1
0

Compare commits

...

7 Commits

8 changed files with 126 additions and 73 deletions

View File

@ -3,6 +3,8 @@
{ {
imports = [ imports = [
../../modules ../../modules
./web.nix
]; ];
networking.domain = "net.clerie.de"; networking.domain = "net.clerie.de";
@ -26,6 +28,8 @@
nix.settings = { nix.settings = {
trusted-users = [ "@wheel" "@guests" ]; trusted-users = [ "@wheel" "@guests" ];
auto-optimise-store = true; auto-optimise-store = true;
# Keep buildtime dependencies
keep-outputs = true;
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -62,54 +66,13 @@
options = "--delete-older-than 30d"; options = "--delete-older-than 30d";
}; };
services.nginx = {
enableReload = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
commonHttpConfig = ''
server_names_hash_bucket_size 64;
map $remote_addr $remote_addr_anon {
~(?P<ip>\d+\.\d+\.\d+)\. $ip.0;
~(?P<ip>[^:]*:[^:]*(:[^:]*)?): $ip::;
default ::;
}
log_format combined_anon '$remote_addr_anon - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
log_format vcombined_anon '$host: $remote_addr_anon - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
access_log /var/log/nginx/access.log vcombined_anon;
'';
virtualHosts = {
"default" = {
default = true;
rejectSSL = true;
locations."/" = {
return = ''200 "Some piece of infrastructure\n"'';
extraConfig = ''
types { } default_type "text/plain; charset=utf-8";
'';
};
};
};
};
services.logrotate.settings.nginx = {
frequency = "daily";
maxage = 14;
};
security.acme = {
defaults.email = "letsencrypt@clerie.de";
acceptTerms = true;
};
nix.settings = { nix.settings = {
experimental-features = [ "nix-command" "flakes" ]; experimental-features = [
"flakes"
"nix-command"
"repl-flake"
];
substituters = [ substituters = [
"https://nix-cache.clerie.de" "https://nix-cache.clerie.de"
]; ];

View File

@ -0,0 +1,50 @@
{ ... }:
{
services.nginx = {
enableReload = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
commonHttpConfig = ''
server_names_hash_bucket_size 64;
map $remote_addr $remote_addr_anon {
~(?P<ip>\d+\.\d+\.\d+)\. $ip.0;
~(?P<ip>[^:]*:[^:]*(:[^:]*)?): $ip::;
default ::;
}
log_format combined_anon '$remote_addr_anon - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
log_format vcombined_anon '$host: $remote_addr_anon - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
access_log /var/log/nginx/access.log vcombined_anon;
'';
virtualHosts = {
"default" = {
default = true;
rejectSSL = true;
locations."/" = {
return = ''200 "Some piece of infrastructure\n"'';
extraConfig = ''
types { } default_type "text/plain; charset=utf-8";
'';
};
};
};
};
services.logrotate.settings.nginx = {
frequency = "daily";
maxage = 14;
};
security.acme = {
defaults.email = "letsencrypt@clerie.de";
acceptTerms = true;
};
}

View File

@ -215,11 +215,11 @@
}, },
"nixpkgs-krypton": { "nixpkgs-krypton": {
"locked": { "locked": {
"lastModified": 1693985761, "lastModified": 1694183432,
"narHash": "sha256-K5b+7j7Tt3+AqbWkcw+wMeqOAWyCD1MH26FPZyWXpdo=", "narHash": "sha256-YyPGNapgZNNj51ylQMw9lAgvxtM2ai1HZVUu3GS8Fng=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "0bffda19b8af722f8069d09d8b6a24594c80b352", "rev": "db9208ab987cdeeedf78ad9b4cf3c55f5ebd269b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -231,11 +231,11 @@
}, },
"nixpkgs-schule": { "nixpkgs-schule": {
"locked": { "locked": {
"lastModified": 1693985761, "lastModified": 1694183432,
"narHash": "sha256-K5b+7j7Tt3+AqbWkcw+wMeqOAWyCD1MH26FPZyWXpdo=", "narHash": "sha256-YyPGNapgZNNj51ylQMw9lAgvxtM2ai1HZVUu3GS8Fng=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "0bffda19b8af722f8069d09d8b6a24594c80b352", "rev": "db9208ab987cdeeedf78ad9b4cf3c55f5ebd269b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -247,11 +247,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1693985761, "lastModified": 1694183432,
"narHash": "sha256-K5b+7j7Tt3+AqbWkcw+wMeqOAWyCD1MH26FPZyWXpdo=", "narHash": "sha256-YyPGNapgZNNj51ylQMw9lAgvxtM2ai1HZVUu3GS8Fng=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "0bffda19b8af722f8069d09d8b6a24594c80b352", "rev": "db9208ab987cdeeedf78ad9b4cf3c55f5ebd269b",
"type": "github" "type": "github"
}, },
"original": { "original": {

View File

@ -16,6 +16,7 @@
./legal.nix ./legal.nix
./meow.nix ./meow.nix
./milchinsel.nix ./milchinsel.nix
./mitel-ommclient2.nix
./ping.nix ./ping.nix
./prediger.nix ./prediger.nix
./public.nix ./public.nix

View File

@ -0,0 +1,20 @@
{ ... }: {
services.update-from-hydra.paths.mitel-ommclient2 = {
enable = true;
hydraUrl = "https://hydra.clerie.de";
hydraProject = "clerie";
hydraJobset = "mitel_ommclient2";
hydraJob = "packages.x86_64-linux.mitel-ommclient2";
buildOutput = "doc";
nixStoreUri = "https://nix-cache.clerie.de";
resultPath = "/srv/mitel-ommclient2";
};
services.nginx.virtualHosts = {
"mitel-ommclient2.clerie.de" = {
enableACME = true;
forceSSL = true;
root = "/srv/mitel-ommclient2/share/doc/mitel-ommclient2/html";
};
};
}

View File

@ -64,27 +64,31 @@ in {
]; ];
}; };
systemd.services.wetter = { # systemd.services.wetter = {
wantedBy = [ "multi-user.target" ]; # wantedBy = [ "multi-user.target" ];
serviceConfig = { # serviceConfig = {
RuntimeDirectory = "wetter"; # RuntimeDirectory = "wetter";
StateDirectory = "wetter"; # StateDirectory = "wetter";
User = "wetter_web"; # User = "wetter_web";
Group = "wetter_web"; # Group = "wetter_web";
}; # };
environment = { # environment = {
WETTER_SETTINGS = "${configFile}"; # WETTER_SETTINGS = "${configFile}";
}; # };
script = "gunicorn -w 4 -b [::1]:8234 wetter:app"; # script = "gunicorn -w 4 -b [::1]:8234 wetter:app";
path = with pkgs; [ (python3.withPackages (ps: [ ps.gunicorn wetter ])) ]; # path = with pkgs; [ (python3.withPackages (ps: [ ps.gunicorn wetter ])) ];
}; # };
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
"wetter.clerie.de" = { "wetter.clerie.de" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://[::1]:8234"; #proxyPass = "http://[::1]:8234";
return = ''200 "wetter.clerie.de is currently offline, find source code on https://git.clerie.de/clerie/wetter\n"'';
extraConfig = ''
types { } default_type "text/plain; charset=utf-8";
'';
}; };
}; };
}; };

View File

@ -45,6 +45,14 @@ let
''; '';
}; };
buildOutput = mkOption {
type = with types; nullOr str;
default = null;
description = ''
Build output name
'';
};
nixStoreUri = mkOption { nixStoreUri = mkOption {
type = types.str; type = types.str;
description = '' description = ''
@ -85,7 +93,7 @@ in {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
script = '' script = ''
${pkgs.update-from-hydra}/bin/update-from-hydra --hydra-url "${path.hydraUrl}" --hydra-project "${path.hydraProject}" --hydra-jobset "${path.hydraJobset}" --hydra-job "${path.hydraJob}" --nix-store-uri "${path.nixStoreUri}" --gcroot-name "${name}" "${path.resultPath}" ${pkgs.update-from-hydra}/bin/update-from-hydra --hydra-url "${path.hydraUrl}" --hydra-project "${path.hydraProject}" --hydra-jobset "${path.hydraJobset}" --hydra-job "${path.hydraJob}" ${optionalString (path.buildOutput != null) "--build-output ${path.buildOutput}"} --nix-store-uri "${path.nixStoreUri}" --gcroot-name "${name}" "${path.resultPath}"
''; '';
}) })
) cfg.paths); ) cfg.paths);

View File

@ -2,6 +2,8 @@
set -euo pipefail set -euo pipefail
BUILD_OUTPUT="out"
while [[ $# -gt 0 ]]; do while [[ $# -gt 0 ]]; do
case $1 in case $1 in
--hydra-url) --hydra-url)
@ -29,6 +31,11 @@ while [[ $# -gt 0 ]]; do
shift shift
shift shift
;; ;;
--build-output)
BUILD_OUTPUT="$2"
shift
shift
;;
--gcroot-name) --gcroot-name)
GCROOT_NAME="$2" GCROOT_NAME="$2"
shift shift
@ -50,13 +57,13 @@ set -- "${ARGS[@]}"
HYDRA_JOB_URL="${HYDRA_URL}/job/${HYDRA_PROJECT}/${HYDRA_JOBSET}/${HYDRA_JOB}/latest-finished" HYDRA_JOB_URL="${HYDRA_URL}/job/${HYDRA_PROJECT}/${HYDRA_JOBSET}/${HYDRA_JOB}/latest-finished"
RESULT_PATH="$1" RESULT_PATH="$1"
echo "Updating ${RESULT_PATH} from ${HYDRA_PROJECT}:${HYDRA_JOBSET}:${HYDRA_JOB}" echo "Updating ${RESULT_PATH} from ${HYDRA_PROJECT}:${HYDRA_JOBSET}:${HYDRA_JOB} output ${BUILD_OUTPUT}"
echo "Make sure symlink directory exist" echo "Make sure symlink directory exist"
mkdir -p "$(dirname "${RESULT_PATH}")" mkdir -p "$(dirname "${RESULT_PATH}")"
echo "Fetching job output" echo "Fetching job output"
STORE_PATH="$(curl -s -L -H "Accept: application/json" "${HYDRA_JOB_URL}" | jq -r .buildoutputs.out.path)" STORE_PATH="$(curl -s -L -H "Accept: application/json" "${HYDRA_JOB_URL}" | jq -r ".buildoutputs.${BUILD_OUTPUT}.path")"
echo "Copying path" echo "Copying path"
nix copy --from "${NIX_STORE_URI}" "${STORE_PATH}" nix copy --from "${NIX_STORE_URI}" "${STORE_PATH}"