maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore(*): drop everything that is not required for Tvix

Browse source 
Co-Authored-By: edef <edef@edef.eu>
Co-Authored-By: Ryan Lahfa <raito@lix.systems>
Change-Id: I9817214c3122e49d694c5e41818622a08d9dfe45
This commit is contained in:
Florian Klink 2025-01-05 17:12:30 +01:00
parent bd91cac1f3
commit df4500ea2b
2905 changed files with 34 additions and 493328 deletions
Download patch file Download diff file Expand all files Collapse all files

33
ops/modules/www/atward.tvl.fyi.nix
View file

@ -1,33 +0,0 @@
# Serve atward, the query redirection ... thing.
{ config, ... }:
{
imports = [
./base.nix
];
config = {
# Short link support (i.e. plain http://at) for users with a
# configured tvl.fyi/tvl.su search domain.
services.nginx.virtualHosts."at-shortlink" = {
serverName = "at";
extraConfig = "return 302 https://atward.tvl.fyi$request_uri;";
};
services.nginx.virtualHosts."atward" = {
serverName = "atward.tvl.fyi";
enableACME = true;
forceSSL = true;
serverAliases = [
"atward.tvl.su"
"at.tvl.fyi"
"at.tvl.su"
];
locations."/" = {
proxyPass = "http://localhost:${toString config.services.depot.atward.port}";
};
};
};
}

28
ops/modules/www/auth.tvl.fyi.nix
View file

@ -1,28 +0,0 @@
{ config, ... }:
{
imports = [
./base.nix
];
config = {
services.nginx.virtualHosts."auth.tvl.fyi" = {
serverName = "auth.tvl.fyi";
enableACME = true;
forceSSL = true;
extraConfig = ''
# increase buffer size for large headers
proxy_buffers 8 16k;
proxy_buffer_size 16k;
location / {
proxy_pass http://localhost:${toString config.services.keycloak.settings.http-port};
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $host;
}
'';
};
};
}

32
ops/modules/www/b.tvl.fyi.nix
View file

@ -1,32 +0,0 @@
{ config, ... }:
{
imports = [
./base.nix
];
config = {
services.nginx.virtualHosts."b-shortlink" = {
serverName = "b";
extraConfig = "return 302 https://b.tvl.fyi$request_uri;";
};
services.nginx.virtualHosts."b.tvl.fyi" = {
serverName = "b.tvl.fyi";
serverAliases = [ "b.tvl.su" ];
enableACME = true;
forceSSL = true;
extraConfig = ''
# Forward short links to issues to the issue itself (b/32)
location ~ ^/(\d+)$ {
return 302 https://b.tvl.fyi/issues$request_uri;
}
location / {
proxy_pass http://localhost:${toString config.services.depot.panettone.port};
}
'';
};
};
}

55
ops/modules/www/cache.tvl.fyi.nix
View file

@ -1,55 +0,0 @@
# Publicly serve builderball cache. This is an experimental setup, and separate
# from the "normal" harmonia cache on cache.tvl.su.
{ config, ... }:
let
# This attrset forms a linked list of hosts, which delegate ACME fallbacks to
# each other. These *must* form a circle, otherwise we may end up walking only
# part of the ring.
#
# TODO: remove whitby from here, it is gone; leaving this code for now for
# easier discovery when reconfiguring this.
acmeFallback = host: ({
whitby = "nevsky.cache.tvl.fyi";
nevsky = "whitby.cache.tvl.fyi"; # GOTO 1
})."${host}";
in
{
imports = [
./base.nix
];
config = {
services.nginx.virtualHosts."cache.tvl.fyi" = {
serverName = "cache.tvl.fyi";
enableACME = true;
forceSSL = true;
# This enables fetching TLS certificates for the same domain on different
# hosts. This config is kind of messy; it would be nice to generate a
# correct ring from the depot fixpoint, but this may be impossible due to
# infinite recursion. Please read the comment on `acmeFallback` above.
#
# TODO: whitby is gone, this is not needed at the moment
# acmeFallbackHost = acmeFallback config.networking.hostName;
extraConfig = ''
location = /cache-key.pub {
alias /run/agenix/nix-cache-pub;
}
location = / {
proxy_pass http://${config.services.depot.harmonia.settings.bind};
}
location / {
proxy_pass http://localhost:${toString config.services.depot.builderball.port};
}
'';
};
# participating hosts should use their local cache, otherwise they might end
# up querying themselves from afar for data they don't have.
networking.extraHosts = "127.0.0.1 cache.tvl.fyi";
};
}

25
ops/modules/www/cache.tvl.su.nix
View file

@ -1,25 +0,0 @@
{ config, ... }:
{
imports = [
./base.nix
];
config = {
services.nginx.virtualHosts."cache.tvl.su" = {
serverName = "cache.tvl.su";
enableACME = true;
forceSSL = true;
extraConfig = ''
location = /cache-key.pub {
alias /run/agenix/nix-cache-pub;
}
location / {
proxy_pass http://${config.services.depot.harmonia.settings.bind};
}
'';
};
};
}

66
ops/modules/www/cs.tvl.fyi.nix
View file

@ -1,66 +0,0 @@
# This configuration redirects from the previous Sourcegraph instance to
# livegrep/cgit where appropriate.
{ config, ... }:
{
imports = [
./base.nix
];
config = {
services.nginx.virtualHosts."cs.tvl.fyi" = {
serverName = "cs.tvl.fyi";
serverAliases = [ "cs.tvl.su" ];
enableACME = true;
forceSSL = true;
extraConfig = ''
set $lineno "";
# depot root
location = /depot {
return 301 https://code.tvl.fyi/tree/;
}
# folder/file on canon
location ~ ^/depot/-/(blob|tree)/([^\s]*)$ {
set $path $2;
if ($args ~ ^L(\d+)(-\d+)?$) {
set $lineno "#n$1";
}
return 302 https://code.tvl.fyi/tree/$path$lineno;
}
# folder/file on specific commit
location ~ ^/depot@([a-f0-9]+)/-/(blob|tree)/([^\s]*)$ {
set $commit $1;
set $path $3;
if ($args ~ ^L(\d+)(-\d+)?$) {
set $lineno "#n$1";
}
return 302 https://code.tvl.fyi/tree/$path?id=$commit$lineno;
}
# commit info
location ~ ^/depot/-/commit/([a-f0-9]+)$ {
set $commit $1;
return 302 https://code.tvl.fyi/commit/?id=$commit;
}
# search handler
# This only redirects to the new search, it doesn't try to parse and
# rewrite the query.
location /search {
return 302 https://grep.tvl.fyi/search;
}
location / {
return 404 "TVL code search has moved to grep.tvl.fyi and we could not figure out how to rewrite your query. Sorry!";
}
'';
};
};
}

22
ops/modules/www/deploys.tvl.fyi.nix
View file

@ -1,22 +0,0 @@
{ pkgs, ... }:
{
imports = [
./base.nix
];
config = {
# Ensure the directory for deployment diffs exists.
systemd.tmpfiles.rules = [
"d /var/html/deploys.tvl.fyi/diff 0755 nginx nginx -"
];
services.nginx.virtualHosts."deploys.tvl.fyi" = {
enableACME = true;
forceSSL = true;
root = "/var/html/deploys.tvl.fyi";
};
services.depot.restic.paths = [ "/var/html/deploys.tvl.fyi" ];
};
}

19
ops/modules/www/grep.tvl.fyi.nix
View file

@ -1,19 +0,0 @@
# Experimental configuration for manually Livegrep.
{ config, ... }:
{
imports = [
./base.nix
];
config = {
services.nginx.virtualHosts."grep.tvl.fyi" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.depot.livegrep.port}";
};
};
};
}

31
ops/modules/www/inbox.tvl.su.nix
View file

@ -1,31 +0,0 @@
{ config, depot, ... }:
{
imports = [
./base.nix
];
config = {
services.nginx.virtualHosts."inbox.tvl.su" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
# nginx is incapable of serving a single file at /, hence this hack:
location = / {
index /landing-page;
}
location = /landing-page {
types { } default_type "text/html; charset=utf-8";
alias ${depot.web.inbox};
}
# rest of requests is proxied to public-inbox-httpd
location / {
proxy_pass http://localhost:${toString config.services.public-inbox.http.port};
}
'';
};
};
}

26
ops/modules/www/self-cache.tvl.fyi.nix
View file

@ -1,26 +0,0 @@
# per-host addresses for publicly reachable caches, for use with builderball
# TODO(tazjin): merge with the public cache module; but needs ACME fixes
{ config, lib, ... }:
{
imports = [
./base.nix
];
config = lib.mkIf config.services.depot.harmonia.enable {
services.nginx.virtualHosts."${config.networking.hostName}.cache.tvl.fyi" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
location = /cache-key.pub {
alias /run/agenix/nix-cache-pub;
}
location / {
proxy_pass http://${config.services.depot.harmonia.settings.bind};
}
'';
};
};
}

19
ops/modules/www/signup.tvl.fyi.nix
View file

@ -1,19 +0,0 @@
{ depot, ... }:
{
imports = [
./base.nix
];
config = {
services.nginx.virtualHosts."signup.tvl.fyi" = {
root = depot.web.pwcrypt;
enableACME = true;
forceSSL = true;
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
'';
};
};
}

42
ops/modules/www/static.tvl.fyi.nix
View file

@ -1,42 +0,0 @@
# Host the static assets at static.tvl.fyi
#
# All assets are served from $base/$drvhash/$file, but can also be
# included with `latest/` which will return a (non-permanent!)
# redirect to the real location.
#
# For all purposes within depot, using the drvhash of web.static is
# recommended.
{ depot, pkgs, ... }:
let staticHash = depot.web.static.drvHash;
in {
imports = [
./base.nix
];
config = {
services.nginx.virtualHosts."static.tvl.fyi" = {
serverAliases = [ "static.tvl.su" ];
enableACME = true;
forceSSL = true;
extraConfig = ''
location = / {
add_header Content-Type text/plain;
return 200 "looking for tvl.fyi or tvl.su?";
}
location /latest {
rewrite ^/latest/(.*) /${staticHash}/$1 redirect;
}
location /${staticHash}/ {
alias ${depot.web.static}/;
expires max;
add_header Access-Control-Allow-Origin "*";
add_header Cache-Control "public";
}
'';
};
};
}

25
ops/modules/www/todo.tvl.fyi.nix
View file

@ -1,25 +0,0 @@
{ depot, ... }:
{
imports = [
./base.nix
];
config = {
services.nginx.virtualHosts."todo.tvl.fyi" = {
serverName = "todo.tvl.fyi";
serverAliases = [ "todo.tvl.su" ];
root = depot.web.todolist;
enableACME = true;
forceSSL = true;
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
location ~* \.(webp|woff2)$ {
add_header Cache-Control "public, max-age=31536000";
}
'';
};
};
}

46
ops/modules/www/tvix.dev.nix
View file

@ -1,46 +0,0 @@
{ depot, ... }:
{
imports = [
./base.nix
];
config = {
services.nginx.virtualHosts."tvix.dev" = {
serverName = "tvix.dev";
enableACME = true;
forceSSL = true;
root = depot.tvix.website;
};
services.nginx.virtualHosts."bolt.tvix.dev" = {
root = depot.web.tvixbolt;
enableACME = true;
forceSSL = true;
};
# old domain, serve redirect
services.nginx.virtualHosts."tvixbolt.tvl.su" = {
enableACME = true;
forceSSL = true;
extraConfig = "return 301 https://bolt.tvix.dev$request_uri;";
};
services.nginx.virtualHosts."docs.tvix.dev" = {
serverName = "docs.tvix.dev";
enableACME = true;
forceSSL = true;
extraConfig = ''
location = / {
# until we have a better default page here
return 301 https://docs.tvix.dev/rust/tvix_eval/index.html;
}
location /rust/ {
alias ${depot.tvix.rust-docs}/;
}
'';
};
};
}

47
ops/modules/www/tvl.fyi.nix
View file

@ -1,47 +0,0 @@
{ depot, ... }:
{
imports = [
./base.nix
];
config = {
services.nginx.virtualHosts."tvl.fyi" = {
serverName = "tvl.fyi";
root = depot.web.tvl;
enableACME = true;
forceSSL = true;
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
rewrite ^/builds/?$ https://buildkite.com/tvl/depot/ last;
rewrite ^/monorepo-doc/?$ https://docs.google.com/document/d/1nnyByXcH0F6GOmEezNOUa2RFelpeRpDToBLYD_CtjWE/edit?usp=sharing last;
rewrite ^/irc/?$ ircs://irc.hackint.org:6697/#tvl last;
rewrite ^/webchat/?$ https://webirc.hackint.org/#ircs://irc.hackint.org/#tvl last;
location ~* \.(webp|woff2)$ {
add_header Cache-Control "public, max-age=31536000";
}
location /blog {
if ($request_uri ~ ^/(.*)\.html$) {
return 302 /$1;
}
try_files $uri $uri.html $uri/ =404;
}
location = /blog {
return 302 /#blog;
}
location = /blog/ {
return 302 /#blog;
}
'';
};
};
}

20
ops/modules/www/tvl.su.nix
View file

@ -1,20 +0,0 @@
{ depot, ... }:
{
imports = [
./base.nix
];
config = {
services.nginx.virtualHosts."tvl.su" = {
serverName = "tvl.su";
root = depot.corp.website;
enableACME = true;
forceSSL = true;
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
'';
};
};
}