feat(ops/glesys): add bolt.tvix.dev

Make tvixbolt.tvl.su just serve a redirect to the new domain, and fold
everything into the tvix.dev.nix module.

Change-Id: I3a9ccf37d2ceee8886208d6f662e7598ce395b1a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11015
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
This commit is contained in:
Florian Klink 2024-02-23 16:41:04 +07:00 committed by clbot
parent 5c3065b43a
commit f3faeae52a
5 changed files with 27 additions and 26 deletions

View file

@ -18,6 +18,13 @@ resource "glesys_dnsdomain_record" "tvix_dev_apex_AAAA" {
data = var.whitby_ipv6 data = var.whitby_ipv6
} }
resource "glesys_dnsdomain_record" "tvix_dev_bolt_CNAME" {
domain = glesys_dnsdomain.tvix_dev.id
host = "bolt"
type = "CNAME"
data = "whitby.tvl.su."
}
resource "glesys_dnsdomain_record" "tvix_dev_docs_CNAME" { resource "glesys_dnsdomain_record" "tvix_dev_docs_CNAME" {
domain = glesys_dnsdomain.tvix_dev.id domain = glesys_dnsdomain.tvix_dev.id
host = "docs" host = "docs"

View file

@ -76,15 +76,12 @@ resource "glesys_dnsdomain_record" "tvl_su_whitby_services" {
for_each = toset(local.whitby_services) for_each = toset(local.whitby_services)
} }
# Explicit records for corp-only services running on whitby. # historical tvixbolt.tvl.su record, redirects to bolt.tvix.dev
resource "glesys_dnsdomain_record" "tvl_su_corp_whitby_services" { resource "glesys_dnsdomain_record" "tvix_su_tvixbolt_CNAME" {
domain = glesys_dnsdomain.tvl_su.id domain = glesys_dnsdomain.tvl_su.id
host = "tvixbolt"
type = "CNAME" type = "CNAME"
data = "whitby.tvl.su." data = "whitby.tvl.su."
host = each.key
for_each = toset([
"tvixbolt",
])
} }
resource "glesys_dnsdomain_record" "tvl_su_inbox_CNAME" { resource "glesys_dnsdomain_record" "tvl_su_inbox_CNAME" {

View file

@ -42,7 +42,6 @@ in
(mod "www/status.tvl.su.nix") (mod "www/status.tvl.su.nix")
(mod "www/todo.tvl.fyi.nix") (mod "www/todo.tvl.fyi.nix")
(mod "www/tvix.dev.nix") (mod "www/tvix.dev.nix")
(mod "www/tvixbolt.tvl.su.nix")
(mod "www/tvl.fyi.nix") (mod "www/tvl.fyi.nix")
(mod "www/tvl.su.nix") (mod "www/tvl.su.nix")
(mod "www/wigglydonke.rs.nix") (mod "www/wigglydonke.rs.nix")

View file

@ -17,6 +17,23 @@
''; '';
}; };
services.nginx.virtualHosts."bolt.tvix.dev" = {
root = depot.web.tvixbolt;
enableACME = true;
forceSSL = true;
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
'';
};
# old domain, serve redirect
services.nginx.virtualHosts."tvixbolt.tvl.su" = {
enableACME = true;
forceSSL = true;
extraConfig = "return 301 https://bolt.tvix.dev$request_uri;";
};
services.nginx.virtualHosts."docs.tvix.dev" = { services.nginx.virtualHosts."docs.tvix.dev" = {
serverName = "docs.tvix.dev"; serverName = "docs.tvix.dev";
enableACME = true; enableACME = true;

View file

@ -1,19 +0,0 @@
{ depot, ... }:
{
imports = [
./base.nix
];
config = {
services.nginx.virtualHosts."tvixbolt.tvl.su" = {
root = depot.web.tvixbolt;
enableACME = true;
forceSSL = true;
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
'';
};
};
}