From: self Date: Sun, 2 Jul 2023 08:58:46 +0000 (-0700) Subject: add a basic maintenance mode module X-Git-Url: http://these/git/%22https:/www.exeterceilidhs.net/%7B%7D/inbox?a=commitdiff_plain;h=d60475cef95e4582795cf8049cf8f0584ca73aab;p=awful.systems.git add a basic maintenance mode module --- diff --git a/flake.nix b/flake.nix index 2dc8760..8653d48 100644 --- a/flake.nix +++ b/flake.nix @@ -16,6 +16,11 @@ modules = [ ./hosts/these/configuration.nix sops-nix.nixosModules.sops ]; }; + more = nixpkgs.lib.nixosSystem { + specialArgs = attrs; + modules = + [ ./hosts/more/configuration.nix sops-nix.nixosModules.sops ]; + }; }; } // flake-utils.lib.eachDefaultSystem (system: let @@ -32,13 +37,16 @@ ''; init-secrets = pkgs.writeShellScriptBin "init-secrets" '' mkdir -p ~/.config/sops/age - cp $1 /tmp/init-secrets-key && + cp "$1" /tmp/init-secrets-key && ${pkgs.openssh}/bin/ssh-keygen -p -N "" -f /tmp/init-secrets-key && ${pkgs.ssh-to-age}/bin/ssh-to-age -private-key -i /tmp/init-secrets-key > ~/.config/sops/age/keys.txt rm /tmp/init-secrets-key echo Your age public key is: ${pkgs.age}/bin/age-keygen -y ~/.config/sops/age/keys.txt ''; + rekey-secrets = pkgs.writeShellScriptBin "rekey-secrets" '' + ${pkgs.sops}/bin/sops updatekeys "$1" + ''; in { devShells.default = pkgs.mkShell { buildInputs = [ @@ -47,9 +55,13 @@ pkgs.age (deploy "these" "root@these.awful.systems") (go "these" "root@these.awful.systems") + (deploy "more" "root@more.awful.systems") + (go "more" "root@more.awful.systems") init-secrets pkgs.bashInteractive ]; }; + packages.maint-mode = + (pkgs.callPackage ./maint-mode/site.nix {}); }); } diff --git a/git/default.nix b/git/default.nix index 92667a5..cfc84f3 100644 --- a/git/default.nix +++ b/git/default.nix @@ -2,12 +2,13 @@ let new-repo = pkgs.writeShellScriptBin "new-repo" '' -mkdir -p ${config.users.extraUsers.git.home}/repos/''${1}.git -${pkgs.git}/bin/git init --bare ${config.users.extraUsers.git.home}/repos/''${1}.git/ -chown -R git:git ${config.users.extraUsers.git.home}/repos -''; - in -{ + mkdir -p ${config.users.extraUsers.git.home}/repos/''${1}.git + ${pkgs.git}/bin/git init --bare ${config.users.extraUsers.git.home}/repos/''${1}.git/ + chown -R git:git ${config.users.extraUsers.git.home}/repos + ''; +in { + imports = [ ../secrets/keys/git.nix ]; + users.extraUsers.git = { uid = 402; isSystemUser = true; @@ -24,7 +25,7 @@ chown -R git:git ${config.users.extraUsers.git.home}/repos enable = true; location = "/git"; group = "git"; - virtualHost = "awful.systems"; + virtualHost = "awful.systems these.awful.systems these"; }; services.gitweb = { diff --git a/git/proxy-pass.nix b/git/proxy-pass.nix new file mode 100644 index 0000000..20e5802 --- /dev/null +++ b/git/proxy-pass.nix @@ -0,0 +1,7 @@ +{ config, lib, pkgs, ... }: + +{ + services.nginx.virtualHosts."awful.systems".locations."/git" = { + proxyPass = "http://these/git"; + }; +} diff --git a/hosts/more/configuration.nix b/hosts/more/configuration.nix index 9913903..e1e7cbc 100644 --- a/hosts/more/configuration.nix +++ b/hosts/more/configuration.nix @@ -1,11 +1,13 @@ { pkgs, ... }: { - imports = [ - ../../hardware/hetzner-cloud/cpx31.nix - ../../secrets - ../../maint-mode - ]; + imports = + [ ../../hardware/hetzner-cloud/cpx31.nix ../../secrets ../../maint-mode ]; networking.hostName = "more"; + + awful.systems.maint-mode = { + enable = true; + virtualHost = "awful.systems"; + }; } diff --git a/hosts/these/configuration.nix b/hosts/these/configuration.nix index d9de0c9..284615d 100644 --- a/hosts/these/configuration.nix +++ b/hosts/these/configuration.nix @@ -1,7 +1,7 @@ { pkgs, ... }: { imports = [ - ../../hardware/hetzner-cloud.nix + ../../hardware/hetzner-cloud/cp21.nix ../../secrets ../../pass ../../lemmy diff --git a/maint-mode/default.nix b/maint-mode/default.nix new file mode 100644 index 0000000..1d9b3e2 --- /dev/null +++ b/maint-mode/default.nix @@ -0,0 +1,27 @@ +{ config, lib, pkgs, ... }: + +with lib; +let cfg = config.awful.systems.maint-mode; +in { + options.awful.systems.maint-mode = { + enable = mkEnableOption (mdDoc '' + Whether to configure nginx to display the maintenance mode route as default. + ''); + virtualHost = mkOption { + type = types.str; + description = lib.mdDoc + "The nginx virtualHost to show the maintenance mode route for."; + }; + }; + + config = mkIf cfg.enable { + services.nginx = { + enable = true; + virtualHosts."${cfg.virtualHost}" = { + root = mkForce (pkgs.callPackage ./site.nix { }); + }; + }; + + networking.firewall.allowedTCPPorts = [ 80 ]; + }; +} diff --git a/maint-mode/index.html b/maint-mode/index.html new file mode 100644 index 0000000..aa77ec3 --- /dev/null +++ b/maint-mode/index.html @@ -0,0 +1,18 @@ + + + + + + awful.systems is down for maintenance + + +
+
+ +
+
+ awful.systems is down for upgrades! follow me on mastodon for updates +
+
+ + diff --git a/maint-mode/maint-mode.css b/maint-mode/maint-mode.css new file mode 100644 index 0000000..2004566 --- /dev/null +++ b/maint-mode/maint-mode.css @@ -0,0 +1,26 @@ +html { + background-color: rgb(34, 34, 34); + color: white; +} + +.content { + display: flex; + flex-direction: column; + align-items: center; + justify-content: center; +} + +.logo-container { + width: 50%; + height: 50%; + padding: 2.5em; +} + +.logo { + animation: rotate 600s infinite; +} + +@keyframes rotate { + from { transform: rotate(0deg) } + to { transform: rotate(360deg) } +} diff --git a/maint-mode/site.nix b/maint-mode/site.nix new file mode 100644 index 0000000..dfb0693 --- /dev/null +++ b/maint-mode/site.nix @@ -0,0 +1,8 @@ +{ runCommand, ... }: + +runCommand "maint-mode-site" { } '' + mkdir -p $out + cp ${./index.html} $out/index.html + cp ${./maint-mode.css} $out/maint-mode.css + cp ${../assets/sneer-club-logo.svg} $out/sneer-club-logo.svg +''