diff options
Diffstat (limited to 'users/sterni/machines/edwin/http')
-rw-r--r-- | users/sterni/machines/edwin/http/code.sterni.lv.nix | 120 | ||||
-rw-r--r-- | users/sterni/machines/edwin/http/fcgiwrap.nix | 15 | ||||
-rw-r--r-- | users/sterni/machines/edwin/http/flipdot.openlab-augsburg.de.nix | 36 | ||||
-rw-r--r-- | users/sterni/machines/edwin/http/likely-music.sterni.lv.nix | 23 | ||||
-rw-r--r-- | users/sterni/machines/edwin/http/nginx.nix | 28 | ||||
-rw-r--r-- | users/sterni/machines/edwin/http/sterni.lv.nix | 16 |
6 files changed, 238 insertions, 0 deletions
diff --git a/users/sterni/machines/edwin/http/code.sterni.lv.nix b/users/sterni/machines/edwin/http/code.sterni.lv.nix new file mode 100644 index 000000000000..6c7e73cbc24e --- /dev/null +++ b/users/sterni/machines/edwin/http/code.sterni.lv.nix @@ -0,0 +1,120 @@ +{ depot, pkgs, lib, config, ... }: + +# TODO(sterni): automatically sync repositories with upstream if needed +let + virtualHost = "code.sterni.lv"; + + repos = { + spacecookie = { + description = "gopher server (and library for Haskell)"; + }; + gopher-proxy = { + description = "Gopher over HTTP proxy"; + }; + emoji-generic = { + description = "generic emoji library for Haskell (wip)"; + }; + grav2ty = { + description = "“realistic” 2d space game"; + }; + likely-music = { + description = "experimental application for probabilistic music composition"; + }; + logbook = { + description = "file format for keeping a personal log"; + }; + sternenblog = { + description = "file based cgi blog software"; + }; + haskell-dot-time = { + description = "UTC-centric time library for haskell with dot time support"; + defaultBranch = "main"; + }; + buchstabensuppe = { + description = "toy font rendering for low pixelcount, high contrast displays"; + defaultBranch = "main"; + }; + }; + + cgitRepoEntry = name: repo: + let + repoName = repos.name or name; + path = repo.path or "${repoName}.git"; + in + lib.concatStringsSep "\n" ( + [ + "repo.url=${repoName}" + "repo.path=/srv/git/${path}" + ] + ++ lib.optional (repo ? description) "repo.desc=${repo.description}" + ++ lib.optional (repo ? defaultBranch) "repo.defbranch=${repo.defaultBranch}" + ); + + cgitHead = pkgs.writeText "cgit-head.html" '' + <style> + #summary { + max-width: 80em; + } + + #summary * { + max-width: 100%; + } + </style> + ''; + + cgitConfig = pkgs.writeText "cgitrc" '' + virtual-root=/ + + enable-http-clone=1 + clone-url=https://${virtualHost}/$CGIT_REPO_URL + + enable-blame=1 + enable-log-filecount=1 + enable-log-linecount=1 + enable-index-owner=0 + enable-blame=1 + enable-commit-graph=1 + + root-title=code + root-desc=sterni's git repositories + css=/cgit.css + head-include=${cgitHead} + + mimetype-file=${pkgs.mime-types}/etc/mime.types + + about-filter=${depot.tools.cheddar.about-filter}/bin/cheddar-about + source-filter=${depot.tools.cheddar}/bin/cheddar + readme=:README.md + readme=:readme.md + + ${builtins.concatStringsSep "\n\n" (lib.mapAttrsToList cgitRepoEntry repos)} + ''; +in + +{ + imports = [ + ./nginx.nix + ./fcgiwrap.nix + ]; + + config = { + services.nginx.virtualHosts."${virtualHost}" = { + enableACME = true; + forceSSL = true; + root = "${pkgs.cgit-pink}/cgit/"; + extraConfig = '' + try_files $uri @cgit; + + location @cgit { + include ${pkgs.nginx}/conf/fastcgi_params; + fastcgi_param SCRIPT_FILENAME ${pkgs.cgit-pink}/cgit/cgit.cgi; + fastcgi_param PATH_INFO $uri; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; + fastcgi_param CGIT_CONFIG ${cgitConfig}; + fastcgi_pass unix:${toString config.services.fcgiwrap.socketAddress}; + } + ''; + }; + }; +} diff --git a/users/sterni/machines/edwin/http/fcgiwrap.nix b/users/sterni/machines/edwin/http/fcgiwrap.nix new file mode 100644 index 000000000000..19696d85d413 --- /dev/null +++ b/users/sterni/machines/edwin/http/fcgiwrap.nix @@ -0,0 +1,15 @@ +{ ... }: + +{ + imports = [ + ./nginx.nix + ]; + + config.services.fcgiwrap = { + enable = true; + socketType = "unix"; + socketAddress = "/run/fcgiwrap.sock"; + user = "http"; + group = "http"; + }; +} diff --git a/users/sterni/machines/edwin/http/flipdot.openlab-augsburg.de.nix b/users/sterni/machines/edwin/http/flipdot.openlab-augsburg.de.nix new file mode 100644 index 000000000000..c86956a0a473 --- /dev/null +++ b/users/sterni/machines/edwin/http/flipdot.openlab-augsburg.de.nix @@ -0,0 +1,36 @@ +{ depot, lib, config, ... }: + +let + inherit (depot.users.sterni.external.flipdot-gschichtler) + bahnhofshalle + warteraum + nixosModule + ; +in + +{ + imports = [ + nixosModule + ./nginx.nix + ]; + + config = { + age.secrets = lib.genAttrs [ + "warteraum-salt" + "warteraum-tokens" + ] + (name: { + file = depot.users.sterni.secrets."${name}.age"; + }); + + services.flipdot-gschichtler = { + enable = true; + virtualHost = "flipdot.openlab-augsburg.de"; + packages = { + inherit bahnhofshalle warteraum; + }; + saltFile = config.age.secretsDir + "/warteraum-salt"; + tokensFile = config.age.secretsDir + "/warteraum-tokens"; + }; + }; +} diff --git a/users/sterni/machines/edwin/http/likely-music.sterni.lv.nix b/users/sterni/machines/edwin/http/likely-music.sterni.lv.nix new file mode 100644 index 000000000000..8da03ac5e6ec --- /dev/null +++ b/users/sterni/machines/edwin/http/likely-music.sterni.lv.nix @@ -0,0 +1,23 @@ +{ depot, ... }: + +let + inherit (depot.users.sterni.external.likely-music) + nixosModule + likely-music + ; +in + +{ + imports = [ + ./nginx.nix + nixosModule + ]; + + config = { + services.likely-music = { + enable = true; + virtualHost = "likely-music.sterni.lv"; + package = likely-music; + }; + }; +} diff --git a/users/sterni/machines/edwin/http/nginx.nix b/users/sterni/machines/edwin/http/nginx.nix new file mode 100644 index 000000000000..7c99cdd150e0 --- /dev/null +++ b/users/sterni/machines/edwin/http/nginx.nix @@ -0,0 +1,28 @@ +{ ... }: + +{ + config = { + users = { + users.http = { + isSystemUser = true; + group = "http"; + }; + + groups.http = { }; + }; + + services.nginx = { + enable = true; + recommendedTlsSettings = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + + user = "http"; + group = "http"; + + appendHttpConfig = '' + charset utf-8; + ''; + }; + }; +} diff --git a/users/sterni/machines/edwin/http/sterni.lv.nix b/users/sterni/machines/edwin/http/sterni.lv.nix new file mode 100644 index 000000000000..44306c75bf64 --- /dev/null +++ b/users/sterni/machines/edwin/http/sterni.lv.nix @@ -0,0 +1,16 @@ +{ ... }: + +{ + imports = [ + ./nginx.nix + ]; + + config = { + services.nginx.virtualHosts."sterni.lv" = { + enableACME = true; + forceSSL = true; + # TODO(sterni): take website from store, replace /tmp with a simple LRU thing + root = toString /srv/http; + }; + }; +} |