From 2490ce968c73181d383b297c2e473605d8ac96c3 Mon Sep 17 00:00:00 2001 From: sterni Date: Mon, 6 Jun 2022 12:37:11 +0200 Subject: feat(sterni/machines): add edwin This adds edwin, the machine running sterni.lv, as well as my idiosyncratic deployment solution. It is based on instantiating the system configuration locally (where you'd work on the configuration), copying the derivation files to the remote machine where the system derivation is realised and deployed. Unfortunately, the first step tends to be quite slow (despite gzip compression), so this may not be the definite way despite its advantages. Change-Id: I30f597692338df3981e01a1b7eee9cdad48f94cb Reviewed-on: https://cl.tvl.fyi/c/depot/+/7293 Reviewed-by: sterni Tested-by: BuildkiteCI --- .../sterni/machines/edwin/http/code.sterni.lv.nix | 120 +++++++++++++++++++++ users/sterni/machines/edwin/http/fcgiwrap.nix | 15 +++ .../edwin/http/flipdot.openlab-augsburg.de.nix | 36 +++++++ .../machines/edwin/http/likely-music.sterni.lv.nix | 23 ++++ users/sterni/machines/edwin/http/nginx.nix | 28 +++++ users/sterni/machines/edwin/http/sterni.lv.nix | 16 +++ 6 files changed, 238 insertions(+) create mode 100644 users/sterni/machines/edwin/http/code.sterni.lv.nix create mode 100644 users/sterni/machines/edwin/http/fcgiwrap.nix create mode 100644 users/sterni/machines/edwin/http/flipdot.openlab-augsburg.de.nix create mode 100644 users/sterni/machines/edwin/http/likely-music.sterni.lv.nix create mode 100644 users/sterni/machines/edwin/http/nginx.nix create mode 100644 users/sterni/machines/edwin/http/sterni.lv.nix (limited to 'users/sterni/machines/edwin/http') diff --git a/users/sterni/machines/edwin/http/code.sterni.lv.nix b/users/sterni/machines/edwin/http/code.sterni.lv.nix new file mode 100644 index 000000000000..6c7e73cbc24e --- /dev/null +++ b/users/sterni/machines/edwin/http/code.sterni.lv.nix @@ -0,0 +1,120 @@ +{ depot, pkgs, lib, config, ... }: + +# TODO(sterni): automatically sync repositories with upstream if needed +let + virtualHost = "code.sterni.lv"; + + repos = { + spacecookie = { + description = "gopher server (and library for Haskell)"; + }; + gopher-proxy = { + description = "Gopher over HTTP proxy"; + }; + emoji-generic = { + description = "generic emoji library for Haskell (wip)"; + }; + grav2ty = { + description = "“realistic” 2d space game"; + }; + likely-music = { + description = "experimental application for probabilistic music composition"; + }; + logbook = { + description = "file format for keeping a personal log"; + }; + sternenblog = { + description = "file based cgi blog software"; + }; + haskell-dot-time = { + description = "UTC-centric time library for haskell with dot time support"; + defaultBranch = "main"; + }; + buchstabensuppe = { + description = "toy font rendering for low pixelcount, high contrast displays"; + defaultBranch = "main"; + }; + }; + + cgitRepoEntry = name: repo: + let + repoName = repos.name or name; + path = repo.path or "${repoName}.git"; + in + lib.concatStringsSep "\n" ( + [ + "repo.url=${repoName}" + "repo.path=/srv/git/${path}" + ] + ++ lib.optional (repo ? description) "repo.desc=${repo.description}" + ++ lib.optional (repo ? defaultBranch) "repo.defbranch=${repo.defaultBranch}" + ); + + cgitHead = pkgs.writeText "cgit-head.html" '' + + ''; + + cgitConfig = pkgs.writeText "cgitrc" '' + virtual-root=/ + + enable-http-clone=1 + clone-url=https://${virtualHost}/$CGIT_REPO_URL + + enable-blame=1 + enable-log-filecount=1 + enable-log-linecount=1 + enable-index-owner=0 + enable-blame=1 + enable-commit-graph=1 + + root-title=code + root-desc=sterni's git repositories + css=/cgit.css + head-include=${cgitHead} + + mimetype-file=${pkgs.mime-types}/etc/mime.types + + about-filter=${depot.tools.cheddar.about-filter}/bin/cheddar-about + source-filter=${depot.tools.cheddar}/bin/cheddar + readme=:README.md + readme=:readme.md + + ${builtins.concatStringsSep "\n\n" (lib.mapAttrsToList cgitRepoEntry repos)} + ''; +in + +{ + imports = [ + ./nginx.nix + ./fcgiwrap.nix + ]; + + config = { + services.nginx.virtualHosts."${virtualHost}" = { + enableACME = true; + forceSSL = true; + root = "${pkgs.cgit-pink}/cgit/"; + extraConfig = '' + try_files $uri @cgit; + + location @cgit { + include ${pkgs.nginx}/conf/fastcgi_params; + fastcgi_param SCRIPT_FILENAME ${pkgs.cgit-pink}/cgit/cgit.cgi; + fastcgi_param PATH_INFO $uri; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; + fastcgi_param CGIT_CONFIG ${cgitConfig}; + fastcgi_pass unix:${toString config.services.fcgiwrap.socketAddress}; + } + ''; + }; + }; +} diff --git a/users/sterni/machines/edwin/http/fcgiwrap.nix b/users/sterni/machines/edwin/http/fcgiwrap.nix new file mode 100644 index 000000000000..19696d85d413 --- /dev/null +++ b/users/sterni/machines/edwin/http/fcgiwrap.nix @@ -0,0 +1,15 @@ +{ ... }: + +{ + imports = [ + ./nginx.nix + ]; + + config.services.fcgiwrap = { + enable = true; + socketType = "unix"; + socketAddress = "/run/fcgiwrap.sock"; + user = "http"; + group = "http"; + }; +} diff --git a/users/sterni/machines/edwin/http/flipdot.openlab-augsburg.de.nix b/users/sterni/machines/edwin/http/flipdot.openlab-augsburg.de.nix new file mode 100644 index 000000000000..c86956a0a473 --- /dev/null +++ b/users/sterni/machines/edwin/http/flipdot.openlab-augsburg.de.nix @@ -0,0 +1,36 @@ +{ depot, lib, config, ... }: + +let + inherit (depot.users.sterni.external.flipdot-gschichtler) + bahnhofshalle + warteraum + nixosModule + ; +in + +{ + imports = [ + nixosModule + ./nginx.nix + ]; + + config = { + age.secrets = lib.genAttrs [ + "warteraum-salt" + "warteraum-tokens" + ] + (name: { + file = depot.users.sterni.secrets."${name}.age"; + }); + + services.flipdot-gschichtler = { + enable = true; + virtualHost = "flipdot.openlab-augsburg.de"; + packages = { + inherit bahnhofshalle warteraum; + }; + saltFile = config.age.secretsDir + "/warteraum-salt"; + tokensFile = config.age.secretsDir + "/warteraum-tokens"; + }; + }; +} diff --git a/users/sterni/machines/edwin/http/likely-music.sterni.lv.nix b/users/sterni/machines/edwin/http/likely-music.sterni.lv.nix new file mode 100644 index 000000000000..8da03ac5e6ec --- /dev/null +++ b/users/sterni/machines/edwin/http/likely-music.sterni.lv.nix @@ -0,0 +1,23 @@ +{ depot, ... }: + +let + inherit (depot.users.sterni.external.likely-music) + nixosModule + likely-music + ; +in + +{ + imports = [ + ./nginx.nix + nixosModule + ]; + + config = { + services.likely-music = { + enable = true; + virtualHost = "likely-music.sterni.lv"; + package = likely-music; + }; + }; +} diff --git a/users/sterni/machines/edwin/http/nginx.nix b/users/sterni/machines/edwin/http/nginx.nix new file mode 100644 index 000000000000..7c99cdd150e0 --- /dev/null +++ b/users/sterni/machines/edwin/http/nginx.nix @@ -0,0 +1,28 @@ +{ ... }: + +{ + config = { + users = { + users.http = { + isSystemUser = true; + group = "http"; + }; + + groups.http = { }; + }; + + services.nginx = { + enable = true; + recommendedTlsSettings = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + + user = "http"; + group = "http"; + + appendHttpConfig = '' + charset utf-8; + ''; + }; + }; +} diff --git a/users/sterni/machines/edwin/http/sterni.lv.nix b/users/sterni/machines/edwin/http/sterni.lv.nix new file mode 100644 index 000000000000..44306c75bf64 --- /dev/null +++ b/users/sterni/machines/edwin/http/sterni.lv.nix @@ -0,0 +1,16 @@ +{ ... }: + +{ + imports = [ + ./nginx.nix + ]; + + config = { + services.nginx.virtualHosts."sterni.lv" = { + enableACME = true; + forceSSL = true; + # TODO(sterni): take website from store, replace /tmp with a simple LRU thing + root = toString /srv/http; + }; + }; +} -- cgit 1.4.1