hosts/hackens-org/2048.nix

@@ -0,0 +1,15 @@
+{ config, pkgs, ... }:
+{
+  services.staticWebsites.sites = {
+    "2048" = {
+      root = pkgs.fetchFromGitHub {
+        owner = "hackEns";
+        repo = "2048NdS";
+        rev = "1df6db154ca22c380eb52844c7a6a7f888fb5610";
+        sha256 = "1y2v637j0g03g4l80ag72pm9kc46f07npir7ddp8i6x15bzygj1a";
+      };
+      hostname = config.my.subZone;
+      location = "/2048";
+    };
+  };
+}

hosts/hackens-org/acme-ssl.nix

@@ -0,0 +1,13 @@
+# Issue du club reseau
+{ config, ... }:
+let
+    my = config.my;
+in
+{
+  security.acme.acceptTerms = true;
+  security.acme.email = my.email;
+  security.acme.server =
+    if my.acmeStaging
+    then "https://acme-staging-v02.api.letsencrypt.org/directory"
+    else null;
+}

hosts/hackens-org/configuration.nix

@@ -10,12 +10,17 @@
       ./hardware-configuration.nix
       ./physical.nix
       ../../profiles/core-hackens
+      ./hackens-my.nix
+      #Services
       ./wiki.nix
       ./webpass.nix
+      ./test-static.nix
       # ./bridge.nix
       # ./gha.nix
       # ./sync.nix
+      #Modules
       ./misc
+      ./modules
     ];
 
   networking.hostName = "hackens-org"; # Define your hostname.

hosts/hackens-org/hackens-my.nix

@@ -0,0 +1,12 @@
+# Inspire du club reseau
+{ lib, ... }:
+{
+  imports = [ ./modules/my.nix ];
+
+  my = {
+    email = "hackens@clipper.ens.fr";
+    acmeStaging = lib.mkDefault true;
+    debug = false;
+    subZone = "new.hackens.org";
+  };
+}

hosts/hackens-org/modules/default.nix

@@ -0,0 +1,9 @@
+{ pkgs, ... }:
+{
+  imports = [
+    ./my.nix
+    ./staticWebsites.nix
+    ./nginx.nix
+    ./webhooks.nix
+  ];
+}

hosts/hackens-org/modules/my.nix

@@ -0,0 +1,28 @@
+# Inspiré du club réseau
+{ config, lib, ... }:
+with lib;
+with types;
+{
+  options.my = {
+    email = mkOption {
+      description = "Admin email";
+      type = str;
+      default = "";
+      example = "hackens@clipper.ens.fr";
+    };
+    acmeStaging = mkOption {
+      description = "Enable staging servers";
+      type = bool;
+      default = false;
+    };
+    subZone = mkOption {
+      description = "Sub zone for hosting the services";
+      type = str;
+    };
+    debug = mkOption {
+      description = "Debug mode";
+      type = bool;
+      default = false;
+    };
+  };
+}

hosts/hackens-org/modules/static-website.nix

@@ -1,26 +0,0 @@
-{ lib, config }:
-
-with lib;
-let
-  cfg = config.services.static-website.config;
-  l = builtins.split cfg.name "/";
-  name = lists.last l;
-in
-{
-  services.static-website.config = lib.mkOption {
-    type = with types; attrsOf (submodule {
-      options.name = mkOption path;
-    });
-  };
-
-  config = {
-    services.nginx.enable = cfg.enable;
-    virtualHosts."${cfg.name}" = {
-      root = "/var/lib/nginx/static/${name}";
-    }
-  };
-}
-
-/* TODO
-ACME
-*/

hosts/hackens-org/modules/staticWebsites.nix

@@ -0,0 +1,64 @@
+{ lib, config , ... }:
+with lib;
+let
+  eachSite = config.services.staticWebsites.sites;
+  website = { name, ... }: {
+    options = {
+      root = mkOption {
+        type = types.path;
+        default = "/var/lib/nginx/static/${name}";
+        description = "Static files path for the website";
+      };
+      hostname = mkOption {
+        type = types.str;
+        default = name;
+        description = "Website hostname";
+      };
+      location = mkOption {
+        type = types.nullOr types.str;
+        default = null;
+        description = "Add a location rule if not null";
+      };
+    };
+  };
+in
+{
+  options.services.staticWebsites = {
+    sites = mkOption {
+      type = types.attrsOf (types.submodule website);
+      description = "Specification of one or more static websites to serve";
+    };
+    debug = mkOption {
+      type = types.bool;
+      default = false;
+    };
+  };
+  config = mkIf (eachSite != {}) {
+    services.nginx = {
+      enable = true;
+      virtualHosts = mapAttrs' ( hostname: conf: {
+        name = conf.hostname;
+        value = (mkMerge [
+          {
+            serverName = conf.hostname;
+            forceSSL = if config.services.staticWebsites.debug then false else true;
+            enableACME = if config.services.staticWebsites.debug then false else true;
+          }
+  
+          (mkIf (conf.location == null) {
+            root = conf.root;
+          })
+  
+          (mkIf (conf.location != null) {
+            locations = {
+              "${conf.location}/" = {
+                alias = "${conf.root}/";
+              };
+            };
+          })
+  
+          ]);
+        }) eachSite;
+    };
+  };
+}

hosts/hackens-org/modules/webhooks.nix

@@ -0,0 +1,56 @@
+{ pkgs, config, lib, ... }:
+with lib;
+let
+  json = pkgs.formats.json {};
+  cfg = config.services.webhooks;
+in
+{
+  options.services.webhooks = {
+    enable = mkEnableOption "Set up webhooks";
+    package = mkOption {
+      type = types.package;
+      default = pkgs.webhook;
+      description = "`webhook` package to use";
+    };
+    hostname = mkOption {
+      type = types.str;
+      description = "The vhost on which webhook will listen";
+    };
+    endpoint = mkOption {
+      type = types.str;
+      default = "hooks";
+      description = "The endpoint of the webhooks";
+    };
+    hooks = mkOption {
+      type = json.type;
+      description = "Configuration for this webhook, check <link xlink:href="https://github.com/adnanh/webhook/blob/master/docs/Hook-Definition.md"/> for supported values";
+    };
+    internalPort = mkOption {
+      type = types.int;
+      default = 9000;
+      description = "The local port used to (proxy)pass requests from nginx to webhook";
+    };
+    debug = mkOption {
+      type = types.bool;
+      default = false;
+    };
+  };
+  config = mkIf cfg.enable {
+    services.nginx = {
+      enable = true;
+      virtualHosts."${cfg.hostname}" = {
+        locations."${cfg.endpoint}".proxyPass = "http://127.0.0.1:${toString cfg.internalPort}/hooks";
+        enableACME = if cfg.debug then false else true;
+      };
+    };
+    systemd.services.webhook = {
+      enable = true;
+      unitConfig = {
+        Description = "Small server for creating HTTP hooks";
+        Documentation = "https://github.com/adnanh/webhook/";
+      };
+      script = "${cfg.package}/bin/webhook -nopanic -ip \"127.0.0.1\" -port \"${toString cfg.internalPort}\" -verbose -hooks ${json.generate "conf.json" cfg.hooks}";
+      wantedBy = [ "mulit-user.target" ];
+    };
+  };
+}

hosts/hackens-org/test-static.nix

@@ -0,0 +1,7 @@
+{ config, pkgs, ... }:
+{
+  services.staticWebsites.sites.test = {
+    hostname = "test.${config.my.subZone}";
+    root = pkgs.writeTextDir "index.html" "Hello world!";
+  };
+}

hosts/hackens-org/test-webhook.nix

@@ -0,0 +1,17 @@
+{ config, pkgs, ... }:
+{
+  services.webhooks = {
+    enable = true;
+    hostname = "test-webhook.${config.my.subZone}";
+    hooks = [
+      {
+        id = "testhook";
+        execute-command = pkgs.writeScript "echo.sh" ''
+          #!/bin/sh
+          echo "Bonjour"
+          '';
+        response-message = "Test hook sucess";
+      }
+    ];
+  };
+}

hosts/hackens-org/wiki.nix

@@ -1,8 +1,8 @@
-{ pkgs, ... }:
+{ pkgs, config, ... }:
 {
   networking.firewall.allowedTCPPorts = [ 80 443 ];
   # TODO: move to hackens.org
-  services.dokuwiki.sites."hackens.ens.fr" = {
+  services.dokuwiki.sites."${config.my.subZone}" = {
     enable = true;
 
     extraConfig = ''