feat(ops/glesys): add bolt.tvix.dev r/7598

Make tvixbolt.tvl.su just serve a redirect to the new domain, and fold
everything into the tvix.dev.nix module.

Change-Id: I3a9ccf37d2ceee8886208d6f662e7598ce395b1a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11015
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI

5 files changed, 27 insertions, 26 deletions

diff --git a/ops/glesys/dns-tvix-dev.tf b/ops/glesys/dns-tvix-dev.tf
index f457032603..296532a02b 100644
--- a/ops/glesys/dns-tvix-dev.tf
+++ b/ops/glesys/dns-tvix-dev.tf
@@ -18,6 +18,13 @@ resource "glesys_dnsdomain_record" "tvix_dev_apex_AAAA" {
   data   = var.whitby_ipv6
 }
 
+resource "glesys_dnsdomain_record" "tvix_dev_bolt_CNAME" {
+  domain = glesys_dnsdomain.tvix_dev.id
+  host   = "bolt"
+  type   = "CNAME"
+  data   = "whitby.tvl.su."
+}
+
 resource "glesys_dnsdomain_record" "tvix_dev_docs_CNAME" {
   domain = glesys_dnsdomain.tvix_dev.id
   host   = "docs"
diff --git a/ops/glesys/dns-tvl-su.tf b/ops/glesys/dns-tvl-su.tf
index 0f397193d7..f2286cf1cf 100644
--- a/ops/glesys/dns-tvl-su.tf
+++ b/ops/glesys/dns-tvl-su.tf
@@ -76,15 +76,12 @@ resource "glesys_dnsdomain_record" "tvl_su_whitby_services" {
   for_each = toset(local.whitby_services)
 }
 
-# Explicit records for corp-only services running on whitby.
-resource "glesys_dnsdomain_record" "tvl_su_corp_whitby_services" {
+# historical tvixbolt.tvl.su record, redirects to bolt.tvix.dev
+resource "glesys_dnsdomain_record" "tvix_su_tvixbolt_CNAME" {
   domain = glesys_dnsdomain.tvl_su.id
+  host   = "tvixbolt"
   type   = "CNAME"
   data   = "whitby.tvl.su."
-  host   = each.key
-  for_each = toset([
-    "tvixbolt",
-  ])
 }
 
 resource "glesys_dnsdomain_record" "tvl_su_inbox_CNAME" {
diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix
index 285b30f77c..2259b51c2a 100644
--- a/ops/machines/whitby/default.nix
+++ b/ops/machines/whitby/default.nix
@@ -42,7 +42,6 @@ in
     (mod "www/status.tvl.su.nix")
     (mod "www/todo.tvl.fyi.nix")
     (mod "www/tvix.dev.nix")
-    (mod "www/tvixbolt.tvl.su.nix")
     (mod "www/tvl.fyi.nix")
     (mod "www/tvl.su.nix")
     (mod "www/wigglydonke.rs.nix")
diff --git a/ops/modules/www/tvix.dev.nix b/ops/modules/www/tvix.dev.nix
index f86f5b3b1e..33c0bb002c 100644
--- a/ops/modules/www/tvix.dev.nix
+++ b/ops/modules/www/tvix.dev.nix
@@ -17,6 +17,23 @@
       '';
     };
 
+    services.nginx.virtualHosts."bolt.tvix.dev" = {
+      root = depot.web.tvixbolt;
+      enableACME = true;
+      forceSSL = true;
+
+      extraConfig = ''
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+      '';
+    };
+
+    # old domain, serve redirect
+    services.nginx.virtualHosts."tvixbolt.tvl.su" = {
+      enableACME = true;
+      forceSSL = true;
+      extraConfig = "return 301 https://bolt.tvix.dev$request_uri;";
+    };
+
     services.nginx.virtualHosts."docs.tvix.dev" = {
       serverName = "docs.tvix.dev";
       enableACME = true;
diff --git a/ops/modules/www/tvixbolt.tvl.su.nix b/ops/modules/www/tvixbolt.tvl.su.nix
deleted file mode 100644
index ef8ba0b11e..0000000000
--- a/ops/modules/www/tvixbolt.tvl.su.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ depot, ... }:
-
-{
-  imports = [
-    ./base.nix
-  ];
-
-  config = {
-    services.nginx.virtualHosts."tvixbolt.tvl.su" = {
-      root = depot.web.tvixbolt;
-      enableACME = true;
-      forceSSL = true;
-
-      extraConfig = ''
-        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
-      '';
-    };
-  };
-}