diff options
author | sterni <sternenseemann@systemli.org> | 2023-12-30T23·19+0100 |
---|---|---|
committer | clbot <clbot@tvl.fyi> | 2023-12-31T14·30+0000 |
commit | 06db871bd75a714a61434dd4b13bc87e1319ba92 (patch) | |
tree | a8e63e990dd7fd5a7d7b7d843eb53cff8e0441b2 /users/sterni/machines/ingeborg/http/code.sterni.lv.nix | |
parent | 12f9b95a2c75a757a36c4147eb011d096e8f48be (diff) |
chore(sterni/machines): move http services from edwin to ingeborg r/7291
* Make sterni.lv declarative * Disable gopher server * Disable likely-music.sterni.lv for now * Don't give systemd too much leeway with scheduling git syncs Change-Id: Ie8507d96f2df76ad8e393b2181ed7378c37829d0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10480 Autosubmit: sterni <sternenseemann@systemli.org> Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
Diffstat (limited to 'users/sterni/machines/ingeborg/http/code.sterni.lv.nix')
-rw-r--r-- | users/sterni/machines/ingeborg/http/code.sterni.lv.nix | 261 |
1 files changed, 261 insertions, 0 deletions
diff --git a/users/sterni/machines/ingeborg/http/code.sterni.lv.nix b/users/sterni/machines/ingeborg/http/code.sterni.lv.nix new file mode 100644 index 000000000000..94d7915d7fe8 --- /dev/null +++ b/users/sterni/machines/ingeborg/http/code.sterni.lv.nix @@ -0,0 +1,261 @@ +{ depot, pkgs, lib, config, ... }: + +let + virtualHost = "code.sterni.lv"; + + repoSections = [ + { + section = "active"; + repos = { + spacecookie = { + description = "gopher server (and library for Haskell)"; + upstream = "https://github.com/sternenseemann/spacecookie.git"; + }; + "mirror/depot" = { + description = "monorepo for the virus lounge"; + upstream = "https://code.tvl.fyi/depot.git"; + cgit.defbranch = "canon"; + }; + "mirror/flipdot-gschichtler" = { + description = "message queue system for OpenLab's flipdot display"; + upstream = "https://github.com/openlab-aux/flipdot-gschichtler.git"; + }; + "mirror/nixpkgs" = { + description = "Nix packages collection"; + upstream = "https://github.com/nixos/nixpkgs.git"; + cgit.enable-commit-graph = "0"; # too slow + }; + "mirror/vuizvui" = { + description = "Nix(OS) expressions used by the OpenLab and its members"; + upstream = "https://github.com/openlab-aux/vuizvui.git"; + }; + }; + } + { + section = "poc"; + repos = { + emoji-generic = { + description = "generic emoji library for Haskell"; + upstream = "https://github.com/sternenseemann/emoji-generic.git"; + }; + grav2ty = { + description = "“realistic” 2d space game"; + upstream = "https://github.com/sternenseemann/grav2ty.git"; + }; + haskell-dot-time = { + description = "UTC-centric time library for haskell with dot time support"; + cgit.defbranch = "main"; + }; + buchstabensuppe = { + description = "toy font rendering for low pixelcount, high contrast displays"; + upstream = "https://github.com/sternenseemann/buchstabensuppe.git"; + cgit.defbranch = "main"; + }; + "mirror/saneterm" = { + description = "modern line-oriented terminal emulator without support for TUIs"; + upstream = "https://git.8pit.net/saneterm.git"; + }; + }; + } + { + # TODO(sterni): resisort, klammeraffe, cl-ca, ponify, tinyrl + section = "archive"; + repos = { + gopher-proxy = { + description = "Gopher over HTTP proxy"; + upstream = "https://github.com/sternenseemann/gopher-proxy.git"; + }; + likely-music = { + description = "experimental application for probabilistic music composition"; + upstream = "https://github.com/sternenseemann/likely-music.git"; + }; + logbook = { + description = "file format for keeping a personal log"; + upstream = "https://github.com/sternenseemann/logbook.git"; + }; + sternenblog = { + description = "file based cgi blog software"; + upstream = "https://github.com/sternenseemann/sternenblog.git"; + }; + }; + } + ]; + + repoPath = name: repo: repo.path or "/srv/git/${name}.git"; + + cgitRepoEntry = name: repo: + lib.concatStringsSep "\n" ( + [ + "repo.url=${name}" + "repo.path=${repoPath name repo}" + ] + ++ lib.optional (repo ? description) "repo.desc=${repo.description}" + ++ lib.mapAttrsToList (n: v: "repo.${n}=${v}") repo.cgit or { } + ); + + cgitHead = pkgs.writeText "cgit-head.html" '' + <style> + #summary { + max-width: 80em; + } + + #summary * { + max-width: 100%; + } + </style> + ''; + + cgitConfig = pkgs.writeText "cgitrc" '' + virtual-root=/ + + enable-http-clone=1 + clone-url=https://${virtualHost}/$CGIT_REPO_URL + + enable-blame=1 + enable-log-filecount=1 + enable-log-linecount=1 + enable-index-owner=0 + enable-blame=1 + enable-commit-graph=1 + + root-title=code.sterni.lv + css=/cgit.css + head-include=${cgitHead} + + mimetype-file=${pkgs.mime-types}/etc/mime.types + + about-filter=${depot.tools.cheddar.about-filter}/bin/cheddar-about + source-filter=${depot.tools.cheddar}/bin/cheddar + readme=:README.md + readme=:readme.md + + section-sort=0 + ${ + lib.concatMapStringsSep "\n" (section: + '' + section=${section.section} + + '' + + builtins.concatStringsSep "\n\n" (lib.mapAttrsToList cgitRepoEntry section.repos) + ) repoSections + } + ''; + + /* Merge a list of attrs, but fail when the same attribute occurs twice. + + Type: [ attrs ] -> attrs + */ + mergeManyDistinctAttrs = lib.foldAttrs + ( + val: nul: + if nul == null then val else throw "Every attribute name may occur only once" + ) + null; + + flatRepos = mergeManyDistinctAttrs + (builtins.map (section: section.repos) repoSections); + + reposToMirror = lib.filterAttrs (_: repo: repo ? upstream) flatRepos; + + # User and group name used for running the mirror scripts + mirroredReposOwner = "git"; + + # Make repo name suitable for systemd unit/timer + unitName = name: "mirror-${lib.strings.sanitizeDerivationName name}"; +in + +{ + imports = [ + ./nginx.nix + ./fcgiwrap.nix + ]; + + config = { + services.nginx.virtualHosts."${virtualHost}" = { + enableACME = true; + forceSSL = true; + root = "${pkgs.cgit-pink}/cgit/"; + extraConfig = '' + try_files $uri @cgit; + + location @cgit { + include ${pkgs.nginx}/conf/fastcgi_params; + fastcgi_param SCRIPT_FILENAME ${pkgs.cgit-pink}/cgit/cgit.cgi; + fastcgi_param PATH_INFO $uri; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; + fastcgi_param CGIT_CONFIG ${cgitConfig}; + fastcgi_pass unix:${toString config.services.fcgiwrap.socketAddress}; + } + ''; + }; + + users = { + users.${mirroredReposOwner} = { + group = mirroredReposOwner; + isSystemUser = true; + }; + + groups.${mirroredReposOwner} = { }; + }; + + + systemd.timers = lib.mapAttrs' + ( + name: repo: + { + name = unitName name; + value = { + description = "regularly update mirror git repository ${name}"; + wantedBy = [ "timers.target" ]; + enable = true; + timerConfig = { + # Fire every 6h and distribute the workload over next 6h randomly + OnCalendar = "*-*-* 00/6:00:00"; + RandomizedDelaySec = "6h"; + Persistent = true; + }; + }; + } + ) + reposToMirror; + + systemd.services = lib.mapAttrs' + ( + name: repo: + { + name = unitName name; + value = { + description = "mirror git repository ${name}"; + after = [ "network-online.target" ]; + script = + let + path = repoPath name repo; + in + '' + set -euo pipefail + + export PATH="${lib.makeBinPath [ pkgs.coreutils pkgs.git ]}" + + if test ! -d "${path}"; then + mkdir -p "$(dirname "${path}")" + git clone --mirror "${repo.upstream}" "${path}" + exit 0 + fi + + cd "${path}" + + git fetch "${repo.upstream}" '+refs/*:refs/*' --prune + ''; + + serviceConfig = { + Type = "oneshot"; + User = mirroredReposOwner; + Group = mirroredReposOwner; + }; + }; + } + ) + reposToMirror; + }; +} |