fix(ops/modules/www): Make self-redirect to config a generic module
As suggested by sterni, this makes the self-redirect of a machine to its configuration a generic module working by convention. In the process of moving this two small fixes have been applied: * redirect is only applied if the URI is `/`, this is required for ACME to work * addSSL = true is added, otherwise we have a certificate but no TLS listener Change-Id: Icaef041ff681253a61e36926417bdb2844e3f93d Reviewed-on: https://cl.tvl.fyi/c/depot/+/5313 Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
This commit is contained in:
parent
5b701ad713
commit
ac6717fe3c
5 changed files with 29 additions and 35 deletions
|
@ -17,7 +17,7 @@ in
|
|||
(mod "journaldriver.nix")
|
||||
(mod "known-hosts.nix")
|
||||
(mod "tvl-users.nix")
|
||||
(mod "www/sanduny.tvl.su.nix")
|
||||
(mod "www/self-redirect.nix")
|
||||
];
|
||||
|
||||
networking = {
|
||||
|
|
|
@ -37,13 +37,13 @@ in
|
|||
"${depot.path}/ops/modules/www/deploys.tvl.fyi.nix"
|
||||
"${depot.path}/ops/modules/www/images.tvl.fyi.nix"
|
||||
"${depot.path}/ops/modules/www/nixery.dev.nix"
|
||||
"${depot.path}/ops/modules/www/self-redirect.nix"
|
||||
"${depot.path}/ops/modules/www/static.tvl.fyi.nix"
|
||||
"${depot.path}/ops/modules/www/status.tvl.su.nix"
|
||||
"${depot.path}/ops/modules/www/tazj.in.nix"
|
||||
"${depot.path}/ops/modules/www/todo.tvl.fyi.nix"
|
||||
"${depot.path}/ops/modules/www/tvl.fyi.nix"
|
||||
"${depot.path}/ops/modules/www/tvl.su.nix"
|
||||
"${depot.path}/ops/modules/www/whitby.tvl.fyi.nix"
|
||||
"${depot.path}/ops/modules/www/wigglydonke.rs.nix"
|
||||
"${depot.third_party.agenix.src}/modules/age.nix"
|
||||
"${pkgs.path}/nixos/modules/services/web-apps/gerrit.nix"
|
||||
|
|
|
@ -1,16 +0,0 @@
|
|||
# Redirect sanduny.tvl.su to the machine configuration.
|
||||
|
||||
{
|
||||
imports = [
|
||||
./base.nix
|
||||
];
|
||||
|
||||
config.services.nginx.virtualHosts."sanduny.tvl.su" = {
|
||||
serverName = "sanduny.tvl.su";
|
||||
enableACME = true;
|
||||
|
||||
extraConfig = ''
|
||||
return 302 https://at.tvl.fyi/?q=%2F%2Fops%2Fmachines%2Fsanduny;
|
||||
'';
|
||||
};
|
||||
}
|
27
ops/modules/www/self-redirect.nix
Normal file
27
ops/modules/www/self-redirect.nix
Normal file
|
@ -0,0 +1,27 @@
|
|||
# Redirect the hostname of a machine to its configuration in a web
|
||||
# browser.
|
||||
#
|
||||
# Works by convention, assuming that the machine has its configuration
|
||||
# at //ops/machines/${hostname}.
|
||||
{ config, ... }:
|
||||
|
||||
let
|
||||
host = "${config.networking.hostName}.${config.networking.domain}";
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
./base.nix
|
||||
];
|
||||
|
||||
config.services.nginx.virtualHosts."${host}" = {
|
||||
serverName = host;
|
||||
addSSL = true; # SSL is not forced on these redirects
|
||||
enableACME = true;
|
||||
|
||||
extraConfig = ''
|
||||
location = / {
|
||||
return 302 https://at.tvl.fyi/?q=%2F%2Fops%2Fmachines%2F${config.networking.hostName};
|
||||
}
|
||||
'';
|
||||
};
|
||||
}
|
|
@ -1,17 +0,0 @@
|
|||
# Redirect whitby.tvl.fyi to the machine configuration.
|
||||
|
||||
{
|
||||
imports = [
|
||||
./base.nix
|
||||
];
|
||||
|
||||
config.services.nginx.virtualHosts."whitby.tvl.fyi" = {
|
||||
serverName = "whitby.tvl.fyi";
|
||||
serverAliases = [ "whitby.tvl.su" ];
|
||||
enableACME = true;
|
||||
|
||||
extraConfig = ''
|
||||
return 302 https://at.tvl.fyi/?q=%2F%2Fops%2Fmachines%2Fwhitby;
|
||||
'';
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue