From f3faeae52aae8a3ab9cd0aee2c2a2ef9c904e483 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Fri, 23 Feb 2024 16:41:04 +0700 Subject: [PATCH] feat(ops/glesys): add bolt.tvix.dev Make tvixbolt.tvl.su just serve a redirect to the new domain, and fold everything into the tvix.dev.nix module. Change-Id: I3a9ccf37d2ceee8886208d6f662e7598ce395b1a Reviewed-on: https://cl.tvl.fyi/c/depot/+/11015 Reviewed-by: lukegb Reviewed-by: tazjin Autosubmit: flokli Tested-by: BuildkiteCI --- ops/glesys/dns-tvix-dev.tf | 7 +++++++ ops/glesys/dns-tvl-su.tf | 9 +++------ ops/machines/whitby/default.nix | 1 - ops/modules/www/tvix.dev.nix | 17 +++++++++++++++++ ops/modules/www/tvixbolt.tvl.su.nix | 19 ------------------- 5 files changed, 27 insertions(+), 26 deletions(-) delete mode 100644 ops/modules/www/tvixbolt.tvl.su.nix diff --git a/ops/glesys/dns-tvix-dev.tf b/ops/glesys/dns-tvix-dev.tf index f45703260..296532a02 100644 --- a/ops/glesys/dns-tvix-dev.tf +++ b/ops/glesys/dns-tvix-dev.tf @@ -18,6 +18,13 @@ resource "glesys_dnsdomain_record" "tvix_dev_apex_AAAA" { data = var.whitby_ipv6 } +resource "glesys_dnsdomain_record" "tvix_dev_bolt_CNAME" { + domain = glesys_dnsdomain.tvix_dev.id + host = "bolt" + type = "CNAME" + data = "whitby.tvl.su." +} + resource "glesys_dnsdomain_record" "tvix_dev_docs_CNAME" { domain = glesys_dnsdomain.tvix_dev.id host = "docs" diff --git a/ops/glesys/dns-tvl-su.tf b/ops/glesys/dns-tvl-su.tf index 0f397193d..f2286cf1c 100644 --- a/ops/glesys/dns-tvl-su.tf +++ b/ops/glesys/dns-tvl-su.tf @@ -76,15 +76,12 @@ resource "glesys_dnsdomain_record" "tvl_su_whitby_services" { for_each = toset(local.whitby_services) } -# Explicit records for corp-only services running on whitby. -resource "glesys_dnsdomain_record" "tvl_su_corp_whitby_services" { +# historical tvixbolt.tvl.su record, redirects to bolt.tvix.dev +resource "glesys_dnsdomain_record" "tvix_su_tvixbolt_CNAME" { domain = glesys_dnsdomain.tvl_su.id + host = "tvixbolt" type = "CNAME" data = "whitby.tvl.su." - host = each.key - for_each = toset([ - "tvixbolt", - ]) } resource "glesys_dnsdomain_record" "tvl_su_inbox_CNAME" { diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix index 285b30f77..2259b51c2 100644 --- a/ops/machines/whitby/default.nix +++ b/ops/machines/whitby/default.nix @@ -42,7 +42,6 @@ in (mod "www/status.tvl.su.nix") (mod "www/todo.tvl.fyi.nix") (mod "www/tvix.dev.nix") - (mod "www/tvixbolt.tvl.su.nix") (mod "www/tvl.fyi.nix") (mod "www/tvl.su.nix") (mod "www/wigglydonke.rs.nix") diff --git a/ops/modules/www/tvix.dev.nix b/ops/modules/www/tvix.dev.nix index f86f5b3b1..33c0bb002 100644 --- a/ops/modules/www/tvix.dev.nix +++ b/ops/modules/www/tvix.dev.nix @@ -17,6 +17,23 @@ ''; }; + services.nginx.virtualHosts."bolt.tvix.dev" = { + root = depot.web.tvixbolt; + enableACME = true; + forceSSL = true; + + extraConfig = '' + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + ''; + }; + + # old domain, serve redirect + services.nginx.virtualHosts."tvixbolt.tvl.su" = { + enableACME = true; + forceSSL = true; + extraConfig = "return 301 https://bolt.tvix.dev$request_uri;"; + }; + services.nginx.virtualHosts."docs.tvix.dev" = { serverName = "docs.tvix.dev"; enableACME = true; diff --git a/ops/modules/www/tvixbolt.tvl.su.nix b/ops/modules/www/tvixbolt.tvl.su.nix deleted file mode 100644 index ef8ba0b11..000000000 --- a/ops/modules/www/tvixbolt.tvl.su.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ depot, ... }: - -{ - imports = [ - ./base.nix - ]; - - config = { - services.nginx.virtualHosts."tvixbolt.tvl.su" = { - root = depot.web.tvixbolt; - enableACME = true; - forceSSL = true; - - extraConfig = '' - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; - ''; - }; - }; -}