Compare commits
No commits in common. "7f6985e5c9f7c38ad9884aee0f5dd913d831c39d" and "ec00e3a8b5ed4f6e184e06254679fe4e2e0dc7fb" have entirely different histories.
7f6985e5c9
...
ec00e3a8b5
@ -3,8 +3,6 @@
|
|||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
../../modules
|
../../modules
|
||||||
|
|
||||||
./web.nix
|
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.domain = "net.clerie.de";
|
networking.domain = "net.clerie.de";
|
||||||
@ -28,8 +26,6 @@
|
|||||||
nix.settings = {
|
nix.settings = {
|
||||||
trusted-users = [ "@wheel" "@guests" ];
|
trusted-users = [ "@wheel" "@guests" ];
|
||||||
auto-optimise-store = true;
|
auto-optimise-store = true;
|
||||||
# Keep buildtime dependencies
|
|
||||||
keep-outputs = true;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
@ -66,13 +62,54 @@
|
|||||||
options = "--delete-older-than 30d";
|
options = "--delete-older-than 30d";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.nginx = {
|
||||||
|
enableReload = true;
|
||||||
|
recommendedGzipSettings = true;
|
||||||
|
recommendedOptimisation = true;
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
recommendedTlsSettings = true;
|
||||||
|
|
||||||
|
commonHttpConfig = ''
|
||||||
|
server_names_hash_bucket_size 64;
|
||||||
|
map $remote_addr $remote_addr_anon {
|
||||||
|
~(?P<ip>\d+\.\d+\.\d+)\. $ip.0;
|
||||||
|
~(?P<ip>[^:]*:[^:]*(:[^:]*)?): $ip::;
|
||||||
|
default ::;
|
||||||
|
}
|
||||||
|
log_format combined_anon '$remote_addr_anon - $remote_user [$time_local] '
|
||||||
|
'"$request" $status $body_bytes_sent '
|
||||||
|
'"$http_referer" "$http_user_agent"';
|
||||||
|
log_format vcombined_anon '$host: $remote_addr_anon - $remote_user [$time_local] '
|
||||||
|
'"$request" $status $body_bytes_sent '
|
||||||
|
'"$http_referer" "$http_user_agent"';
|
||||||
|
access_log /var/log/nginx/access.log vcombined_anon;
|
||||||
|
'';
|
||||||
|
|
||||||
|
virtualHosts = {
|
||||||
|
"default" = {
|
||||||
|
default = true;
|
||||||
|
rejectSSL = true;
|
||||||
|
locations."/" = {
|
||||||
|
return = ''200 "Some piece of infrastructure\n"'';
|
||||||
|
extraConfig = ''
|
||||||
|
types { } default_type "text/plain; charset=utf-8";
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
services.logrotate.settings.nginx = {
|
||||||
|
frequency = "daily";
|
||||||
|
maxage = 14;
|
||||||
|
};
|
||||||
|
|
||||||
|
security.acme = {
|
||||||
|
defaults.email = "letsencrypt@clerie.de";
|
||||||
|
acceptTerms = true;
|
||||||
|
};
|
||||||
|
|
||||||
nix.settings = {
|
nix.settings = {
|
||||||
experimental-features = [
|
experimental-features = [ "nix-command" "flakes" ];
|
||||||
"flakes"
|
|
||||||
"nix-command"
|
|
||||||
"repl-flake"
|
|
||||||
];
|
|
||||||
substituters = [
|
substituters = [
|
||||||
"https://nix-cache.clerie.de"
|
"https://nix-cache.clerie.de"
|
||||||
];
|
];
|
||||||
|
@ -1,50 +0,0 @@
|
|||||||
{ ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
services.nginx = {
|
|
||||||
enableReload = true;
|
|
||||||
recommendedGzipSettings = true;
|
|
||||||
recommendedOptimisation = true;
|
|
||||||
recommendedProxySettings = true;
|
|
||||||
recommendedTlsSettings = true;
|
|
||||||
|
|
||||||
commonHttpConfig = ''
|
|
||||||
server_names_hash_bucket_size 64;
|
|
||||||
map $remote_addr $remote_addr_anon {
|
|
||||||
~(?P<ip>\d+\.\d+\.\d+)\. $ip.0;
|
|
||||||
~(?P<ip>[^:]*:[^:]*(:[^:]*)?): $ip::;
|
|
||||||
default ::;
|
|
||||||
}
|
|
||||||
log_format combined_anon '$remote_addr_anon - $remote_user [$time_local] '
|
|
||||||
'"$request" $status $body_bytes_sent '
|
|
||||||
'"$http_referer" "$http_user_agent"';
|
|
||||||
log_format vcombined_anon '$host: $remote_addr_anon - $remote_user [$time_local] '
|
|
||||||
'"$request" $status $body_bytes_sent '
|
|
||||||
'"$http_referer" "$http_user_agent"';
|
|
||||||
access_log /var/log/nginx/access.log vcombined_anon;
|
|
||||||
'';
|
|
||||||
|
|
||||||
virtualHosts = {
|
|
||||||
"default" = {
|
|
||||||
default = true;
|
|
||||||
rejectSSL = true;
|
|
||||||
locations."/" = {
|
|
||||||
return = ''200 "Some piece of infrastructure\n"'';
|
|
||||||
extraConfig = ''
|
|
||||||
types { } default_type "text/plain; charset=utf-8";
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.logrotate.settings.nginx = {
|
|
||||||
frequency = "daily";
|
|
||||||
maxage = 14;
|
|
||||||
};
|
|
||||||
|
|
||||||
security.acme = {
|
|
||||||
defaults.email = "letsencrypt@clerie.de";
|
|
||||||
acceptTerms = true;
|
|
||||||
};
|
|
||||||
}
|
|
18
flake.lock
18
flake.lock
@ -215,11 +215,11 @@
|
|||||||
},
|
},
|
||||||
"nixpkgs-krypton": {
|
"nixpkgs-krypton": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1694183432,
|
"lastModified": 1693985761,
|
||||||
"narHash": "sha256-YyPGNapgZNNj51ylQMw9lAgvxtM2ai1HZVUu3GS8Fng=",
|
"narHash": "sha256-K5b+7j7Tt3+AqbWkcw+wMeqOAWyCD1MH26FPZyWXpdo=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "db9208ab987cdeeedf78ad9b4cf3c55f5ebd269b",
|
"rev": "0bffda19b8af722f8069d09d8b6a24594c80b352",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -231,11 +231,11 @@
|
|||||||
},
|
},
|
||||||
"nixpkgs-schule": {
|
"nixpkgs-schule": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1694183432,
|
"lastModified": 1693985761,
|
||||||
"narHash": "sha256-YyPGNapgZNNj51ylQMw9lAgvxtM2ai1HZVUu3GS8Fng=",
|
"narHash": "sha256-K5b+7j7Tt3+AqbWkcw+wMeqOAWyCD1MH26FPZyWXpdo=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "db9208ab987cdeeedf78ad9b4cf3c55f5ebd269b",
|
"rev": "0bffda19b8af722f8069d09d8b6a24594c80b352",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -247,11 +247,11 @@
|
|||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1694183432,
|
"lastModified": 1693985761,
|
||||||
"narHash": "sha256-YyPGNapgZNNj51ylQMw9lAgvxtM2ai1HZVUu3GS8Fng=",
|
"narHash": "sha256-K5b+7j7Tt3+AqbWkcw+wMeqOAWyCD1MH26FPZyWXpdo=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "db9208ab987cdeeedf78ad9b4cf3c55f5ebd269b",
|
"rev": "0bffda19b8af722f8069d09d8b6a24594c80b352",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -16,7 +16,6 @@
|
|||||||
./legal.nix
|
./legal.nix
|
||||||
./meow.nix
|
./meow.nix
|
||||||
./milchinsel.nix
|
./milchinsel.nix
|
||||||
./mitel-ommclient2.nix
|
|
||||||
./ping.nix
|
./ping.nix
|
||||||
./prediger.nix
|
./prediger.nix
|
||||||
./public.nix
|
./public.nix
|
||||||
|
@ -1,20 +0,0 @@
|
|||||||
{ ... }: {
|
|
||||||
services.update-from-hydra.paths.mitel-ommclient2 = {
|
|
||||||
enable = true;
|
|
||||||
hydraUrl = "https://hydra.clerie.de";
|
|
||||||
hydraProject = "clerie";
|
|
||||||
hydraJobset = "mitel_ommclient2";
|
|
||||||
hydraJob = "packages.x86_64-linux.mitel-ommclient2";
|
|
||||||
buildOutput = "doc";
|
|
||||||
nixStoreUri = "https://nix-cache.clerie.de";
|
|
||||||
resultPath = "/srv/mitel-ommclient2";
|
|
||||||
};
|
|
||||||
|
|
||||||
services.nginx.virtualHosts = {
|
|
||||||
"mitel-ommclient2.clerie.de" = {
|
|
||||||
enableACME = true;
|
|
||||||
forceSSL = true;
|
|
||||||
root = "/srv/mitel-ommclient2/share/doc/mitel-ommclient2/html";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
@ -64,31 +64,27 @@ in {
|
|||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
# systemd.services.wetter = {
|
systemd.services.wetter = {
|
||||||
# wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
# serviceConfig = {
|
serviceConfig = {
|
||||||
# RuntimeDirectory = "wetter";
|
RuntimeDirectory = "wetter";
|
||||||
# StateDirectory = "wetter";
|
StateDirectory = "wetter";
|
||||||
# User = "wetter_web";
|
User = "wetter_web";
|
||||||
# Group = "wetter_web";
|
Group = "wetter_web";
|
||||||
# };
|
};
|
||||||
# environment = {
|
environment = {
|
||||||
# WETTER_SETTINGS = "${configFile}";
|
WETTER_SETTINGS = "${configFile}";
|
||||||
# };
|
};
|
||||||
# script = "gunicorn -w 4 -b [::1]:8234 wetter:app";
|
script = "gunicorn -w 4 -b [::1]:8234 wetter:app";
|
||||||
# path = with pkgs; [ (python3.withPackages (ps: [ ps.gunicorn wetter ])) ];
|
path = with pkgs; [ (python3.withPackages (ps: [ ps.gunicorn wetter ])) ];
|
||||||
# };
|
};
|
||||||
|
|
||||||
services.nginx.virtualHosts = {
|
services.nginx.virtualHosts = {
|
||||||
"wetter.clerie.de" = {
|
"wetter.clerie.de" = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
#proxyPass = "http://[::1]:8234";
|
proxyPass = "http://[::1]:8234";
|
||||||
return = ''200 "wetter.clerie.de is currently offline, find source code on https://git.clerie.de/clerie/wetter\n"'';
|
|
||||||
extraConfig = ''
|
|
||||||
types { } default_type "text/plain; charset=utf-8";
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -45,14 +45,6 @@ let
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
buildOutput = mkOption {
|
|
||||||
type = with types; nullOr str;
|
|
||||||
default = null;
|
|
||||||
description = ''
|
|
||||||
Build output name
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
nixStoreUri = mkOption {
|
nixStoreUri = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
description = ''
|
description = ''
|
||||||
@ -93,7 +85,7 @@ in {
|
|||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
script = ''
|
script = ''
|
||||||
${pkgs.update-from-hydra}/bin/update-from-hydra --hydra-url "${path.hydraUrl}" --hydra-project "${path.hydraProject}" --hydra-jobset "${path.hydraJobset}" --hydra-job "${path.hydraJob}" ${optionalString (path.buildOutput != null) "--build-output ${path.buildOutput}"} --nix-store-uri "${path.nixStoreUri}" --gcroot-name "${name}" "${path.resultPath}"
|
${pkgs.update-from-hydra}/bin/update-from-hydra --hydra-url "${path.hydraUrl}" --hydra-project "${path.hydraProject}" --hydra-jobset "${path.hydraJobset}" --hydra-job "${path.hydraJob}" --nix-store-uri "${path.nixStoreUri}" --gcroot-name "${name}" "${path.resultPath}"
|
||||||
'';
|
'';
|
||||||
})
|
})
|
||||||
) cfg.paths);
|
) cfg.paths);
|
||||||
|
@ -2,8 +2,6 @@
|
|||||||
|
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
BUILD_OUTPUT="out"
|
|
||||||
|
|
||||||
while [[ $# -gt 0 ]]; do
|
while [[ $# -gt 0 ]]; do
|
||||||
case $1 in
|
case $1 in
|
||||||
--hydra-url)
|
--hydra-url)
|
||||||
@ -31,11 +29,6 @@ while [[ $# -gt 0 ]]; do
|
|||||||
shift
|
shift
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
--build-output)
|
|
||||||
BUILD_OUTPUT="$2"
|
|
||||||
shift
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
--gcroot-name)
|
--gcroot-name)
|
||||||
GCROOT_NAME="$2"
|
GCROOT_NAME="$2"
|
||||||
shift
|
shift
|
||||||
@ -57,13 +50,13 @@ set -- "${ARGS[@]}"
|
|||||||
HYDRA_JOB_URL="${HYDRA_URL}/job/${HYDRA_PROJECT}/${HYDRA_JOBSET}/${HYDRA_JOB}/latest-finished"
|
HYDRA_JOB_URL="${HYDRA_URL}/job/${HYDRA_PROJECT}/${HYDRA_JOBSET}/${HYDRA_JOB}/latest-finished"
|
||||||
RESULT_PATH="$1"
|
RESULT_PATH="$1"
|
||||||
|
|
||||||
echo "Updating ${RESULT_PATH} from ${HYDRA_PROJECT}:${HYDRA_JOBSET}:${HYDRA_JOB} output ${BUILD_OUTPUT}"
|
echo "Updating ${RESULT_PATH} from ${HYDRA_PROJECT}:${HYDRA_JOBSET}:${HYDRA_JOB}"
|
||||||
|
|
||||||
echo "Make sure symlink directory exist"
|
echo "Make sure symlink directory exist"
|
||||||
mkdir -p "$(dirname "${RESULT_PATH}")"
|
mkdir -p "$(dirname "${RESULT_PATH}")"
|
||||||
|
|
||||||
echo "Fetching job output"
|
echo "Fetching job output"
|
||||||
STORE_PATH="$(curl -s -L -H "Accept: application/json" "${HYDRA_JOB_URL}" | jq -r ".buildoutputs.${BUILD_OUTPUT}.path")"
|
STORE_PATH="$(curl -s -L -H "Accept: application/json" "${HYDRA_JOB_URL}" | jq -r .buildoutputs.out.path)"
|
||||||
|
|
||||||
echo "Copying path"
|
echo "Copying path"
|
||||||
nix copy --from "${NIX_STORE_URI}" "${STORE_PATH}"
|
nix copy --from "${NIX_STORE_URI}" "${STORE_PATH}"
|
||||||
|
Loading…
Reference in New Issue
Block a user