about summary refs log tree commit diff
path: root/users/sterni/machines/edwin/http
diff options
context:
space:
mode:
Diffstat (limited to 'users/sterni/machines/edwin/http')
-rw-r--r--users/sterni/machines/edwin/http/code.sterni.lv.nix120
-rw-r--r--users/sterni/machines/edwin/http/fcgiwrap.nix15
-rw-r--r--users/sterni/machines/edwin/http/flipdot.openlab-augsburg.de.nix36
-rw-r--r--users/sterni/machines/edwin/http/likely-music.sterni.lv.nix23
-rw-r--r--users/sterni/machines/edwin/http/nginx.nix28
-rw-r--r--users/sterni/machines/edwin/http/sterni.lv.nix16
6 files changed, 238 insertions, 0 deletions
diff --git a/users/sterni/machines/edwin/http/code.sterni.lv.nix b/users/sterni/machines/edwin/http/code.sterni.lv.nix
new file mode 100644
index 000000000000..6c7e73cbc24e
--- /dev/null
+++ b/users/sterni/machines/edwin/http/code.sterni.lv.nix
@@ -0,0 +1,120 @@
+{ depot, pkgs, lib, config, ... }:
+
+# TODO(sterni): automatically sync repositories with upstream if needed
+let
+  virtualHost = "code.sterni.lv";
+
+  repos = {
+    spacecookie = {
+      description = "gopher server (and library for Haskell)";
+    };
+    gopher-proxy = {
+      description = "Gopher over HTTP proxy";
+    };
+    emoji-generic = {
+      description = "generic emoji library for Haskell (wip)";
+    };
+    grav2ty = {
+      description = "“realistic” 2d space game";
+    };
+    likely-music = {
+      description = "experimental application for probabilistic music composition";
+    };
+    logbook = {
+      description = "file format for keeping a personal log";
+    };
+    sternenblog = {
+      description = "file based cgi blog software";
+    };
+    haskell-dot-time = {
+      description = "UTC-centric time library for haskell with dot time support";
+      defaultBranch = "main";
+    };
+    buchstabensuppe = {
+      description = "toy font rendering for low pixelcount, high contrast displays";
+      defaultBranch = "main";
+    };
+  };
+
+  cgitRepoEntry = name: repo:
+    let
+      repoName = repos.name or name;
+      path = repo.path or "${repoName}.git";
+    in
+    lib.concatStringsSep "\n" (
+      [
+        "repo.url=${repoName}"
+        "repo.path=/srv/git/${path}"
+      ]
+      ++ lib.optional (repo ? description) "repo.desc=${repo.description}"
+      ++ lib.optional (repo ? defaultBranch) "repo.defbranch=${repo.defaultBranch}"
+    );
+
+  cgitHead = pkgs.writeText "cgit-head.html" ''
+    <style>
+    #summary {
+      max-width: 80em;
+    }
+
+    #summary * {
+      max-width: 100%;
+    }
+    </style>
+  '';
+
+  cgitConfig = pkgs.writeText "cgitrc" ''
+    virtual-root=/
+
+    enable-http-clone=1
+    clone-url=https://${virtualHost}/$CGIT_REPO_URL
+
+    enable-blame=1
+    enable-log-filecount=1
+    enable-log-linecount=1
+    enable-index-owner=0
+    enable-blame=1
+    enable-commit-graph=1
+
+    root-title=code
+    root-desc=sterni's git repositories
+    css=/cgit.css
+    head-include=${cgitHead}
+
+    mimetype-file=${pkgs.mime-types}/etc/mime.types
+
+    about-filter=${depot.tools.cheddar.about-filter}/bin/cheddar-about
+    source-filter=${depot.tools.cheddar}/bin/cheddar
+    readme=:README.md
+    readme=:readme.md
+
+    ${builtins.concatStringsSep "\n\n" (lib.mapAttrsToList cgitRepoEntry repos)}
+  '';
+in
+
+{
+  imports = [
+    ./nginx.nix
+    ./fcgiwrap.nix
+  ];
+
+  config = {
+    services.nginx.virtualHosts."${virtualHost}" = {
+      enableACME = true;
+      forceSSL = true;
+      root = "${pkgs.cgit-pink}/cgit/";
+      extraConfig = ''
+        try_files $uri @cgit;
+
+        location @cgit {
+          include ${pkgs.nginx}/conf/fastcgi_params;
+          fastcgi_param    SCRIPT_FILENAME ${pkgs.cgit-pink}/cgit/cgit.cgi;
+          fastcgi_param    PATH_INFO       $uri;
+          fastcgi_param    QUERY_STRING    $args;
+          fastcgi_param    HTTP_HOST       $server_name;
+          fastcgi_param    CGIT_CONFIG     ${cgitConfig};
+          fastcgi_pass     unix:${toString config.services.fcgiwrap.socketAddress};
+        }
+      '';
+    };
+  };
+}
diff --git a/users/sterni/machines/edwin/http/fcgiwrap.nix b/users/sterni/machines/edwin/http/fcgiwrap.nix
new file mode 100644
index 000000000000..19696d85d413
--- /dev/null
+++ b/users/sterni/machines/edwin/http/fcgiwrap.nix
@@ -0,0 +1,15 @@
+{ ... }:
+
+{
+  imports = [
+    ./nginx.nix
+  ];
+
+  config.services.fcgiwrap = {
+    enable = true;
+    socketType = "unix";
+    socketAddress = "/run/fcgiwrap.sock";
+    user = "http";
+    group = "http";
+  };
+}
diff --git a/users/sterni/machines/edwin/http/flipdot.openlab-augsburg.de.nix b/users/sterni/machines/edwin/http/flipdot.openlab-augsburg.de.nix
new file mode 100644
index 000000000000..c86956a0a473
--- /dev/null
+++ b/users/sterni/machines/edwin/http/flipdot.openlab-augsburg.de.nix
@@ -0,0 +1,36 @@
+{ depot, lib, config, ... }:
+
+let
+  inherit (depot.users.sterni.external.flipdot-gschichtler)
+    bahnhofshalle
+    warteraum
+    nixosModule
+    ;
+in
+
+{
+  imports = [
+    nixosModule
+    ./nginx.nix
+  ];
+
+  config = {
+    age.secrets = lib.genAttrs [
+      "warteraum-salt"
+      "warteraum-tokens"
+    ]
+      (name: {
+        file = depot.users.sterni.secrets."${name}.age";
+      });
+
+    services.flipdot-gschichtler = {
+      enable = true;
+      virtualHost = "flipdot.openlab-augsburg.de";
+      packages = {
+        inherit bahnhofshalle warteraum;
+      };
+      saltFile = config.age.secretsDir + "/warteraum-salt";
+      tokensFile = config.age.secretsDir + "/warteraum-tokens";
+    };
+  };
+}
diff --git a/users/sterni/machines/edwin/http/likely-music.sterni.lv.nix b/users/sterni/machines/edwin/http/likely-music.sterni.lv.nix
new file mode 100644
index 000000000000..8da03ac5e6ec
--- /dev/null
+++ b/users/sterni/machines/edwin/http/likely-music.sterni.lv.nix
@@ -0,0 +1,23 @@
+{ depot, ... }:
+
+let
+  inherit (depot.users.sterni.external.likely-music)
+    nixosModule
+    likely-music
+    ;
+in
+
+{
+  imports = [
+    ./nginx.nix
+    nixosModule
+  ];
+
+  config = {
+    services.likely-music = {
+      enable = true;
+      virtualHost = "likely-music.sterni.lv";
+      package = likely-music;
+    };
+  };
+}
diff --git a/users/sterni/machines/edwin/http/nginx.nix b/users/sterni/machines/edwin/http/nginx.nix
new file mode 100644
index 000000000000..7c99cdd150e0
--- /dev/null
+++ b/users/sterni/machines/edwin/http/nginx.nix
@@ -0,0 +1,28 @@
+{ ... }:
+
+{
+  config = {
+    users = {
+      users.http = {
+        isSystemUser = true;
+        group = "http";
+      };
+
+      groups.http = { };
+    };
+
+    services.nginx = {
+      enable = true;
+      recommendedTlsSettings = true;
+      recommendedGzipSettings = true;
+      recommendedProxySettings = true;
+
+      user = "http";
+      group = "http";
+
+      appendHttpConfig = ''
+        charset utf-8;
+      '';
+    };
+  };
+}
diff --git a/users/sterni/machines/edwin/http/sterni.lv.nix b/users/sterni/machines/edwin/http/sterni.lv.nix
new file mode 100644
index 000000000000..44306c75bf64
--- /dev/null
+++ b/users/sterni/machines/edwin/http/sterni.lv.nix
@@ -0,0 +1,16 @@
+{ ... }:
+
+{
+  imports = [
+    ./nginx.nix
+  ];
+
+  config = {
+    services.nginx.virtualHosts."sterni.lv" = {
+      enableACME = true;
+      forceSSL = true;
+      # TODO(sterni): take website from store, replace /tmp with a simple LRU thing
+      root = toString /srv/http;
+    };
+  };
+}