add a basic maintenance mode module
authorself <self@awful.systems>
Sun, 2 Jul 2023 08:58:46 +0000 (01:58 -0700)
committerself <self@awful.systems>
Sun, 2 Jul 2023 08:58:46 +0000 (01:58 -0700)
flake.nix
git/default.nix
git/proxy-pass.nix [new file with mode: 0644]
hosts/more/configuration.nix
hosts/these/configuration.nix
maint-mode/default.nix [new file with mode: 0644]
maint-mode/index.html [new file with mode: 0644]
maint-mode/maint-mode.css [new file with mode: 0644]
maint-mode/site.nix [new file with mode: 0644]

index 2dc87600ef0b16aa4feedcbdb1cd07790344b806..8653d48629fc32ee44c93077910794fa40b8d033 100644 (file)
--- a/flake.nix
+++ b/flake.nix
           modules =
             [ ./hosts/these/configuration.nix sops-nix.nixosModules.sops ];
         };
+        more = nixpkgs.lib.nixosSystem {
+          specialArgs = attrs;
+          modules =
+            [ ./hosts/more/configuration.nix sops-nix.nixosModules.sops ];
+        };
       };
     } // flake-utils.lib.eachDefaultSystem (system:
       let
           '';
         init-secrets = pkgs.writeShellScriptBin "init-secrets" ''
           mkdir -p ~/.config/sops/age
-          cp $1 /tmp/init-secrets-key &&
+          cp "$1" /tmp/init-secrets-key &&
           ${pkgs.openssh}/bin/ssh-keygen -p -N "" -f /tmp/init-secrets-key &&
           ${pkgs.ssh-to-age}/bin/ssh-to-age -private-key -i /tmp/init-secrets-key > ~/.config/sops/age/keys.txt
           rm /tmp/init-secrets-key
           echo Your age public key is:
           ${pkgs.age}/bin/age-keygen -y ~/.config/sops/age/keys.txt
         '';
+        rekey-secrets = pkgs.writeShellScriptBin "rekey-secrets" ''
+          ${pkgs.sops}/bin/sops updatekeys "$1"
+        '';
       in {
         devShells.default = pkgs.mkShell {
           buildInputs = [
             pkgs.age
             (deploy "these" "root@these.awful.systems")
             (go "these" "root@these.awful.systems")
+            (deploy "more" "root@more.awful.systems")
+            (go "more" "root@more.awful.systems")
             init-secrets
             pkgs.bashInteractive
           ];
         };
+        packages.maint-mode =
+          (pkgs.callPackage ./maint-mode/site.nix {});
       });
 }
index 92667a5b9cc33709d6f8642661b04bc46ea002ba..cfc84f3d4216e5667bb014f8b738ceaa3649f25a 100644 (file)
@@ -2,12 +2,13 @@
 
 let
   new-repo = pkgs.writeShellScriptBin "new-repo" ''
-mkdir -p ${config.users.extraUsers.git.home}/repos/''${1}.git
-${pkgs.git}/bin/git init --bare ${config.users.extraUsers.git.home}/repos/''${1}.git/
-chown -R git:git ${config.users.extraUsers.git.home}/repos
-'';
-  in
-{
+    mkdir -p ${config.users.extraUsers.git.home}/repos/''${1}.git
+    ${pkgs.git}/bin/git init --bare ${config.users.extraUsers.git.home}/repos/''${1}.git/
+    chown -R git:git ${config.users.extraUsers.git.home}/repos
+  '';
+in {
+  imports = [ ../secrets/keys/git.nix ];
+
   users.extraUsers.git = {
     uid = 402;
     isSystemUser = true;
@@ -24,7 +25,7 @@ chown -R git:git ${config.users.extraUsers.git.home}/repos
     enable = true;
     location = "/git";
     group = "git";
-    virtualHost = "awful.systems";
+    virtualHost = "awful.systems these.awful.systems these";
   };
 
   services.gitweb = {
diff --git a/git/proxy-pass.nix b/git/proxy-pass.nix
new file mode 100644 (file)
index 0000000..20e5802
--- /dev/null
@@ -0,0 +1,7 @@
+{ config, lib, pkgs, ... }:
+
+{
+  services.nginx.virtualHosts."awful.systems".locations."/git" = {
+    proxyPass = "http://these/git";
+  };
+}
index 9913903c066688b98f594185f5c1f517e0b9575f..e1e7cbc1df6890021a68822a635d90f8a22c342c 100644 (file)
@@ -1,11 +1,13 @@
 { pkgs, ... }:
 
 {
-  imports = [
-    ../../hardware/hetzner-cloud/cpx31.nix
-    ../../secrets
-    ../../maint-mode
-  ];
+  imports =
+    [ ../../hardware/hetzner-cloud/cpx31.nix ../../secrets ../../maint-mode ];
 
   networking.hostName = "more";
+
+  awful.systems.maint-mode = {
+    enable = true;
+    virtualHost = "awful.systems";
+  };
 }
index d9de0c973ac28b4f4ffa5932aea3e0e32c521e5e..284615d082aa5566be1ba3a4d8db6ac1350be62a 100644 (file)
@@ -1,7 +1,7 @@
 { pkgs, ... }:
 {
   imports = [
-    ../../hardware/hetzner-cloud.nix
+    ../../hardware/hetzner-cloud/cp21.nix
     ../../secrets
     ../../pass
     ../../lemmy
diff --git a/maint-mode/default.nix b/maint-mode/default.nix
new file mode 100644 (file)
index 0000000..1d9b3e2
--- /dev/null
@@ -0,0 +1,27 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let cfg = config.awful.systems.maint-mode;
+in {
+  options.awful.systems.maint-mode = {
+    enable = mkEnableOption (mdDoc ''
+      Whether to configure nginx to display the maintenance mode route as default.
+    '');
+    virtualHost = mkOption {
+      type = types.str;
+      description = lib.mdDoc
+        "The nginx virtualHost to show the maintenance mode route for.";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.nginx = {
+      enable = true;
+      virtualHosts."${cfg.virtualHost}" = {
+        root = mkForce (pkgs.callPackage ./site.nix { });
+      };
+    };
+
+    networking.firewall.allowedTCPPorts = [ 80 ];
+  };
+}
diff --git a/maint-mode/index.html b/maint-mode/index.html
new file mode 100644 (file)
index 0000000..aa77ec3
--- /dev/null
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <link rel="stylesheet" href="maint-mode.css">
+    <title>awful.systems is down for maintenance</title>
+  </head>
+  <body>
+    <div class="content">
+      <div class="logo-container">
+        <img class="logo" src="sneer-club-logo.svg" alt="a logo indicating things are broken" />
+      </div>
+      <div>
+        awful.systems is down for upgrades! <a href="https://mas.to/@zzt">follow me on mastodon</a> for updates
+      </div>
+    </div>
+  </body>
+</html>
diff --git a/maint-mode/maint-mode.css b/maint-mode/maint-mode.css
new file mode 100644 (file)
index 0000000..2004566
--- /dev/null
@@ -0,0 +1,26 @@
+html {
+    background-color: rgb(34, 34, 34);
+    color: white;
+}
+
+.content {
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    justify-content: center;
+}
+
+.logo-container {
+    width: 50%;
+    height: 50%;
+    padding: 2.5em;
+}
+
+.logo {
+    animation: rotate 600s infinite;
+}
+
+@keyframes rotate {
+    from { transform: rotate(0deg) }
+    to { transform: rotate(360deg) }
+}
diff --git a/maint-mode/site.nix b/maint-mode/site.nix
new file mode 100644 (file)
index 0000000..dfb0693
--- /dev/null
@@ -0,0 +1,8 @@
+{ runCommand, ... }:
+
+runCommand "maint-mode-site" { } ''
+  mkdir -p $out
+  cp ${./index.html} $out/index.html
+  cp ${./maint-mode.css} $out/maint-mode.css
+  cp ${../assets/sneer-club-logo.svg} $out/sneer-club-logo.svg
+''