about summary refs log tree commit diff
path: root/users/sterni/machines/edwin/http
diff options
context:
space:
mode:
authorsterni <sternenseemann@systemli.org>2022-06-06T10·37+0200
committersterni <sternenseemann@systemli.org>2022-11-26T15·51+0000
commit2490ce968c73181d383b297c2e473605d8ac96c3 (patch)
tree500dc5aab9316ddfa305780b347428a5065bb428 /users/sterni/machines/edwin/http
parent7b4a545699f62faecc3b0223a761e1ca456f8cd9 (diff)
feat(sterni/machines): add edwin r/5336
This adds edwin, the machine running sterni.lv, as well as my
idiosyncratic deployment solution. It is based on instantiating the
system configuration locally (where you'd work on the configuration),
copying the derivation files to the remote machine where the system
derivation is realised and deployed. Unfortunately, the first step tends
to be quite slow (despite gzip compression), so this may not be the
definite way despite its advantages.

Change-Id: I30f597692338df3981e01a1b7eee9cdad48f94cb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7293
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Diffstat (limited to 'users/sterni/machines/edwin/http')
-rw-r--r--users/sterni/machines/edwin/http/code.sterni.lv.nix120
-rw-r--r--users/sterni/machines/edwin/http/fcgiwrap.nix15
-rw-r--r--users/sterni/machines/edwin/http/flipdot.openlab-augsburg.de.nix36
-rw-r--r--users/sterni/machines/edwin/http/likely-music.sterni.lv.nix23
-rw-r--r--users/sterni/machines/edwin/http/nginx.nix28
-rw-r--r--users/sterni/machines/edwin/http/sterni.lv.nix16
6 files changed, 238 insertions, 0 deletions
diff --git a/users/sterni/machines/edwin/http/code.sterni.lv.nix b/users/sterni/machines/edwin/http/code.sterni.lv.nix
new file mode 100644
index 000000000000..6c7e73cbc24e
--- /dev/null
+++ b/users/sterni/machines/edwin/http/code.sterni.lv.nix
@@ -0,0 +1,120 @@
+{ depot, pkgs, lib, config, ... }:
+
+# TODO(sterni): automatically sync repositories with upstream if needed
+let
+  virtualHost = "code.sterni.lv";
+
+  repos = {
+    spacecookie = {
+      description = "gopher server (and library for Haskell)";
+    };
+    gopher-proxy = {
+      description = "Gopher over HTTP proxy";
+    };
+    emoji-generic = {
+      description = "generic emoji library for Haskell (wip)";
+    };
+    grav2ty = {
+      description = "“realistic” 2d space game";
+    };
+    likely-music = {
+      description = "experimental application for probabilistic music composition";
+    };
+    logbook = {
+      description = "file format for keeping a personal log";
+    };
+    sternenblog = {
+      description = "file based cgi blog software";
+    };
+    haskell-dot-time = {
+      description = "UTC-centric time library for haskell with dot time support";
+      defaultBranch = "main";
+    };
+    buchstabensuppe = {
+      description = "toy font rendering for low pixelcount, high contrast displays";
+      defaultBranch = "main";
+    };
+  };
+
+  cgitRepoEntry = name: repo:
+    let
+      repoName = repos.name or name;
+      path = repo.path or "${repoName}.git";
+    in
+    lib.concatStringsSep "\n" (
+      [
+        "repo.url=${repoName}"
+        "repo.path=/srv/git/${path}"
+      ]
+      ++ lib.optional (repo ? description) "repo.desc=${repo.description}"
+      ++ lib.optional (repo ? defaultBranch) "repo.defbranch=${repo.defaultBranch}"
+    );
+
+  cgitHead = pkgs.writeText "cgit-head.html" ''
+    <style>
+    #summary {
+      max-width: 80em;
+    }
+
+    #summary * {
+      max-width: 100%;
+    }
+    </style>
+  '';
+
+  cgitConfig = pkgs.writeText "cgitrc" ''
+    virtual-root=/
+
+    enable-http-clone=1
+    clone-url=https://${virtualHost}/$CGIT_REPO_URL
+
+    enable-blame=1
+    enable-log-filecount=1
+    enable-log-linecount=1
+    enable-index-owner=0
+    enable-blame=1
+    enable-commit-graph=1
+
+    root-title=code
+    root-desc=sterni's git repositories
+    css=/cgit.css
+    head-include=${cgitHead}
+
+    mimetype-file=${pkgs.mime-types}/etc/mime.types
+
+    about-filter=${depot.tools.cheddar.about-filter}/bin/cheddar-about
+    source-filter=${depot.tools.cheddar}/bin/cheddar
+    readme=:README.md
+    readme=:readme.md
+
+    ${builtins.concatStringsSep "\n\n" (lib.mapAttrsToList cgitRepoEntry repos)}
+  '';
+in
+
+{
+  imports = [
+    ./nginx.nix
+    ./fcgiwrap.nix
+  ];
+
+  config = {
+    services.nginx.virtualHosts."${virtualHost}" = {
+      enableACME = true;
+      forceSSL = true;
+      root = "${pkgs.cgit-pink}/cgit/";
+      extraConfig = ''
+        try_files $uri @cgit;
+
+        location @cgit {
+          include ${pkgs.nginx}/conf/fastcgi_params;
+          fastcgi_param    SCRIPT_FILENAME ${pkgs.cgit-pink}/cgit/cgit.cgi;
+          fastcgi_param    PATH_INFO       $uri;
+          fastcgi_param    QUERY_STRING    $args;
+          fastcgi_param    HTTP_HOST       $server_name;
+          fastcgi_param    CGIT_CONFIG     ${cgitConfig};
+          fastcgi_pass     unix:${toString config.services.fcgiwrap.socketAddress};
+        }
+      '';
+    };
+  };
+}
diff --git a/users/sterni/machines/edwin/http/fcgiwrap.nix b/users/sterni/machines/edwin/http/fcgiwrap.nix
new file mode 100644
index 000000000000..19696d85d413
--- /dev/null
+++ b/users/sterni/machines/edwin/http/fcgiwrap.nix
@@ -0,0 +1,15 @@
+{ ... }:
+
+{
+  imports = [
+    ./nginx.nix
+  ];
+
+  config.services.fcgiwrap = {
+    enable = true;
+    socketType = "unix";
+    socketAddress = "/run/fcgiwrap.sock";
+    user = "http";
+    group = "http";
+  };
+}
diff --git a/users/sterni/machines/edwin/http/flipdot.openlab-augsburg.de.nix b/users/sterni/machines/edwin/http/flipdot.openlab-augsburg.de.nix
new file mode 100644
index 000000000000..c86956a0a473
--- /dev/null
+++ b/users/sterni/machines/edwin/http/flipdot.openlab-augsburg.de.nix
@@ -0,0 +1,36 @@
+{ depot, lib, config, ... }:
+
+let
+  inherit (depot.users.sterni.external.flipdot-gschichtler)
+    bahnhofshalle
+    warteraum
+    nixosModule
+    ;
+in
+
+{
+  imports = [
+    nixosModule
+    ./nginx.nix
+  ];
+
+  config = {
+    age.secrets = lib.genAttrs [
+      "warteraum-salt"
+      "warteraum-tokens"
+    ]
+      (name: {
+        file = depot.users.sterni.secrets."${name}.age";
+      });
+
+    services.flipdot-gschichtler = {
+      enable = true;
+      virtualHost = "flipdot.openlab-augsburg.de";
+      packages = {
+        inherit bahnhofshalle warteraum;
+      };
+      saltFile = config.age.secretsDir + "/warteraum-salt";
+      tokensFile = config.age.secretsDir + "/warteraum-tokens";
+    };
+  };
+}
diff --git a/users/sterni/machines/edwin/http/likely-music.sterni.lv.nix b/users/sterni/machines/edwin/http/likely-music.sterni.lv.nix
new file mode 100644
index 000000000000..8da03ac5e6ec
--- /dev/null
+++ b/users/sterni/machines/edwin/http/likely-music.sterni.lv.nix
@@ -0,0 +1,23 @@
+{ depot, ... }:
+
+let
+  inherit (depot.users.sterni.external.likely-music)
+    nixosModule
+    likely-music
+    ;
+in
+
+{
+  imports = [
+    ./nginx.nix
+    nixosModule
+  ];
+
+  config = {
+    services.likely-music = {
+      enable = true;
+      virtualHost = "likely-music.sterni.lv";
+      package = likely-music;
+    };
+  };
+}
diff --git a/users/sterni/machines/edwin/http/nginx.nix b/users/sterni/machines/edwin/http/nginx.nix
new file mode 100644
index 000000000000..7c99cdd150e0
--- /dev/null
+++ b/users/sterni/machines/edwin/http/nginx.nix
@@ -0,0 +1,28 @@
+{ ... }:
+
+{
+  config = {
+    users = {
+      users.http = {
+        isSystemUser = true;
+        group = "http";
+      };
+
+      groups.http = { };
+    };
+
+    services.nginx = {
+      enable = true;
+      recommendedTlsSettings = true;
+      recommendedGzipSettings = true;
+      recommendedProxySettings = true;
+
+      user = "http";
+      group = "http";
+
+      appendHttpConfig = ''
+        charset utf-8;
+      '';
+    };
+  };
+}
diff --git a/users/sterni/machines/edwin/http/sterni.lv.nix b/users/sterni/machines/edwin/http/sterni.lv.nix
new file mode 100644
index 000000000000..44306c75bf64
--- /dev/null
+++ b/users/sterni/machines/edwin/http/sterni.lv.nix
@@ -0,0 +1,16 @@
+{ ... }:
+
+{
+  imports = [
+    ./nginx.nix
+  ];
+
+  config = {
+    services.nginx.virtualHosts."sterni.lv" = {
+      enableACME = true;
+      forceSSL = true;
+      # TODO(sterni): take website from store, replace /tmp with a simple LRU thing
+      root = toString /srv/http;
+    };
+  };
+}