1
0

Compare commits

...

7 Commits

8 changed files with 126 additions and 73 deletions

View File

@ -3,6 +3,8 @@
{
imports = [
../../modules
./web.nix
];
networking.domain = "net.clerie.de";
@ -26,6 +28,8 @@
nix.settings = {
trusted-users = [ "@wheel" "@guests" ];
auto-optimise-store = true;
# Keep buildtime dependencies
keep-outputs = true;
};
environment.systemPackages = with pkgs; [
@ -62,54 +66,13 @@
options = "--delete-older-than 30d";
};
services.nginx = {
enableReload = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
commonHttpConfig = ''
server_names_hash_bucket_size 64;
map $remote_addr $remote_addr_anon {
~(?P<ip>\d+\.\d+\.\d+)\. $ip.0;
~(?P<ip>[^:]*:[^:]*(:[^:]*)?): $ip::;
default ::;
}
log_format combined_anon '$remote_addr_anon - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
log_format vcombined_anon '$host: $remote_addr_anon - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
access_log /var/log/nginx/access.log vcombined_anon;
'';
virtualHosts = {
"default" = {
default = true;
rejectSSL = true;
locations."/" = {
return = ''200 "Some piece of infrastructure\n"'';
extraConfig = ''
types { } default_type "text/plain; charset=utf-8";
'';
};
};
};
};
services.logrotate.settings.nginx = {
frequency = "daily";
maxage = 14;
};
security.acme = {
defaults.email = "letsencrypt@clerie.de";
acceptTerms = true;
};
nix.settings = {
experimental-features = [ "nix-command" "flakes" ];
experimental-features = [
"flakes"
"nix-command"
"repl-flake"
];
substituters = [
"https://nix-cache.clerie.de"
];

View File

@ -0,0 +1,50 @@
{ ... }:
{
services.nginx = {
enableReload = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
commonHttpConfig = ''
server_names_hash_bucket_size 64;
map $remote_addr $remote_addr_anon {
~(?P<ip>\d+\.\d+\.\d+)\. $ip.0;
~(?P<ip>[^:]*:[^:]*(:[^:]*)?): $ip::;
default ::;
}
log_format combined_anon '$remote_addr_anon - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
log_format vcombined_anon '$host: $remote_addr_anon - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
access_log /var/log/nginx/access.log vcombined_anon;
'';
virtualHosts = {
"default" = {
default = true;
rejectSSL = true;
locations."/" = {
return = ''200 "Some piece of infrastructure\n"'';
extraConfig = ''
types { } default_type "text/plain; charset=utf-8";
'';
};
};
};
};
services.logrotate.settings.nginx = {
frequency = "daily";
maxage = 14;
};
security.acme = {
defaults.email = "letsencrypt@clerie.de";
acceptTerms = true;
};
}

View File

@ -215,11 +215,11 @@
},
"nixpkgs-krypton": {
"locked": {
"lastModified": 1693985761,
"narHash": "sha256-K5b+7j7Tt3+AqbWkcw+wMeqOAWyCD1MH26FPZyWXpdo=",
"lastModified": 1694183432,
"narHash": "sha256-YyPGNapgZNNj51ylQMw9lAgvxtM2ai1HZVUu3GS8Fng=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0bffda19b8af722f8069d09d8b6a24594c80b352",
"rev": "db9208ab987cdeeedf78ad9b4cf3c55f5ebd269b",
"type": "github"
},
"original": {
@ -231,11 +231,11 @@
},
"nixpkgs-schule": {
"locked": {
"lastModified": 1693985761,
"narHash": "sha256-K5b+7j7Tt3+AqbWkcw+wMeqOAWyCD1MH26FPZyWXpdo=",
"lastModified": 1694183432,
"narHash": "sha256-YyPGNapgZNNj51ylQMw9lAgvxtM2ai1HZVUu3GS8Fng=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0bffda19b8af722f8069d09d8b6a24594c80b352",
"rev": "db9208ab987cdeeedf78ad9b4cf3c55f5ebd269b",
"type": "github"
},
"original": {
@ -247,11 +247,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1693985761,
"narHash": "sha256-K5b+7j7Tt3+AqbWkcw+wMeqOAWyCD1MH26FPZyWXpdo=",
"lastModified": 1694183432,
"narHash": "sha256-YyPGNapgZNNj51ylQMw9lAgvxtM2ai1HZVUu3GS8Fng=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0bffda19b8af722f8069d09d8b6a24594c80b352",
"rev": "db9208ab987cdeeedf78ad9b4cf3c55f5ebd269b",
"type": "github"
},
"original": {

View File

@ -16,6 +16,7 @@
./legal.nix
./meow.nix
./milchinsel.nix
./mitel-ommclient2.nix
./ping.nix
./prediger.nix
./public.nix

View File

@ -0,0 +1,20 @@
{ ... }: {
services.update-from-hydra.paths.mitel-ommclient2 = {
enable = true;
hydraUrl = "https://hydra.clerie.de";
hydraProject = "clerie";
hydraJobset = "mitel_ommclient2";
hydraJob = "packages.x86_64-linux.mitel-ommclient2";
buildOutput = "doc";
nixStoreUri = "https://nix-cache.clerie.de";
resultPath = "/srv/mitel-ommclient2";
};
services.nginx.virtualHosts = {
"mitel-ommclient2.clerie.de" = {
enableACME = true;
forceSSL = true;
root = "/srv/mitel-ommclient2/share/doc/mitel-ommclient2/html";
};
};
}

View File

@ -64,27 +64,31 @@ in {
];
};
systemd.services.wetter = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
RuntimeDirectory = "wetter";
StateDirectory = "wetter";
User = "wetter_web";
Group = "wetter_web";
};
environment = {
WETTER_SETTINGS = "${configFile}";
};
script = "gunicorn -w 4 -b [::1]:8234 wetter:app";
path = with pkgs; [ (python3.withPackages (ps: [ ps.gunicorn wetter ])) ];
};
# systemd.services.wetter = {
# wantedBy = [ "multi-user.target" ];
# serviceConfig = {
# RuntimeDirectory = "wetter";
# StateDirectory = "wetter";
# User = "wetter_web";
# Group = "wetter_web";
# };
# environment = {
# WETTER_SETTINGS = "${configFile}";
# };
# script = "gunicorn -w 4 -b [::1]:8234 wetter:app";
# path = with pkgs; [ (python3.withPackages (ps: [ ps.gunicorn wetter ])) ];
# };
services.nginx.virtualHosts = {
"wetter.clerie.de" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://[::1]:8234";
#proxyPass = "http://[::1]:8234";
return = ''200 "wetter.clerie.de is currently offline, find source code on https://git.clerie.de/clerie/wetter\n"'';
extraConfig = ''
types { } default_type "text/plain; charset=utf-8";
'';
};
};
};

View File

@ -45,6 +45,14 @@ let
'';
};
buildOutput = mkOption {
type = with types; nullOr str;
default = null;
description = ''
Build output name
'';
};
nixStoreUri = mkOption {
type = types.str;
description = ''
@ -85,7 +93,7 @@ in {
wantedBy = [ "multi-user.target" ];
script = ''
${pkgs.update-from-hydra}/bin/update-from-hydra --hydra-url "${path.hydraUrl}" --hydra-project "${path.hydraProject}" --hydra-jobset "${path.hydraJobset}" --hydra-job "${path.hydraJob}" --nix-store-uri "${path.nixStoreUri}" --gcroot-name "${name}" "${path.resultPath}"
${pkgs.update-from-hydra}/bin/update-from-hydra --hydra-url "${path.hydraUrl}" --hydra-project "${path.hydraProject}" --hydra-jobset "${path.hydraJobset}" --hydra-job "${path.hydraJob}" ${optionalString (path.buildOutput != null) "--build-output ${path.buildOutput}"} --nix-store-uri "${path.nixStoreUri}" --gcroot-name "${name}" "${path.resultPath}"
'';
})
) cfg.paths);

View File

@ -2,6 +2,8 @@
set -euo pipefail
BUILD_OUTPUT="out"
while [[ $# -gt 0 ]]; do
case $1 in
--hydra-url)
@ -29,6 +31,11 @@ while [[ $# -gt 0 ]]; do
shift
shift
;;
--build-output)
BUILD_OUTPUT="$2"
shift
shift
;;
--gcroot-name)
GCROOT_NAME="$2"
shift
@ -50,13 +57,13 @@ set -- "${ARGS[@]}"
HYDRA_JOB_URL="${HYDRA_URL}/job/${HYDRA_PROJECT}/${HYDRA_JOBSET}/${HYDRA_JOB}/latest-finished"
RESULT_PATH="$1"
echo "Updating ${RESULT_PATH} from ${HYDRA_PROJECT}:${HYDRA_JOBSET}:${HYDRA_JOB}"
echo "Updating ${RESULT_PATH} from ${HYDRA_PROJECT}:${HYDRA_JOBSET}:${HYDRA_JOB} output ${BUILD_OUTPUT}"
echo "Make sure symlink directory exist"
mkdir -p "$(dirname "${RESULT_PATH}")"
echo "Fetching job output"
STORE_PATH="$(curl -s -L -H "Accept: application/json" "${HYDRA_JOB_URL}" | jq -r .buildoutputs.out.path)"
STORE_PATH="$(curl -s -L -H "Accept: application/json" "${HYDRA_JOB_URL}" | jq -r ".buildoutputs.${BUILD_OUTPUT}.path")"
echo "Copying path"
nix copy --from "${NIX_STORE_URI}" "${STORE_PATH}"