    jq
-  ];
-
-  scripts = {
-    deploy-docker.exec = ''
-      devenv container copy processes
-    '';
-  };
-
-  services.nginx = {
-    enable = true;
-    httpConfig = builtins.readFile ./hosting/nginx-http.conf;
-  };
-
-  processes.updater.exec = ''
-    while true; do
-      ${pkgs.writeShellScript "run-updater" (builtins.readFile ./hosting/update.sh)}
-
-      echo "Sleeping for 30 minutes..."
-      sleep 1800
-    done
-  '';
-
-  # environment variables for sops
-  # SOPS_PGP_FP
-  containers."processes" = {
-    name = "gitlab.julian-mutter.de/julian/fdroid-frajul";
-    registry = "docker://";
-
-    copyToRoot = []; # avoid copying this repo
-    maxLayers = 10;
-  };
-}

devenv.yaml

@@ -1,10 +0,0 @@
-inputs:
-  mk-shell-bin:
-    url: github:rrbutani/nix-mk-shell-bin
-  nix2container:
-    url: github:nlewo/nix2container
-    inputs:
-      nixpkgs:
-        follows: nixpkgs
-  nixpkgs:
-    url: github:cachix/devenv-nixpkgs/rolling

flake.lock

@@ -0,0 +1,27 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1781577229,
+        "narHash": "sha256-lrp67w8AulE9Ks53n27I45ADSzbOCn4H+CNW1Ck8B+8=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "567a49d1913ce81ac6e9582e3553dd90a955875f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,85 @@
+{
+  description = "Docker image with Nginx, F-Droid, and a 30-minute periodic task";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+  };
+
+  outputs = {nixpkgs, ...}: let
+    system = "x86_64-linux";
+    pkgs = nixpkgs.legacyPackages.${system};
+
+    periodicScript = pkgs.writeShellScript "run-update" (builtins.readFile ./hosting/update.sh);
+    caddyConfig = ./hosting/Caddyfile;
+
+    entrypoint = pkgs.writeShellScript "entrypoint" ''
+      # Ensure necessary directories exist
+      mkdir -p /repo/fdroid/repo /tmp/caddy_data /tmp/caddy_config
+
+      # Start the background loop (1800 seconds = 30 minutes)
+      echo "Starting 30-minute background loop..."
+      while true; do
+        ${periodicScript}
+        ${pkgs.coreutils}/bin/sleep 1800
+      done &
+
+      # Set environment variables so Caddy writes its state to /tmp instead of /root
+      export XDG_DATA_HOME=/tmp/caddy_data
+      export XDG_CONFIG_HOME=/tmp/caddy_config
+
+      # Start Caddy in the foreground
+      echo "Starting Caddy..."
+      exec ${pkgs.caddy}/bin/caddy run --config ${caddyConfig} --adapter caddyfile
+    '';
+
+    deploy-script = pkgs.writeShellScriptBin "deploy" ''
+      ${pkgs.nix}/bin/nix build .#container
+
+      ${pkgs.skopeo}/bin/skopeo copy \
+      --registries-conf /dev/null \
+      docker-archive:result \
+      docker://gitlab.julian-mutter.de/julian/fdroid-frajul:latest
+    '';
+
+    dockerImage = pkgs.dockerTools.buildLayeredImage {
+      name = "gitlab.julian-mutter.de/julian/fdroid-frajul";
+      tag = "latest";
+
+      contents = with pkgs; [
+        coreutils
+        bashInteractive
+        caddy
+        dockerTools.fakeNss # Provides fake /etc/passwd for basic user emulation
+        dockerTools.usrBinEnv
+        dockerTools.binSh
+        dockerTools.caCertificates
+
+        fdroidserver
+        jq
+        curl
+        sops
+        git
+      ];
+
+      config = {
+        Cmd = ["${entrypoint}"];
+        WorkingDir = "/src";
+        ExposedPorts = {
+          "8080/tcp" = {};
+        };
+      };
+      maxLayers = 10;
+    };
+  in {
+    # nix build .#container
+    # docker load < result
+    packages.${system}.container = dockerImage;
+    devShells.${system}.default = pkgs.mkShell {
+      packages = [
+        deploy-script
+
+        pkgs.skopeo
+      ];
+    };
+  };
+}

hosting/Caddyfile

@@ -0,0 +1,13 @@
+:8080 {
+    # 1. Exact match redirect from root to the repo
+    redir / /fdroid/repo/ 302
+    
+    # 2. Redirect without trailing slash to ensure correct routing
+    redir /fdroid/repo /fdroid/repo/ 302
+
+    # 3. Strip '/fdroid/repo' from the URL and serve the underlying files
+    handle_path /fdroid/repo/* {
+        root * /repo/fdroid/repo
+        file_server browse
+    }
+}

hosting/nginx-http.conf

@@ -1,13 +0,0 @@
-server {
-    listen 8080;
-    server_name = fdroid.julian-mutter.de;
-
-    location = / {
-        return 302 /fdroid/repo;
-    }
-
-    location /fdroid/repo {
-        alias /repo/fdroid/repo/;
-        autoindex on;
-    }
-}

hosting/update.sh

@@ -14,12 +14,13 @@ if [ ! -d "./code/.git" ]; then
     cd ./code
     ./scripts/decrypt.sh
     echo "Done"
+else
+    cd "./code"
 fi
 
 echo "Running regular repo update..."
 echo ""
 
-cd "./code"
 git fetch origin
 LOCAL=$(git rev-parse HEAD)
 REMOTE=$(git rev-parse "origin/$BRANCH")
@@ -50,6 +51,7 @@ fi
 # Run fdroid update if needed
 if [ "$NEED_FDROID_UPDATE" = true ]; then
     echo "Running fdroid update..."
+    cd fdroid
     fdroid update -c
     fdroid update
     echo "Done"

scripts/apk-update-scripts/sheetless.sh

@@ -9,13 +9,12 @@ REPO_OWNER="julian"
 REPO_NAME="sheetless"
 APP_NAME="de.frajul.sheetless"
 TARGET_ASSET_NAME="app-release.apk"
-FDROID_REPO_DIR="./fdroid/repo"
+APK_DIR="/apks"
-FDROID_ARCHIVE_DIR="./fdroid/archive"
 
 # ==========================================
 # SETUP & API CALL
 # ==========================================
-mkdir -p "$FDROID_REPO_DIR"
+mkdir -p "$APK_DIR"
 
 API_URL="${GITEA_URL}/api/v1/repos/${REPO_OWNER}/${REPO_NAME}/releases"
 
@@ -44,8 +43,7 @@ while IFS=$'\t' read -r TAG DOWNLOAD_URL; do
     # Skip empty lines if jq returns nothing
     [[ -z "$TAG" ]] && continue
 
-    LOCAL_FILE="$FDROID_REPO_DIR/${APP_NAME}_${TAG}.apk"
+    LOCAL_FILE="$APK_DIR/${APP_NAME}_${TAG}.apk"
-    ARCHIVE_FILE="$FDROID_ARCHIVE_DIR/${APP_NAME}_${TAG}.apk"
 
     echo "Checking release: $TAG..."
 

scripts/update-apks.sh

@@ -1,7 +1,5 @@
 #!/usr/bin/env bash
 
-CHANGES_PRODUCED=false
-
 # Put here all apk update scripts
 UPDATE_SCRIPTS=(
     "./scripts/apk-update-scripts/sheetless.sh"
@@ -10,23 +8,26 @@ UPDATE_SCRIPTS=(
 for script in "${UPDATE_SCRIPTS[@]}"; do
     echo "--------------------------------"
     echo "Executing: $script"
-    
+
     # Run the script
     $script
-    
-    # Capture the exit code immediately
-    if [ $? -eq 10 ]; then
-        echo " -> $script returned 10 (change)"
-        CHANGES_PRODUCED=true
-    fi
 done
 
-echo "--------------------------------"
+# Sync all apks from the mounted dir to dest
+SOURCE="/apks/"
+DEST="/src/code/fdroid/repo/"
 
-if [ "$CHANGES_PRODUCED" = true ]; then
+HASH_BEFORE=$(ls -l "$DEST" | sha256sum)
-    echo "Result: At least one script produced a change"
+
-    exit 10
+echo "Syncing apks in directory $DEST with $SOURCE..."
-else
+rsync -rv --include="*.apk" --exclude="*" --delete "$SOURCE" "$DEST"
-    echo "Result: Not script produced a change"
+
+HASH_AFTER=$(ls -l "$DEST" | sha256sum)
+
+if [ "$HASH_BEFORE" == "$HASH_AFTER" ]; then
+    echo "No APKs were added or removed. Skipping F-Droid update."
     exit 0
+else
+    echo "Changes detected! Files were copied or deleted."
+    exit 10
 fi