reciproka/reciproka-ops
1
0
Fork 0
Code Issues 6 Pull requests Packages Projects Releases Wiki Activity

Merge branch 'flakify' into consensus

Browse source
This commit is contained in:
Fiscal Velvet Poet 2022-07-21 16:24:58 +10:00
parent 85a6ed66bb 99d9a01830
commit fa02420dd2
Signed by: fiscalvelvetpoet
GPG key ID: D8EBFD58B023BD47
15 changed files with 411 additions and 393 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
.envrc
View file

@ -1,2 +1,4 @@
use nix use flake
watch_file nix/* watch_file flake.nix
export NIXOPS_DEPLOYMENT=jfdic-ops

20
default.nix
View file

@ -1,20 +0,0 @@
{
sources ? import ./nix/sources.nix,
system ? builtins.currentSystem,
crossSystem ? null,
config ? {},
alejandraUnstable ? (import sources.nixpkgsUnstable {}).alejandra,
} @ args:
with import ./nix args; {
shell = mkShell {
inherit (import sources.niv {}) niv;
buildInputs = [
alejandraUnstable # The Uncompromising Nix Code Formatter
niv
nixopsUnstable # work around for issue #127423
treefmt # one CLI to format the code tree
];
NIX_PATH = "nixpkgs=${sources.nixpkgs}";
NIXOPS_DEPLOYMENT = "${globals.deploymentName}";
};
}

254
flake.lock Normal file
View file

@ -0,0 +1,254 @@
{
"nodes": {
"hakyll-skeleton": {
"flake": false,
"locked": {
"lastModified": 1656491537,
"narHash": "sha256-bC8ND81E0Sq7i+7btoSzhpCB75oHoa3eEcFvvG8XB4g=",
"ref": "consensus",
"rev": "c0df6f6abed90c66e2eff2106ce89bac0a3344db",
"revCount": 3,
"type": "git",
"url": "https://source.jfdic.org/jfdic/hakyll-skeleton/"
},
"original": {
"ref": "consensus",
"type": "git",
"url": "https://source.jfdic.org/jfdic/hakyll-skeleton/"
}
},
"jfdic-web": {
"flake": false,
"locked": {
"lastModified": 1656489989,
"narHash": "sha256-cLsW+iddrxLyfUTV/uZTiXgmL8ZQ3cKG4NfKThc2tds=",
"ref": "consensus",
"rev": "6765cb4251eef6d660b761f7f40f99dbf51a739f",
"revCount": 31,
"type": "git",
"url": "https://source.jfdic.org/JFDIC/jfdic-web/"
},
"original": {
"ref": "consensus",
"type": "git",
"url": "https://source.jfdic.org/JFDIC/jfdic-web/"
}
},
"lowdown-src": {
"flake": false,
"locked": {
"lastModified": 1633514407,
"narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=",
"owner": "kristapsdz",
"repo": "lowdown",
"rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8",
"type": "github"
},
"original": {
"owner": "kristapsdz",
"repo": "lowdown",
"type": "github"
}
},
"nix": {
"inputs": {
"lowdown-src": "lowdown-src",
"nixpkgs": "nixpkgs",
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
"lastModified": 1657886512,
"narHash": "sha256-B9EyDUz/9tlcWwf24lwxCFmkxuPTVW7HFYvp0C4xGbc=",
"owner": "NixOS",
"repo": "nix",
"rev": "0b62dab6db3da5b20e62697b14aaaf80f1a2eea6",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "2.10.3",
"repo": "nix",
"type": "github"
}
},
"nixops": {
"inputs": {
"nixpkgs": "nixpkgs_2",
"utils": "utils"
},
"locked": {
"lastModified": 1657388807,
"narHash": "sha256-MtTM5KUHIDqnY254chIOp00EmsbYsXR3mXrnbbY4wg0=",
"owner": "NixOS",
"repo": "nixops",
"rev": "dcafae5258773dc0fbdd31b425f1ad3fb59173fe",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixops",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1657693803,
"narHash": "sha256-G++2CJ9u0E7NNTAi9n5G8TdDmGJXcIjkJ3NF8cetQB8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "365e1b3a859281cf11b94f87231adeabbdd878a2",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-22.05-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-regression": {
"locked": {
"lastModified": 1643052045,
"narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
}
},
"nixpkgsUnstable": {
"locked": {
"lastModified": 1658103945,
"narHash": "sha256-1/kQlzKGt1563JZ+gIlNHU6rEbaDh2KopZLJ4CzraWI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2e3f6efdeda4cfff0259912495761885d8bee74a",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1656753965,
"narHash": "sha256-BCrB3l0qpJokOnIVc3g2lHiGhnjUi0MoXiw6t1o8H1E=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0ea7a8f1b939d74e5df8af9a8f7342097cdf69eb",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1657972522,
"narHash": "sha256-JTiKsBT1BwMbtSUsvtSl8ffkiirby8FaujJVGV766Q8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "07a2e6a4e31ea48408861607198972d60adaf4ad",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-22.05",
"repo": "nixpkgs",
"type": "github"
}
},
"resrok-web": {
"flake": false,
"locked": {
"lastModified": 1656494547,
"narHash": "sha256-/8EgQxlqAX9tJv8TvsQybIh2O5TYSTOXmwtXC6gg3Dw=",
"ref": "consensus",
"rev": "e77bea1a3cc4da6f54c62ba21ca926392e842a21",
"revCount": 5,
"type": "git",
"url": "https://source.jfdic.org/resrok/resrok-web/"
},
"original": {
"ref": "consensus",
"type": "git",
"url": "https://source.jfdic.org/resrok/resrok-web/"
}
},
"root": {
"inputs": {
"hakyll-skeleton": "hakyll-skeleton",
"jfdic-web": "jfdic-web",
"nix": "nix",
"nixops": "nixops",
"nixpkgs": "nixpkgs_3",
"nixpkgsUnstable": "nixpkgsUnstable",
"resrok-web": "resrok-web",
"utils": "utils_2",
"voc-web": "voc-web"
}
},
"utils": {
"locked": {
"lastModified": 1634851050,
"narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c91f3de5adaf1de973b797ef7485e441a65b8935",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"utils_2": {
"locked": {
"lastModified": 1656928814,
"narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"voc-web": {
"flake": false,
"locked": {
"lastModified": 1656493019,
"narHash": "sha256-vdQBbaoJXrH3bDa47OHC9jpFUsVMCi++dCCdRf0VXis=",
"ref": "consensus",
"rev": "85eb99b5a0a010d8819ea6850c5a359d9ec397b9",
"revCount": 8,
"type": "git",
"url": "https://source.jfdic.org/voc/voc-web/"
},
"original": {
"ref": "consensus",
"type": "git",
"url": "https://source.jfdic.org/voc/voc-web/"
}
}
},
"root": "root",
"version": 7
}

29
flake.nix Normal file
View file

@ -0,0 +1,29 @@
{
description = "jfdic-ops deployment";
inputs = {
hakyll-skeleton = {
flake = false;
url = git+https://source.jfdic.org/jfdic/hakyll-skeleton/?ref=consensus;
};
jfdic-web = {
flake = false;
url = git+https://source.jfdic.org/JFDIC/jfdic-web/?ref=consensus;
};
resrok-web = {
flake = false;
url = git+https://source.jfdic.org/resrok/resrok-web/?ref=consensus;
};
nix.url = "github:NixOS/nix/?ref=2.10.3";
nixops.url = github:NixOS/nixops/?ref=master;
nixpkgs.url = github:NixOS/nixpkgs/?ref=nixos-22.05;
nixpkgsUnstable.url = github:NixOS/nixpkgs/?ref=nixos-unstable;
utils.url = "github:numtide/flake-utils";
voc-web = {
flake = false;
url = git+https://source.jfdic.org/voc/voc-web/?ref=consensus;
};
};
outputs = {...} @ args: import ./outputs.nix args;
}

2
modules/modules-list.nix Normal file
View file

@ -0,0 +1,2 @@
[
]

31
nix/default.nix
View file

@ -1,31 +0,0 @@
{ sources ? import ./sources.nix
, system ? builtins.currentSystem
, crossSystem ? null
, config ? {} }:
let
# our own overlays:
local-overlays = [
];
globals =
if builtins.pathExists ../globals.nix
then [(import ../globals.nix)]
else builtins.trace "globals.nix missing, please add symlink" [];
# merge upstream sources with our own:
upstream-overlays = [
( _: super: {
sources = (super.sources or {}) // sources;
})
];
overlays =
local-overlays ++
globals ++
upstream-overlays;
in
import sources.nixpkgs {
inherit overlays system crossSystem config;
}

63
nix/sources.json
View file

@ -1,63 +0,0 @@
{
"hakyll-skeleton": {
"sha256": "12072xpvqvy127gav887kbpq3446nf2bdnzfifxjmla4rl7hsbvc",
"type": "tarball",
"url": "https://source.jfdic.org/jfdic/hakyll-skeleton/archive/c0df6f6abed90c66e2eff2106ce89bac0a3344db.tar.gz",
"url_template": "https://source.jfdic.org/jfdic/hakyll-skeleton/archive/c0df6f6abed90c66e2eff2106ce89bac0a3344db.tar.gz"
},
"jfdic-web": {
"sha256": "1nxm6qblxjnpw23c5pahqqpjcy49agkgxma4gpr15bsx4zx1dfvh",
"type": "tarball",
"url": "https://source.jfdic.org/JFDIC/jfdic-web/archive/6765cb4251eef6d660b761f7f40f99dbf51a739f.tar.gz",
"url_template": "https://source.jfdic.org/JFDIC/jfdic-web/archive/6765cb4251eef6d660b761f7f40f99dbf51a739f.tar.gz"
},
"niv": {
"branch": "master",
"description": "Easy dependency management for Nix projects",
"homepage": "https://github.com/nmattia/niv",
"owner": "nmattia",
"repo": "niv",
"rev": "82e5cd1ad3c387863f0545d7591512e76ab0fc41",
"sha256": "090l219mzc0gi33i3psgph6s2pwsc8qy4lyrqjdj4qzkvmaj65a7",
"type": "tarball",
"url": "https://github.com/nmattia/niv/archive/82e5cd1ad3c387863f0545d7591512e76ab0fc41.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"nixpkgs": {
"branch": "nixos-22.05",
"builtin": false,
"description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to",
"homepage": "https://github.com/NixOS/nixpkgs",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c06d5fa9c605d143b15cafdbbb61c7c95388d76e",
"sha256": "04fmbldsacmb8wba825didq1sj3r9na24ff3h993nimjav5mp4pv",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/c06d5fa9c605d143b15cafdbbb61c7c95388d76e.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"nixpkgsUnstable": {
"branch": "nixos-unstable",
"description": "Nix Packages collection",
"homepage": "",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "5f43d8b088d3771274bcfb69d3c7435b1121ac88",
"sha256": "1fh5inlikm3090l0n14g8byiz7vzhna377pkvv2a7armwl1gs8ql",
"type": "tarball",
"url": "https://github.com/nixos/nixpkgs/archive/5f43d8b088d3771274bcfb69d3c7435b1121ac88.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"resrok-web": {
"sha256": "0g6w42l0nmqbkfbk6jfqjhxpd23c6b2bw4zz4rnpy0ba351j1hgz",
"type": "tarball",
"url": "https://source.jfdic.org/resrok/resrok-web/archive/e77bea1a3cc4da6f54c62ba21ca926392e842a21.tar.gz",
"url_template": "https://source.jfdic.org/resrok/resrok-web/archive/e77bea1a3cc4da6f54c62ba21ca926392e842a21.tar.gz"
},
"voc-web": {
"sha256": "0asy2pylb790fjz2y2jcqm94afpnqbhyrf1ndkvv2ph9m9nh3m5x",
"type": "tarball",
"url": "https://source.jfdic.org/voc/voc-web/archive/85eb99b5a0a010d8819ea6850c5a359d9ec397b9.tar.gz",
"url_template": "https://source.jfdic.org/voc/voc-web/archive/85eb99b5a0a010d8819ea6850c5a359d9ec397b9.tar.gz"
}
}

194
nix/sources.nix
View file

@ -1,194 +0,0 @@
# This file has been generated by Niv.
let
#
# The fetchers. fetch_<type> fetches specs of type <type>.
#
fetch_file = pkgs: name: spec:
let
name' = sanitizeName name + "-src";
in
if spec.builtin or true then
builtins_fetchurl { inherit (spec) url sha256; name = name'; }
else
pkgs.fetchurl { inherit (spec) url sha256; name = name'; };
fetch_tarball = pkgs: name: spec:
let
name' = sanitizeName name + "-src";
in
if spec.builtin or true then
builtins_fetchTarball { name = name'; inherit (spec) url sha256; }
else
pkgs.fetchzip { name = name'; inherit (spec) url sha256; };
fetch_git = name: spec:
let
ref =
if spec ? ref then spec.ref else
if spec ? branch then "refs/heads/${spec.branch}" else
if spec ? tag then "refs/tags/${spec.tag}" else
abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!";
submodules = if spec ? submodules then spec.submodules else false;
submoduleArg =
let
nixSupportsSubmodules = builtins.compareVersions builtins.nixVersion "2.4" >= 0;
emptyArgWithWarning =
if submodules == true
then
builtins.trace
(
"The niv input \"${name}\" uses submodules "
+ "but your nix's (${builtins.nixVersion}) builtins.fetchGit "
+ "does not support them"
)
{}
else {};
in
if nixSupportsSubmodules
then { inherit submodules; }
else emptyArgWithWarning;
in
builtins.fetchGit
({ url = spec.repo; inherit (spec) rev; inherit ref; } // submoduleArg);
fetch_local = spec: spec.path;
fetch_builtin-tarball = name: throw
''[${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`.
$ niv modify ${name} -a type=tarball -a builtin=true'';
fetch_builtin-url = name: throw
''[${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`.
$ niv modify ${name} -a type=file -a builtin=true'';
#
# Various helpers
#
# https://github.com/NixOS/nixpkgs/pull/83241/files#diff-c6f540a4f3bfa4b0e8b6bafd4cd54e8bR695
sanitizeName = name:
(
concatMapStrings (s: if builtins.isList s then "-" else s)
(
builtins.split "[^[:alnum:]+._?=-]+"
((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name)
)
);
# The set of packages used when specs are fetched using non-builtins.
mkPkgs = sources: system:
let
sourcesNixpkgs =
import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) { inherit system; };
hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
hasThisAsNixpkgsPath = <nixpkgs> == ./.;
in
if builtins.hasAttr "nixpkgs" sources
then sourcesNixpkgs
else if hasNixpkgsPath && ! hasThisAsNixpkgsPath then
import <nixpkgs> {}
else
abort
''
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
add a package called "nixpkgs" to your sources.json.
'';
# The actual fetching function.
fetch = pkgs: name: spec:
if ! builtins.hasAttr "type" spec then
abort "ERROR: niv spec ${name} does not have a 'type' attribute"
else if spec.type == "file" then fetch_file pkgs name spec
else if spec.type == "tarball" then fetch_tarball pkgs name spec
else if spec.type == "git" then fetch_git name spec
else if spec.type == "local" then fetch_local spec
else if spec.type == "builtin-tarball" then fetch_builtin-tarball name
else if spec.type == "builtin-url" then fetch_builtin-url name
else
abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
# If the environment variable NIV_OVERRIDE_${name} is set, then use
# the path directly as opposed to the fetched source.
replace = name: drv:
let
saneName = stringAsChars (c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name;
ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}";
in
if ersatz == "" then drv else
# this turns the string into an actual Nix path (for both absolute and
# relative paths)
if builtins.substring 0 1 ersatz == "/" then /. + ersatz else /. + builtins.getEnv "PWD" + "/${ersatz}";
# Ports of functions for older nix versions
# a Nix version of mapAttrs if the built-in doesn't exist
mapAttrs = builtins.mapAttrs or (
f: set: with builtins;
listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set))
);
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295
range = first: last: if first > last then [] else builtins.genList (n: first + n) (last - first + 1);
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257
stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1));
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269
stringAsChars = f: s: concatStrings (map f (stringToCharacters s));
concatMapStrings = f: list: concatStrings (map f list);
concatStrings = builtins.concatStringsSep "";
# https://github.com/NixOS/nixpkgs/blob/8a9f58a375c401b96da862d969f66429def1d118/lib/attrsets.nix#L331
optionalAttrs = cond: as: if cond then as else {};
# fetchTarball version that is compatible between all the versions of Nix
builtins_fetchTarball = { url, name ? null, sha256 }@attrs:
let
inherit (builtins) lessThan nixVersion fetchTarball;
in
if lessThan nixVersion "1.12" then
fetchTarball ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
else
fetchTarball attrs;
# fetchurl version that is compatible between all the versions of Nix
builtins_fetchurl = { url, name ? null, sha256 }@attrs:
let
inherit (builtins) lessThan nixVersion fetchurl;
in
if lessThan nixVersion "1.12" then
fetchurl ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
else
fetchurl attrs;
# Create the final "sources" from the config
mkSources = config:
mapAttrs (
name: spec:
if builtins.hasAttr "outPath" spec
then abort
"The values in sources.json should not have an 'outPath' attribute"
else
spec // { outPath = replace name (fetch config.pkgs name spec); }
) config.sources;
# The "config" used by the fetchers
mkConfig =
{ sourcesFile ? if builtins.pathExists ./sources.json then ./sources.json else null
, sources ? if isNull sourcesFile then {} else builtins.fromJSON (builtins.readFile sourcesFile)
, system ? builtins.currentSystem
, pkgs ? mkPkgs sources system
}: rec {
# The sources, i.e. the attribute set of spec name to spec
inherit sources;
# The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers
inherit pkgs;
};
in
mkSources (mkConfig {}) // { __functor = _: settings: mkSources (mkConfig settings); }

21
nixops.nix
View file

@ -1,21 +0,0 @@
# NixOps configuration for the jfdic-ops nodes
{
network = {
description = "jfdic-ops nodes";
enableRollback = true;
};
network.storage.legacy = {
databasefile = "~/.nixops/deployments.nixops";
};
defaults =
{ config, pkgs, lib, ... }:
{
system.autoUpgrade.enable = false; # Disabled as it conflicts with NixOps
};
toscano = import ./hosts/toscano.nix;
}

43
outputs.nix Normal file
View file

@ -0,0 +1,43 @@
{
self,
hakyll-skeleton,
jfdic-web,
nix,
nixops,
nixpkgs,
nixpkgsUnstable,
resrok-web,
utils,
voc-web,
...
} @ inputs:
(utils.lib.eachDefaultSystem (system: let
pkgs =
nixpkgs.legacyPackages."${system}";
in {
devShell =
pkgs.callPackage
./shell.nix {
inherit (nix.packages."${pkgs.system}") nix;
inherit (nixpkgsUnstable.legacyPackages."${pkgs.system}") alejandra;
nixops = nixops.defaultPackage."${pkgs.system}";
};
}))
// {
nixopsConfigurations.default = {
inherit nixpkgs;
network = {
description = "jfdic-ops nodes";
enableRollback = true;
storage.legacy = {
databasefile = "~/.nixops/deployments.nixops";
};
};
defaults = {
system.autoUpgrade.enable = false; # Disabled as it conflicts with NixOps
_module.args.inputs = inputs; # make flake inputs accessiable in NixOS
imports = [./profiles/host_common.nix];
};
toscano = import ./hosts/toscano.nix;
};
}

30
profiles/hakyll-skeleton.nix
View file

@ -1,14 +1,14 @@
# NixOps configuration for deploying the JFDIC website # NixOps configuration for deploying the JFDIC website
{
{ config, pkgs, ... }: self,
config,
let inputs,
sources = import ../nix/sources.nix; pkgs,
hakyll-skeleton = import sources.hakyll-skeleton { }; ...
}: let
hakyll-skeleton = import inputs.hakyll-skeleton {};
webdomain = "skeleton.jfdic.org"; webdomain = "skeleton.jfdic.org";
in { in {
environment.sessionVariables = { environment.sessionVariables = {
LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive"; LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
}; };
@ -20,23 +20,23 @@ in {
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
virtualHosts = { virtualHosts = {
"${webdomain}" = { # website hostname "${webdomain}" = {
# website hostname
enableACME = true; # Use ACME certs enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL forceSSL = true; # Force SSL
root = "${hakyll-skeleton}"; # Wesbite root root = "${hakyll-skeleton}"; # Wesbite root
}; };
"www.${webdomain}" = { # Respect our elders :-) "www.${webdomain}" = {
locations."/".extraConfig = # Respect our elders :-)
"return 301 $scheme://${webdomain}$request_uri;"; locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;";
}; };
}; };
}; };
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
certs = { "${webdomain}" = { email = "admin@${webdomain}"; }; }; certs = {"${webdomain}" = {email = "admin@${webdomain}";};};
}; };
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [80 443];
} }

28
profiles/jfdic-web.nix
View file

@ -1,14 +1,14 @@
# NixOps configuration for deploying the JFDIC website # NixOps configuration for deploying the JFDIC website
{
{ config, pkgs, ... }: self,
config,
let inputs,
sources = import ../nix/sources.nix; pkgs,
jfdic-web = import sources.jfdic-web { }; ...
}: let
jfdic-web = import inputs.jfdic-web {};
webdomain = "jfdic.org"; webdomain = "jfdic.org";
in { in {
environment.sessionVariables = { environment.sessionVariables = {
LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive"; LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
}; };
@ -20,14 +20,15 @@ in {
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
virtualHosts = { virtualHosts = {
"${webdomain}" = { # website hostname "${webdomain}" = {
# website hostname
enableACME = true; # Use ACME certs enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL forceSSL = true; # Force SSL
root = "${jfdic-web}"; # Wesbite root root = "${jfdic-web}"; # Wesbite root
}; };
"www.${webdomain}" = { # Respect our elders :-) "www.${webdomain}" = {
locations."/".extraConfig = # Respect our elders :-)
"return 301 $scheme://${webdomain}$request_uri;"; locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;";
}; };
}; };
}; };
@ -42,6 +43,5 @@ in {
}; };
}; };
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [80 443];
} }

25
profiles/resrok-web.nix
View file

@ -1,14 +1,14 @@
# NixOps configuration for deploying the JFDIC website # NixOps configuration for deploying the JFDIC website
{
{ config, pkgs, ...}: self,
config,
let inputs,
sources = import ../nix/sources.nix; pkgs,
resrok-web = import sources.resrok-web {}; ...
}: let
resrok-web = import inputs.resrok-web {};
webdomain = "resrok.org"; webdomain = "resrok.org";
in { in {
environment.sessionVariables = { environment.sessionVariables = {
LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive"; LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
}; };
@ -20,12 +20,14 @@ in {
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
virtualHosts = { virtualHosts = {
"${webdomain}" = { # website hostname "${webdomain}" = {
# website hostname
enableACME = true; # Use ACME certs enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL forceSSL = true; # Force SSL
root = "${resrok-web}"; # Wesbite root root = "${resrok-web}"; # Wesbite root
}; };
"www.${webdomain}" = { # Respect our elders :-) "www.${webdomain}" = {
# Respect our elders :-)
locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;"; locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;";
}; };
}; };
@ -41,6 +43,5 @@ in {
}; };
}; };
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [80 443];
} }

28
profiles/voc-web.nix
View file

@ -1,14 +1,14 @@
# NixOps configuration for deploying the Voices of Capricornia website # NixOps configuration for deploying the Voices of Capricornia website
{
{ config, pkgs, ... }: self,
config,
let inputs,
sources = import ../nix/sources.nix; pkgs,
voc-web = import sources.voc-web { }; ...
}: let
voc-web = import inputs.voc-web {};
webdomain = "voicesofcapricornia.org"; webdomain = "voicesofcapricornia.org";
in { in {
environment.sessionVariables = { environment.sessionVariables = {
LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive"; LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
}; };
@ -20,14 +20,15 @@ in {
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
virtualHosts = { virtualHosts = {
"${webdomain}" = { # website hostname "${webdomain}" = {
# website hostname
enableACME = true; # Use ACME certs enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL forceSSL = true; # Force SSL
root = "${voc-web}"; # Wesbite root root = "${voc-web}"; # Wesbite root
}; };
"www.${webdomain}" = { # Respect our elders :-) "www.${webdomain}" = {
locations."/".extraConfig = # Respect our elders :-)
"return 301 $scheme://${webdomain}$request_uri;"; locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;";
}; };
}; };
}; };
@ -42,6 +43,5 @@ in {
}; };
}; };
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [80 443];
} }

16
shell.nix Normal file
View file

@ -0,0 +1,16 @@
{
pkgs ? import <nixpkgs> {},
alejandra,
mkShell,
nixops,
nix,
}:
with pkgs;
mkShell {
buildInputs = [
alejandra # The Uncompromising Nix Code Formatter
nixops
nix
treefmt # one CLI to format the code tree
];
}