diff --git a/configuration/common/default.nix b/configuration/common/default.nix index ca956e3..efebb33 100644 --- a/configuration/common/default.nix +++ b/configuration/common/default.nix @@ -3,6 +3,8 @@ { imports = [ ../../modules + + ./web.nix ]; networking.domain = "net.clerie.de"; @@ -26,6 +28,8 @@ nix.settings = { trusted-users = [ "@wheel" "@guests" ]; auto-optimise-store = true; + # Keep buildtime dependencies + keep-outputs = true; }; environment.systemPackages = with pkgs; [ @@ -62,54 +66,13 @@ options = "--delete-older-than 30d"; }; - services.nginx = { - enableReload = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - - commonHttpConfig = '' - server_names_hash_bucket_size 64; - map $remote_addr $remote_addr_anon { - ~(?P\d+\.\d+\.\d+)\. $ip.0; - ~(?P[^:]*:[^:]*(:[^:]*)?): $ip::; - default ::; - } - log_format combined_anon '$remote_addr_anon - $remote_user [$time_local] ' - '"$request" $status $body_bytes_sent ' - '"$http_referer" "$http_user_agent"'; - log_format vcombined_anon '$host: $remote_addr_anon - $remote_user [$time_local] ' - '"$request" $status $body_bytes_sent ' - '"$http_referer" "$http_user_agent"'; - access_log /var/log/nginx/access.log vcombined_anon; - ''; - - virtualHosts = { - "default" = { - default = true; - rejectSSL = true; - locations."/" = { - return = ''200 "Some piece of infrastructure\n"''; - extraConfig = '' - types { } default_type "text/plain; charset=utf-8"; - ''; - }; - }; - }; - }; - services.logrotate.settings.nginx = { - frequency = "daily"; - maxage = 14; - }; - - security.acme = { - defaults.email = "letsencrypt@clerie.de"; - acceptTerms = true; - }; nix.settings = { - experimental-features = [ "nix-command" "flakes" ]; + experimental-features = [ + "flakes" + "nix-command" + "repl-flake" + ]; substituters = [ "https://nix-cache.clerie.de" ]; diff --git a/configuration/common/web.nix b/configuration/common/web.nix new file mode 100644 index 0000000..360d950 --- /dev/null +++ b/configuration/common/web.nix @@ -0,0 +1,50 @@ +{ ... }: + +{ + services.nginx = { + enableReload = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + commonHttpConfig = '' + server_names_hash_bucket_size 64; + map $remote_addr $remote_addr_anon { + ~(?P\d+\.\d+\.\d+)\. $ip.0; + ~(?P[^:]*:[^:]*(:[^:]*)?): $ip::; + default ::; + } + log_format combined_anon '$remote_addr_anon - $remote_user [$time_local] ' + '"$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent"'; + log_format vcombined_anon '$host: $remote_addr_anon - $remote_user [$time_local] ' + '"$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent"'; + access_log /var/log/nginx/access.log vcombined_anon; + ''; + + virtualHosts = { + "default" = { + default = true; + rejectSSL = true; + locations."/" = { + return = ''200 "Some piece of infrastructure\n"''; + extraConfig = '' + types { } default_type "text/plain; charset=utf-8"; + ''; + }; + }; + }; + }; + + services.logrotate.settings.nginx = { + frequency = "daily"; + maxage = 14; + }; + + security.acme = { + defaults.email = "letsencrypt@clerie.de"; + acceptTerms = true; + }; +} diff --git a/hosts/web-2/configuration.nix b/hosts/web-2/configuration.nix index ac3ee98..e6f0e44 100644 --- a/hosts/web-2/configuration.nix +++ b/hosts/web-2/configuration.nix @@ -16,6 +16,7 @@ ./legal.nix ./meow.nix ./milchinsel.nix + ./mitel-ommclient2.nix ./ping.nix ./prediger.nix ./public.nix diff --git a/hosts/web-2/mitel-ommclient2.nix b/hosts/web-2/mitel-ommclient2.nix new file mode 100644 index 0000000..000d4da --- /dev/null +++ b/hosts/web-2/mitel-ommclient2.nix @@ -0,0 +1,20 @@ +{ ... }: { + services.update-from-hydra.paths.mitel-ommclient2 = { + enable = true; + hydraUrl = "https://hydra.clerie.de"; + hydraProject = "clerie"; + hydraJobset = "mitel_ommclient2"; + hydraJob = "packages.x86_64-linux.mitel-ommclient2"; + buildOutput = "doc"; + nixStoreUri = "https://nix-cache.clerie.de"; + resultPath = "/srv/mitel-ommclient2"; + }; + + services.nginx.virtualHosts = { + "mitel-ommclient2.clerie.de" = { + enableACME = true; + forceSSL = true; + root = "/srv/mitel-ommclient2/share/doc/mitel-ommclient2/html"; + }; + }; +} diff --git a/hosts/web-2/wetter.nix b/hosts/web-2/wetter.nix index 72e586e..bbbb582 100644 --- a/hosts/web-2/wetter.nix +++ b/hosts/web-2/wetter.nix @@ -64,27 +64,31 @@ in { ]; }; - systemd.services.wetter = { - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - RuntimeDirectory = "wetter"; - StateDirectory = "wetter"; - User = "wetter_web"; - Group = "wetter_web"; - }; - environment = { - WETTER_SETTINGS = "${configFile}"; - }; - script = "gunicorn -w 4 -b [::1]:8234 wetter:app"; - path = with pkgs; [ (python3.withPackages (ps: [ ps.gunicorn wetter ])) ]; - }; +# systemd.services.wetter = { +# wantedBy = [ "multi-user.target" ]; +# serviceConfig = { +# RuntimeDirectory = "wetter"; +# StateDirectory = "wetter"; +# User = "wetter_web"; +# Group = "wetter_web"; +# }; +# environment = { +# WETTER_SETTINGS = "${configFile}"; +# }; +# script = "gunicorn -w 4 -b [::1]:8234 wetter:app"; +# path = with pkgs; [ (python3.withPackages (ps: [ ps.gunicorn wetter ])) ]; +# }; services.nginx.virtualHosts = { "wetter.clerie.de" = { enableACME = true; forceSSL = true; locations."/" = { - proxyPass = "http://[::1]:8234"; + #proxyPass = "http://[::1]:8234"; + return = ''200 "wetter.clerie.de is currently offline, find source code on https://git.clerie.de/clerie/wetter\n"''; + extraConfig = '' + types { } default_type "text/plain; charset=utf-8"; + ''; }; }; }; diff --git a/modules/update-from-hydra/default.nix b/modules/update-from-hydra/default.nix index 93d8a16..6bd38b0 100644 --- a/modules/update-from-hydra/default.nix +++ b/modules/update-from-hydra/default.nix @@ -45,6 +45,14 @@ let ''; }; + buildOutput = mkOption { + type = with types; nullOr str; + default = null; + description = '' + Build output name + ''; + }; + nixStoreUri = mkOption { type = types.str; description = '' @@ -85,7 +93,7 @@ in { wantedBy = [ "multi-user.target" ]; script = '' - ${pkgs.update-from-hydra}/bin/update-from-hydra --hydra-url "${path.hydraUrl}" --hydra-project "${path.hydraProject}" --hydra-jobset "${path.hydraJobset}" --hydra-job "${path.hydraJob}" --nix-store-uri "${path.nixStoreUri}" --gcroot-name "${name}" "${path.resultPath}" + ${pkgs.update-from-hydra}/bin/update-from-hydra --hydra-url "${path.hydraUrl}" --hydra-project "${path.hydraProject}" --hydra-jobset "${path.hydraJobset}" --hydra-job "${path.hydraJob}" ${optionalString (path.buildOutput != null) "--build-output ${path.buildOutput}"} --nix-store-uri "${path.nixStoreUri}" --gcroot-name "${name}" "${path.resultPath}" ''; }) ) cfg.paths); diff --git a/pkgs/update-from-hydra/update-from-hydra.sh b/pkgs/update-from-hydra/update-from-hydra.sh index 8d0a9af..edbcde9 100644 --- a/pkgs/update-from-hydra/update-from-hydra.sh +++ b/pkgs/update-from-hydra/update-from-hydra.sh @@ -2,6 +2,8 @@ set -euo pipefail +BUILD_OUTPUT="out" + while [[ $# -gt 0 ]]; do case $1 in --hydra-url) @@ -29,6 +31,11 @@ while [[ $# -gt 0 ]]; do shift shift ;; + --build-output) + BUILD_OUTPUT="$2" + shift + shift + ;; --gcroot-name) GCROOT_NAME="$2" shift @@ -50,13 +57,13 @@ set -- "${ARGS[@]}" HYDRA_JOB_URL="${HYDRA_URL}/job/${HYDRA_PROJECT}/${HYDRA_JOBSET}/${HYDRA_JOB}/latest-finished" RESULT_PATH="$1" -echo "Updating ${RESULT_PATH} from ${HYDRA_PROJECT}:${HYDRA_JOBSET}:${HYDRA_JOB}" +echo "Updating ${RESULT_PATH} from ${HYDRA_PROJECT}:${HYDRA_JOBSET}:${HYDRA_JOB} output ${BUILD_OUTPUT}" echo "Make sure symlink directory exist" mkdir -p "$(dirname "${RESULT_PATH}")" echo "Fetching job output" -STORE_PATH="$(curl -s -L -H "Accept: application/json" "${HYDRA_JOB_URL}" | jq -r .buildoutputs.out.path)" +STORE_PATH="$(curl -s -L -H "Accept: application/json" "${HYDRA_JOB_URL}" | jq -r ".buildoutputs.${BUILD_OUTPUT}.path")" echo "Copying path" nix copy --from "${NIX_STORE_URI}" "${STORE_PATH}"