From ac6717fe3c5cf5ab6b495092e8dd4565a4242eac Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Fri, 18 Feb 2022 14:32:25 +0300
Subject: fix(ops/modules/www): Make self-redirect to config a generic module

As suggested by sterni, this makes the self-redirect of a machine to
its configuration a generic module working by convention.

In the process of moving this two small fixes have been applied:

* redirect is only applied if the URI is `/`, this is required for
  ACME to work
* addSSL = true is added, otherwise we have a certificate but no TLS
  listener

Change-Id: Icaef041ff681253a61e36926417bdb2844e3f93d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5313
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
---
 ops/machines/sanduny/default.nix   |  2 +-
 ops/machines/whitby/default.nix    |  2 +-
 ops/modules/www/sanduny.tvl.su.nix | 16 ----------------
 ops/modules/www/self-redirect.nix  | 27 +++++++++++++++++++++++++++
 ops/modules/www/whitby.tvl.fyi.nix | 17 -----------------
 5 files changed, 29 insertions(+), 35 deletions(-)
 delete mode 100644 ops/modules/www/sanduny.tvl.su.nix
 create mode 100644 ops/modules/www/self-redirect.nix
 delete mode 100644 ops/modules/www/whitby.tvl.fyi.nix

(limited to 'ops')

diff --git a/ops/machines/sanduny/default.nix b/ops/machines/sanduny/default.nix
index a2928815fb..109e6e693d 100644
--- a/ops/machines/sanduny/default.nix
+++ b/ops/machines/sanduny/default.nix
@@ -17,7 +17,7 @@ in
     (mod "journaldriver.nix")
     (mod "known-hosts.nix")
     (mod "tvl-users.nix")
-    (mod "www/sanduny.tvl.su.nix")
+    (mod "www/self-redirect.nix")
   ];
 
   networking = {
diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix
index 9f1a0a1914..8ea5931f57 100644
--- a/ops/machines/whitby/default.nix
+++ b/ops/machines/whitby/default.nix
@@ -37,13 +37,13 @@ in
     "${depot.path}/ops/modules/www/deploys.tvl.fyi.nix"
     "${depot.path}/ops/modules/www/images.tvl.fyi.nix"
     "${depot.path}/ops/modules/www/nixery.dev.nix"
+    "${depot.path}/ops/modules/www/self-redirect.nix"
     "${depot.path}/ops/modules/www/static.tvl.fyi.nix"
     "${depot.path}/ops/modules/www/status.tvl.su.nix"
     "${depot.path}/ops/modules/www/tazj.in.nix"
     "${depot.path}/ops/modules/www/todo.tvl.fyi.nix"
     "${depot.path}/ops/modules/www/tvl.fyi.nix"
     "${depot.path}/ops/modules/www/tvl.su.nix"
-    "${depot.path}/ops/modules/www/whitby.tvl.fyi.nix"
     "${depot.path}/ops/modules/www/wigglydonke.rs.nix"
     "${depot.third_party.agenix.src}/modules/age.nix"
     "${pkgs.path}/nixos/modules/services/web-apps/gerrit.nix"
diff --git a/ops/modules/www/sanduny.tvl.su.nix b/ops/modules/www/sanduny.tvl.su.nix
deleted file mode 100644
index 1a60d06fa0..0000000000
--- a/ops/modules/www/sanduny.tvl.su.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-# Redirect sanduny.tvl.su to the machine configuration.
-
-{
-  imports = [
-    ./base.nix
-  ];
-
-  config.services.nginx.virtualHosts."sanduny.tvl.su" = {
-    serverName = "sanduny.tvl.su";
-    enableACME = true;
-
-    extraConfig = ''
-      return 302 https://at.tvl.fyi/?q=%2F%2Fops%2Fmachines%2Fsanduny;
-    '';
-  };
-}
diff --git a/ops/modules/www/self-redirect.nix b/ops/modules/www/self-redirect.nix
new file mode 100644
index 0000000000..5bf1627be9
--- /dev/null
+++ b/ops/modules/www/self-redirect.nix
@@ -0,0 +1,27 @@
+# Redirect the hostname of a machine to its configuration in a web
+# browser.
+#
+# Works by convention, assuming that the machine has its configuration
+# at //ops/machines/${hostname}.
+{ config, ... }:
+
+let
+  host = "${config.networking.hostName}.${config.networking.domain}";
+in
+{
+  imports = [
+    ./base.nix
+  ];
+
+  config.services.nginx.virtualHosts."${host}" = {
+    serverName = host;
+    addSSL = true; # SSL is not forced on these redirects
+    enableACME = true;
+
+    extraConfig = ''
+      location = / {
+        return 302 https://at.tvl.fyi/?q=%2F%2Fops%2Fmachines%2F${config.networking.hostName};
+      }
+    '';
+  };
+}
diff --git a/ops/modules/www/whitby.tvl.fyi.nix b/ops/modules/www/whitby.tvl.fyi.nix
deleted file mode 100644
index bcd7a76ec4..0000000000
--- a/ops/modules/www/whitby.tvl.fyi.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-# Redirect whitby.tvl.fyi to the machine configuration.
-
-{
-  imports = [
-    ./base.nix
-  ];
-
-  config.services.nginx.virtualHosts."whitby.tvl.fyi" = {
-    serverName = "whitby.tvl.fyi";
-    serverAliases = [ "whitby.tvl.su" ];
-    enableACME = true;
-
-    extraConfig = ''
-      return 302 https://at.tvl.fyi/?q=%2F%2Fops%2Fmachines%2Fwhitby;
-    '';
-  };
-}
-- 
cgit 1.4.1