chore(sterni/machines): move http services from edwin to ingeborg r/7291

* Make sterni.lv declarative * Disable gopher server * Disable likely-music.sterni.lv for now * Don't give systemd too much leeway with scheduling git syncs Change-Id: Ie8507d96f2df76ad8e393b2181ed7378c37829d0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10480 Autosubmit: sterni <sternenseemann@systemli.org> Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
author: sterni <sternenseemann@systemli.org> 2023-12-30T23·19+0100
committer: clbot <clbot@tvl.fyi> 2023-12-31T14·30+0000
commit: 06db871bd75a714a61434dd4b13bc87e1319ba92 (patch)
tree: a8e63e990dd7fd5a7d7b7d843eb53cff8e0441b2 /users/sterni/machines
parent: 12f9b95a2c75a757a36c4147eb011d096e8f48be (diff)
10 files changed, 46 insertions, 22 deletions
diff --git a/users/sterni/machines/edwin/default.nix b/users/sterni/machines/edwin/default.nix
index 00b2851e4eeb..68f20787a9bf 100644
--- a/users/sterni/machines/edwin/default.nix
+++ b/users/sterni/machines/edwin/default.nix
@@ -11,11 +11,6 @@
     ./network.nix
     # These modules configure services, websites etc.
     (depot.path.origSrc + "/ops/modules/btrfs-auto-scrub.nix")
-    ./gopher.nix
-    ./http/sterni.lv.nix
-    ./http/code.sterni.lv.nix
-    ./http/flipdot.openlab-augsburg.de.nix
-    ./http/likely-music.sterni.lv.nix
   ];
 
   config = {
diff --git a/users/sterni/machines/edwin/http/sterni.lv.nix b/users/sterni/machines/edwin/http/sterni.lv.nix
deleted file mode 100644
index 44306c75bf64..000000000000
--- a/users/sterni/machines/edwin/http/sterni.lv.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-{ ... }:
-
-{
-  imports = [
-    ./nginx.nix
-  ];
-
-  config = {
-    services.nginx.virtualHosts."sterni.lv" = {
-      enableACME = true;
-      forceSSL = true;
-      # TODO(sterni): take website from store, replace /tmp with a simple LRU thing
-      root = toString /srv/http;
-    };
-  };
-}
diff --git a/users/sterni/machines/ingeborg/default.nix b/users/sterni/machines/ingeborg/default.nix
index 206d3fcf53a7..51b5fd41179d 100644
--- a/users/sterni/machines/ingeborg/default.nix
+++ b/users/sterni/machines/ingeborg/default.nix
@@ -13,6 +13,16 @@
     (depot.path.origSrc + "/ops/modules/btrfs-auto-scrub.nix")
     ./monitoring.nix
     ./minecraft.nix
+    ./http/sterni.lv.nix
+    ./http/code.sterni.lv.nix
+    ./http/flipdot.openlab-augsburg.de.nix
+
+    # Inactive:
+    # ./http/likely-music.sterni.lv.nix
+    # ./gopher.nix
+
+    # TODO(sterni): fail2ban
+    # TODO(sterni): automatic backups for full recovery
   ];
 
   config = {
diff --git a/users/sterni/machines/edwin/gopher.nix b/users/sterni/machines/ingeborg/gopher.nix
index 57275e13a55a..57275e13a55a 100644
--- a/users/sterni/machines/edwin/gopher.nix
+++ b/users/sterni/machines/ingeborg/gopher.nix
diff --git a/users/sterni/machines/edwin/http/code.sterni.lv.nix b/users/sterni/machines/ingeborg/http/code.sterni.lv.nix
index 79af1f27d040..94d7915d7fe8 100644
--- a/users/sterni/machines/edwin/http/code.sterni.lv.nix
+++ b/users/sterni/machines/ingeborg/http/code.sterni.lv.nix
@@ -212,7 +212,6 @@ in
               timerConfig = {
                 # Fire every 6h and distribute the workload over next 6h randomly
                 OnCalendar = "*-*-* 00/6:00:00";
-                AccuracySec = "6h";
                 RandomizedDelaySec = "6h";
                 Persistent = true;
               };
diff --git a/users/sterni/machines/edwin/http/fcgiwrap.nix b/users/sterni/machines/ingeborg/http/fcgiwrap.nix
index 19696d85d413..19696d85d413 100644
--- a/users/sterni/machines/edwin/http/fcgiwrap.nix
+++ b/users/sterni/machines/ingeborg/http/fcgiwrap.nix
diff --git a/users/sterni/machines/edwin/http/flipdot.openlab-augsburg.de.nix b/users/sterni/machines/ingeborg/http/flipdot.openlab-augsburg.de.nix
index c86956a0a473..c86956a0a473 100644
--- a/users/sterni/machines/edwin/http/flipdot.openlab-augsburg.de.nix
+++ b/users/sterni/machines/ingeborg/http/flipdot.openlab-augsburg.de.nix
diff --git a/users/sterni/machines/edwin/http/likely-music.sterni.lv.nix b/users/sterni/machines/ingeborg/http/likely-music.sterni.lv.nix
index 8da03ac5e6ec..8da03ac5e6ec 100644
--- a/users/sterni/machines/edwin/http/likely-music.sterni.lv.nix
+++ b/users/sterni/machines/ingeborg/http/likely-music.sterni.lv.nix
diff --git a/users/sterni/machines/edwin/http/nginx.nix b/users/sterni/machines/ingeborg/http/nginx.nix
index 7c99cdd150e0..d551b8391d18 100644
--- a/users/sterni/machines/edwin/http/nginx.nix
+++ b/users/sterni/machines/ingeborg/http/nginx.nix
@@ -24,5 +24,7 @@
         charset utf-8;
       '';
     };
+
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
   };
 }
diff --git a/users/sterni/machines/ingeborg/http/sterni.lv.nix b/users/sterni/machines/ingeborg/http/sterni.lv.nix
new file mode 100644
index 000000000000..50c1bac293e2
--- /dev/null
+++ b/users/sterni/machines/ingeborg/http/sterni.lv.nix
@@ -0,0 +1,34 @@
+{ pkgs, depot, ... }:
+
+let
+  inherit (depot.users.sterni.nix.html)
+    __findFile
+    withDoctype
+    ;
+in
+
+{
+  imports = [
+    ./nginx.nix
+  ];
+
+  config = {
+    services.nginx.virtualHosts."sterni.lv" = {
+      enableACME = true;
+      forceSSL = true;
+      root = pkgs.writeTextFile {
+        name = "sterni.lv-http-root";
+        destination = "/index.html";
+        text = withDoctype (<html> { } [
+          (<head> { } [
+            (<meta> { charset = "utf-8"; } null)
+            (<title> { } "no thoughts")
+          ])
+          (<body> { } "🦩")
+        ]);
+      };
+      # TODO(sterni): tmp.sterni.lv
+      locations."/tmp/".root = toString /srv/http;
+    };
+  };
+}
author	sterni <sternenseemann@systemli.org>	2023-12-30T23·19+0100
committer	clbot <clbot@tvl.fyi>	2023-12-31T14·30+0000
commit	06db871bd75a714a61434dd4b13bc87e1319ba92 (patch)
tree	a8e63e990dd7fd5a7d7b7d843eb53cff8e0441b2 /users/sterni/machines
parent	12f9b95a2c75a757a36c4147eb011d096e8f48be (diff)