diff --git a/nix/apps/does-it-build/default.nix b/nix/apps/does-it-build/default.nix index 785923d..fad6023 100644 --- a/nix/apps/does-it-build/default.nix +++ b/nix/apps/does-it-build/default.nix @@ -1,21 +1,11 @@ { pkgs, lib, my-projects-versions, ... }: let - does-it-build-base = (import (pkgs.fetchFromGitHub my-projects-versions.does-it-build.fetchFromGitHub)) { inherit pkgs; }; + does-it-build-base = (import (fetchTarball "https://github.com/Noratrieb/does-it-build/archive/${my-projects-versions.does-it-build}.tar.gz")) { inherit pkgs; }; does-it-build = does-it-build-base.overrideAttrs (finalAttrs: previousAttrs: { - DOES_IT_BUILD_OVERRIDE_VERSION = my-projects-versions.does-it-build.commit; + DOES_IT_BUILD_OVERRIDE_VERSION = my-projects-versions.does-it-build; }); in { - services.caddy.virtualHosts = { - "does-it-build.noratrieb.dev" = { - logFormat = ""; - extraConfig = '' - encode zstd gzip - reverse_proxy * localhost:3000 - ''; - }; - }; - systemd.services.does-it-build = { description = "https://github.com/Noratrieb/does-it-build"; wantedBy = [ "multi-user.target" ]; diff --git a/nix/apps/fakessh/default.nix b/nix/apps/fakessh/default.nix index 019fa65..b289036 100644 --- a/nix/apps/fakessh/default.nix +++ b/nix/apps/fakessh/default.nix @@ -1,6 +1,5 @@ { lib, pkgs, my-projects-versions, ... }: -let - cluelessh = import (pkgs.fetchFromGitHub my-projects-versions.cluelessh.fetchFromGitHub); +let cluelessh = import (fetchTarball "https://github.com/Noratrieb/cluelessh/archive/${my-projects-versions.cluelessh}.tar.gz"); in { systemd.services.fakessh = { diff --git a/nix/apps/forgejo/default.nix b/nix/apps/forgejo/default.nix index bf6a407..933fe24 100644 --- a/nix/apps/forgejo/default.nix +++ b/nix/apps/forgejo/default.nix @@ -43,14 +43,6 @@ }; }; - services.caddy.virtualHosts."git.noratrieb.dev" = { - logFormat = ""; - extraConfig = '' - encode zstd gzip - reverse_proxy * localhost:5015 - ''; - }; - services.custom-backup.jobs = [{ app = "forgejo"; file = "/var/lib/forgejo/data/forgejo.db"; diff --git a/nix/apps/hugo-chat/default.nix b/nix/apps/hugo-chat/default.nix index 14d89c9..9f78f6b 100644 --- a/nix/apps/hugo-chat/default.nix +++ b/nix/apps/hugo-chat/default.nix @@ -5,11 +5,6 @@ let "https://github.com/C0RR1T/HugoChat/releases/download/2024-08-05/HugoServer.jar"; hash = "sha256-hCe2UPqrSR6u3/UxsURI2KzRxN5saeTteCRq5Zfay4M="; }; - hugo-chat-client = fetchTarball { - url = - "https://github.com/C0RR1T/HugoChat/releases/download/2024-08-05/hugo-client.tar.xz"; - sha256 = "sha256:121ai8q6bm7gp0pl1ajfk0k2nrfg05zid61i20z0j5gpb2qyhsib"; - }; in { age.secrets.hugochat_db_password.file = ../../secrets/hugochat_db_password.age; @@ -41,61 +36,6 @@ in }; }; - services.caddy.virtualHosts = { - "hugo-chat.noratrieb.dev" = { - logFormat = ""; - extraConfig = '' - encode zstd gzip - root * ${import ../../packages/caddy-static-prepare { - name = "hugo-chat-client"; - src = hugo-chat-client; - inherit pkgs lib; - }} - try_files {path} /index.html - file_server { - etag_file_extensions .sha256 - precompressed zstd gzip br - } - ''; - }; - "api.hugo-chat.noratrieb.dev" = - let - cors = pkgs.writeText "cors" '' - # https://gist.github.com/ryanburnette/d13575c9ced201e73f8169d3a793c1a3 - @cors_preflight{args[0]} method OPTIONS - @cors{args[0]} header Origin {args[0]} - - handle @cors_preflight{args[0]} { - header { - Access-Control-Allow-Origin "{args[0]}" - Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS" - Access-Control-Allow-Credentials "false" - Access-Control-Allow-Headers "$${args[1]}" - Access-Control-Max-Age "86400" - defer - } - respond "" 204 - } - - handle @cors{args[0]} { - header { - Access-Control-Allow-Origin "{args[0]}" - Access-Control-Expose-Headers * - defer - } - } - ''; - in - { - logFormat = ""; - extraConfig = '' - import ${cors} https://hugo-chat.noratrieb.dev "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type" - encode zstd gzip - reverse_proxy * localhost:5001 - ''; - }; - }; - services.custom-backup.jobs = [ { app = "hugo-chat"; diff --git a/nix/apps/old-redirects/default.nix b/nix/apps/old-redirects/default.nix deleted file mode 100644 index 68d3f42..0000000 --- a/nix/apps/old-redirects/default.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ ... }: -let - permanent = [ - { from = "www.noratrieb.dev"; to = "noratrieb.dev"; } - { from = "blog.noratrieb.dev"; to = "noratrieb.dev/blog"; } - { from = "nilstrieb.dev"; to = "noratrieb.dev"; } - { from = "www.nilstrieb.dev"; to = "noratrieb.dev"; } - { from = "blog.nilstrieb.dev"; to = "noratrieb.dev/blog"; } - { from = "bisect-rustc.nilstrieb.dev"; to = "bisect-rustc.noratrieb.dev"; } - { from = "docker.nilstrieb.dev"; to = "docker.noratrieb.dev"; } - { from = "hugo-chat.nilstrieb.dev"; to = "hugo-chat.noratrieb.dev"; } - { from = "api.hugo-chat.nilstrieb.dev"; to = "api.hugo-chat.noratrieb.dev"; } - { from = "uptime.nilstrieb.dev"; to = "uptime.noratrieb.dev"; } - { from = "olat.nilstrieb.dev"; to = "olat.noratrieb.dev"; } - { from = "olat.nilstrieb.dev:8088"; to = "olat.noratrieb.dev"; } - ]; -in -{ - services.caddy.virtualHosts = ( - { - "bisect-rustc.noratrieb.dev" = { - logFormat = ""; - extraConfig = "redir https://github.com/Noratrieb/cargo-bisect-rustc-service?tab=readme-ov-file#cargo-bisect-rustc-service"; - }; - "uptime.noratrieb.dev" = { - logFormat = ""; - extraConfig = "redir https://github.com/Noratrieb/uptime?tab=readme-ov-file#uptime"; - }; - } - ) // ( - builtins.listToAttrs (map - (redirect: { - name = redirect.from; - value = { - logFormat = ""; - extraConfig = "redir https://${redirect.to}{uri} permanent"; - }; - }) - permanent) - ); -} diff --git a/nix/apps/openolat/default.nix b/nix/apps/openolat/default.nix index 6ad5c68..0c2672f 100644 --- a/nix/apps/openolat/default.nix +++ b/nix/apps/openolat/default.nix @@ -44,24 +44,6 @@ in }; }; - services.caddy.virtualHosts = { - "olat.noratrieb.dev" = { - logFormat = ""; - extraConfig = '' - encode zstd gzip - reverse_proxy * localhost:5011 - ''; - }; - # unsure if necessary... something was misconfigured in the past here... - "olat.noratrieb.dev:8088" = { - logFormat = ""; - extraConfig = '' - encode zstd gzip - reverse_proxy * localhost:5011 - ''; - }; - }; - services.custom-backup.jobs = [ { app = "openolat-db"; diff --git a/nix/apps/upload-files/default.nix b/nix/apps/upload-files/default.nix index 247c9cd..526adf3 100644 --- a/nix/apps/upload-files/default.nix +++ b/nix/apps/upload-files/default.nix @@ -1,7 +1,5 @@ { my-projects-versions, pkgs, lib, config, ... }: -let - upload-files = import (pkgs.fetchFromGitHub my-projects-versions."upload.files.noratrieb.dev".fetchFromGitHub); -in +let upload-files = import (fetchTarball "https://github.com/Noratrieb/upload.files.noratrieb.dev/archive/${my-projects-versions."upload.files.noratrieb.dev"}.tar.gz"); in { age.secrets.upload_files_s3_secret.file = ../../secrets/upload_files_s3_secret.age; @@ -20,15 +18,4 @@ in EnvironmentFile = [ config.age.secrets.upload_files_s3_secret.path ]; }; }; - - services.caddy.virtualHosts."upload.files.noratrieb.dev" = { - logFormat = ""; - extraConfig = '' - encode zstd gzip - # we need HTTP/2 here because the server doesn't work with HTTP/1.1 - # because it will send early 401 responses during the upload without consuming the body - # (this has been mostly fixed but still keep it) - reverse_proxy * h2c://localhost:3050 - ''; - }; } diff --git a/nix/apps/website/default.nix b/nix/apps/website/default.nix deleted file mode 100644 index e61608c..0000000 --- a/nix/apps/website/default.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ pkgs, lib, my-projects-versions, ... }: -let - website = import (pkgs.fetchFromGitHub my-projects-versions.website.fetchFromGitHub); - blog = pkgs.fetchFromGitHub my-projects-versions.blog.fetchFromGitHub; - slides = pkgs.fetchFromGitHub my-projects-versions.slides.fetchFromGitHub; - website-build = website { inherit pkgs slides blog; }; -in -{ - services.caddy.virtualHosts = { - "noratrieb.dev" = { - logFormat = ""; - extraConfig = '' - encode zstd gzip - header -Last-Modified - root * ${import ../../packages/caddy-static-prepare { - name = "website"; - src = website-build; - inherit pkgs lib; - }} - file_server { - etag_file_extensions .sha256 - precompressed zstd gzip br - } - ''; - }; - "files.noratrieb.dev" = { - logFormat = ""; - extraConfig = '' - encode zstd gzip - reverse_proxy * localhost:3902 - ''; - }; - }; -} diff --git a/nix/apps/widetom/default.nix b/nix/apps/widetom/default.nix index c7372fd..45080a1 100644 --- a/nix/apps/widetom/default.nix +++ b/nix/apps/widetom/default.nix @@ -1,7 +1,12 @@ { config, pkgs, lib, my-projects-versions, ... }: let widetom = pkgs.rustPlatform.buildRustPackage { - src = pkgs.fetchFromGitHub my-projects-versions.widetom.fetchFromGitHub; + src = pkgs.fetchFromGitHub { + owner = "Noratrieb"; + repo = "widetom"; + rev = my-projects-versions.widetom; + hash = "sha256-lSjlDozwKRLF62jsDaWo+8+rcQdeEgurEnuw00hk3o8="; + }; pname = "widetom"; version = "0.1.0"; cargoHash = "sha256-AWbdPcDc+QOW7U/FYbqlIsg+3MwfggKCTCw1z/ZbSEE="; diff --git a/nix/hive.nix b/nix/hive.nix index a7b70b3..1d61ebc 100644 --- a/nix/hive.nix +++ b/nix/hive.nix @@ -180,8 +180,6 @@ ./modules/backup # apps - ./apps/website - ./apps/old-redirects ./apps/widetom ./apps/hugo-chat ./apps/killua @@ -213,8 +211,6 @@ ./modules/caddy ./modules/garage ./modules/prometheus - - ./apps/website ]; system.stateVersion = "23.11"; @@ -229,7 +225,6 @@ ./modules/backup # apps - ./apps/website ./apps/does-it-build ]; diff --git a/nix/modules/caddy/base.Caddyfile b/nix/modules/caddy/base.Caddyfile new file mode 100644 index 0000000..69a626b --- /dev/null +++ b/nix/modules/caddy/base.Caddyfile @@ -0,0 +1,59 @@ +{ + email noratrieb@proton.me + auto_https disable_redirects + + storage s3 { + host "localhost:3900" + bucket "caddy-store" + # access_id ENV S3_ACCESS_ID + # secret_key ENV S3_SECRET_KEY + + insecure true + } + + servers { + metrics + } + + log default { + output stdout + format json + } +} + +# https://gist.github.com/ryanburnette/d13575c9ced201e73f8169d3a793c1a3 +(cors) { + @cors_preflight{args[0]} method OPTIONS + @cors{args[0]} header Origin {args[0]} + + handle @cors_preflight{args[0]} { + header { + Access-Control-Allow-Origin "{args[0]}" + Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS" + Access-Control-Allow-Credentials "false" + Access-Control-Allow-Headers "${args[1]}" + Access-Control-Max-Age "86400" + defer + } + respond "" 204 + } + + handle @cors{args[0]} { + header { + Access-Control-Allow-Origin "{args[0]}" + Access-Control-Expose-Headers * + defer + } + } +} + +http:// { + log + respond "This is an HTTPS-only server, silly you. Go to https:// instead." 418 +} + +# HTTP +:9010 { + log + metrics /metrics +} diff --git a/nix/modules/caddy/default.nix b/nix/modules/caddy/default.nix index f046d2c..c2f132f 100644 --- a/nix/modules/caddy/default.nix +++ b/nix/modules/caddy/default.nix @@ -1,4 +1,4 @@ -{ pkgs, config, lib, name, ... }: +{ pkgs, config, lib, name, my-projects-versions, ... }: let caddy = pkgs.callPackage ./caddy-build.nix { @@ -11,6 +11,15 @@ let ]; vendorHash = "sha256-KP9bYitM/Pocw4DxOXPVBigWh4IykNf8yKJiBlTFZmI="; }; + website = import (fetchTarball "https://github.com/Noratrieb/website/archive/${my-projects-versions.website}.tar.gz"); + blog = fetchTarball "https://github.com/Noratrieb/blog/archive/${my-projects-versions.blog}.tar.gz"; + slides = fetchTarball "https://github.com/Noratrieb/slides/archive/${my-projects-versions.slides}.tar.gz"; + website-build = website { inherit pkgs slides blog; }; + hugo-chat-client = fetchTarball { + url = + "https://github.com/C0RR1T/HugoChat/releases/download/2024-08-05/hugo-client.tar.xz"; + sha256 = "sha256:121ai8q6bm7gp0pl1ajfk0k2nrfg05zid61i20z0j5gpb2qyhsib"; + }; in { environment.systemPackages = [ caddy ]; @@ -34,56 +43,79 @@ in services.caddy = { enable = true; package = caddy; - logFormat = '' - output stdout - format json - ''; - globalConfig = '' - email noratrieb@proton.me - auto_https disable_redirects - - storage s3 { - host "localhost:3900" - bucket "caddy-store" - # access_id ENV S3_ACCESS_ID - # secret_key ENV S3_SECRET_KEY - - insecure true - } - - servers { - metrics - } - ''; - virtualHosts = { - "http://" = { - logFormat = ""; - extraConfig = '' - respond "This is an HTTPS-only server, silly you. Go to https:// instead." 418 - ''; - }; - ":9010" = { - logFormat = "output discard"; - extraConfig = '' - metrics /metrics - ''; - }; - "${name}.infra.noratrieb.dev" = { - logFormat = ""; - extraConfig = '' - encode zstd gzip - header -Last-Modified - root * ${import ./caddy-static-prepare { - name = "debugging-page"; - src = ./debugging-page; - inherit pkgs lib; - }} - file_server { - etag_file_extensions .sha256 - precompressed zstd gzip br + configFile = pkgs.writeTextFile { + name = "Caddyfile"; + text = ( + builtins.readFile ./base.Caddyfile + + '' + ${config.networking.hostName}.infra.noratrieb.dev { + log + encode zstd gzip + header -Last-Modified + root * ${import ./caddy-static-prepare { + name = "debugging-page"; + src = ./debugging-page; + inherit pkgs lib; + }} + file_server { + etag_file_extensions .sha256 + precompressed zstd gzip br + } } - ''; - }; + + ${ + if name == "vps1" || name == "vps3" || name == "vps4" then '' + noratrieb.dev { + log + encode zstd gzip + header -Last-Modified + root * ${import ./caddy-static-prepare { + name = "website"; + src = website-build; + inherit pkgs lib; + }} + file_server { + etag_file_extensions .sha256 + precompressed zstd gzip br + } + } + + files.noratrieb.dev { + log + encode zstd gzip + + reverse_proxy * localhost:3902 + } + '' else "" + } + + ${if name == "vps1" then '' + hugo-chat.noratrieb.dev { + log + encode zstd gzip + root * ${import ./caddy-static-prepare { + name = "hugo-chat-client"; + src = hugo-chat-client; + inherit pkgs lib; + }} + try_files {path} /index.html + file_server { + etag_file_extensions .sha256 + precompressed zstd gzip br + } + } + '' else ""} + + ${ + if name == "vps1" || name == "vps3" || name == "vps4" then + builtins.readFile ./${name}.Caddyfile else "" + } + '' + ); + checkPhase = '' + ${lib.getExe caddy} --version + ${lib.getExe caddy} validate --adapter=caddyfile --config=$out + ''; }; }; } diff --git a/nix/modules/caddy/vps1.Caddyfile b/nix/modules/caddy/vps1.Caddyfile new file mode 100644 index 0000000..11712b2 --- /dev/null +++ b/nix/modules/caddy/vps1.Caddyfile @@ -0,0 +1,111 @@ +www.noratrieb.dev { + log + redir https://noratrieb.dev{uri} permanent +} + +api.hugo-chat.noratrieb.dev { + log + import cors https://hugo-chat.noratrieb.dev "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type" + encode zstd gzip + reverse_proxy * localhost:5001 +} + +docker.noratrieb.dev { + log + reverse_proxy * localhost:5000 +} + +git.noratrieb.dev { + log + encode zstd gzip + reverse_proxy * localhost:5015 +} + +olat.noratrieb.dev { + log + encode zstd gzip + reverse_proxy * localhost:5011 +} + +# unsure if necessary... something was misconfigured in the past here... +olat.noratrieb.dev:8088 { + log + encode zstd gzip + reverse_proxy * localhost:5011 +} + +upload.files.noratrieb.dev { + log + encode zstd gzip + # we need HTTP/2 here because the server doesn't work with HTTP/1.1 + # because it will send early 401 responses during the upload without consuming the body + reverse_proxy * h2c://localhost:3050 +} + +################################################################ +# retired + +bisect-rustc.noratrieb.dev { + log + redir https://github.com/Noratrieb/cargo-bisect-rustc-service?tab=readme-ov-file#cargo-bisect-rustc-service +} + +uptime.noratrieb.dev { + log + redir https://github.com/Noratrieb/uptime?tab=readme-ov-file#uptime +} + +blog.noratrieb.dev { + log + redir https://noratrieb.dev/blog{uri} permanent +} + +nilstrieb.dev { + log + redir https://noratrieb.dev{uri} permanent +} + +www.nilstrieb.dev { + log + redir https://noratrieb.dev{uri} permanent +} + +blog.nilstrieb.dev { + log + redir https://noratrieb.dev/blog{uri} permanent +} + +bisect-rustc.nilstrieb.dev { + log + redir https://bisect-rustc.noratrieb.dev/blog{uri} permanent +} + +docker.nilstrieb.dev { + log + redir https://docker.noratrieb.dev{uri} permanent +} + +hugo-chat.nilstrieb.dev { + log + redir https://hugo-chat.noratrieb.dev{uri} permanent +} + +api.hugo-chat.nilstrieb.dev { + log + redir https://api.hugo-chat.noratrieb.dev{uri} permanent +} + +uptime.nilstrieb.dev { + log + redir https://uptime.noratrieb.dev{uri} permanent +} + +olat.nilstrieb.dev { + log + redir https://olat.noratrieb.dev{uri} permanent +} + +olat.nilstrieb.dev:8088 { + log + redir https://olat.noratrieb.dev{uri} permanent +} diff --git a/nix/modules/caddy/vps3.Caddyfile b/nix/modules/caddy/vps3.Caddyfile new file mode 100644 index 0000000..d233f8d --- /dev/null +++ b/nix/modules/caddy/vps3.Caddyfile @@ -0,0 +1,5 @@ +grafana.noratrieb.dev { + log + encode zstd gzip + reverse_proxy * localhost:3000 +} diff --git a/nix/modules/caddy/vps4.Caddyfile b/nix/modules/caddy/vps4.Caddyfile new file mode 100644 index 0000000..325daca --- /dev/null +++ b/nix/modules/caddy/vps4.Caddyfile @@ -0,0 +1,5 @@ +does-it-build.noratrieb.dev { + log + encode zstd gzip + reverse_proxy * localhost:3000 +} diff --git a/nix/modules/default/default.nix b/nix/modules/default/default.nix index cc9a8e6..a1169a0 100644 --- a/nix/modules/default/default.nix +++ b/nix/modules/default/default.nix @@ -1,15 +1,11 @@ { pkgs, lib, name, my-projects-versions, networkingConfig, nixpkgs-path, ... }: let - pretense = import (pkgs.fetchFromGitHub my-projects-versions.pretense.fetchFromGitHub); - quotdd = import (pkgs.fetchFromGitHub my-projects-versions.quotdd.fetchFromGitHub); + pretense = import (fetchTarball "https://github.com/Noratrieb/pretense/archive/${my-projects-versions.pretense}.tar.gz"); + quotdd = import (fetchTarball "https://github.com/Noratrieb/quotdd/archive/${my-projects-versions.quotdd}.tar.gz"); in { deployment.targetHost = "${name}.infra.noratrieb.dev"; - networking.hosts = { - "${networkingConfig.vps3.wg.privateIP}" = [ "loki.internal" "pyroscope.internal" "prometheus.internal" ]; - }; - imports = [ "${builtins.fetchTarball "https://github.com/ryantm/agenix/archive/de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6.tar.gz"}/modules/age.nix" # main 2024-07-26 ]; @@ -130,7 +126,7 @@ in }; clients = [ { - url = "http://loki.internal:3100/loki/api/v1/push"; + url = "http://vps3.local:3100/loki/api/v1/push"; } ]; scrape_configs = [ @@ -221,7 +217,7 @@ in pyroscope.write "endpoint" { endpoint { - url = "http://pyroscope.internal:4040" + url = "http://vps3.local:4040" } external_labels = { "instance" = env("HOSTNAME"), diff --git a/nix/modules/garage/default.nix b/nix/modules/garage/default.nix index dcd4ce9..e7f5331 100644 --- a/nix/modules/garage/default.nix +++ b/nix/modules/garage/default.nix @@ -35,12 +35,12 @@ in s3_api = { s3_region = "garage"; api_bind_addr = "[::]:3900"; - root_domain = ".s3.garage.internal"; + root_domain = ".s3.garage.localhost"; }; s3_web = { bind_addr = "[::]:3902"; - root_domain = ".web.garage.internal"; + root_domain = ".web.garage.localhost"; index = "index.html"; }; diff --git a/nix/modules/prometheus/default.nix b/nix/modules/prometheus/default.nix index 7a2ef97..a1af908 100644 --- a/nix/modules/prometheus/default.nix +++ b/nix/modules/prometheus/default.nix @@ -18,6 +18,7 @@ { job_name = "cadvisor"; static_configs = [{ targets = map (name: "${name}.local:8080") (builtins.attrNames networkingConfig); }]; + } { job_name = "systemd"; @@ -70,7 +71,7 @@ name = "Prometheus"; type = "prometheus"; access = "proxy"; - url = "http://prometheus.internal:9090"; + url = "http://vps3.local:9090"; jsonData = { httpMethod = "POST"; prometheusType = "Prometheus"; @@ -80,27 +81,19 @@ name = "loki"; type = "loki"; access = "proxy"; - url = "http://loki.internal:3100"; + url = "http://vps3.local:3100"; } { name = "pyroscope"; type = "grafana-pyroscope-datasource"; access = "proxy"; - url = "http://pyroscope.internal:4040"; + url = "http://vps3.local:4040"; } ]; }; }; }; - services.caddy.virtualHosts."grafana.noratrieb.dev" = { - logFormat = ""; - extraConfig = '' - encode zstd gzip - reverse_proxy * localhost:3000 - ''; - }; - networking.firewall.interfaces.wg0.allowedTCPPorts = [ config.services.loki.configuration.server.http_listen_port 4040 # pyroscope diff --git a/nix/modules/registry/default.nix b/nix/modules/registry/default.nix index 1cdde03..a18c67c 100644 --- a/nix/modules/registry/default.nix +++ b/nix/modules/registry/default.nix @@ -60,11 +60,4 @@ }; }; }; - - services.caddy.virtualHosts."docker.noratrieb.dev" = { - logFormat = ""; - extraConfig = '' - reverse_proxy * localhost:5000 - ''; - }; } diff --git a/nix/modules/wg-mesh/default.nix b/nix/modules/wg-mesh/default.nix index abb904a..aad75b8 100644 --- a/nix/modules/wg-mesh/default.nix +++ b/nix/modules/wg-mesh/default.nix @@ -9,7 +9,7 @@ in let hostsEntries = map (host: - let hostConfig = networkingConfig."${host}"; in + let hostConfig = builtins.getAttr host networkingConfig; in if builtins.hasAttr "wg" hostConfig then { name = hostConfig.wg.privateIP; value = [ "${host}.local" ]; diff --git a/nix/my-projects.json b/nix/my-projects.json index d17941d..bf6a386 100644 --- a/nix/my-projects.json +++ b/nix/my-projects.json @@ -1,83 +1,11 @@ { - "website": { - "commit": "57c4a239da5d17eafde4ade165f3c6706639a9b4", - "fetchFromGitHub": { - "owner": "Noratrieb", - "repo": "website", - "rev": "57c4a239da5d17eafde4ade165f3c6706639a9b4", - "hash": "sha256-or6mCQjbc7tWAzzAKQpznZv+2vWJMhyzqxBPwRE2HKw=" - } - }, - "blog": { - "commit": "ea2758dd10f29e8d66ca3f54d7303f2ac20005d2", - "fetchFromGitHub": { - "owner": "Noratrieb", - "repo": "blog", - "rev": "ea2758dd10f29e8d66ca3f54d7303f2ac20005d2", - "hash": "sha256-LvQ41eJzOvI7mLYDTvlFwGZ2TKrZO26rasydqnEZ/t4=" - } - }, - "slides": { - "commit": "0401f35c22b124b69447655f0c537badae9e223c", - "fetchFromGitHub": { - "owner": "Noratrieb", - "repo": "slides", - "rev": "0401f35c22b124b69447655f0c537badae9e223c", - "hash": "sha256-K1Me4wf/GSfoc1PGWVJygPyTVV8SXienxUrzXkdCrjQ=" - } - }, - "pretense": { - "commit": "270b01fc1118dfd713c1c41530d1a7d98f04527d", - "fetchFromGitHub": { - "owner": "Noratrieb", - "repo": "pretense", - "rev": "270b01fc1118dfd713c1c41530d1a7d98f04527d", - "hash": "sha256-76ixjjrZ2xFz3uy92LHT4zbeNvab2f4J9C46MDVr+xQ=" - } - }, - "quotdd": { - "commit": "e922229e1d9e055be35dabd112bafc87a0686548", - "fetchFromGitHub": { - "owner": "Noratrieb", - "repo": "quotdd", - "rev": "e922229e1d9e055be35dabd112bafc87a0686548", - "hash": "sha256-LhTrUDAZDIVyggaO1deFjoC13M6aktzV3QINY01ThfY=" - } - }, - "does-it-build": { - "commit": "81790825173d87f89656f66f12a123bc99e2f6f1", - "fetchFromGitHub": { - "owner": "Noratrieb", - "repo": "does-it-build", - "rev": "81790825173d87f89656f66f12a123bc99e2f6f1", - "hash": "sha256-MCgGDd7Sg+BiG8L20Bbz8bHMB/Xuc1ztOVwv/b37BnQ=" - } - }, - "upload.files.noratrieb.dev": { - "commit": "9f31fe53f040f73edbbdc8afcc9bd3cdbc1cd8ab", - "fetchFromGitHub": { - "owner": "Noratrieb", - "repo": "upload.files.noratrieb.dev", - "rev": "9f31fe53f040f73edbbdc8afcc9bd3cdbc1cd8ab", - "hash": "sha256-IQug0slBlMpHTqrj/SlJKPWCMijSka+s33HDeMf8rd0=" - } - }, - "cluelessh": { - "commit": "c711cd405da4b7951e554577d09c9576bedf7970", - "fetchFromGitHub": { - "owner": "Noratrieb", - "repo": "cluelessh", - "rev": "c711cd405da4b7951e554577d09c9576bedf7970", - "hash": "sha256-UTo5RUda/AcwGiPEeeliuA78TVMJzvBhhXs4Fr2+BGg=" - } - }, - "widetom": { - "commit": "33d1738799618d72fe2b86896f766cbfea58dc76", - "fetchFromGitHub": { - "owner": "Noratrieb", - "repo": "widetom", - "rev": "33d1738799618d72fe2b86896f766cbfea58dc76", - "hash": "sha256-lSjlDozwKRLF62jsDaWo+8+rcQdeEgurEnuw00hk3o8=" - } - } + "website": "57c4a239da5d17eafde4ade165f3c6706639a9b4", + "blog": "ea2758dd10f29e8d66ca3f54d7303f2ac20005d2", + "slides": "0401f35c22b124b69447655f0c537badae9e223c", + "pretense": "270b01fc1118dfd713c1c41530d1a7d98f04527d", + "quotdd": "e922229e1d9e055be35dabd112bafc87a0686548", + "does-it-build": "81790825173d87f89656f66f12a123bc99e2f6f1", + "upload.files.noratrieb.dev": "0124fa5ba5446cb463fb6b3c4f52e7e6b84e5077", + "cluelessh": "c711cd405da4b7951e554577d09c9576bedf7970", + "widetom": "33d1738799618d72fe2b86896f766cbfea58dc76" } diff --git a/nix/packages/caddy-static-prepare/default.nix b/nix/packages/caddy-static-prepare/default.nix deleted file mode 100644 index da26ede..0000000 --- a/nix/packages/caddy-static-prepare/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ pkgs, lib, name, src ? null, ... }: pkgs.stdenv.mkDerivation { - inherit name src; - - buildInputs = with pkgs; [ python311 python311Packages.zstandard python311Packages.brotli ]; - - buildPhase = '' - mkdir -p $out - cp -r $src/* $out/ - chmod -R +w $out - ${lib.getExe pkgs.python311} ${./prepare.py} $out - chmod -R -w $out - ''; -} diff --git a/nix/packages/caddy-static-prepare/prepare.py b/nix/packages/caddy-static-prepare/prepare.py deleted file mode 100644 index e87e3ac..0000000 --- a/nix/packages/caddy-static-prepare/prepare.py +++ /dev/null @@ -1,60 +0,0 @@ -import os -import sys -import gzip -import brotli -import zstandard -import hashlib - - -def usage(): - print("usage: prepare.py [SRC]") - - -def write_etag(path, content): - shasum = hashlib.sha256(content) - etag_path = path+".sha256" - with open(etag_path, "w") as f: - print(f"Writing ETag {etag_path}") - f.write(f'"{shasum.hexdigest()}"') - - -def main(): - if len(sys.argv) < 2: - usage() - exit(1) - - src_dir = sys.argv[1] - - for root, dirs, files in os.walk(src_dir): - for file in files: - path = os.path.join(root, file) - - # Ignore etags - if path.endswith(".sha256") or path.endswith(".b3sum"): - continue - - # Ignore already compressed files - if path.endswith(".gz") or path.endswith(".zst") or path.endswith(".br"): - continue - - with open(path, "rb") as f: - content = f.read() - - compressions = [ - (".gz", gzip), - (".zst", zstandard), - (".br", brotli), - ] - - for ext, alg in compressions: - new_path = path+ext - with open(new_path, "wb") as out: - print(f"Writing {new_path}") - compressed = alg.compress(content) - out.write(compressed) - write_etag(new_path, compressed) - - write_etag(path, content) - -if __name__ == "__main__": - main() \ No newline at end of file diff --git a/nix/update-my-projects.mjs b/nix/update-my-projects.mjs index 1eb5555..ee2cbe9 100644 --- a/nix/update-my-projects.mjs +++ b/nix/update-my-projects.mjs @@ -1,28 +1,11 @@ import fs from "node:fs/promises"; -import child_process from "node:child_process"; - -const fetchHash = (url) => { - const res = child_process.execFileSync("nix", [ - "store", - "prefetch-file", - "--unpack", - "--hash-type", - "sha256", - "--json", - url, - ]); - const out = new TextDecoder().decode(res).trim(); - const { hash } = JSON.parse(out); - return hash; -}; const path = `${import.meta.dirname}/my-projects.json`; const projects = JSON.parse(await fs.readFile(path)); let hasChanges = false; -for (const [name, state] of Object.entries(projects)) { - const { commit } = state; +for (const [name, commit] of Object.entries(projects)) { const res = await fetch( `https://api.github.com/repos/Noratrieb/${name}/commits/HEAD` ); @@ -38,18 +21,7 @@ for (const [name, state] of Object.entries(projects)) { console.log( `${name} changed from ${commit} -> ${latestCommit} (${body.commit.message})` ); - - const url = `https://github.com/Noratrieb/${name}/archive/${latestCommit}.tar.gz`; - - projects[name] = { - commit: latestCommit, - fetchFromGitHub: { - owner: "Noratrieb", - repo: name, - rev: latestCommit, - hash: fetchHash(url), - }, - }; + projects[name] = latestCommit; hasChanges = true; } } diff --git a/shell.nix b/shell.nix index d7c22bc..896485e 100644 --- a/shell.nix +++ b/shell.nix @@ -12,13 +12,6 @@ python311Packages.zstandard python311Packages.brotli nodejs - (import - (pkgs.fetchFromGitHub { - owner = "ryantm"; - repo = "agenix"; - rev = "531beac616433bac6f9e2a19feb8e99a22a66baf"; - hash = "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA="; - }) - { }).agenix + (import (builtins.fetchTarball "https://github.com/ryantm/agenix/archive/531beac616433bac6f9e2a19feb8e99a22a66baf.tar.gz") { }).agenix ]; }