From 90281c4eac4cd25045ed80c5f8f27c74898a02b3 Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Sun, 11 Apr 2021 22:50:30 +0200 Subject: refactor(ops): Split //ops/nixos into different locations Splits //ops/nixos into: * //ops/nixos.nix - utility functions for building systems * //ops/machines - shared machine definitions (read by readTree) * //ops/modules - shared NixOS modules (skipped by readTree) This simplifies working with the configuration fixpoint in whitby, and is overall a bit more in line with how NixOS systems in user folders currently work. Change-Id: I1322ec5cc76c0207c099c05d44828a3df0b3ffc1 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2931 Tested-by: BuildkiteCI Reviewed-by: sterni Reviewed-by: glittershark --- ops/nixos/www/b.tvl.fyi.nix | 32 -------------------------------- ops/nixos/www/base.nix | 36 ------------------------------------ ops/nixos/www/cache.tvl.su.nix | 26 -------------------------- ops/nixos/www/cl.tvl.fyi.nix | 30 ------------------------------ ops/nixos/www/code.tvl.fyi.nix | 35 ----------------------------------- ops/nixos/www/cs.tvl.fyi.nix | 31 ------------------------------- ops/nixos/www/login.tvl.fyi.nix | 24 ------------------------ ops/nixos/www/tazj.in.nix | 40 ---------------------------------------- ops/nixos/www/todo.tvl.fyi.nix | 25 ------------------------- ops/nixos/www/tvl.fyi.nix | 30 ------------------------------ ops/nixos/www/wigglydonke.rs.nix | 15 --------------- 11 files changed, 324 deletions(-) delete mode 100644 ops/nixos/www/b.tvl.fyi.nix delete mode 100644 ops/nixos/www/base.nix delete mode 100644 ops/nixos/www/cache.tvl.su.nix delete mode 100644 ops/nixos/www/cl.tvl.fyi.nix delete mode 100644 ops/nixos/www/code.tvl.fyi.nix delete mode 100644 ops/nixos/www/cs.tvl.fyi.nix delete mode 100644 ops/nixos/www/login.tvl.fyi.nix delete mode 100644 ops/nixos/www/tazj.in.nix delete mode 100644 ops/nixos/www/todo.tvl.fyi.nix delete mode 100644 ops/nixos/www/tvl.fyi.nix delete mode 100644 ops/nixos/www/wigglydonke.rs.nix (limited to 'ops/nixos/www') diff --git a/ops/nixos/www/b.tvl.fyi.nix b/ops/nixos/www/b.tvl.fyi.nix deleted file mode 100644 index 45f6c6ed5141..000000000000 --- a/ops/nixos/www/b.tvl.fyi.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ config, ... }: - -{ - imports = [ - ./base.nix - ]; - - config = { - services.nginx.virtualHosts."b-shortlink" = { - serverName = "b"; - extraConfig = "return 302 https://b.tvl.fyi$request_uri;"; - }; - - services.nginx.virtualHosts."b.tvl.fyi" = { - serverName = "b.tvl.fyi"; - serverAliases = [ "b.tvl.su" ]; - enableACME = true; - forceSSL = true; - - extraConfig = '' - # Forward short links to issues to the issue itself (b/32) - location ~ ^/(\d+)$ { - return 302 https://b.tvl.fyi/issues$request_uri; - } - - location / { - proxy_pass http://localhost:${toString config.services.depot.panettone.port}; - } - ''; - }; - }; -} diff --git a/ops/nixos/www/base.nix b/ops/nixos/www/base.nix deleted file mode 100644 index 4b956cd95ef1..000000000000 --- a/ops/nixos/www/base.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ config, pkgs, ... }: - -{ - config = { - services.nginx = { - enable = true; - enableReload = true; - - recommendedTlsSettings = true; - recommendedGzipSettings = true; - recommendedProxySettings = true; - }; - - # NixOS 20.03 broke nginx and I can't be bothered to debug it - # anymore, all solution attempts have failed, so here's a - # brute-force fix. - # - # TODO(tazjin): Find a link to the upstream issue and see if - # they've sorted it after ~20.09 - systemd.services.fix-nginx = { - script = "${pkgs.coreutils}/bin/chown -f -R nginx: /var/spool/nginx /var/cache/nginx"; - - serviceConfig = { - User = "root"; - Type = "oneshot"; - }; - }; - - systemd.timers.fix-nginx = { - wantedBy = [ "multi-user.target" ]; - timerConfig = { - OnCalendar = "minutely"; - }; - }; - }; -} diff --git a/ops/nixos/www/cache.tvl.su.nix b/ops/nixos/www/cache.tvl.su.nix deleted file mode 100644 index 182306bebff1..000000000000 --- a/ops/nixos/www/cache.tvl.su.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ config, ... }: - -{ - imports = [ - ./base.nix - ]; - - config = { - services.nginx.virtualHosts."cache.tvl.su" = { - serverName = "cache.tvl.su"; - serverAliases = [ "cache.tvl.fyi" ]; - enableACME = true; - forceSSL = true; - - extraConfig = '' - location = /cache-key.pub { - alias /etc/secrets/nix-cache-key.pub; - } - - location / { - proxy_pass http://localhost:${toString config.services.nix-serve.port}; - } - ''; - }; - }; -} diff --git a/ops/nixos/www/cl.tvl.fyi.nix b/ops/nixos/www/cl.tvl.fyi.nix deleted file mode 100644 index 470122c395ea..000000000000 --- a/ops/nixos/www/cl.tvl.fyi.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ config, ... }: - -{ - imports = [ - ./base.nix - ]; - - config = { - services.nginx.virtualHosts."cl-shortlink" = { - serverName = "cl"; - extraConfig = "return 302 https://cl.tvl.fyi$request_uri;"; - }; - - services.nginx.virtualHosts.gerrit = { - serverName = "cl.tvl.fyi"; - serverAliases = [ "cl.tvl.su" ]; - enableACME = true; - forceSSL = true; - - extraConfig = '' - location / { - proxy_pass http://localhost:4778; - proxy_set_header X-Forwarded-For $remote_addr; - # The :443 suffix is a workaround for https://b.tvl.fyi/issues/88. - proxy_set_header Host $host:443; - } - ''; - }; - }; -} diff --git a/ops/nixos/www/code.tvl.fyi.nix b/ops/nixos/www/code.tvl.fyi.nix deleted file mode 100644 index c8a4b27b1b52..000000000000 --- a/ops/nixos/www/code.tvl.fyi.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ depot, ... }: - -{ - imports = [ - ./base.nix - ]; - - config = { - services.nginx.virtualHosts.cgit = { - serverName = "code.tvl.fyi"; - serverAliases = [ "code.tvl.su" ]; - enableACME = true; - forceSSL = true; - - extraConfig = '' - # Serve the rendered Tvix component SVG. - # - # TODO(tazjin): Implement a way of serving this dynamically - location = /about/tvix/docs/component-flow.svg { - alias ${depot.tvix.docs.svg}/component-flow.svg; - } - - # Static assets must always hit the root. - location ~ ^/(favicon\.ico|cgit\.(css|png))$ { - proxy_pass http://localhost:2448; - } - - # Everything else hits the depot directly. - location / { - proxy_pass http://localhost:2448/cgit.cgi/depot/; - } - ''; - }; - }; -} diff --git a/ops/nixos/www/cs.tvl.fyi.nix b/ops/nixos/www/cs.tvl.fyi.nix deleted file mode 100644 index fac814baf064..000000000000 --- a/ops/nixos/www/cs.tvl.fyi.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ config, ... }: - -{ - imports = [ - ./base.nix - ]; - - config = { - services.nginx.virtualHosts."cs.tvl.fyi" = { - serverName = "cs.tvl.fyi"; - serverAliases = [ "cs.tvl.su" ]; - enableACME = true; - forceSSL = true; - - extraConfig = '' - location = / { - return 301 https://cs.tvl.fyi/depot; - } - - location / { - proxy_set_header X-Sg-Auth "Anonymous"; - proxy_pass http://localhost:${toString config.services.depot.sourcegraph.port}; - } - - location /users/Anonymous/settings { - return 301 https://cs.tvl.fyi; - } - ''; - }; - }; -} diff --git a/ops/nixos/www/login.tvl.fyi.nix b/ops/nixos/www/login.tvl.fyi.nix deleted file mode 100644 index 05b7cee25338..000000000000 --- a/ops/nixos/www/login.tvl.fyi.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ ... }: - -{ - imports = [ - ./base.nix - ]; - - config = { - services.nginx.virtualHosts."login.tvl.fyi" = { - serverName = "login.tvl.fyi"; - enableACME = true; - forceSSL = true; - - extraConfig = '' - location / { - proxy_pass http://localhost:8443; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header Host $host; - } - ''; - }; - }; -} diff --git a/ops/nixos/www/tazj.in.nix b/ops/nixos/www/tazj.in.nix deleted file mode 100644 index 7d658a5ec4c1..000000000000 --- a/ops/nixos/www/tazj.in.nix +++ /dev/null @@ -1,40 +0,0 @@ -# serve tazjin's website & blog -{ depot, config, lib, pkgs, ... }: - -{ - imports = [ - ./base.nix - ]; - - config = { - services.nginx.virtualHosts."tazj.in" = { - enableACME = true; - forceSSL = true; - root = depot.users.tazjin.homepage; - - extraConfig = '' - ${depot.users.tazjin.blog.oldRedirects} - location /blog/ { - alias ${depot.users.tazjin.blog.rendered}/; - - if ($request_uri ~ ^/(.*)\.html$) { - return 302 /$1; - } - - try_files $uri $uri.html $uri/ =404; - } - - # Temporary place for serving static files. - location /blobs/ { - alias /var/lib/tazjins-blobs/; - } - ''; - }; - - services.nginx.virtualHosts."git.tazj.in" = { - enableACME = true; - forceSSL = true; - extraConfig = "return 301 https://code.tvl.fyi$request_uri;"; - }; - }; -} diff --git a/ops/nixos/www/todo.tvl.fyi.nix b/ops/nixos/www/todo.tvl.fyi.nix deleted file mode 100644 index b53f5437e7ab..000000000000 --- a/ops/nixos/www/todo.tvl.fyi.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ depot, ... }: - -{ - imports = [ - ./base.nix - ]; - - config = { - services.nginx.virtualHosts."todo.tvl.fyi" = { - serverName = "todo.tvl.fyi"; - serverAliases = [ "todo.tvl.su" ]; - root = depot.web.todolist; - enableACME = true; - forceSSL = true; - - extraConfig = '' - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; - - location ~* \.(webp|woff2)$ { - add_header Cache-Control "public, max-age=31536000"; - } - ''; - }; - }; -} diff --git a/ops/nixos/www/tvl.fyi.nix b/ops/nixos/www/tvl.fyi.nix deleted file mode 100644 index 45fd35803de7..000000000000 --- a/ops/nixos/www/tvl.fyi.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ depot, ... }: - -{ - imports = [ - ./base.nix - ]; - - config = { - services.nginx.virtualHosts."tvl.fyi" = { - serverName = "tvl.fyi"; - root = depot.web.tvl; - enableACME = true; - forceSSL = true; - - extraConfig = '' - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; - - rewrite ^/builds/?$ https://buildkite.com/tvl/depot/ last; - - rewrite ^/monorepo-doc/?$ https://docs.google.com/document/d/1nnyByXcH0F6GOmEezNOUa2RFelpeRpDToBLYD_CtjWE/edit?usp=sharing last; - - rewrite ^/irc/?$ ircs://chat.freenode.net:6697/##tvl last; - - location ~* \.(webp|woff2)$ { - add_header Cache-Control "public, max-age=31536000"; - } - ''; - }; - }; -} diff --git a/ops/nixos/www/wigglydonke.rs.nix b/ops/nixos/www/wigglydonke.rs.nix deleted file mode 100644 index 0bc67898c633..000000000000 --- a/ops/nixos/www/wigglydonke.rs.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ depot, lib, pkgs, ... }: - -{ - imports = [ - ./base.nix - ]; - - config = { - services.nginx.virtualHosts."wigglydonke.rs" = { - enableACME = true; - forceSSL = true; - root = "${depot.depotPath}/users/glittershark/wigglydonke.rs"; - }; - }; -} -- cgit 1.4.1