From ac6717fe3c5cf5ab6b495092e8dd4565a4242eac Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Fri, 18 Feb 2022 14:32:25 +0300 Subject: fix(ops/modules/www): Make self-redirect to config a generic module As suggested by sterni, this makes the self-redirect of a machine to its configuration a generic module working by convention. In the process of moving this two small fixes have been applied: * redirect is only applied if the URI is `/`, this is required for ACME to work * addSSL = true is added, otherwise we have a certificate but no TLS listener Change-Id: Icaef041ff681253a61e36926417bdb2844e3f93d Reviewed-on: https://cl.tvl.fyi/c/depot/+/5313 Autosubmit: tazjin Reviewed-by: sterni Tested-by: BuildkiteCI --- ops/machines/sanduny/default.nix | 2 +- ops/machines/whitby/default.nix | 2 +- ops/modules/www/sanduny.tvl.su.nix | 16 ---------------- ops/modules/www/self-redirect.nix | 27 +++++++++++++++++++++++++++ ops/modules/www/whitby.tvl.fyi.nix | 17 ----------------- 5 files changed, 29 insertions(+), 35 deletions(-) delete mode 100644 ops/modules/www/sanduny.tvl.su.nix create mode 100644 ops/modules/www/self-redirect.nix delete mode 100644 ops/modules/www/whitby.tvl.fyi.nix (limited to 'ops') diff --git a/ops/machines/sanduny/default.nix b/ops/machines/sanduny/default.nix index a2928815fb15..109e6e693d96 100644 --- a/ops/machines/sanduny/default.nix +++ b/ops/machines/sanduny/default.nix @@ -17,7 +17,7 @@ in (mod "journaldriver.nix") (mod "known-hosts.nix") (mod "tvl-users.nix") - (mod "www/sanduny.tvl.su.nix") + (mod "www/self-redirect.nix") ]; networking = { diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix index 9f1a0a1914f9..8ea5931f57d6 100644 --- a/ops/machines/whitby/default.nix +++ b/ops/machines/whitby/default.nix @@ -37,13 +37,13 @@ in "${depot.path}/ops/modules/www/deploys.tvl.fyi.nix" "${depot.path}/ops/modules/www/images.tvl.fyi.nix" "${depot.path}/ops/modules/www/nixery.dev.nix" + "${depot.path}/ops/modules/www/self-redirect.nix" "${depot.path}/ops/modules/www/static.tvl.fyi.nix" "${depot.path}/ops/modules/www/status.tvl.su.nix" "${depot.path}/ops/modules/www/tazj.in.nix" "${depot.path}/ops/modules/www/todo.tvl.fyi.nix" "${depot.path}/ops/modules/www/tvl.fyi.nix" "${depot.path}/ops/modules/www/tvl.su.nix" - "${depot.path}/ops/modules/www/whitby.tvl.fyi.nix" "${depot.path}/ops/modules/www/wigglydonke.rs.nix" "${depot.third_party.agenix.src}/modules/age.nix" "${pkgs.path}/nixos/modules/services/web-apps/gerrit.nix" diff --git a/ops/modules/www/sanduny.tvl.su.nix b/ops/modules/www/sanduny.tvl.su.nix deleted file mode 100644 index 1a60d06fa062..000000000000 --- a/ops/modules/www/sanduny.tvl.su.nix +++ /dev/null @@ -1,16 +0,0 @@ -# Redirect sanduny.tvl.su to the machine configuration. - -{ - imports = [ - ./base.nix - ]; - - config.services.nginx.virtualHosts."sanduny.tvl.su" = { - serverName = "sanduny.tvl.su"; - enableACME = true; - - extraConfig = '' - return 302 https://at.tvl.fyi/?q=%2F%2Fops%2Fmachines%2Fsanduny; - ''; - }; -} diff --git a/ops/modules/www/self-redirect.nix b/ops/modules/www/self-redirect.nix new file mode 100644 index 000000000000..5bf1627be99a --- /dev/null +++ b/ops/modules/www/self-redirect.nix @@ -0,0 +1,27 @@ +# Redirect the hostname of a machine to its configuration in a web +# browser. +# +# Works by convention, assuming that the machine has its configuration +# at //ops/machines/${hostname}. +{ config, ... }: + +let + host = "${config.networking.hostName}.${config.networking.domain}"; +in +{ + imports = [ + ./base.nix + ]; + + config.services.nginx.virtualHosts."${host}" = { + serverName = host; + addSSL = true; # SSL is not forced on these redirects + enableACME = true; + + extraConfig = '' + location = / { + return 302 https://at.tvl.fyi/?q=%2F%2Fops%2Fmachines%2F${config.networking.hostName}; + } + ''; + }; +} diff --git a/ops/modules/www/whitby.tvl.fyi.nix b/ops/modules/www/whitby.tvl.fyi.nix deleted file mode 100644 index bcd7a76ec4e8..000000000000 --- a/ops/modules/www/whitby.tvl.fyi.nix +++ /dev/null @@ -1,17 +0,0 @@ -# Redirect whitby.tvl.fyi to the machine configuration. - -{ - imports = [ - ./base.nix - ]; - - config.services.nginx.virtualHosts."whitby.tvl.fyi" = { - serverName = "whitby.tvl.fyi"; - serverAliases = [ "whitby.tvl.su" ]; - enableACME = true; - - extraConfig = '' - return 302 https://at.tvl.fyi/?q=%2F%2Fops%2Fmachines%2Fwhitby; - ''; - }; -} -- cgit 1.4.1