commit f73bde980edd51a5068a1cc0bea0d133d7996469
parent 2b7eb625cc5da3bde6950e5fe12edd46fcc6fa53
Author: Leah (ctucx) <git@ctu.cx>
Date: Sat, 26 Nov 2022 20:33:59 +0100
parent 2b7eb625cc5da3bde6950e5fe12edd46fcc6fa53
Author: Leah (ctucx) <git@ctu.cx>
Date: Sat, 26 Nov 2022 20:33:59 +0100
machines/osterei/websites: move to machine `trabbi`
15 files changed, 170 insertions(+), 168 deletions(-)
D
|
137
-------------------------------------------------------------------------------
A
|
137
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
R
|
0
R
|
0
diff --git a/machines/osterei/configuration.nix b/machines/osterei/configuration.nix @@ -17,8 +17,6 @@ # communication ./mail.nix - # websites - ./websites ]; services.pcscd.enable = lib.mkForce false;
diff --git a/machines/osterei/websites/ctu.cx-bikemap/default.nix b/machines/osterei/websites/ctu.cx-bikemap/default.nix @@ -1,137 +0,0 @@ -{ pkgs, ... }: - -let - parse-gpx = pkgs.stdenv.mkDerivation rec { - name = "parse-gpx"; - src = ./parse-gpx.pl; - - dontUnpack = true; - - nativeBuildInputs = [ pkgs.makeWrapper ]; - buildInputs = [ pkgs.perl ]; - - installPhase = ''mkdir -p $out/bin; cp $src $out/bin/parse-gpx; chmod +x $out/bin/parse-gpx;''; - postFixup = ''wrapProgram $out/bin/parse-gpx --prefix PERL5LIB : "${with pkgs.perlPackages; makePerlPath [ XMLParser ]}"''; - }; - - datamaps = pkgs.stdenv.mkDerivation rec { - name = "datamaps"; - - src = pkgs.fetchFromGitHub { - owner = "e-n-f"; - repo = "datamaps"; - rev = "76e620adabbedabd6866b23b30c145b53bae751e"; - sha256 = "1rdqbyfmgidiv4aqy1s6llls304dxbg5226c7k622smd2rnda2jk"; - }; - - buildInputs = with pkgs; [ pkgconfig libpng ]; - - installPhase = '' - mkdir -p $out/bin; - cp {encode,render,merge,enumerate} $out/bin; - ''; - }; - - makeTile = pkgs.writeShellScript "makeTile" '' - mkdir -p tiles/$2/$3 - echo "rendering $1 $2 $3 $4 $5 $6" - - if [ $2 -gt 13 ] - then - ${datamaps}/bin/render -g -t0 -L4 -c 'ff8800' -S 'ff8800' $1 $2 $3 $4 | ${pkgs.pngquant}/bin/pngquant 256 > tiles/$2/$3/$4.png - else - ${datamaps}/bin/render -g -t0 -L7 -c 'ff8800' -S 'ff8800' $1 $2 $3 $4 | ${pkgs.pngquant}/bin/pngquant 256 > tiles/$2/$3/$4.png - fi - ''; - - deployScript = pkgs.writeShellScript "deploy" '' - systemctl start deploy-bikemap; - systemctl status deploy-bikemap; - ''; - -in { - - users = { - users."bikemap" = { - home = "/var/lib/bikemap"; - group = "git"; - isSystemUser = true; - }; - }; - - security.sudo.extraRules = [{ - users = [ "git" ]; - commands = [ - { command = "${deployScript}"; options = [ "SETENV" "NOPASSWD" ]; } - ]; - }]; - - systemd = { - services.deploy-bikemap = { - script = '' - tmpdir=$(mktemp -d); - cd $tmpdir - - ${pkgs.git}/bin/git clone /var/lib/gitolite/repositories/bikemap.git $tmpdir; - ${pkgs.git}/bin/git clone /var/lib/gitolite/repositories/biketracks.git $tmpdir/tracks; - - find $tmpdir/tracks -name '*.gpx' -print0 | xargs -0 ${parse-gpx}/bin/parse-gpx | ${datamaps}/bin/encode -z16 -m8 -o $tmpdir/gpx.dm - ${datamaps}/bin/enumerate -s -Z6 -z16 ./gpx.dm | xargs -L1 -P3 ${makeTile} - - rm -rf ~/*; - - cp -r $tmpdir/{index.html,bundle.js} ~/.; - cp -r $tmpdir/tiles ~/tiles; - echo "{\"lastUpdated\":\"$(date +"%Y-%m-%d %H:%M")\"}" > ~/lastUpdated.json; - - rm -rf $tmpdir; - ''; - - serviceConfig = { - Type = "oneshot"; - - User = "bikemap"; - Group = "git"; - - WorkingDirectory = "~"; - StateDirectory = "bikemap"; - StateDirectoryMode = "755"; - - NoNewPrivileges = true; - PrivateTmp = true; - PrivateDevices = true; - - RestrictAddressFamilies = "none"; - RestrictNamespaces = true; - RestrictRealtime = true; - - ProtectSystem = "full"; - ProtectControlGroups = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - - DevicePolicy = "closed"; - LockPersonality = true; - }; - }; - }; - - services = { - gitolite.hooks.postReceive = '' - #deploy bikemap - [ "$GL_REPO" == "bikemap" ] && sudo ${deployScript} - [ "$GL_REPO" == "biketracks" ] && sudo ${deployScript} - ''; - - nginx = { - enable = true; - virtualHosts."ctu.cx" = { - enableACME = true; - forceSSL = true; - locations = { - "/bikemap/".alias = "/var/lib/bikemap/"; - }; - }; - }; - }; -}
diff --git a/machines/osterei/websites/ctu.cx.nix b/machines/osterei/websites/ctu.cx.nix @@ -1,19 +0,0 @@ -{ pkgs, ...}: - -{ - - dns.zones."ctu.cx" = (pkgs.dns.lib.combinators.host "185.232.70.80" "2a03:4000:4e:af1::1"); - - services.nginx = { - enable = true; - virtualHosts."ctu.cx" = { - enableACME = true; - forceSSL = true; - locations = { - "/".root = ./ctu.cx; - "/netzabdeckung.html".return = "307 https://wifionic.de/"; - }; - }; - }; - -}
diff --git a/machines/osterei/websites/default.nix b/machines/osterei/websites/default.nix @@ -1,10 +0,0 @@ -{ ... }: - -{ - - imports = [ - ./ctu.cx.nix - ./ctu.cx-bikemap - ]; - -}
diff --git a/machines/trabbi/configuration.nix b/machines/trabbi/configuration.nix @@ -19,6 +19,9 @@ # communication ./matrix-synapse.nix ./pleroma + + # websites + ./websites ]; age.secrets.restic-server-lollo.file = ../../secrets/restic-server/lollo.age;
diff --git a/machines/trabbi/websites/bikemap.ctu.cx/default.nix b/machines/trabbi/websites/bikemap.ctu.cx/default.nix @@ -0,0 +1,137 @@ +{ config, pkgs, ... }: + +let + parse-gpx = pkgs.stdenv.mkDerivation rec { + name = "parse-gpx"; + src = ./parse-gpx.pl; + + dontUnpack = true; + + nativeBuildInputs = [ pkgs.makeWrapper ]; + buildInputs = [ pkgs.perl ]; + + installPhase = ''mkdir -p $out/bin; cp $src $out/bin/parse-gpx; chmod +x $out/bin/parse-gpx;''; + postFixup = ''wrapProgram $out/bin/parse-gpx --prefix PERL5LIB : "${with pkgs.perlPackages; makePerlPath [ XMLParser ]}"''; + }; + + datamaps = pkgs.stdenv.mkDerivation rec { + name = "datamaps"; + + src = pkgs.fetchFromGitHub { + owner = "e-n-f"; + repo = "datamaps"; + rev = "76e620adabbedabd6866b23b30c145b53bae751e"; + sha256 = "1rdqbyfmgidiv4aqy1s6llls304dxbg5226c7k622smd2rnda2jk"; + }; + + buildInputs = with pkgs; [ pkgconfig libpng ]; + + installPhase = '' + mkdir -p $out/bin; + cp {encode,render,merge,enumerate} $out/bin; + ''; + }; + + makeTile = pkgs.writeShellScript "makeTile" '' + mkdir -p tiles/$2/$3 + echo "rendering $1 $2 $3 $4 $5 $6" + + if [ $2 -gt 13 ] + then + ${datamaps}/bin/render -g -t0 -L4 -c 'ff8800' -S 'ff8800' $1 $2 $3 $4 | ${pkgs.pngquant}/bin/pngquant 256 > tiles/$2/$3/$4.png + else + ${datamaps}/bin/render -g -t0 -L7 -c 'ff8800' -S 'ff8800' $1 $2 $3 $4 | ${pkgs.pngquant}/bin/pngquant 256 > tiles/$2/$3/$4.png + fi + ''; + + deployScript = pkgs.writeShellScript "deploy" '' + systemctl start deploy-bikemap; + systemctl status deploy-bikemap; + ''; + +in { + + dns.zones."ctu.cx".subdomains.bikemap.CNAME = [ "${config.networking.fqdn}." ]; + + users = { + users."bikemap" = { + home = "/var/lib/bikemap"; + group = "git"; + isSystemUser = true; + }; + }; + + security.sudo.extraRules = [{ + users = [ "git" ]; + commands = [ + { command = "${deployScript}"; options = [ "SETENV" "NOPASSWD" ]; } + ]; + }]; + + systemd = { + services.deploy-bikemap = { + script = '' + tmpdir=$(mktemp -d); + cd $tmpdir + + ${pkgs.git}/bin/git clone /var/lib/gitolite/repositories/bikemap.git $tmpdir; + ${pkgs.git}/bin/git clone /var/lib/gitolite/repositories/biketracks.git $tmpdir/tracks; + + find $tmpdir/tracks -name '*.gpx' -print0 | xargs -0 ${parse-gpx}/bin/parse-gpx | ${datamaps}/bin/encode -z16 -m8 -o $tmpdir/gpx.dm + ${datamaps}/bin/enumerate -s -Z6 -z16 ./gpx.dm | xargs -L1 -P3 ${makeTile} + + rm -rf ~/*; + + cp -r $tmpdir/{index.html,bundle.js} ~/.; + cp -r $tmpdir/tiles ~/tiles; + echo "{\"lastUpdated\":\"$(date +"%Y-%m-%d %H:%M")\"}" > ~/lastUpdated.json; + + rm -rf $tmpdir; + ''; + + serviceConfig = { + Type = "oneshot"; + + User = "bikemap"; + Group = "git"; + + WorkingDirectory = "~"; + StateDirectory = "bikemap"; + StateDirectoryMode = "755"; + + NoNewPrivileges = true; + PrivateTmp = true; + PrivateDevices = true; + + RestrictAddressFamilies = "none"; + RestrictNamespaces = true; + RestrictRealtime = true; + + ProtectSystem = "full"; + ProtectControlGroups = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + + DevicePolicy = "closed"; + LockPersonality = true; + }; + }; + }; + + services = { + gitolite.hooks.postReceive = '' + #deploy bikemap + [ "$GL_REPO" == "bikemap" ] && sudo ${deployScript} + [ "$GL_REPO" == "biketracks" ] && sudo ${deployScript} + ''; + + nginx = { + enable = true; + virtualHosts."bikemap.ctu.cx" = { + enableACME = true; + forceSSL = true; + root = "/var/lib/bikemap/"; + }; + }; + }; +}
diff --git a/machines/trabbi/websites/ctu.cx.nix b/machines/trabbi/websites/ctu.cx.nix @@ -0,0 +1,20 @@ +{ pkgs, ...}: + +{ + + dns.zones."ctu.cx" = (pkgs.dns.lib.combinators.host "89.58.62.171" "2a0a:4cc0:1:2d7::1"); + + services.nginx = { + enable = true; + virtualHosts."ctu.cx" = { + enableACME = true; + forceSSL = true; + locations = { + "/".root = ./ctu.cx; + "/netzabdeckung.html".return = "307 https://wifionic.de/"; + "/bikemap".return = "307 https://bikemap.ctu.cx/"; + }; + }; + }; + +}
diff --git a/machines/trabbi/websites/default.nix b/machines/trabbi/websites/default.nix @@ -0,0 +1,10 @@ +{ ... }: + +{ + + imports = [ + ./ctu.cx.nix + ./bikemap.ctu.cx + ]; + +}