For my personal website, I wrote a backend in Haskell: https://github.com/myfreeweb/sweetroll after trying a lot of static generators, writing Dropbox-backed blog engines, etc.
It uses the Micropub protocol for posting/editing/deleting (I also made a frontend editor app for Micropub: https://github.com/myfreeweb/micro-panel), Webmention for talking to other websites, Git+JSON to store content.
I don't like the PHP/MySQL CMS world at all, but I use that at work. We use MODX Revolution (with some sites still on Evolution).
Firstly, sweetroll looks amazingly cool and being able to add javascript plugins seems like a great idea.
Second, have you looked at clckwrks[0]? It aims to specifically dethrone wordpress by making plugins that are provably safe. I think this is a viable way to attack wordpresses stronghold, though I think being able to do things like write plugins based in javascript or other popular languages when an existing provably safe plugin doesn't exist will also be necessary.
Last time I tried clckwrks it was a bit hard to get setup (this was pre-stack) so I don't blame you for rolling your own solution.
I do wonder what you think of clckwrks and the idea of exploiting Haskell to make provably safe plugins so you can create a large ecosystem without the security issues that wordpress plugins have.
I have kinda looked at it — it's not really what I wanted. For my personal website, I don't want an admin interface, password authentication and all that CMS-y stuff. Also, sweetroll was my "learning haskell" project, so of course I had to write a whole backend from scratch!
Setup wasn't the problem, Cabal sandboxes weren't much harder to use than stack… The actual benefit of stack is sharing compiled packages across all sandboxes instead of rebuilding everything every time.
Plugins in Haskell, or any compiled language, are kinda awkward to work with honestly. If you have to recompile the app, it's not very pluginy :D What are the other options? Dynamically loading shared libraries or using standalone RPC processes, neither of which feels good for a web app.
Embedded interpreters like duktape are pretty safe already. In terms of security model (you only expose what you want, there's nothing like file I/O available by default). Of course there might be bugs in them, especially memory bugs since they're written in C, but I'm not very concerned about actively hostile plugins tbh.
> Cabal sandboxes weren't much harder to use than stack… The actual benefit of stack is sharing compiled packages across all sandboxes instead of rebuilding everything every time.
I disagree. Stack saves tons of time by giving me package versions that just build together.
> Plugins in Haskell, or any compiled language, are kinda awkward to work with honestly. If you have to recompile the app, it's not very pluginy :D
It uses the Micropub protocol for posting/editing/deleting (I also made a frontend editor app for Micropub: https://github.com/myfreeweb/micro-panel), Webmention for talking to other websites, Git+JSON to store content.
I don't like the PHP/MySQL CMS world at all, but I use that at work. We use MODX Revolution (with some sites still on Evolution).