From: self <self@awful.systems>
Date: Sun, 2 Jul 2023 08:58:46 +0000 (-0700)
Subject: add a basic maintenance mode module
X-Git-Url: http://these/git/%7B%60/feeds/inbox/%22%7B%7D/%22?a=commitdiff_plain;h=d60475cef95e4582795cf8049cf8f0584ca73aab;p=awful.systems.git

add a basic maintenance mode module
---

diff --git a/flake.nix b/flake.nix
index 2dc8760..8653d48 100644
--- a/flake.nix
+++ b/flake.nix
@@ -16,6 +16,11 @@
           modules =
             [ ./hosts/these/configuration.nix sops-nix.nixosModules.sops ];
         };
+        more = nixpkgs.lib.nixosSystem {
+          specialArgs = attrs;
+          modules =
+            [ ./hosts/more/configuration.nix sops-nix.nixosModules.sops ];
+        };
       };
     } // flake-utils.lib.eachDefaultSystem (system:
       let
@@ -32,13 +37,16 @@
           '';
         init-secrets = pkgs.writeShellScriptBin "init-secrets" ''
           mkdir -p ~/.config/sops/age
-          cp $1 /tmp/init-secrets-key &&
+          cp "$1" /tmp/init-secrets-key &&
           ${pkgs.openssh}/bin/ssh-keygen -p -N "" -f /tmp/init-secrets-key &&
           ${pkgs.ssh-to-age}/bin/ssh-to-age -private-key -i /tmp/init-secrets-key > ~/.config/sops/age/keys.txt
           rm /tmp/init-secrets-key
           echo Your age public key is:
           ${pkgs.age}/bin/age-keygen -y ~/.config/sops/age/keys.txt
         '';
+        rekey-secrets = pkgs.writeShellScriptBin "rekey-secrets" ''
+          ${pkgs.sops}/bin/sops updatekeys "$1"
+        '';
       in {
         devShells.default = pkgs.mkShell {
           buildInputs = [
@@ -47,9 +55,13 @@
             pkgs.age
             (deploy "these" "root@these.awful.systems")
             (go "these" "root@these.awful.systems")
+            (deploy "more" "root@more.awful.systems")
+            (go "more" "root@more.awful.systems")
             init-secrets
             pkgs.bashInteractive
           ];
         };
+        packages.maint-mode =
+          (pkgs.callPackage ./maint-mode/site.nix {});
       });
 }
diff --git a/git/default.nix b/git/default.nix
index 92667a5..cfc84f3 100644
--- a/git/default.nix
+++ b/git/default.nix
@@ -2,12 +2,13 @@
 
 let
   new-repo = pkgs.writeShellScriptBin "new-repo" ''
-mkdir -p ${config.users.extraUsers.git.home}/repos/''${1}.git
-${pkgs.git}/bin/git init --bare ${config.users.extraUsers.git.home}/repos/''${1}.git/
-chown -R git:git ${config.users.extraUsers.git.home}/repos
-'';
-  in
-{
+    mkdir -p ${config.users.extraUsers.git.home}/repos/''${1}.git
+    ${pkgs.git}/bin/git init --bare ${config.users.extraUsers.git.home}/repos/''${1}.git/
+    chown -R git:git ${config.users.extraUsers.git.home}/repos
+  '';
+in {
+  imports = [ ../secrets/keys/git.nix ];
+
   users.extraUsers.git = {
     uid = 402;
     isSystemUser = true;
@@ -24,7 +25,7 @@ chown -R git:git ${config.users.extraUsers.git.home}/repos
     enable = true;
     location = "/git";
     group = "git";
-    virtualHost = "awful.systems";
+    virtualHost = "awful.systems these.awful.systems these";
   };
 
   services.gitweb = {
diff --git a/git/proxy-pass.nix b/git/proxy-pass.nix
new file mode 100644
index 0000000..20e5802
--- /dev/null
+++ b/git/proxy-pass.nix
@@ -0,0 +1,7 @@
+{ config, lib, pkgs, ... }:
+
+{
+  services.nginx.virtualHosts."awful.systems".locations."/git" = {
+    proxyPass = "http://these/git";
+  };
+}
diff --git a/hosts/more/configuration.nix b/hosts/more/configuration.nix
index 9913903..e1e7cbc 100644
--- a/hosts/more/configuration.nix
+++ b/hosts/more/configuration.nix
@@ -1,11 +1,13 @@
 { pkgs, ... }:
 
 {
-  imports = [
-    ../../hardware/hetzner-cloud/cpx31.nix
-    ../../secrets
-    ../../maint-mode
-  ];
+  imports =
+    [ ../../hardware/hetzner-cloud/cpx31.nix ../../secrets ../../maint-mode ];
 
   networking.hostName = "more";
+
+  awful.systems.maint-mode = {
+    enable = true;
+    virtualHost = "awful.systems";
+  };
 }
diff --git a/hosts/these/configuration.nix b/hosts/these/configuration.nix
index d9de0c9..284615d 100644
--- a/hosts/these/configuration.nix
+++ b/hosts/these/configuration.nix
@@ -1,7 +1,7 @@
 { pkgs, ... }:
 {
   imports = [
-    ../../hardware/hetzner-cloud.nix
+    ../../hardware/hetzner-cloud/cp21.nix
     ../../secrets
     ../../pass
     ../../lemmy
diff --git a/maint-mode/default.nix b/maint-mode/default.nix
new file mode 100644
index 0000000..1d9b3e2
--- /dev/null
+++ b/maint-mode/default.nix
@@ -0,0 +1,27 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let cfg = config.awful.systems.maint-mode;
+in {
+  options.awful.systems.maint-mode = {
+    enable = mkEnableOption (mdDoc ''
+      Whether to configure nginx to display the maintenance mode route as default.
+    '');
+    virtualHost = mkOption {
+      type = types.str;
+      description = lib.mdDoc
+        "The nginx virtualHost to show the maintenance mode route for.";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.nginx = {
+      enable = true;
+      virtualHosts."${cfg.virtualHost}" = {
+        root = mkForce (pkgs.callPackage ./site.nix { });
+      };
+    };
+
+    networking.firewall.allowedTCPPorts = [ 80 ];
+  };
+}
diff --git a/maint-mode/index.html b/maint-mode/index.html
new file mode 100644
index 0000000..aa77ec3
--- /dev/null
+++ b/maint-mode/index.html
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <link rel="stylesheet" href="maint-mode.css">
+    <title>awful.systems is down for maintenance</title>
+  </head>
+  <body>
+    <div class="content">
+      <div class="logo-container">
+        <img class="logo" src="sneer-club-logo.svg" alt="a logo indicating things are broken" />
+      </div>
+      <div>
+        awful.systems is down for upgrades! <a href="https://mas.to/@zzt">follow me on mastodon</a> for updates
+      </div>
+    </div>
+  </body>
+</html>
diff --git a/maint-mode/maint-mode.css b/maint-mode/maint-mode.css
new file mode 100644
index 0000000..2004566
--- /dev/null
+++ b/maint-mode/maint-mode.css
@@ -0,0 +1,26 @@
+html {
+    background-color: rgb(34, 34, 34);
+    color: white;
+}
+
+.content {
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    justify-content: center;
+}
+
+.logo-container {
+    width: 50%;
+    height: 50%;
+    padding: 2.5em;
+}
+
+.logo {
+    animation: rotate 600s infinite;
+}
+
+@keyframes rotate {
+    from { transform: rotate(0deg) }
+    to { transform: rotate(360deg) }
+}
diff --git a/maint-mode/site.nix b/maint-mode/site.nix
new file mode 100644
index 0000000..dfb0693
--- /dev/null
+++ b/maint-mode/site.nix
@@ -0,0 +1,8 @@
+{ runCommand, ... }:
+
+runCommand "maint-mode-site" { } ''
+  mkdir -p $out
+  cp ${./index.html} $out/index.html
+  cp ${./maint-mode.css} $out/maint-mode.css
+  cp ${../assets/sneer-club-logo.svg} $out/sneer-club-logo.svg
+''