From 39291a65f33e3575bd2b41fc2a24aca3cbad8491 Mon Sep 17 00:00:00 2001 From: Jake Hillion Date: Sun, 8 Jan 2023 11:58:34 +0000 Subject: [PATCH] www: deploy blog --- .../default.nix | 2 +- modules/{reverse-proxy => www}/global.nix | 17 +++++++- modules/www/www-repo.nix | 40 +++++++++++++++++++ 3 files changed, 57 insertions(+), 2 deletions(-) rename modules/{reverse-proxy => www}/global.nix (73%) create mode 100644 modules/www/www-repo.nix diff --git a/hosts/vm.strangervm.ts.hillion.co.uk/default.nix b/hosts/vm.strangervm.ts.hillion.co.uk/default.nix index 738feaf..963142f 100644 --- a/hosts/vm.strangervm.ts.hillion.co.uk/default.nix +++ b/hosts/vm.strangervm.ts.hillion.co.uk/default.nix @@ -10,7 +10,7 @@ ../../modules/common/default.nix ../../modules/matrix/default.nix ../../modules/resilio/default.nix - ../../modules/reverse-proxy/global.nix + ../../modules/www/global.nix ./hardware-configuration.nix ]; diff --git a/modules/reverse-proxy/global.nix b/modules/www/global.nix similarity index 73% rename from modules/reverse-proxy/global.nix rename to modules/www/global.nix index 3c184e2..f2758f5 100644 --- a/modules/reverse-proxy/global.nix +++ b/modules/www/global.nix @@ -1,6 +1,10 @@ { pkgs, lib, config, ... }: { + imports = [ + ./www-repo.nix + ]; + networking.firewall = { allowedTCPPorts = [ 80 443 ]; allowedUDPPorts = [ 443 ]; @@ -10,7 +14,18 @@ enable = true; virtualHosts."hillion.co.uk".extraConfig = '' - respond /.well-known/matrix/server "{\"m.server\": \"matrix.hillion.co.uk:443\"}" 200 + handle /.well-known/* { + respond /.well-known/matrix/server "{\"m.server\": \"matrix.hillion.co.uk:443\"}" 200 + respond 404 + } + + handle { + redir https://blog.hillion.co.uk{uri} + } + ''; + virtualHosts."blog.hillion.co.uk".extraConfig = '' + root * /var/www/blog.hillion.co.uk + file_server ''; virtualHosts."ts.hillion.co.uk".extraConfig = '' reverse_proxy http://10.48.62.14:8080 diff --git a/modules/www/www-repo.nix b/modules/www/www-repo.nix new file mode 100644 index 0000000..397fe96 --- /dev/null +++ b/modules/www/www-repo.nix @@ -0,0 +1,40 @@ +{ pkgs, lib, config, ... }: + +{ + config.systemd.tmpfiles.rules = [ + "d /var/www 0755 ${config.services.caddy.user} ${config.services.caddy.group} - -" + ]; + + config.systemd.timers.clone-www-repo = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnBootSec = "5m"; + OnUnitInactiveSec = "60m"; + Unit = "clone-www-repo.service"; + }; + }; + + config.systemd.services.clone-www-repo = { + description = "Clone and pull the www repo"; + + after = [ "network-online.target" ]; + wants = [ "network-online.target" ]; + + serviceConfig = { + Type = "oneshot"; + User = "${config.services.caddy.user}"; + Group = "${config.services.caddy.group}"; + }; + + script = with pkgs; '' + if [ ! -d "/var/www/.git" ] ; then + ${git}/bin/git clone https://gitea.hillion.co.uk/JakeHillion/www.git /var/www + else + cd /var/www + ${git}/bin/git fetch + ${git}/bin/git reset --hard origin/main + fi + ''; + }; +} +