diff options
Diffstat (limited to 'ops/modules/www')
-rw-r--r-- | ops/modules/www/auth.tvl.fyi.nix | 6 | ||||
-rw-r--r-- | ops/modules/www/cl.tvl.fyi.nix | 4 | ||||
-rw-r--r-- | ops/modules/www/code.tvl.fyi.nix | 47 | ||||
-rw-r--r-- | ops/modules/www/grep.tvl.fyi.nix | 19 | ||||
-rw-r--r-- | ops/modules/www/images.tvl.fyi.nix | 22 | ||||
-rw-r--r-- | ops/modules/www/inbox.tvl.su.nix | 31 | ||||
-rw-r--r-- | ops/modules/www/signup.tvl.fyi.nix | 19 | ||||
-rw-r--r-- | ops/modules/www/status.tvl.su.nix | 2 | ||||
-rw-r--r-- | ops/modules/www/tazj.in.nix | 14 | ||||
-rw-r--r-- | ops/modules/www/tvix.dev.nix | 46 | ||||
-rw-r--r-- | ops/modules/www/volgasprint.org.nix | 15 | ||||
-rw-r--r-- | ops/modules/www/wigglydonke.rs.nix | 2 |
12 files changed, 195 insertions, 32 deletions
diff --git a/ops/modules/www/auth.tvl.fyi.nix b/ops/modules/www/auth.tvl.fyi.nix index e0c031bf70..a068f02365 100644 --- a/ops/modules/www/auth.tvl.fyi.nix +++ b/ops/modules/www/auth.tvl.fyi.nix @@ -12,8 +12,12 @@ forceSSL = true; extraConfig = '' + # increase buffer size for large headers + proxy_buffers 8 16k; + proxy_buffer_size 16k; + location / { - proxy_pass http://localhost:${config.services.keycloak.httpPort}; + proxy_pass http://localhost:${toString config.services.keycloak.settings.http-port}; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto https; proxy_set_header Host $host; diff --git a/ops/modules/www/cl.tvl.fyi.nix b/ops/modules/www/cl.tvl.fyi.nix index 470122c395..36422a6c4e 100644 --- a/ops/modules/www/cl.tvl.fyi.nix +++ b/ops/modules/www/cl.tvl.fyi.nix @@ -24,6 +24,10 @@ # The :443 suffix is a workaround for https://b.tvl.fyi/issues/88. proxy_set_header Host $host:443; } + + location = /robots.txt { + return 200 'User-agent: *\nAllow: /'; + } ''; }; }; diff --git a/ops/modules/www/code.tvl.fyi.nix b/ops/modules/www/code.tvl.fyi.nix index 3f34a9422c..ee0211990d 100644 --- a/ops/modules/www/code.tvl.fyi.nix +++ b/ops/modules/www/code.tvl.fyi.nix @@ -1,4 +1,4 @@ -{ depot, config, ... }: +{ depot, pkgs, config, ... }: { imports = [ @@ -13,16 +13,49 @@ forceSSL = true; extraConfig = '' - # Serve the rendered Tvix component SVG. - # - # TODO(tazjin): Implement a way of serving this dynamically - location = /about/tvix/docs/component-flow.svg { - alias ${depot.tvix.docs.svg}/component-flow.svg; + location = /go-get/tvix/build-go { + alias ${pkgs.writeText "go-import-metadata.html" ''<html><meta name="go-import" content="code.tvl.fyi/tvix/build-go git https://code.tvl.fyi/depot.git:/tvix/build-go.git"></html>''}; + } + + location = /go-get/tvix/castore-go { + alias ${pkgs.writeText "go-import-metadata.html" ''<html><meta name="go-import" content="code.tvl.fyi/tvix/castore-go git https://code.tvl.fyi/depot.git:/tvix/castore-go.git"></html>''}; + } + + location = /go-get/tvix/store-go { + alias ${pkgs.writeText "go-import-metadata.html" ''<html><meta name="go-import" content="code.tvl.fyi/tvix/store-go git https://code.tvl.fyi/depot.git:/tvix/store-go.git"></html>''}; + } + + location = /go-get/tvix/nar-bridge { + alias ${pkgs.writeText "go-import-metadata.html" ''<html><meta name="go-import" content="code.tvl.fyi/tvix/nar-bridge git https://code.tvl.fyi/depot.git:/tvix/nar-bridge.git"></html>''}; + } + + location = /tvix/build-go { + if ($args ~* "/?go-get=1") { + return 302 /go-get/tvix/build-go; + } + } + + location = /tvix/castore-go { + if ($args ~* "/?go-get=1") { + return 302 /go-get/tvix/castore-go; + } + } + + location = /tvix/store-go { + if ($args ~* "/?go-get=1") { + return 302 /go-get/tvix/store-go; + } + } + + location = /tvix/nar-bridge { + if ($args ~* "/?go-get=1") { + return 302 /go-get/tvix/nar-bridge; + } } # Git operations on depot.git hit josh location /depot.git { - proxy_pass http://localhost:${toString config.services.depot.josh.port}; + proxy_pass http://127.0.0.1:${toString config.services.depot.josh.port}; } # Git clone operations on '/' should be redirected to josh now. diff --git a/ops/modules/www/grep.tvl.fyi.nix b/ops/modules/www/grep.tvl.fyi.nix new file mode 100644 index 0000000000..93ef5eabd2 --- /dev/null +++ b/ops/modules/www/grep.tvl.fyi.nix @@ -0,0 +1,19 @@ +# Experimental configuration for manually Livegrep. +{ config, ... }: + +{ + imports = [ + ./base.nix + ]; + + config = { + services.nginx.virtualHosts."grep.tvl.fyi" = { + enableACME = true; + forceSSL = true; + + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.depot.livegrep.port}"; + }; + }; + }; +} diff --git a/ops/modules/www/images.tvl.fyi.nix b/ops/modules/www/images.tvl.fyi.nix deleted file mode 100644 index 7d027b2991..0000000000 --- a/ops/modules/www/images.tvl.fyi.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, ... }: - -{ - imports = [ - ./base.nix - ]; - - config = { - services.nginx.virtualHosts."images.tvl.fyi" = { - serverName = "images.tvl.fyi"; - serverAliases = [ "images.tvl.su" ]; - enableACME = true; - forceSSL = true; - - extraConfig = '' - location / { - proxy_pass http://localhost:${toString config.services.depot.nixery.port}; - } - ''; - }; - }; -} diff --git a/ops/modules/www/inbox.tvl.su.nix b/ops/modules/www/inbox.tvl.su.nix new file mode 100644 index 0000000000..38db5d2a8e --- /dev/null +++ b/ops/modules/www/inbox.tvl.su.nix @@ -0,0 +1,31 @@ +{ config, depot, ... }: + +{ + imports = [ + ./base.nix + ]; + + config = { + services.nginx.virtualHosts."inbox.tvl.su" = { + enableACME = true; + forceSSL = true; + + extraConfig = '' + # nginx is incapable of serving a single file at /, hence this hack: + location = / { + index /landing-page; + } + + location = /landing-page { + types { } default_type "text/html; charset=utf-8"; + alias ${depot.web.inbox}; + } + + # rest of requests is proxied to public-inbox-httpd + location / { + proxy_pass http://localhost:${toString config.services.public-inbox.http.port}; + } + ''; + }; + }; +} diff --git a/ops/modules/www/signup.tvl.fyi.nix b/ops/modules/www/signup.tvl.fyi.nix new file mode 100644 index 0000000000..1b193f99a9 --- /dev/null +++ b/ops/modules/www/signup.tvl.fyi.nix @@ -0,0 +1,19 @@ +{ depot, ... }: + +{ + imports = [ + ./base.nix + ]; + + config = { + services.nginx.virtualHosts."signup.tvl.fyi" = { + root = depot.web.pwcrypt; + enableACME = true; + forceSSL = true; + + extraConfig = '' + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + ''; + }; + }; +} diff --git a/ops/modules/www/status.tvl.su.nix b/ops/modules/www/status.tvl.su.nix index 2bb6093c14..7079c60260 100644 --- a/ops/modules/www/status.tvl.su.nix +++ b/ops/modules/www/status.tvl.su.nix @@ -18,7 +18,7 @@ forceSSL = true; locations."/" = { - proxyPass = "http://localhost:${toString config.services.grafana.port}"; + proxyPass = "http://localhost:${toString config.services.grafana.settings.server.http_port}"; }; }; }; diff --git a/ops/modules/www/tazj.in.nix b/ops/modules/www/tazj.in.nix index 7d658a5ec4..47eefca2a6 100644 --- a/ops/modules/www/tazj.in.nix +++ b/ops/modules/www/tazj.in.nix @@ -11,8 +11,13 @@ enableACME = true; forceSSL = true; root = depot.users.tazjin.homepage; + serverAliases = [ "www.tazj.in" ]; extraConfig = '' + location = /en/rss.xml { + return 301 https://tazj.in/feed.atom; + } + ${depot.users.tazjin.blog.oldRedirects} location /blog/ { alias ${depot.users.tazjin.blog.rendered}/; @@ -24,6 +29,15 @@ try_files $uri $uri.html $uri/ =404; } + location = /predlozhnik { + return 302 https://predlozhnik.ru; + } + + # redirect for easier entry on a TV + location = /tv { + return 302 https://tazj.in/blobs/play.html; + } + # Temporary place for serving static files. location /blobs/ { alias /var/lib/tazjins-blobs/; diff --git a/ops/modules/www/tvix.dev.nix b/ops/modules/www/tvix.dev.nix new file mode 100644 index 0000000000..f884bc30ed --- /dev/null +++ b/ops/modules/www/tvix.dev.nix @@ -0,0 +1,46 @@ +{ depot, ... }: + +{ + imports = [ + ./base.nix + ]; + + config = { + services.nginx.virtualHosts."tvix.dev" = { + serverName = "tvix.dev"; + enableACME = true; + forceSSL = true; + root = depot.tvix.website; + }; + + services.nginx.virtualHosts."bolt.tvix.dev" = { + root = depot.web.tvixbolt; + enableACME = true; + forceSSL = true; + }; + + # old domain, serve redirect + services.nginx.virtualHosts."tvixbolt.tvl.su" = { + enableACME = true; + forceSSL = true; + extraConfig = "return 301 https://bolt.tvix.dev$request_uri;"; + }; + + services.nginx.virtualHosts."docs.tvix.dev" = { + serverName = "docs.tvix.dev"; + enableACME = true; + forceSSL = true; + + extraConfig = '' + location = / { + # until we have a better default page here + return 301 https://docs.tvix.dev/rust/tvix_eval/index.html; + } + + location /rust/ { + alias ${depot.tvix.rust-docs}/; + } + ''; + }; + }; +} diff --git a/ops/modules/www/volgasprint.org.nix b/ops/modules/www/volgasprint.org.nix new file mode 100644 index 0000000000..7e5abe5561 --- /dev/null +++ b/ops/modules/www/volgasprint.org.nix @@ -0,0 +1,15 @@ +{ depot, ... }: + +{ + imports = [ + ./base.nix + ]; + + config = { + services.nginx.virtualHosts."volgasprint.org" = { + enableACME = true; + forceSSL = true; + root = "${depot.web.volgasprint}"; + }; + }; +} diff --git a/ops/modules/www/wigglydonke.rs.nix b/ops/modules/www/wigglydonke.rs.nix index 3d85e4eb98..6440164325 100644 --- a/ops/modules/www/wigglydonke.rs.nix +++ b/ops/modules/www/wigglydonke.rs.nix @@ -9,7 +9,7 @@ services.nginx.virtualHosts."wigglydonke.rs" = { enableACME = true; forceSSL = true; - root = "${depot.path + "/users/grfn/wigglydonke.rs"}"; + root = "${depot.path + "/users/aspen/wigglydonke.rs"}"; }; }; } |