From 4c65a325a83b5246041e2f141fae67373082b474 Mon Sep 17 00:00:00 2001
From: Florian Klink <flokli@flokli.de>
Date: Sun, 16 Mar 2025 14:10:27 +0100
Subject: [PATCH] public01: deploy snix.dev

Change-Id: Ia0a439dd1628299569503370c21a0bbf9552830e
---
 ops/dns/dns-snix-dev.tf           | 15 +++++++++++++++
 ops/dns/main.tf                   |  1 +
 ops/machines/public01/default.nix |  6 +++---
 ops/modules/www/snix.dev.nix      | 18 ++++++++++++++++++
 4 files changed, 37 insertions(+), 3 deletions(-)
 create mode 100644 ops/modules/www/snix.dev.nix

diff --git a/ops/dns/dns-snix-dev.tf b/ops/dns/dns-snix-dev.tf
index dab707df0..add0fac2f 100644
--- a/ops/dns/dns-snix-dev.tf
+++ b/ops/dns/dns-snix-dev.tf
@@ -93,6 +93,21 @@ resource "digitalocean_record" "snix_dev_public01" {
   for_each = toset(local.public01_services)
 }
 
+# A snix.dev pointing to public01
+resource "digitalocean_record" "snix_dev_public01_apex_a" {
+  domain   = digitalocean_domain.snix_dev.id
+  type     = "A"
+  value    = var.public01_ipv4
+  name     = "@"
+}
+# AAAA for snix.dev pointing to public01
+resource "digitalocean_record" "snix_dev_public01_apex_aaaa" {
+  domain   = digitalocean_domain.snix_dev.id
+  type     = "AAAA"
+  value    = var.public01_ipv6
+  name     = "@"
+}
+
 # Explicit records for all services running on gerrit01
 resource "digitalocean_record" "snix_dev_gerrit01" {
   domain   = digitalocean_domain.snix_dev.id
diff --git a/ops/dns/main.tf b/ops/dns/main.tf
index 32aea4cd9..263c8f033 100644
--- a/ops/dns/main.tf
+++ b/ops/dns/main.tf
@@ -65,6 +65,7 @@ variable "meta01_ipv6" {
 locals {
   public01_services = [
     "auth",
+    "bolt",
     "git",
     "status"
   ]
diff --git a/ops/machines/public01/default.nix b/ops/machines/public01/default.nix
index 0ff09c4b9..f4500bd8a 100644
--- a/ops/machines/public01/default.nix
+++ b/ops/machines/public01/default.nix
@@ -15,6 +15,8 @@ in
     # Automatically enable metric and log collection.
     (mod "o11y/agent.nix")
     (mod "o11y/grafana.nix")
+    (mod "www/snix.dev.nix")
+    (mod "www/bolt.snix.dev.nix")
     (mod "www/status.snix.dev.nix")
     (mod "www/auth.snix.dev.nix")
     (mod "www/git.snix.dev.nix")
@@ -193,9 +195,7 @@ in
   # Required for prometheus to be able to scrape stats
   services.nginx.statusPage = true;
 
-  users = {
-    users.root.openssh.authorizedKeys.keys = with depot.users; flokli.keys.all ++ edef.keys.all ++ raito.keys.all;
-  };
+  users.users.root.openssh.authorizedKeys.keys = with depot.users; flokli.keys.all ++ edef.keys.all ++ raito.keys.all;
 
   boot.initrd.systemd.enable = true;
   zramSwap.enable = true;
diff --git a/ops/modules/www/snix.dev.nix b/ops/modules/www/snix.dev.nix
new file mode 100644
index 000000000..59cd00fa5
--- /dev/null
+++ b/ops/modules/www/snix.dev.nix
@@ -0,0 +1,18 @@
+{ depot, ... }:
+
+{
+  imports = [
+    ./base.nix
+  ];
+
+  config = {
+    services.nginx.virtualHosts."snix.dev" = {
+      enableACME = true;
+      forceSSL = true;
+      root = depot.web.website;
+
+      locations."/rustdoc/".alias = "${depot.snix.rust-docs}/";
+      locations."=/rustdoc".return = "302 https://snix.dev/rustdoc/tvix_eval/index.html";
+    };
+  };
+}