maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

public01: deploy snix.dev

Browse source 
Change-Id: Ia0a439dd1628299569503370c21a0bbf9552830e
This commit is contained in:
Florian Klink 2025-03-16 14:10:27 +01:00
parent 91d8b86b39
commit 4c65a325a8
4 changed files with 37 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

15
ops/dns/dns-snix-dev.tf
View file

@ -93,6 +93,21 @@ resource "digitalocean_record" "snix_dev_public01" {
for_each = toset(local.public01_services) for_each = toset(local.public01_services)
} }
# A snix.dev pointing to public01
resource "digitalocean_record" "snix_dev_public01_apex_a" {
domain = digitalocean_domain.snix_dev.id
type = "A"
value = var.public01_ipv4
name = "@"
}
# AAAA for snix.dev pointing to public01
resource "digitalocean_record" "snix_dev_public01_apex_aaaa" {
domain = digitalocean_domain.snix_dev.id
type = "AAAA"
value = var.public01_ipv6
name = "@"
}
# Explicit records for all services running on gerrit01 # Explicit records for all services running on gerrit01
resource "digitalocean_record" "snix_dev_gerrit01" { resource "digitalocean_record" "snix_dev_gerrit01" {
domain = digitalocean_domain.snix_dev.id domain = digitalocean_domain.snix_dev.id

1
ops/dns/main.tf
View file

@ -65,6 +65,7 @@ variable "meta01_ipv6" {
locals { locals {
public01_services = [ public01_services = [
"auth", "auth",
"bolt",
"git", "git",
"status" "status"
] ]

6
ops/machines/public01/default.nix
View file

@ -15,6 +15,8 @@ in
# Automatically enable metric and log collection. # Automatically enable metric and log collection.
(mod "o11y/agent.nix") (mod "o11y/agent.nix")
(mod "o11y/grafana.nix") (mod "o11y/grafana.nix")
(mod "www/snix.dev.nix")
(mod "www/bolt.snix.dev.nix")
(mod "www/status.snix.dev.nix") (mod "www/status.snix.dev.nix")
(mod "www/auth.snix.dev.nix") (mod "www/auth.snix.dev.nix")
(mod "www/git.snix.dev.nix") (mod "www/git.snix.dev.nix")
@ -193,9 +195,7 @@ in
# Required for prometheus to be able to scrape stats # Required for prometheus to be able to scrape stats
services.nginx.statusPage = true; services.nginx.statusPage = true;
users = { users.users.root.openssh.authorizedKeys.keys = with depot.users; flokli.keys.all ++ edef.keys.all ++ raito.keys.all;
users.root.openssh.authorizedKeys.keys = with depot.users; flokli.keys.all ++ edef.keys.all ++ raito.keys.all;
};
boot.initrd.systemd.enable = true; boot.initrd.systemd.enable = true;
zramSwap.enable = true; zramSwap.enable = true;

18
ops/modules/www/snix.dev.nix Normal file
View file

@ -0,0 +1,18 @@
{ depot, ... }:
{
imports = [
./base.nix
];
config = {
services.nginx.virtualHosts."snix.dev" = {
enableACME = true;
forceSSL = true;
root = depot.web.website;
locations."/rustdoc/".alias = "${depot.snix.rust-docs}/";
locations."=/rustdoc".return = "302 https://snix.dev/rustdoc/tvix_eval/index.html";
};
};
}