about summary refs log tree commit diff
path: root/ops
diff options
context:
space:
mode:
authorVincent Ambo <mail@tazj.in>2022-02-18T11·32+0300
committertazjin <tazjin@tvl.su>2022-02-18T11·39+0000
commitac6717fe3c5cf5ab6b495092e8dd4565a4242eac (patch)
treec1821ac105febfe6c144420aae2817fa6f21be83 /ops
parent5b701ad713072d9910b69396338a816039a810b3 (diff)
fix(ops/modules/www): Make self-redirect to config a generic module r/3849
As suggested by sterni, this makes the self-redirect of a machine to
its configuration a generic module working by convention.

In the process of moving this two small fixes have been applied:

* redirect is only applied if the URI is `/`, this is required for
  ACME to work
* addSSL = true is added, otherwise we have a certificate but no TLS
  listener

Change-Id: Icaef041ff681253a61e36926417bdb2844e3f93d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5313
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Diffstat (limited to 'ops')
-rw-r--r--ops/machines/sanduny/default.nix2
-rw-r--r--ops/machines/whitby/default.nix2
-rw-r--r--ops/modules/www/sanduny.tvl.su.nix16
-rw-r--r--ops/modules/www/self-redirect.nix27
-rw-r--r--ops/modules/www/whitby.tvl.fyi.nix17
5 files changed, 29 insertions, 35 deletions
diff --git a/ops/machines/sanduny/default.nix b/ops/machines/sanduny/default.nix
index a2928815fb15..109e6e693d96 100644
--- a/ops/machines/sanduny/default.nix
+++ b/ops/machines/sanduny/default.nix
@@ -17,7 +17,7 @@ in
     (mod "journaldriver.nix")
     (mod "known-hosts.nix")
     (mod "tvl-users.nix")
-    (mod "www/sanduny.tvl.su.nix")
+    (mod "www/self-redirect.nix")
   ];
 
   networking = {
diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix
index 9f1a0a1914f9..8ea5931f57d6 100644
--- a/ops/machines/whitby/default.nix
+++ b/ops/machines/whitby/default.nix
@@ -37,13 +37,13 @@ in
     "${depot.path}/ops/modules/www/deploys.tvl.fyi.nix"
     "${depot.path}/ops/modules/www/images.tvl.fyi.nix"
     "${depot.path}/ops/modules/www/nixery.dev.nix"
+    "${depot.path}/ops/modules/www/self-redirect.nix"
     "${depot.path}/ops/modules/www/static.tvl.fyi.nix"
     "${depot.path}/ops/modules/www/status.tvl.su.nix"
     "${depot.path}/ops/modules/www/tazj.in.nix"
     "${depot.path}/ops/modules/www/todo.tvl.fyi.nix"
     "${depot.path}/ops/modules/www/tvl.fyi.nix"
     "${depot.path}/ops/modules/www/tvl.su.nix"
-    "${depot.path}/ops/modules/www/whitby.tvl.fyi.nix"
     "${depot.path}/ops/modules/www/wigglydonke.rs.nix"
     "${depot.third_party.agenix.src}/modules/age.nix"
     "${pkgs.path}/nixos/modules/services/web-apps/gerrit.nix"
diff --git a/ops/modules/www/sanduny.tvl.su.nix b/ops/modules/www/sanduny.tvl.su.nix
deleted file mode 100644
index 1a60d06fa062..000000000000
--- a/ops/modules/www/sanduny.tvl.su.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-# Redirect sanduny.tvl.su to the machine configuration.
-
-{
-  imports = [
-    ./base.nix
-  ];
-
-  config.services.nginx.virtualHosts."sanduny.tvl.su" = {
-    serverName = "sanduny.tvl.su";
-    enableACME = true;
-
-    extraConfig = ''
-      return 302 https://at.tvl.fyi/?q=%2F%2Fops%2Fmachines%2Fsanduny;
-    '';
-  };
-}
diff --git a/ops/modules/www/self-redirect.nix b/ops/modules/www/self-redirect.nix
new file mode 100644
index 000000000000..5bf1627be99a
--- /dev/null
+++ b/ops/modules/www/self-redirect.nix
@@ -0,0 +1,27 @@
+# Redirect the hostname of a machine to its configuration in a web
+# browser.
+#
+# Works by convention, assuming that the machine has its configuration
+# at //ops/machines/${hostname}.
+{ config, ... }:
+
+let
+  host = "${config.networking.hostName}.${config.networking.domain}";
+in
+{
+  imports = [
+    ./base.nix
+  ];
+
+  config.services.nginx.virtualHosts."${host}" = {
+    serverName = host;
+    addSSL = true; # SSL is not forced on these redirects
+    enableACME = true;
+
+    extraConfig = ''
+      location = / {
+        return 302 https://at.tvl.fyi/?q=%2F%2Fops%2Fmachines%2F${config.networking.hostName};
+      }
+    '';
+  };
+}
diff --git a/ops/modules/www/whitby.tvl.fyi.nix b/ops/modules/www/whitby.tvl.fyi.nix
deleted file mode 100644
index bcd7a76ec4e8..000000000000
--- a/ops/modules/www/whitby.tvl.fyi.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-# Redirect whitby.tvl.fyi to the machine configuration.
-
-{
-  imports = [
-    ./base.nix
-  ];
-
-  config.services.nginx.virtualHosts."whitby.tvl.fyi" = {
-    serverName = "whitby.tvl.fyi";
-    serverAliases = [ "whitby.tvl.su" ];
-    enableACME = true;
-
-    extraConfig = ''
-      return 302 https://at.tvl.fyi/?q=%2F%2Fops%2Fmachines%2Fwhitby;
-    '';
-  };
-}