diff --git a/machines/web01/_configuration.nix b/machines/web01/_configuration.nix index 82840a6..199edf7 100644 --- a/machines/web01/_configuration.nix +++ b/machines/web01/_configuration.nix @@ -16,6 +16,7 @@ lib.extra.mkConfig { "ntfy-sh" "plausible" "redirections" + "static" "wordpress" ]; diff --git a/machines/web01/static/default.nix b/machines/web01/static/default.nix new file mode 100644 index 0000000..f60d713 --- /dev/null +++ b/machines/web01/static/default.nix @@ -0,0 +1,13 @@ +_: + +let + websites = import ./npins; + + mkVhost = name: + { outPath, ... }: { + # enableACME = true; + # forceSSL = true; + root = "${outPath}/www"; + }; + +in { services.nginx.virtualHosts = builtins.mapAttrs mkVhost websites; } diff --git a/machines/web01/static/npins/default.nix b/machines/web01/static/npins/default.nix new file mode 100644 index 0000000..4a7c372 --- /dev/null +++ b/machines/web01/static/npins/default.nix @@ -0,0 +1,47 @@ +# Generated by npins. Do not modify; will be overwritten regularly +let + data = builtins.fromJSON (builtins.readFile ./sources.json); + version = data.version; + + mkSource = spec: + assert spec ? type; let + path = + if spec.type == "Git" then mkGitSource spec + else if spec.type == "GitRelease" then mkGitSource spec + else if spec.type == "PyPi" then mkPyPiSource spec + else if spec.type == "Channel" then mkChannelSource spec + else builtins.throw "Unknown source type ${spec.type}"; + in + spec // { outPath = path; }; + + mkGitSource = { repository, revision, url ? null, hash, ... }: + assert repository ? type; + # At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository + # In the latter case, there we will always be an url to the tarball + if url != null then + (builtins.fetchTarball { + inherit url; + sha256 = hash; # FIXME: check nix version & use SRI hashes + }) + else assert repository.type == "Git"; builtins.fetchGit { + url = repository.url; + rev = revision; + # hash = hash; + }; + + mkPyPiSource = { url, hash, ... }: + builtins.fetchurl { + inherit url; + sha256 = hash; + }; + + mkChannelSource = { url, hash, ... }: + builtins.fetchTarball { + inherit url; + sha256 = hash; + }; +in +if version == 3 then + builtins.mapAttrs (_: mkSource) data.pins +else + throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`" diff --git a/machines/web01/static/npins/sources.json b/machines/web01/static/npins/sources.json new file mode 100644 index 0000000..ad728ab --- /dev/null +++ b/machines/web01/static/npins/sources.json @@ -0,0 +1,49 @@ +{ + "pins": { + "48h.arts.ens.fr": { + "type": "Git", + "repository": { + "type": "Git", + "url": "https://git.dgnum.eu/DGNum/48h.arts.ens.fr.git" + }, + "branch": "main", + "revision": "7605283c144509606a952e003a1164618129eb4c", + "url": null, + "hash": "0x1iyq52awazxyhsx07qv5slgwym0k3gkhbnfflqcn2jmwkir0yr" + }, + "interq.ens.fr": { + "type": "Git", + "repository": { + "type": "Git", + "url": "https://git.dgnum.eu/DGNum/interq.ens.fr.git" + }, + "branch": "main", + "revision": "8d3713de58cd45bf2ff078c8437321ec73925c7a", + "url": null, + "hash": "18kwwkp1w4yhg0kbjranj3fvfmr57awb3gnqmaxlnjk7c8l70ycg" + }, + "lanuit.ens.fr": { + "type": "Git", + "repository": { + "type": "Git", + "url": "https://git.dgnum.eu/DGNum/lanuit.ens.fr.git" + }, + "branch": "main", + "revision": "f4dc07090fbd74970929b2cf411c74b090618c8f", + "url": null, + "hash": "0hpym1r8d8hgp4g7p6lk26fgcv9ia6993z91as1gfjs9ff3wgk0a" + }, + "qda.ens.fr": { + "type": "Git", + "repository": { + "type": "Git", + "url": "https://git.dgnum.eu/DGNum/qda.ens.fr.git" + }, + "branch": "main", + "revision": "8b17a3c3a61041d9672077376b78d22519282096", + "url": null, + "hash": "10wr13yrq9p2pzg0pvv5vh3y2v6gb66iyc5civ3i90v7y2k1l9sx" + } + }, + "version": 3 +} \ No newline at end of file