Merge pull request #2 from tazjin/refactor/nixos-nginx-cleanup

Remove old NixOS config and move oslo.pub
This commit is contained in:
Vincent Ambo 2019-09-02 19:04:28 +01:00 committed by GitHub
commit 2f239426aa
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
14 changed files with 110 additions and 3793 deletions

View file

@ -6,10 +6,18 @@ kind: Ingress
metadata:
name: https-ingress
annotations:
networking.gke.io/managed-certificates: tazj-in, www-tazj-in
networking.gke.io/managed-certificates: tazj-in, www-tazj-in, oslo-pub
spec:
# Default traffic is routed to the blog, in case people go to
# peculiar hostnames.
backend:
serviceName: tazblog
servicePort: 8000
rules:
# Route oslo.pub to the nginx instance which serves redirects
- host: oslo.pub
http:
paths:
- backend:
serviceName: nginx
servicePort: 80

View file

@ -0,0 +1,36 @@
daemon off;
worker_processes 1;
error_log stderr;
events {
worker_connections 1024;
}
http {
log_format json_combined escape=json
'{'
'"time_local":"$time_local",'
'"remote_addr":"$remote_addr",'
'"remote_user":"$remote_user",'
'"request":"$request",'
'"status": "$status",'
'"body_bytes_sent":"$body_bytes_sent",'
'"request_time":"$request_time",'
'"http_referrer":"$http_referer",'
'"http_user_agent":"$http_user_agent"'
'}';
access_log /dev/stdout json_combined;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name oslo.pub;
location / {
return 302 https://www.google.com/maps/d/viewer?mid=1pJIYY9cuEdt9DuMTbb4etBVq7hs;
}
}
}

View file

@ -0,0 +1,55 @@
# Deploy an nginx instance which serves ... redirects.
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-conf
data:
nginx.conf: {{ insertFile "nginx.conf" | toJson }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
labels:
app: nginx
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
config: {{ insertFile "nginx.conf" | sha1sum }}
spec:
containers:
- name: tazblog
image: nixery.local/shell/nginx
command: ["/bin/bash", "-c"]
args:
- |
echo 'nogroup:x:30000:nobody' >> /etc/group
echo 'nobody:x:30000:30000:nobody:/tmp:/bin/bash' >> /etc/passwd
exec nginx -c /etc/nginx/nginx.conf
volumeMounts:
- name: nginx-conf
mountPath: /etc/nginx
volumes:
- name: nginx-conf
configMap:
name: nginx-conf
---
apiVersion: v1
kind: Service
metadata:
name: nginx
spec:
type: NodePort
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80

View file

@ -12,6 +12,10 @@ include:
path: https-cert
values:
domain: www.tazj.in
- name: oslo-pub-cert
path: https-cert
values:
domain: oslo.pub
# Services
- name: nixery
@ -20,6 +24,7 @@ include:
version: 2e688c1
bucket: tazjins-data
account: nixery@tazjins-infrastructure.iam.gserviceaccount.com
repo: ssh://source.developers.google.com:2022/p/tazjins-infrastructure/r/monorepo
repo: git@github.com:tazjin/depot.git
- name: tazblog
- name: https-lb
- name: nginx

View file

@ -1,53 +0,0 @@
# This file contains basic configuration for all *.tazj.in Nix machines.
{ config, pkgs, ... }:
{
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
boot.initrd.availableKernelModules = [
"ata_piix"
"mptspi"
"sd_mod"
"sr_mod"
];
# Configure root disk
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
services.vmwareGuest.enable = true;
services.vmwareGuest.headless = true;
time.timeZone = "Europe/Oslo";
environment.systemPackages = with pkgs; [
curl emacs htop
];
services.openssh.enable = true;
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 22 80 443 ];
users.extraUsers.vincent = {
isNormalUser = true;
uid = 1000;
extraGroups = [ "wheel" ];
};
security.sudo = {
enable = true;
extraConfig = "%wheel ALL=(ALL) NOPASSWD: ALL";
};
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "17.09"; # Did you read the comment?
}

View file

@ -1,18 +0,0 @@
{
sto-tazserve-1 = { pkgs, config, ... }: {
deployment.targetHost = "46.21.106.241";
# Configure network
networking.hostName = "sto-tazserve-1";
networking.interfaces.ens32.ip4 = [
{ address = "46.21.106.241"; prefixLength = 23; }
];
networking.defaultGateway = "46.21.106.1";
networking.nameservers = [ "195.20.206.80" "195.20.206.81" ];
imports = [
./configuration.nix
./tazserve.nix
];
};
}

View file

@ -1,54 +0,0 @@
{ pkgs ? import <nixpkgs> {} }:
with pkgs; stdenv.mkDerivation rec {
name = "gemma";
src = fetchFromGitHub {
owner = "tazjin";
repo = "gemma";
rev = "61be253d6baa99f0a2208425b8a03b444bb1b184";
sha256 = "0vbmz2aphcida728rc0z3k7gychs4w1778vsjbrs0ljk9qgbmyr5";
};
buildInputs = with lispPackages; [
sbcl
quicklisp
hunchentoot
cl-json
local-time
elmPackages.elm
pkgconfig
];
# The build phase has three distinct things it needs to do:
#
# 1. "Compile" the Elm source into something useful to browsers.
#
# 2. Configure the Lisp part of the application to serve the compiled Elm
#
# 3. Build (and don't strip!) an executable out of the Lisp backend.
buildPhase = ''
mkdir -p $out/share/gemma $out/bin
mkdir .home && export HOME="$PWD/.home"
# Build Elm
cd frontend
elm-make --yes Main.elm --output $out/share/gemma/index.html
# Build Lisp
cd $src
quicklisp init
env GEMMA_BIN_TARGET=$out/bin/gemma sbcl --load build.lisp
'';
installPhase = "true";
# Stripping an SBCL executable removes the application, which is unfortunate.
dontStrip = true;
meta = with stdenv.lib; {
description = "Tool for tracking recurring tasks";
homepage = "https://github.com/tazjin/gemma";
license = licenses.gpl3;
};
}

View file

@ -1,44 +0,0 @@
# Generated by stackage2nix 0.4.0 from "/nix/store/848g1i6w075hdan5w0i4zjc2vgrhig7f-stackage-all/lts-9.20.yaml"
{ pkgs, haskellLib }:
with haskellLib; self: super: {
# core packages
"array" = null;
"base" = null;
"binary" = null;
"bytestring" = null;
"containers" = null;
"deepseq" = null;
"directory" = null;
"filepath" = null;
"ghc-boot" = null;
"ghc-boot-th" = null;
"ghc-prim" = null;
"ghci" = null;
"hoopl" = null;
"hpc" = null;
"integer-gmp" = null;
"pretty" = null;
"process" = null;
"rts" = null;
"template-haskell" = null;
"time" = null;
"transformers" = null;
"unix" = null;
# break cycle: HUnit call-stack nanospec hspec QuickCheck test-framework xml text quickcheck-unicode test-framework-hunit test-framework-quickcheck2 hspec-core async hspec-expectations hspec-meta quickcheck-io silently temporary base-compat exceptions tasty clock tasty-quickcheck tasty-hunit optparse-applicative regex-tdfa parsec hspec-discover stringbuilder
"stringbuilder" = dontCheck super.stringbuilder;
"hspec-discover" = dontCheck super.hspec-discover;
"optparse-applicative" = dontCheck super.optparse-applicative;
"clock" = dontCheck super.clock;
"exceptions" = dontCheck super.exceptions;
"base-compat" = dontCheck super.base-compat;
"temporary" = dontCheck super.temporary;
"silently" = dontCheck super.silently;
"async" = dontCheck super.async;
"text" = dontCheck super.text;
"nanospec" = dontCheck super.nanospec;
# break cycle: statistics monad-par mwc-random vector-algorithms
"mwc-random" = dontCheck super.mwc-random;
}

View file

@ -1,125 +0,0 @@
# Generated by stackage2nix 0.4.0 from "./stack.yaml"
{ blogSource ? ./.
, nixpkgs ? import <nixpkgs> {} }:
with nixpkgs;
let
inherit (stdenv.lib) extends;
haskellLib = callPackage (nixpkgs.path + "/pkgs/development/haskell-modules/lib.nix") {};
stackagePackages = import ./packages.nix;
stackageConfig = import ./configuration-packages.nix { inherit pkgs haskellLib; };
stackPackages =
{ pkgs, stdenv, callPackage }:
self: {
"acid-state" = callPackage
({ mkDerivation, array, base, bytestring, cereal, containers
, criterion, directory, extensible-exceptions, filepath, mtl
, network, random, safecopy, stm, system-fileio, system-filepath
, template-haskell, unix
}:
mkDerivation {
pname = "acid-state";
version = "0.14.3";
sha256 = "1d8hq8cj6h4crfnkmds6mhrhhg7r1b1byb8fybaj8khfa99sj0nm";
libraryHaskellDepends = [
array base bytestring cereal containers directory
extensible-exceptions filepath mtl network safecopy stm
template-haskell unix
];
benchmarkHaskellDepends = [
base criterion directory mtl random system-fileio system-filepath
];
doHaddock = false;
doCheck = false;
homepage = "https://github.com/acid-state/acid-state";
description = "Add ACID guarantees to any serializable Haskell data structure";
license = stdenv.lib.licenses.publicDomain;
}) {};
"ixset" = callPackage
({ mkDerivation, base, containers, safecopy, syb, syb-with-class
, template-haskell
}:
mkDerivation {
pname = "ixset";
version = "1.0.7";
sha256 = "1la2gdlblgwpymlawcc9zqr7c5w942di12yshm35wg0x3dc5l3ig";
libraryHaskellDepends = [
base containers safecopy syb syb-with-class template-haskell
];
doHaddock = false;
doCheck = false;
homepage = "http://happstack.com";
description = "Efficient relational queries on Haskell sets";
license = stdenv.lib.licenses.bsd3;
}) {};
"rss" = callPackage
({ mkDerivation, base, HaXml, network, network-uri, old-locale
, time
}:
mkDerivation {
pname = "rss";
version = "3000.2.0.6";
sha256 = "03crzmi9903w6xsdc00wd9jhsr41b8pglz9n502h68w3jkm6zr4d";
libraryHaskellDepends = [
base HaXml network network-uri old-locale time
];
doHaddock = false;
doCheck = false;
homepage = "https://github.com/basvandijk/rss";
description = "A library for generating RSS 2.0 feeds.";
license = stdenv.lib.licenses.publicDomain;
}) {};
"syb-with-class" = callPackage
({ mkDerivation, array, base, bytestring, containers
, template-haskell
}:
mkDerivation {
pname = "syb-with-class";
version = "0.6.1.8";
sha256 = "01b187jhhfp77l4zgks5gszkn9jmgjc44mw9yympw1fsfskljiz3";
libraryHaskellDepends = [
array base bytestring containers template-haskell
];
doHaddock = false;
doCheck = false;
description = "Scrap Your Boilerplate With Class";
license = stdenv.lib.licenses.bsd3;
}) {};
"tazblog" = callPackage
({ mkDerivation, acid-state, base, base64-bytestring, blaze-html
, blaze-markup, bytestring, crypto-api, cryptohash, hamlet
, happstack-server, ixset, markdown, mtl, network, network-uri
, old-locale, options, rss, safecopy, shakespeare, text, time
, transformers
}:
mkDerivation {
pname = "tazblog";
version = "5.1.3";
src = blogSource;
isLibrary = true;
isExecutable = true;
libraryHaskellDepends = [
acid-state base base64-bytestring blaze-html blaze-markup
bytestring crypto-api cryptohash hamlet happstack-server ixset
markdown mtl network network-uri old-locale rss safecopy
shakespeare text time transformers
];
executableHaskellDepends = [ acid-state base network options ];
description = "Tazjin's Blog";
license = stdenv.lib.licenses.mit;
}) {};
};
pkgOverrides = self: stackPackages {
inherit pkgs stdenv;
inherit (self) callPackage;
};
in callPackage (nixpkgs.path + "/pkgs/development/haskell-modules") {
ghc = pkgs.haskell.compiler.ghc802;
compilerConfig = self: extends pkgOverrides (stackageConfig self);
initialPackages = stackagePackages;
configurationCommon = args: self: super: {};
inherit haskellLib;
}

File diff suppressed because it is too large Load diff

View file

@ -1,106 +0,0 @@
{ pkgs, config, ... }:
with pkgs; let blogSource = fetchgit {
url = "https://git.tazj.in/tazjin/tazblog.git";
sha256 = "0m745vb8k6slzdsld63rbfg583k70q3g6i5lz576sccalkg0r2l2";
rev = "aeeb11f1b76729115c4db98f419cbcda1a0f7660";
};
tazblog = import ./tazblog { inherit blogSource; };
blog = tazblog.tazblog;
blogConfig = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8000";
};
};
gemma = import ./pkgs/gemma.nix { inherit pkgs; };
gemmaConfig = writeTextFile {
name = "config.lisp";
text = builtins.readFile ./gemma-config.lisp;
};
in {
# Ensure that blog software is installed
environment.systemPackages = [
blog
blogSource
];
# Set up database unit
systemd.services.tazblog-db = {
description = "Database engine for Tazblog";
script = "${blog}/bin/tazblog-db";
serviceConfig.restart = "always";
wantedBy = [ "multi-user.target" ];
};
# Set up blog unit
systemd.services.tazblog = {
description = "Tazjin's blog engine";
script = "${blog}/bin/tazblog --resourceDir ${blogSource}/static";
serviceConfig.restart = "always";
requires = [ "tazblog-db.service" ];
wantedBy = [ "multi-user.target" ];
};
# Set up Gogs
services.gogs = {
enable = true;
appName = "Gogs: tazjin's private code";
cookieSecure = true;
domain = "git.tazj.in";
rootUrl = "https://git.tazj.in/";
extraConfig = ''
[log]
ROOT_PATH = /var/lib/gogs/log
'';
};
# Set up Gemma
systemd.services.gemma = {
description = "Recurring task tracking app";
script = "${gemma}/bin/gemma";
serviceConfig.Restart = "always";
wantedBy = [ "multi-user.target" ];
environment = {
GEMMA_CONFIG = "${gemmaConfig}";
};
};
# Set up reverse proxy
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedProxySettings = true;
# Blog!
virtualHosts."tazj.in" = blogConfig;
virtualHosts."www.tazj.in" = blogConfig;
# Git!
virtualHosts."git.tazj.in" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
};
};
# oslo.pub redirect
virtualHosts."oslo.pub" = {
enableACME = true;
forceSSL = true;
extraConfig = "return 302 https://www.google.com/maps/d/viewer?mid=1pJIYY9cuEdt9DuMTbb4etBVq7hs;";
};
# Gemma demo instance!
virtualHosts."gemma.tazj.in" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:4242";
};
};
};
}

View file

@ -22,6 +22,9 @@ case "${TARGET_TOOL}" in
blog_cli)
attr="tazjin.blog_cli"
;;
stern)
attr="stern"
;;
*)
echo "The tool '${TARGET_TOOL}' is currently not installed in this repository."
exit 1

1
tools/bin/stern Symbolic link
View file

@ -0,0 +1 @@
__dispatch.sh