Merge pull request #2 from tazjin/refactor/nixos-nginx-cleanup
Remove old NixOS config and move oslo.pub
This commit is contained in:
commit
2f239426aa
14 changed files with 110 additions and 3793 deletions
|
@ -6,10 +6,18 @@ kind: Ingress
|
|||
metadata:
|
||||
name: https-ingress
|
||||
annotations:
|
||||
networking.gke.io/managed-certificates: tazj-in, www-tazj-in
|
||||
networking.gke.io/managed-certificates: tazj-in, www-tazj-in, oslo-pub
|
||||
spec:
|
||||
# Default traffic is routed to the blog, in case people go to
|
||||
# peculiar hostnames.
|
||||
backend:
|
||||
serviceName: tazblog
|
||||
servicePort: 8000
|
||||
rules:
|
||||
# Route oslo.pub to the nginx instance which serves redirects
|
||||
- host: oslo.pub
|
||||
http:
|
||||
paths:
|
||||
- backend:
|
||||
serviceName: nginx
|
||||
servicePort: 80
|
||||
|
|
36
infra/kubernetes/nginx/nginx.conf
Normal file
36
infra/kubernetes/nginx/nginx.conf
Normal file
|
@ -0,0 +1,36 @@
|
|||
daemon off;
|
||||
worker_processes 1;
|
||||
error_log stderr;
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
log_format json_combined escape=json
|
||||
'{'
|
||||
'"time_local":"$time_local",'
|
||||
'"remote_addr":"$remote_addr",'
|
||||
'"remote_user":"$remote_user",'
|
||||
'"request":"$request",'
|
||||
'"status": "$status",'
|
||||
'"body_bytes_sent":"$body_bytes_sent",'
|
||||
'"request_time":"$request_time",'
|
||||
'"http_referrer":"$http_referer",'
|
||||
'"http_user_agent":"$http_user_agent"'
|
||||
'}';
|
||||
|
||||
access_log /dev/stdout json_combined;
|
||||
|
||||
sendfile on;
|
||||
keepalive_timeout 65;
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name oslo.pub;
|
||||
|
||||
location / {
|
||||
return 302 https://www.google.com/maps/d/viewer?mid=1pJIYY9cuEdt9DuMTbb4etBVq7hs;
|
||||
}
|
||||
}
|
||||
}
|
55
infra/kubernetes/nginx/nginx.yaml
Normal file
55
infra/kubernetes/nginx/nginx.yaml
Normal file
|
@ -0,0 +1,55 @@
|
|||
# Deploy an nginx instance which serves ... redirects.
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: nginx-conf
|
||||
data:
|
||||
nginx.conf: {{ insertFile "nginx.conf" | toJson }}
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: nginx
|
||||
labels:
|
||||
app: nginx
|
||||
spec:
|
||||
replicas: 2
|
||||
selector:
|
||||
matchLabels:
|
||||
app: nginx
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: nginx
|
||||
config: {{ insertFile "nginx.conf" | sha1sum }}
|
||||
spec:
|
||||
containers:
|
||||
- name: tazblog
|
||||
image: nixery.local/shell/nginx
|
||||
command: ["/bin/bash", "-c"]
|
||||
args:
|
||||
- |
|
||||
echo 'nogroup:x:30000:nobody' >> /etc/group
|
||||
echo 'nobody:x:30000:30000:nobody:/tmp:/bin/bash' >> /etc/passwd
|
||||
exec nginx -c /etc/nginx/nginx.conf
|
||||
volumeMounts:
|
||||
- name: nginx-conf
|
||||
mountPath: /etc/nginx
|
||||
volumes:
|
||||
- name: nginx-conf
|
||||
configMap:
|
||||
name: nginx-conf
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: nginx
|
||||
spec:
|
||||
type: NodePort
|
||||
selector:
|
||||
app: nginx
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 80
|
||||
targetPort: 80
|
|
@ -12,6 +12,10 @@ include:
|
|||
path: https-cert
|
||||
values:
|
||||
domain: www.tazj.in
|
||||
- name: oslo-pub-cert
|
||||
path: https-cert
|
||||
values:
|
||||
domain: oslo.pub
|
||||
|
||||
# Services
|
||||
- name: nixery
|
||||
|
@ -20,6 +24,7 @@ include:
|
|||
version: 2e688c1
|
||||
bucket: tazjins-data
|
||||
account: nixery@tazjins-infrastructure.iam.gserviceaccount.com
|
||||
repo: ssh://source.developers.google.com:2022/p/tazjins-infrastructure/r/monorepo
|
||||
repo: git@github.com:tazjin/depot.git
|
||||
- name: tazblog
|
||||
- name: https-lb
|
||||
- name: nginx
|
||||
|
|
|
@ -1,53 +0,0 @@
|
|||
# This file contains basic configuration for all *.tazj.in Nix machines.
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.version = 2;
|
||||
boot.loader.grub.device = "/dev/sda";
|
||||
|
||||
boot.initrd.availableKernelModules = [
|
||||
"ata_piix"
|
||||
"mptspi"
|
||||
"sd_mod"
|
||||
"sr_mod"
|
||||
];
|
||||
|
||||
# Configure root disk
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-label/nixos";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
services.vmwareGuest.enable = true;
|
||||
services.vmwareGuest.headless = true;
|
||||
|
||||
time.timeZone = "Europe/Oslo";
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
curl emacs htop
|
||||
];
|
||||
|
||||
services.openssh.enable = true;
|
||||
|
||||
networking.firewall.enable = true;
|
||||
networking.firewall.allowedTCPPorts = [ 22 80 443 ];
|
||||
|
||||
users.extraUsers.vincent = {
|
||||
isNormalUser = true;
|
||||
uid = 1000;
|
||||
extraGroups = [ "wheel" ];
|
||||
};
|
||||
|
||||
security.sudo = {
|
||||
enable = true;
|
||||
extraConfig = "%wheel ALL=(ALL) NOPASSWD: ALL";
|
||||
};
|
||||
|
||||
# This value determines the NixOS release with which your system is to be
|
||||
# compatible, in order to avoid breaking some software such as database
|
||||
# servers. You should change this only after NixOS release notes say you
|
||||
# should.
|
||||
system.stateVersion = "17.09"; # Did you read the comment?
|
||||
}
|
|
@ -1,18 +0,0 @@
|
|||
{
|
||||
sto-tazserve-1 = { pkgs, config, ... }: {
|
||||
deployment.targetHost = "46.21.106.241";
|
||||
|
||||
# Configure network
|
||||
networking.hostName = "sto-tazserve-1";
|
||||
networking.interfaces.ens32.ip4 = [
|
||||
{ address = "46.21.106.241"; prefixLength = 23; }
|
||||
];
|
||||
networking.defaultGateway = "46.21.106.1";
|
||||
networking.nameservers = [ "195.20.206.80" "195.20.206.81" ];
|
||||
|
||||
imports = [
|
||||
./configuration.nix
|
||||
./tazserve.nix
|
||||
];
|
||||
};
|
||||
}
|
|
@ -1,54 +0,0 @@
|
|||
{ pkgs ? import <nixpkgs> {} }:
|
||||
|
||||
with pkgs; stdenv.mkDerivation rec {
|
||||
name = "gemma";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "tazjin";
|
||||
repo = "gemma";
|
||||
rev = "61be253d6baa99f0a2208425b8a03b444bb1b184";
|
||||
sha256 = "0vbmz2aphcida728rc0z3k7gychs4w1778vsjbrs0ljk9qgbmyr5";
|
||||
};
|
||||
|
||||
buildInputs = with lispPackages; [
|
||||
sbcl
|
||||
quicklisp
|
||||
hunchentoot
|
||||
cl-json
|
||||
local-time
|
||||
elmPackages.elm
|
||||
pkgconfig
|
||||
];
|
||||
|
||||
# The build phase has three distinct things it needs to do:
|
||||
#
|
||||
# 1. "Compile" the Elm source into something useful to browsers.
|
||||
#
|
||||
# 2. Configure the Lisp part of the application to serve the compiled Elm
|
||||
#
|
||||
# 3. Build (and don't strip!) an executable out of the Lisp backend.
|
||||
buildPhase = ''
|
||||
mkdir -p $out/share/gemma $out/bin
|
||||
mkdir .home && export HOME="$PWD/.home"
|
||||
|
||||
# Build Elm
|
||||
cd frontend
|
||||
elm-make --yes Main.elm --output $out/share/gemma/index.html
|
||||
|
||||
# Build Lisp
|
||||
cd $src
|
||||
quicklisp init
|
||||
env GEMMA_BIN_TARGET=$out/bin/gemma sbcl --load build.lisp
|
||||
'';
|
||||
|
||||
installPhase = "true";
|
||||
|
||||
# Stripping an SBCL executable removes the application, which is unfortunate.
|
||||
dontStrip = true;
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "Tool for tracking recurring tasks";
|
||||
homepage = "https://github.com/tazjin/gemma";
|
||||
license = licenses.gpl3;
|
||||
};
|
||||
}
|
|
@ -1,44 +0,0 @@
|
|||
# Generated by stackage2nix 0.4.0 from "/nix/store/848g1i6w075hdan5w0i4zjc2vgrhig7f-stackage-all/lts-9.20.yaml"
|
||||
{ pkgs, haskellLib }:
|
||||
|
||||
with haskellLib; self: super: {
|
||||
|
||||
# core packages
|
||||
"array" = null;
|
||||
"base" = null;
|
||||
"binary" = null;
|
||||
"bytestring" = null;
|
||||
"containers" = null;
|
||||
"deepseq" = null;
|
||||
"directory" = null;
|
||||
"filepath" = null;
|
||||
"ghc-boot" = null;
|
||||
"ghc-boot-th" = null;
|
||||
"ghc-prim" = null;
|
||||
"ghci" = null;
|
||||
"hoopl" = null;
|
||||
"hpc" = null;
|
||||
"integer-gmp" = null;
|
||||
"pretty" = null;
|
||||
"process" = null;
|
||||
"rts" = null;
|
||||
"template-haskell" = null;
|
||||
"time" = null;
|
||||
"transformers" = null;
|
||||
"unix" = null;
|
||||
# break cycle: HUnit call-stack nanospec hspec QuickCheck test-framework xml text quickcheck-unicode test-framework-hunit test-framework-quickcheck2 hspec-core async hspec-expectations hspec-meta quickcheck-io silently temporary base-compat exceptions tasty clock tasty-quickcheck tasty-hunit optparse-applicative regex-tdfa parsec hspec-discover stringbuilder
|
||||
"stringbuilder" = dontCheck super.stringbuilder;
|
||||
"hspec-discover" = dontCheck super.hspec-discover;
|
||||
"optparse-applicative" = dontCheck super.optparse-applicative;
|
||||
"clock" = dontCheck super.clock;
|
||||
"exceptions" = dontCheck super.exceptions;
|
||||
"base-compat" = dontCheck super.base-compat;
|
||||
"temporary" = dontCheck super.temporary;
|
||||
"silently" = dontCheck super.silently;
|
||||
"async" = dontCheck super.async;
|
||||
"text" = dontCheck super.text;
|
||||
"nanospec" = dontCheck super.nanospec;
|
||||
# break cycle: statistics monad-par mwc-random vector-algorithms
|
||||
"mwc-random" = dontCheck super.mwc-random;
|
||||
|
||||
}
|
|
@ -1,125 +0,0 @@
|
|||
# Generated by stackage2nix 0.4.0 from "./stack.yaml"
|
||||
{ blogSource ? ./.
|
||||
, nixpkgs ? import <nixpkgs> {} }:
|
||||
|
||||
with nixpkgs;
|
||||
let
|
||||
inherit (stdenv.lib) extends;
|
||||
haskellLib = callPackage (nixpkgs.path + "/pkgs/development/haskell-modules/lib.nix") {};
|
||||
stackagePackages = import ./packages.nix;
|
||||
stackageConfig = import ./configuration-packages.nix { inherit pkgs haskellLib; };
|
||||
stackPackages =
|
||||
{ pkgs, stdenv, callPackage }:
|
||||
|
||||
self: {
|
||||
"acid-state" = callPackage
|
||||
({ mkDerivation, array, base, bytestring, cereal, containers
|
||||
, criterion, directory, extensible-exceptions, filepath, mtl
|
||||
, network, random, safecopy, stm, system-fileio, system-filepath
|
||||
, template-haskell, unix
|
||||
}:
|
||||
mkDerivation {
|
||||
pname = "acid-state";
|
||||
version = "0.14.3";
|
||||
sha256 = "1d8hq8cj6h4crfnkmds6mhrhhg7r1b1byb8fybaj8khfa99sj0nm";
|
||||
libraryHaskellDepends = [
|
||||
array base bytestring cereal containers directory
|
||||
extensible-exceptions filepath mtl network safecopy stm
|
||||
template-haskell unix
|
||||
];
|
||||
benchmarkHaskellDepends = [
|
||||
base criterion directory mtl random system-fileio system-filepath
|
||||
];
|
||||
doHaddock = false;
|
||||
doCheck = false;
|
||||
homepage = "https://github.com/acid-state/acid-state";
|
||||
description = "Add ACID guarantees to any serializable Haskell data structure";
|
||||
license = stdenv.lib.licenses.publicDomain;
|
||||
}) {};
|
||||
"ixset" = callPackage
|
||||
({ mkDerivation, base, containers, safecopy, syb, syb-with-class
|
||||
, template-haskell
|
||||
}:
|
||||
mkDerivation {
|
||||
pname = "ixset";
|
||||
version = "1.0.7";
|
||||
sha256 = "1la2gdlblgwpymlawcc9zqr7c5w942di12yshm35wg0x3dc5l3ig";
|
||||
libraryHaskellDepends = [
|
||||
base containers safecopy syb syb-with-class template-haskell
|
||||
];
|
||||
doHaddock = false;
|
||||
doCheck = false;
|
||||
homepage = "http://happstack.com";
|
||||
description = "Efficient relational queries on Haskell sets";
|
||||
license = stdenv.lib.licenses.bsd3;
|
||||
}) {};
|
||||
"rss" = callPackage
|
||||
({ mkDerivation, base, HaXml, network, network-uri, old-locale
|
||||
, time
|
||||
}:
|
||||
mkDerivation {
|
||||
pname = "rss";
|
||||
version = "3000.2.0.6";
|
||||
sha256 = "03crzmi9903w6xsdc00wd9jhsr41b8pglz9n502h68w3jkm6zr4d";
|
||||
libraryHaskellDepends = [
|
||||
base HaXml network network-uri old-locale time
|
||||
];
|
||||
doHaddock = false;
|
||||
doCheck = false;
|
||||
homepage = "https://github.com/basvandijk/rss";
|
||||
description = "A library for generating RSS 2.0 feeds.";
|
||||
license = stdenv.lib.licenses.publicDomain;
|
||||
}) {};
|
||||
"syb-with-class" = callPackage
|
||||
({ mkDerivation, array, base, bytestring, containers
|
||||
, template-haskell
|
||||
}:
|
||||
mkDerivation {
|
||||
pname = "syb-with-class";
|
||||
version = "0.6.1.8";
|
||||
sha256 = "01b187jhhfp77l4zgks5gszkn9jmgjc44mw9yympw1fsfskljiz3";
|
||||
libraryHaskellDepends = [
|
||||
array base bytestring containers template-haskell
|
||||
];
|
||||
doHaddock = false;
|
||||
doCheck = false;
|
||||
description = "Scrap Your Boilerplate With Class";
|
||||
license = stdenv.lib.licenses.bsd3;
|
||||
}) {};
|
||||
"tazblog" = callPackage
|
||||
({ mkDerivation, acid-state, base, base64-bytestring, blaze-html
|
||||
, blaze-markup, bytestring, crypto-api, cryptohash, hamlet
|
||||
, happstack-server, ixset, markdown, mtl, network, network-uri
|
||||
, old-locale, options, rss, safecopy, shakespeare, text, time
|
||||
, transformers
|
||||
}:
|
||||
mkDerivation {
|
||||
pname = "tazblog";
|
||||
version = "5.1.3";
|
||||
src = blogSource;
|
||||
isLibrary = true;
|
||||
isExecutable = true;
|
||||
libraryHaskellDepends = [
|
||||
acid-state base base64-bytestring blaze-html blaze-markup
|
||||
bytestring crypto-api cryptohash hamlet happstack-server ixset
|
||||
markdown mtl network network-uri old-locale rss safecopy
|
||||
shakespeare text time transformers
|
||||
];
|
||||
executableHaskellDepends = [ acid-state base network options ];
|
||||
description = "Tazjin's Blog";
|
||||
license = stdenv.lib.licenses.mit;
|
||||
}) {};
|
||||
};
|
||||
|
||||
pkgOverrides = self: stackPackages {
|
||||
inherit pkgs stdenv;
|
||||
inherit (self) callPackage;
|
||||
};
|
||||
|
||||
in callPackage (nixpkgs.path + "/pkgs/development/haskell-modules") {
|
||||
ghc = pkgs.haskell.compiler.ghc802;
|
||||
compilerConfig = self: extends pkgOverrides (stackageConfig self);
|
||||
initialPackages = stackagePackages;
|
||||
configurationCommon = args: self: super: {};
|
||||
inherit haskellLib;
|
||||
}
|
File diff suppressed because it is too large
Load diff
|
@ -1,106 +0,0 @@
|
|||
{ pkgs, config, ... }:
|
||||
|
||||
with pkgs; let blogSource = fetchgit {
|
||||
url = "https://git.tazj.in/tazjin/tazblog.git";
|
||||
sha256 = "0m745vb8k6slzdsld63rbfg583k70q3g6i5lz576sccalkg0r2l2";
|
||||
rev = "aeeb11f1b76729115c4db98f419cbcda1a0f7660";
|
||||
};
|
||||
tazblog = import ./tazblog { inherit blogSource; };
|
||||
blog = tazblog.tazblog;
|
||||
blogConfig = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:8000";
|
||||
};
|
||||
};
|
||||
gemma = import ./pkgs/gemma.nix { inherit pkgs; };
|
||||
gemmaConfig = writeTextFile {
|
||||
name = "config.lisp";
|
||||
text = builtins.readFile ./gemma-config.lisp;
|
||||
};
|
||||
in {
|
||||
# Ensure that blog software is installed
|
||||
environment.systemPackages = [
|
||||
blog
|
||||
blogSource
|
||||
];
|
||||
|
||||
# Set up database unit
|
||||
systemd.services.tazblog-db = {
|
||||
description = "Database engine for Tazblog";
|
||||
script = "${blog}/bin/tazblog-db";
|
||||
serviceConfig.restart = "always";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
|
||||
# Set up blog unit
|
||||
systemd.services.tazblog = {
|
||||
description = "Tazjin's blog engine";
|
||||
script = "${blog}/bin/tazblog --resourceDir ${blogSource}/static";
|
||||
serviceConfig.restart = "always";
|
||||
requires = [ "tazblog-db.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
|
||||
# Set up Gogs
|
||||
services.gogs = {
|
||||
enable = true;
|
||||
appName = "Gogs: tazjin's private code";
|
||||
cookieSecure = true;
|
||||
domain = "git.tazj.in";
|
||||
rootUrl = "https://git.tazj.in/";
|
||||
extraConfig = ''
|
||||
[log]
|
||||
ROOT_PATH = /var/lib/gogs/log
|
||||
'';
|
||||
};
|
||||
|
||||
# Set up Gemma
|
||||
systemd.services.gemma = {
|
||||
description = "Recurring task tracking app";
|
||||
script = "${gemma}/bin/gemma";
|
||||
serviceConfig.Restart = "always";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
environment = {
|
||||
GEMMA_CONFIG = "${gemmaConfig}";
|
||||
};
|
||||
};
|
||||
|
||||
# Set up reverse proxy
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
recommendedTlsSettings = true;
|
||||
recommendedProxySettings = true;
|
||||
|
||||
# Blog!
|
||||
virtualHosts."tazj.in" = blogConfig;
|
||||
virtualHosts."www.tazj.in" = blogConfig;
|
||||
|
||||
# Git!
|
||||
virtualHosts."git.tazj.in" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:3000";
|
||||
};
|
||||
};
|
||||
|
||||
# oslo.pub redirect
|
||||
virtualHosts."oslo.pub" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
extraConfig = "return 302 https://www.google.com/maps/d/viewer?mid=1pJIYY9cuEdt9DuMTbb4etBVq7hs;";
|
||||
};
|
||||
|
||||
# Gemma demo instance!
|
||||
virtualHosts."gemma.tazj.in" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:4242";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -22,6 +22,9 @@ case "${TARGET_TOOL}" in
|
|||
blog_cli)
|
||||
attr="tazjin.blog_cli"
|
||||
;;
|
||||
stern)
|
||||
attr="stern"
|
||||
;;
|
||||
*)
|
||||
echo "The tool '${TARGET_TOOL}' is currently not installed in this repository."
|
||||
exit 1
|
||||
|
|
1
tools/bin/stern
Symbolic link
1
tools/bin/stern
Symbolic link
|
@ -0,0 +1 @@
|
|||
__dispatch.sh
|
Loading…
Reference in a new issue