about summary refs log tree commit diff
path: root/users/sterni/machines/edwin
diff options
context:
space:
mode:
authorsterni <sternenseemann@systemli.org>2023-12-30T23·19+0100
committerclbot <clbot@tvl.fyi>2023-12-31T14·30+0000
commit06db871bd75a714a61434dd4b13bc87e1319ba92 (patch)
treea8e63e990dd7fd5a7d7b7d843eb53cff8e0441b2 /users/sterni/machines/edwin
parent12f9b95a2c75a757a36c4147eb011d096e8f48be (diff)
chore(sterni/machines): move http services from edwin to ingeborg r/7291
* Make sterni.lv declarative
* Disable gopher server
* Disable likely-music.sterni.lv for now
* Don't give systemd too much leeway with scheduling git syncs

Change-Id: Ie8507d96f2df76ad8e393b2181ed7378c37829d0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10480
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Diffstat (limited to 'users/sterni/machines/edwin')
-rw-r--r--users/sterni/machines/edwin/default.nix5
-rw-r--r--users/sterni/machines/edwin/gopher.nix19
-rw-r--r--users/sterni/machines/edwin/http/code.sterni.lv.nix262
-rw-r--r--users/sterni/machines/edwin/http/fcgiwrap.nix15
-rw-r--r--users/sterni/machines/edwin/http/flipdot.openlab-augsburg.de.nix36
-rw-r--r--users/sterni/machines/edwin/http/likely-music.sterni.lv.nix23
-rw-r--r--users/sterni/machines/edwin/http/nginx.nix28
-rw-r--r--users/sterni/machines/edwin/http/sterni.lv.nix16
8 files changed, 0 insertions, 404 deletions
diff --git a/users/sterni/machines/edwin/default.nix b/users/sterni/machines/edwin/default.nix
index 00b2851e4eeb..68f20787a9bf 100644
--- a/users/sterni/machines/edwin/default.nix
+++ b/users/sterni/machines/edwin/default.nix
@@ -11,11 +11,6 @@
     ./network.nix
     # These modules configure services, websites etc.
     (depot.path.origSrc + "/ops/modules/btrfs-auto-scrub.nix")
-    ./gopher.nix
-    ./http/sterni.lv.nix
-    ./http/code.sterni.lv.nix
-    ./http/flipdot.openlab-augsburg.de.nix
-    ./http/likely-music.sterni.lv.nix
   ];
 
   config = {
diff --git a/users/sterni/machines/edwin/gopher.nix b/users/sterni/machines/edwin/gopher.nix
deleted file mode 100644
index 57275e13a55a..000000000000
--- a/users/sterni/machines/edwin/gopher.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ depot, ... }:
-
-{
-  config = {
-    services.spacecookie = {
-      enable = true;
-      openFirewall = true;
-      settings = {
-        hostname = "sterni.lv";
-        root = depot.users.sterni.lv.gopher;
-        log = {
-          enable = true;
-          hide-ips = true;
-          hide-time = true;
-        };
-      };
-    };
-  };
-}
diff --git a/users/sterni/machines/edwin/http/code.sterni.lv.nix b/users/sterni/machines/edwin/http/code.sterni.lv.nix
deleted file mode 100644
index 79af1f27d040..000000000000
--- a/users/sterni/machines/edwin/http/code.sterni.lv.nix
+++ /dev/null
@@ -1,262 +0,0 @@
-{ depot, pkgs, lib, config, ... }:
-
-let
-  virtualHost = "code.sterni.lv";
-
-  repoSections = [
-    {
-      section = "active";
-      repos = {
-        spacecookie = {
-          description = "gopher server (and library for Haskell)";
-          upstream = "https://github.com/sternenseemann/spacecookie.git";
-        };
-        "mirror/depot" = {
-          description = "monorepo for the virus lounge";
-          upstream = "https://code.tvl.fyi/depot.git";
-          cgit.defbranch = "canon";
-        };
-        "mirror/flipdot-gschichtler" = {
-          description = "message queue system for OpenLab's flipdot display";
-          upstream = "https://github.com/openlab-aux/flipdot-gschichtler.git";
-        };
-        "mirror/nixpkgs" = {
-          description = "Nix packages collection";
-          upstream = "https://github.com/nixos/nixpkgs.git";
-          cgit.enable-commit-graph = "0"; # too slow
-        };
-        "mirror/vuizvui" = {
-          description = "Nix(OS) expressions used by the OpenLab and its members";
-          upstream = "https://github.com/openlab-aux/vuizvui.git";
-        };
-      };
-    }
-    {
-      section = "poc";
-      repos = {
-        emoji-generic = {
-          description = "generic emoji library for Haskell";
-          upstream = "https://github.com/sternenseemann/emoji-generic.git";
-        };
-        grav2ty = {
-          description = "“realistic” 2d space game";
-          upstream = "https://github.com/sternenseemann/grav2ty.git";
-        };
-        haskell-dot-time = {
-          description = "UTC-centric time library for haskell with dot time support";
-          cgit.defbranch = "main";
-        };
-        buchstabensuppe = {
-          description = "toy font rendering for low pixelcount, high contrast displays";
-          upstream = "https://github.com/sternenseemann/buchstabensuppe.git";
-          cgit.defbranch = "main";
-        };
-        "mirror/saneterm" = {
-          description = "modern line-oriented terminal emulator without support for TUIs";
-          upstream = "https://git.8pit.net/saneterm.git";
-        };
-      };
-    }
-    {
-      # TODO(sterni): resisort, klammeraffe, cl-ca, ponify, tinyrl
-      section = "archive";
-      repos = {
-        gopher-proxy = {
-          description = "Gopher over HTTP proxy";
-          upstream = "https://github.com/sternenseemann/gopher-proxy.git";
-        };
-        likely-music = {
-          description = "experimental application for probabilistic music composition";
-          upstream = "https://github.com/sternenseemann/likely-music.git";
-        };
-        logbook = {
-          description = "file format for keeping a personal log";
-          upstream = "https://github.com/sternenseemann/logbook.git";
-        };
-        sternenblog = {
-          description = "file based cgi blog software";
-          upstream = "https://github.com/sternenseemann/sternenblog.git";
-        };
-      };
-    }
-  ];
-
-  repoPath = name: repo: repo.path or "/srv/git/${name}.git";
-
-  cgitRepoEntry = name: repo:
-    lib.concatStringsSep "\n" (
-      [
-        "repo.url=${name}"
-        "repo.path=${repoPath name repo}"
-      ]
-      ++ lib.optional (repo ? description) "repo.desc=${repo.description}"
-      ++ lib.mapAttrsToList (n: v: "repo.${n}=${v}") repo.cgit or { }
-    );
-
-  cgitHead = pkgs.writeText "cgit-head.html" ''
-    <style>
-    #summary {
-      max-width: 80em;
-    }
-
-    #summary * {
-      max-width: 100%;
-    }
-    </style>
-  '';
-
-  cgitConfig = pkgs.writeText "cgitrc" ''
-    virtual-root=/
-
-    enable-http-clone=1
-    clone-url=https://${virtualHost}/$CGIT_REPO_URL
-
-    enable-blame=1
-    enable-log-filecount=1
-    enable-log-linecount=1
-    enable-index-owner=0
-    enable-blame=1
-    enable-commit-graph=1
-
-    root-title=code.sterni.lv
-    css=/cgit.css
-    head-include=${cgitHead}
-
-    mimetype-file=${pkgs.mime-types}/etc/mime.types
-
-    about-filter=${depot.tools.cheddar.about-filter}/bin/cheddar-about
-    source-filter=${depot.tools.cheddar}/bin/cheddar
-    readme=:README.md
-    readme=:readme.md
-
-    section-sort=0
-    ${
-      lib.concatMapStringsSep "\n" (section:
-        ''
-          section=${section.section}
-
-        ''
-        + builtins.concatStringsSep "\n\n" (lib.mapAttrsToList cgitRepoEntry section.repos)
-      ) repoSections
-    }
-  '';
-
-  /* Merge a list of attrs, but fail when the same attribute occurs twice.
-
-     Type: [ attrs ] -> attrs
-  */
-  mergeManyDistinctAttrs = lib.foldAttrs
-    (
-      val: nul:
-        if nul == null then val else throw "Every attribute name may occur only once"
-    )
-    null;
-
-  flatRepos = mergeManyDistinctAttrs
-    (builtins.map (section: section.repos) repoSections);
-
-  reposToMirror = lib.filterAttrs (_: repo: repo ? upstream) flatRepos;
-
-  # User and group name used for running the mirror scripts
-  mirroredReposOwner = "git";
-
-  # Make repo name suitable for systemd unit/timer
-  unitName = name: "mirror-${lib.strings.sanitizeDerivationName name}";
-in
-
-{
-  imports = [
-    ./nginx.nix
-    ./fcgiwrap.nix
-  ];
-
-  config = {
-    services.nginx.virtualHosts."${virtualHost}" = {
-      enableACME = true;
-      forceSSL = true;
-      root = "${pkgs.cgit-pink}/cgit/";
-      extraConfig = ''
-        try_files $uri @cgit;
-
-        location @cgit {
-          include ${pkgs.nginx}/conf/fastcgi_params;
-          fastcgi_param    SCRIPT_FILENAME ${pkgs.cgit-pink}/cgit/cgit.cgi;
-          fastcgi_param    PATH_INFO       $uri;
-          fastcgi_param    QUERY_STRING    $args;
-          fastcgi_param    HTTP_HOST       $server_name;
-          fastcgi_param    CGIT_CONFIG     ${cgitConfig};
-          fastcgi_pass     unix:${toString config.services.fcgiwrap.socketAddress};
-        }
-      '';
-    };
-
-    users = {
-      users.${mirroredReposOwner} = {
-        group = mirroredReposOwner;
-        isSystemUser = true;
-      };
-
-      groups.${mirroredReposOwner} = { };
-    };
-
-
-    systemd.timers = lib.mapAttrs'
-      (
-        name: repo:
-          {
-            name = unitName name;
-            value = {
-              description = "regularly update mirror git repository ${name}";
-              wantedBy = [ "timers.target" ];
-              enable = true;
-              timerConfig = {
-                # Fire every 6h and distribute the workload over next 6h randomly
-                OnCalendar = "*-*-* 00/6:00:00";
-                AccuracySec = "6h";
-                RandomizedDelaySec = "6h";
-                Persistent = true;
-              };
-            };
-          }
-      )
-      reposToMirror;
-
-    systemd.services = lib.mapAttrs'
-      (
-        name: repo:
-          {
-            name = unitName name;
-            value = {
-              description = "mirror git repository ${name}";
-              after = [ "network-online.target" ];
-              script =
-                let
-                  path = repoPath name repo;
-                in
-                ''
-                  set -euo pipefail
-
-                  export PATH="${lib.makeBinPath [ pkgs.coreutils pkgs.git ]}"
-
-                  if test ! -d "${path}"; then
-                    mkdir -p "$(dirname "${path}")"
-                    git clone --mirror "${repo.upstream}" "${path}"
-                    exit 0
-                  fi
-
-                  cd "${path}"
-
-                  git fetch "${repo.upstream}" '+refs/*:refs/*' --prune
-                '';
-
-              serviceConfig = {
-                Type = "oneshot";
-                User = mirroredReposOwner;
-                Group = mirroredReposOwner;
-              };
-            };
-          }
-      )
-      reposToMirror;
-  };
-}
diff --git a/users/sterni/machines/edwin/http/fcgiwrap.nix b/users/sterni/machines/edwin/http/fcgiwrap.nix
deleted file mode 100644
index 19696d85d413..000000000000
--- a/users/sterni/machines/edwin/http/fcgiwrap.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ ... }:
-
-{
-  imports = [
-    ./nginx.nix
-  ];
-
-  config.services.fcgiwrap = {
-    enable = true;
-    socketType = "unix";
-    socketAddress = "/run/fcgiwrap.sock";
-    user = "http";
-    group = "http";
-  };
-}
diff --git a/users/sterni/machines/edwin/http/flipdot.openlab-augsburg.de.nix b/users/sterni/machines/edwin/http/flipdot.openlab-augsburg.de.nix
deleted file mode 100644
index c86956a0a473..000000000000
--- a/users/sterni/machines/edwin/http/flipdot.openlab-augsburg.de.nix
+++ /dev/null
@@ -1,36 +0,0 @@
-{ depot, lib, config, ... }:
-
-let
-  inherit (depot.users.sterni.external.flipdot-gschichtler)
-    bahnhofshalle
-    warteraum
-    nixosModule
-    ;
-in
-
-{
-  imports = [
-    nixosModule
-    ./nginx.nix
-  ];
-
-  config = {
-    age.secrets = lib.genAttrs [
-      "warteraum-salt"
-      "warteraum-tokens"
-    ]
-      (name: {
-        file = depot.users.sterni.secrets."${name}.age";
-      });
-
-    services.flipdot-gschichtler = {
-      enable = true;
-      virtualHost = "flipdot.openlab-augsburg.de";
-      packages = {
-        inherit bahnhofshalle warteraum;
-      };
-      saltFile = config.age.secretsDir + "/warteraum-salt";
-      tokensFile = config.age.secretsDir + "/warteraum-tokens";
-    };
-  };
-}
diff --git a/users/sterni/machines/edwin/http/likely-music.sterni.lv.nix b/users/sterni/machines/edwin/http/likely-music.sterni.lv.nix
deleted file mode 100644
index 8da03ac5e6ec..000000000000
--- a/users/sterni/machines/edwin/http/likely-music.sterni.lv.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{ depot, ... }:
-
-let
-  inherit (depot.users.sterni.external.likely-music)
-    nixosModule
-    likely-music
-    ;
-in
-
-{
-  imports = [
-    ./nginx.nix
-    nixosModule
-  ];
-
-  config = {
-    services.likely-music = {
-      enable = true;
-      virtualHost = "likely-music.sterni.lv";
-      package = likely-music;
-    };
-  };
-}
diff --git a/users/sterni/machines/edwin/http/nginx.nix b/users/sterni/machines/edwin/http/nginx.nix
deleted file mode 100644
index 7c99cdd150e0..000000000000
--- a/users/sterni/machines/edwin/http/nginx.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{ ... }:
-
-{
-  config = {
-    users = {
-      users.http = {
-        isSystemUser = true;
-        group = "http";
-      };
-
-      groups.http = { };
-    };
-
-    services.nginx = {
-      enable = true;
-      recommendedTlsSettings = true;
-      recommendedGzipSettings = true;
-      recommendedProxySettings = true;
-
-      user = "http";
-      group = "http";
-
-      appendHttpConfig = ''
-        charset utf-8;
-      '';
-    };
-  };
-}
diff --git a/users/sterni/machines/edwin/http/sterni.lv.nix b/users/sterni/machines/edwin/http/sterni.lv.nix
deleted file mode 100644
index 44306c75bf64..000000000000
--- a/users/sterni/machines/edwin/http/sterni.lv.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-{ ... }:
-
-{
-  imports = [
-    ./nginx.nix
-  ];
-
-  config = {
-    services.nginx.virtualHosts."sterni.lv" = {
-      enableACME = true;
-      forceSSL = true;
-      # TODO(sterni): take website from store, replace /tmp with a simple LRU thing
-      root = toString /srv/http;
-    };
-  };
-}