fix(ops/modules/www): Make self-redirect to config a generic module

As suggested by sterni, this makes the self-redirect of a machine to its configuration a generic module working by convention. In the process of moving this two small fixes have been applied: * redirect is only applied if the URI is `/`, this is required for ACME to work * addSSL = true is added, otherwise we have a certificate but no TLS listener Change-Id: Icaef041ff681253a61e36926417bdb2844e3f93d Reviewed-on: https://cl.tvl.fyi/c/depot/+/5313 Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2022-02-18 14:32:25 +03:00 · 2022-02-18 14:32:25 +03:00 · ac6717fe3c
commit ac6717fe3c
parent 5b701ad713
5 changed files with 29 additions and 35 deletions
--- a/ops/machines/sanduny/default.nix
+++ b/ops/machines/sanduny/default.nix
@ -17,7 +17,7 @@ in
    (mod "journaldriver.nix")
    (mod "known-hosts.nix")
    (mod "tvl-users.nix")
-    (mod "www/sanduny.tvl.su.nix")
+    (mod "www/self-redirect.nix")
  ];

  networking = {
--- a/ops/machines/whitby/default.nix
+++ b/ops/machines/whitby/default.nix
@ -37,13 +37,13 @@ in
    "${depot.path}/ops/modules/www/deploys.tvl.fyi.nix"
    "${depot.path}/ops/modules/www/images.tvl.fyi.nix"
    "${depot.path}/ops/modules/www/nixery.dev.nix"
+    "${depot.path}/ops/modules/www/self-redirect.nix"
    "${depot.path}/ops/modules/www/static.tvl.fyi.nix"
    "${depot.path}/ops/modules/www/status.tvl.su.nix"
    "${depot.path}/ops/modules/www/tazj.in.nix"
    "${depot.path}/ops/modules/www/todo.tvl.fyi.nix"
    "${depot.path}/ops/modules/www/tvl.fyi.nix"
    "${depot.path}/ops/modules/www/tvl.su.nix"
-    "${depot.path}/ops/modules/www/whitby.tvl.fyi.nix"
    "${depot.path}/ops/modules/www/wigglydonke.rs.nix"
    "${depot.third_party.agenix.src}/modules/age.nix"
    "${pkgs.path}/nixos/modules/services/web-apps/gerrit.nix"
--- a/ops/modules/www/sanduny.tvl.su.nix
+++ b/ops/modules/www/sanduny.tvl.su.nix
@ -1,16 +0,0 @@
-# Redirect sanduny.tvl.su to the machine configuration.
-
-{
-  imports = [
-    ./base.nix
-  ];
-
-  config.services.nginx.virtualHosts."sanduny.tvl.su" = {
-    serverName = "sanduny.tvl.su";
-    enableACME = true;
-
-    extraConfig = ''
-      return 302 https://at.tvl.fyi/?q=%2F%2Fops%2Fmachines%2Fsanduny;
-    '';
-  };
-}
--- a/ops/modules/www/self-redirect.nix
+++ b/ops/modules/www/self-redirect.nix
@ -0,0 +1,27 @@
+# Redirect the hostname of a machine to its configuration in a web
+# browser.
+#
+# Works by convention, assuming that the machine has its configuration
+# at //ops/machines/${hostname}.
+{ config, ... }:
+
+let
+  host = "${config.networking.hostName}.${config.networking.domain}";
+in
+{
+  imports = [
+    ./base.nix
+  ];
+
+  config.services.nginx.virtualHosts."${host}" = {
+    serverName = host;
+    addSSL = true; # SSL is not forced on these redirects
+    enableACME = true;
+
+    extraConfig = ''
+      location = / {
+        return 302 https://at.tvl.fyi/?q=%2F%2Fops%2Fmachines%2F${config.networking.hostName};
+      }
+    '';
+  };
+}
--- a/ops/modules/www/whitby.tvl.fyi.nix
+++ b/ops/modules/www/whitby.tvl.fyi.nix
@ -1,17 +0,0 @@
-# Redirect whitby.tvl.fyi to the machine configuration.
-
-{
-  imports = [
-    ./base.nix
-  ];
-
-  config.services.nginx.virtualHosts."whitby.tvl.fyi" = {
-    serverName = "whitby.tvl.fyi";
-    serverAliases = [ "whitby.tvl.su" ];
-    enableACME = true;
-
-    extraConfig = ''
-      return 302 https://at.tvl.fyi/?q=%2F%2Fops%2Fmachines%2Fwhitby;
-    '';
-  };
-}