fix(ops/modules/www): Make self-redirect to config a generic module

As suggested by sterni, this makes the self-redirect of a machine to
its configuration a generic module working by convention.

In the process of moving this two small fixes have been applied:

* redirect is only applied if the URI is `/`, this is required for
  ACME to work
* addSSL = true is added, otherwise we have a certificate but no TLS
  listener

Change-Id: Icaef041ff681253a61e36926417bdb2844e3f93d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5313
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
This commit is contained in:
Vincent Ambo 2022-02-18 14:32:25 +03:00 committed by tazjin
parent 5b701ad713
commit ac6717fe3c
5 changed files with 29 additions and 35 deletions

View file

@ -17,7 +17,7 @@ in
(mod "journaldriver.nix")
(mod "known-hosts.nix")
(mod "tvl-users.nix")
(mod "www/sanduny.tvl.su.nix")
(mod "www/self-redirect.nix")
];
networking = {

View file

@ -37,13 +37,13 @@ in
"${depot.path}/ops/modules/www/deploys.tvl.fyi.nix"
"${depot.path}/ops/modules/www/images.tvl.fyi.nix"
"${depot.path}/ops/modules/www/nixery.dev.nix"
"${depot.path}/ops/modules/www/self-redirect.nix"
"${depot.path}/ops/modules/www/static.tvl.fyi.nix"
"${depot.path}/ops/modules/www/status.tvl.su.nix"
"${depot.path}/ops/modules/www/tazj.in.nix"
"${depot.path}/ops/modules/www/todo.tvl.fyi.nix"
"${depot.path}/ops/modules/www/tvl.fyi.nix"
"${depot.path}/ops/modules/www/tvl.su.nix"
"${depot.path}/ops/modules/www/whitby.tvl.fyi.nix"
"${depot.path}/ops/modules/www/wigglydonke.rs.nix"
"${depot.third_party.agenix.src}/modules/age.nix"
"${pkgs.path}/nixos/modules/services/web-apps/gerrit.nix"

View file

@ -1,16 +0,0 @@
# Redirect sanduny.tvl.su to the machine configuration.
{
imports = [
./base.nix
];
config.services.nginx.virtualHosts."sanduny.tvl.su" = {
serverName = "sanduny.tvl.su";
enableACME = true;
extraConfig = ''
return 302 https://at.tvl.fyi/?q=%2F%2Fops%2Fmachines%2Fsanduny;
'';
};
}

View file

@ -0,0 +1,27 @@
# Redirect the hostname of a machine to its configuration in a web
# browser.
#
# Works by convention, assuming that the machine has its configuration
# at //ops/machines/${hostname}.
{ config, ... }:
let
host = "${config.networking.hostName}.${config.networking.domain}";
in
{
imports = [
./base.nix
];
config.services.nginx.virtualHosts."${host}" = {
serverName = host;
addSSL = true; # SSL is not forced on these redirects
enableACME = true;
extraConfig = ''
location = / {
return 302 https://at.tvl.fyi/?q=%2F%2Fops%2Fmachines%2F${config.networking.hostName};
}
'';
};
}

View file

@ -1,17 +0,0 @@
# Redirect whitby.tvl.fyi to the machine configuration.
{
imports = [
./base.nix
];
config.services.nginx.virtualHosts."whitby.tvl.fyi" = {
serverName = "whitby.tvl.fyi";
serverAliases = [ "whitby.tvl.su" ];
enableACME = true;
extraConfig = ''
return 302 https://at.tvl.fyi/?q=%2F%2Fops%2Fmachines%2Fwhitby;
'';
};
}