feat(compute01): init pages server #151

Open
Luj wants to merge 3 commits from init-dgnum-page into main
Owner

We have static pages at home

We have static pages at home
Luj force-pushed init-dgnum-page from 0216656911 to 53ee0a569b 2024-10-11 01:25:33 +02:00 Compare
Luj force-pushed init-dgnum-page from 53ee0a569b to 69650d6540 2024-10-11 01:30:50 +02:00 Compare
thubrecht requested changes 2024-10-11 01:34:09 +02:00
@ -0,0 +1,90 @@
{
pkgs,
lib,
config,
Owner
config,
lib,
pkgs,
```nix config, lib, pkgs, ```
Luj marked this conversation as resolved
@ -0,0 +21,4 @@
# Necessary until upstream cuts a new release because of
# https://codeberg.org/Codeberg/pages-server/issues/235
# that is fixed on main
package = pkgs.callPackage ./codeberg-pages-custom.nix { };
Owner

C'est pas faisable de juste override le paquet ? c.f. https://github.com/NixOS/nixpkgs/pull/225051

C'est pas faisable de juste override le paquet ? c.f. https://github.com/NixOS/nixpkgs/pull/225051
Author
Owner

Je savais pas que ça avait été fix, will do

Je savais pas que ça avait été fix, will do
Luj marked this conversation as resolved
@ -0,0 +26,4 @@
{
age-secrets.autoMatch = [ "pages_env_file" ];
Owner

Ça ne fait pas ce que tu penses, ça associe à l'user toto tous les secrets de la forme toto-.*

Ça ne fait pas ce que tu penses, ça associe à l'user `toto` tous les secrets de la forme `toto-.*`
Luj marked this conversation as resolved
@ -0,0 +31,4 @@
networking.firewall.allowedTCPPorts = [
80
443
];
Owner

C'est déjà ouvert, pas la peine de le redéclarer

C'est déjà ouvert, pas la peine de le redéclarer
Luj marked this conversation as resolved
@ -0,0 +37,4 @@
description = "Codeberg pages server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
environment = settings;
Owner

Autant appeler directement la variable environment, comme ça tu peux faire un inherit et c'est plus clair dans le ``let ... in

Autant appeler directement la variable `environment`, comme ça tu peux faire un inherit et c'est plus clair dans le ``let ... in
Luj marked this conversation as resolved
@ -0,0 +44,4 @@
EnvironmentFile = config.age.secrets."pages_env_file".path;
WorkingDirectory = "/var/lib/codeberg-pages";
DynamicUser = true;
ExecStart = "${package}/bin/pages";
Owner

getExe package

`getExe package`
Luj marked this conversation as resolved
@ -0,0 +65,4 @@
};
services.nginx = {
enable = true;
Owner

nginx est déja activé

nginx est déja activé
Luj marked this conversation as resolved
@ -0,0 +70,4 @@
map $ssl_preread_server_name $sni_upstream {
hostnames;
default 0.0.0.0:8010;
${lib.concatStringsSep "\n" (
Owner

concatMapStringsSep existe ( https://noogle.dev/f/lib/concatMapStringsSep )

`concatMapStringsSep` existe ( https://noogle.dev/f/lib/concatMapStringsSep )
Luj marked this conversation as resolved
@ -0,0 +71,4 @@
hostnames;
default 0.0.0.0:8010;
${lib.concatStringsSep "\n" (
map (vhost: " ${vhost} 0.0.0.0:8443;") (lib.attrNames config.services.nginx.virtualHosts)
Owner

127.0.0.1 plutôt que 0.0.0.0 et il manque un : entre l'ip et le port

`127.0.0.1` plutôt que `0.0.0.0` et il manque un `:` entre l'ip et le port
Luj marked this conversation as resolved
@ -0,0 +84,4 @@
'';
defaultSSLListenPort = 8443;
Owner

ligne vide en trop ?

ligne vide en trop ?
Luj marked this conversation as resolved
@ -0,0 +86,4 @@
defaultSSLListenPort = 8443;
};
Owner

idem

idem
Luj marked this conversation as resolved
@ -21,6 +21,7 @@
"outline-oidc_client_secret_file"
"outline-smtp_password_file"
"outline-storage_secret_key_file"
"pages_env_file"
Owner

pages-environment_file plutôt

`pages-environment_file` plutôt
Luj marked this conversation as resolved
Luj force-pushed init-dgnum-page from 69650d6540 to bb6bd21f94 2024-10-11 01:36:53 +02:00 Compare
Luj force-pushed init-dgnum-page from bb6bd21f94 to aaa3f0346a 2024-10-11 01:46:23 +02:00 Compare
Luj force-pushed init-dgnum-page from aaa3f0346a to 6711856bf9 2024-10-11 01:50:18 +02:00 Compare
Luj force-pushed init-dgnum-page from 6711856bf9 to a7bad89e3e 2024-10-11 11:28:26 +02:00 Compare
Luj force-pushed init-dgnum-page from a7bad89e3e to f0b577a5ca 2024-10-11 11:43:43 +02:00 Compare
Luj requested review from thubrecht 2024-10-11 11:45:02 +02:00
Luj force-pushed init-dgnum-page from f0b577a5ca to a58ea0808f 2024-10-11 13:36:29 +02:00 Compare
thubrecht reviewed 2024-10-11 13:58:57 +02:00
@ -0,0 +48,4 @@
EnvironmentFile = config.age.secrets."pages-environment_file".path;
WorkingDirectory = "/var/lib/codeberg-pages";
DynamicUser = true;
ExecStart = "${lib.getExe package}";
Owner

C'est strictement égal à lib.getExe package

C'est strictement égal à `lib.getExe package`
Luj marked this conversation as resolved
Luj force-pushed init-dgnum-page from a58ea0808f to 7d462e0924 2024-10-11 14:04:26 +02:00 Compare
Luj started working 2024-10-11 14:07:59 +02:00
Luj stopped working 2024-10-11 14:08:02 +02:00
3 seconds
Luj deleted spent time 2024-10-11 14:08:59 +02:00
- 3 seconds
Luj force-pushed init-dgnum-page from 7d462e0924 to 2de3394bdb 2024-10-11 14:56:45 +02:00 Compare
Luj force-pushed init-dgnum-page from 2de3394bdb to 9eabab4e37 2024-10-11 14:59:09 +02:00 Compare
Luj force-pushed init-dgnum-page from 9eabab4e37 to 407f99ca95 2024-10-11 15:10:34 +02:00 Compare
Author
Owner

This is deployed now :)

This is deployed now :)
thubrecht reviewed 2024-10-11 15:17:45 +02:00
@ -0,0 +71,4 @@
services.nginx = {
streamConfig = ''
map $ssl_preread_server_name $sni_upstream {
hostnames;
Owner

Je comprends pas très bien à quoi sert ce hostnames d'ailleurs sachant que c'est pas défini ailleurs

Je comprends pas très bien à quoi sert ce hostnames d'ailleurs sachant que c'est pas défini ailleurs
Author
Owner

Je pense que tu as raison

Je pense que tu as raison
Author
Owner

le "hostnames" sert à pouvoir mettre des éléments du type *.dgnum.eu dans la map, effectivement plus utile ici

le "hostnames" sert à pouvoir mettre des éléments du type *.dgnum.eu dans la map, effectivement plus utile ici
thubrecht reviewed 2024-10-11 15:18:24 +02:00
@ -0,0 +73,4 @@
map $ssl_preread_server_name $sni_upstream {
hostnames;
default 127.0.0.1:8010;
${lib.concatMapStringsSep "\n" (vhost: " ${vhost} 127.0.0.1:8446;") (
Owner

L'alignement est décalé de deux caractères sur la gauche

L'alignement est décalé de deux caractères sur la gauche
Author
Owner

C'est pour avoir l'indentation correcte sur le fichier de config (regarde les deux espaces au début de chaque ligne).
Comme tu préfères

C'est pour avoir l'indentation correcte sur le fichier de config (regarde les deux espaces au début de chaque ligne). Comme tu préfères
Owner

Ah, hmmm
Autre option, tu mets "\n " comme séparateur et pas les espaces dans la string du vhost

Ah, hmmm Autre option, tu mets "\n " comme séparateur et pas les espaces dans la string du vhost
thubrecht added 1 commit 2024-10-12 11:54:52 +02:00
feat(nginx): Use proxy_protocol for sni redirection
All checks were successful
Check meta / check_meta (pull_request) Successful in 19s
Check meta / check_dns (pull_request) Successful in 20s
lint / check (push) Successful in 26s
build configuration / build_and_cache_storage01 (pull_request) Successful in 1m19s
build configuration / build_and_cache_geo01 (pull_request) Successful in 1m4s
build configuration / build_and_cache_geo02 (pull_request) Successful in 1m3s
build configuration / build_and_cache_rescue01 (pull_request) Successful in 1m13s
build configuration / build_and_cache_compute01 (pull_request) Successful in 1m42s
build configuration / build_and_cache_krz01 (pull_request) Successful in 2m4s
lint / check (pull_request) Successful in 25s
build configuration / build_and_cache_bridge01 (pull_request) Successful in 1m4s
build configuration / build_and_cache_web02 (pull_request) Successful in 1m16s
build configuration / build_and_cache_vault01 (pull_request) Successful in 1m26s
build configuration / build_and_cache_web01 (pull_request) Successful in 1m46s
e4cc002f6f
WARNING: This alone does not work, we need to set the real ip based on
http://nginx.org/en/docs/stream/ngx_stream_realip_module.html

Which is not feasible right now without causing an infinite loop during
eval
thubrecht added 1 commit 2024-10-12 12:30:59 +02:00
feat(nginx): Add default real_ip decoding for all vhosts
All checks were successful
build configuration / build_and_cache_geo01 (pull_request) Successful in 1m6s
build configuration / build_and_cache_geo02 (pull_request) Successful in 1m5s
build configuration / build_and_cache_storage01 (pull_request) Successful in 1m25s
build configuration / build_and_cache_rescue01 (pull_request) Successful in 1m8s
build configuration / build_and_cache_compute01 (pull_request) Successful in 1m43s
build configuration / build_and_cache_krz01 (pull_request) Successful in 2m7s
lint / check (pull_request) Successful in 24s
build configuration / build_and_cache_bridge01 (pull_request) Successful in 1m7s
build configuration / build_and_cache_web02 (pull_request) Successful in 1m14s
build configuration / build_and_cache_vault01 (pull_request) Successful in 1m25s
build configuration / build_and_cache_web01 (pull_request) Successful in 1m51s
Check meta / check_meta (pull_request) Successful in 19s
Check meta / check_dns (pull_request) Successful in 19s
lint / check (push) Successful in 23s
40b8b8eabc
Author
Owner

@thubrecht pourquoi tu as retiré le defaultSSLListenPort = 8446; ?

@thubrecht pourquoi tu as retiré le `defaultSSLListenPort = 8446; ` ?
Owner

@thubrecht pourquoi tu as retiré le defaultSSLListenPort = 8446; ?

Parce que c'est plus utilisé lorsque defaultListen est renseigné avec une adresse qui écoute en ssl

> @thubrecht pourquoi tu as retiré le `defaultSSLListenPort = 8446; ` ? Parce que c'est plus utilisé lorsque `defaultListen` est renseigné avec une adresse qui écoute en ssl
Some checks are pending
build configuration / build_and_cache_geo01 (pull_request) Successful in 1m6s
build configuration / build_and_cache_geo02 (pull_request) Successful in 1m5s
build configuration / build_and_cache_storage01 (pull_request) Successful in 1m25s
build configuration / build_and_cache_rescue01 (pull_request) Successful in 1m8s
build configuration / build_and_cache_compute01 (pull_request) Successful in 1m43s
build configuration / build_and_cache_krz01 (pull_request) Successful in 2m7s
lint / check (pull_request) Successful in 24s
build configuration / build_and_cache_bridge01 (pull_request) Successful in 1m7s
build configuration / build_and_cache_web02 (pull_request) Successful in 1m14s
build configuration / build_and_cache_vault01 (pull_request) Successful in 1m25s
build configuration / build_and_cache_web01 (pull_request) Successful in 1m51s
Check meta / check_meta (pull_request) Successful in 19s
Required
Details
Check meta / check_dns (pull_request) Successful in 19s
Required
Details
lint / check (push) Successful in 23s
Build all the nodes / *
Required
Run pre-commit on all files / *
Required
Check workflows / *
Required
This pull request has changes conflicting with the target branch.
  • machines/compute01/_configuration.nix
  • machines/compute01/secrets/secrets.nix
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin init-dgnum-page:init-dgnum-page
git checkout init-dgnum-page
Sign in to join this conversation.
No description provided.