[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
branch master updated: hydra: Add configuration for bishan.
From: |
Christopher Baines |
Subject: |
branch master updated: hydra: Add configuration for bishan. |
Date: |
Fri, 10 Jun 2022 08:25:59 -0400 |
This is an automated email from the git hooks/post-receive script.
cbaines pushed a commit to branch master
in repository maintenance.
The following commit(s) were added to refs/heads/master by this push:
new 560ff6c hydra: Add configuration for bishan.
560ff6c is described below
commit 560ff6c709714371887e752f7bbc2d272f263f85
Author: Christopher Baines <mail@cbaines.net>
AuthorDate: Fri Jun 10 13:19:10 2022 +0100
hydra: Add configuration for bishan.
This is a new machine, to replace lakeside which has a broken hard
drive.
This machine stores and serves nars for bordeaux.guix.gnu.org.
* hydra/bishan.scm: New file.
* hydra/nginx/html/bishan/index.html: New file.
---
hydra/bishan.scm | 180 +++++++++++++++++++++++++++++++++++++
hydra/nginx/html/bishan/index.html | 122 +++++++++++++++++++++++++
2 files changed, 302 insertions(+)
diff --git a/hydra/bishan.scm b/hydra/bishan.scm
new file mode 100644
index 0000000..99d791e
--- /dev/null
+++ b/hydra/bishan.scm
@@ -0,0 +1,180 @@
+(use-modules (gnu))
+(use-service-modules networking ssh monitoring web certbot guix)
+(use-package-modules screen ssh zile linux certs)
+
+(define %nginx-server-blocks
+ (let ((common-locations
+ (list
+ (nginx-location-configuration
+ (uri "= /nix-cache-info")
+ (body '("
+ return 200 'StoreDir: /gnu/store\nWantMassQuery: 0\nPriority: 100\n';
+ add_header Content-Type text/plain;")))
+ (nginx-location-configuration
+ (uri "~ \\.narinfo$")
+ (body '("
+ proxy_pass http://nar-herder;
+
+ # For HTTP pipelining. This has a dramatic impact on performance.
+ client_body_buffer_size 128k;
+
+ # Narinfos requests are short, serve many of them on a connection.
+ keepalive_requests 20000;
+")))
+ (nginx-location-configuration
+ (uri "~ \\.narinfo/info$")
+ (body '("proxy_pass http://nar-herder;")))
+ (nginx-location-configuration
+ (uri "/nar/")
+ (body '("proxy_pass http://nar-herder;")))
+ (nginx-named-location-configuration
+ (name "nar-storage-location")
+ (body '("rewrite /internal/(.*) /$1 break;"
+ "proxy_pass https://nar-storage;"
+ "proxy_set_header Host bordeaux.guix.gnu.org:443;")))
+ (nginx-location-configuration
+ (uri "= /latest-database-dump")
+ (body '("proxy_pass http://nar-herder;")))
+ (nginx-location-configuration
+ (uri "= /recent-changes")
+ (body '("proxy_pass http://nar-herder;")))
+ (nginx-location-configuration
+ (uri "= /metrics")
+ (body '("proxy_pass http://nar-herder;")))
+ (nginx-location-configuration
+ (uri "~ ^/internal/nar/(.*)$")
+ (body '("
+ internal;
+ root /var/lib/nars;
+
+ try_files /nar/$1 @nar-storage-location;
+
+ error_page 404 /404;
+
+ client_body_buffer_size 256k;
+
+ # Nars are already compressed.
+ gzip off;
+")))
+ (nginx-location-configuration
+ (uri "~ ^/internal/database/(.*)$")
+ (body '("internal;"
+ "alias /var/lib/nar-herder/$1;"))))))
+
+ (list
+ (nginx-server-configuration
+ (server-name '("bishan.guix.gnu.org"))
+ (listen '("80" "[::]:80"))
+ (root (local-file "nginx/html/bishan" #:recursive? #t))
+ (locations
+ (append
+ common-locations
+ (list
+ (nginx-location-configuration ; For use by Certbot
+ (uri "/.well-known")
+ (body '(("root /var/www;"))))))))
+
+ (nginx-server-configuration
+ (server-name '("bishan.guix.gnu.org"))
+ (listen '("443 ssl" "[::]:443 ssl"))
+ (root (local-file "nginx/html/bishan" #:recursive? #t))
+ (ssl-certificate
+ "/etc/letsencrypt/live/bishan.guix.gnu.org/fullchain.pem")
+ (ssl-certificate-key
+ "/etc/letsencrypt/live/bishan.guix.gnu.org/privkey.pem")
+ (raw-content
+ '("
+ # Make sure SSL is disabled.
+ ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+
+ # Disable weak cipher suites.
+ ssl_ciphers HIGH:!aNULL:!MD5;
+ ssl_prefer_server_ciphers on;"))
+ (locations common-locations)))))
+
+(operating-system
+ (host-name "bishan")
+ (timezone "Europe/Berlin")
+ (locale "en_US.utf8")
+
+ (bootloader (bootloader-configuration
+ (bootloader grub-bootloader)
+ (targets '("/dev/sda"))))
+
+ (file-systems (cons (file-system
+ (device "/dev/sda2")
+ (mount-point "/")
+ (type "btrfs"))
+ %base-file-systems))
+
+ (users (cons (user-account
+ (name "cbaines")
+ (group "users")
+
+ (supplementary-groups '("wheel"
+ "audio" "video")))
+ %base-user-accounts))
+
+ (packages (cons* screen zile btrfs-progs nss-certs %base-packages))
+
+ (services
+ (append
+ (list
+ (service static-networking-service-type
+ (list
+ (static-networking
+ (addresses
+ (list
+ (network-address
+ (device "enp1s0")
+ (ipv6? #t)
+ (value "2a01:4f8:161:123::/64"))))
+ (routes
+ (list
+ (network-route
+ (destination "default")
+ (device "enp1s0")
+ (ipv6? #t)
+ (gateway "fe80::1"))))
+ (name-servers
+ '("2a01:4ff:ff00::add:1" "2a01:4ff:ff00::add:2")))))
+
+ (service ntp-service-type)
+
+ (service prometheus-node-exporter-service-type)
+
+ (service certbot-service-type
+ (certbot-configuration
+ (certificates
+ (list (certificate-configuration
+ (domains '("bishan.guix.gnu.org")))))
+ (email "mail@cbaines.net")
+ (webroot "/var/www")))
+
+ (service nar-herder-service-type
+ (nar-herder-configuration
+ (mirror "https://bordeaux.guix.gnu.org")
+ (storage "/var/lib/nars")
+ (ttl "180d")
+ (log-level 'INFO)))
+
+ (service nginx-service-type
+ (nginx-configuration
+ (upstream-blocks
+ (list (nginx-upstream-configuration
+ (name "nar-herder")
+ (servers '("127.0.0.1:8734")))
+ (nginx-upstream-configuration
+ (name "nar-storage")
+ (servers '("bordeaux.guix.gnu.org:443")))))
+ (server-blocks
+ %nginx-server-blocks)))
+
+ (service openssh-service-type
+ (openssh-configuration
+ (password-authentication? #f))))
+ (modify-services %base-services
+ (guix-service-type
+ config => (guix-configuration
+ (extra-options
+ (list "--max-jobs" "2"))))))))
diff --git a/hydra/nginx/html/bishan/index.html
b/hydra/nginx/html/bishan/index.html
new file mode 100644
index 0000000..f7f714f
--- /dev/null
+++ b/hydra/nginx/html/bishan/index.html
@@ -0,0 +1,122 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <title>bishan.guix.gnu.org</title>
+ <style type="text/css">
+ body {
+ margin: 0;
+ padding: 0 0 3em 1em;
+ font-family: sans-serif;
+ }
+ .bod {
+ margin: auto;
+ max-width: 70rem;
+ padding: 0 1rem;
+ }
+ .asterisk {
+ font-style: italic;
+ font-size: small;
+ text-align: right;
+ }
+ .asterisk a {
+ text-decoration: none;
+ }
+ .asterisk a:hover {
+ text-decoration: underline;
+ }
+ a.totop {
+ float: right;
+ text-decoration: none !important;
+ color: transparent !important;
+ }
+ a.totop:hover {
+ color: #999 !important;
+ }
+ a.totop::after {
+ content: " ↑";
+ font-weight: bold;
+ color: #999 !important;
+ }
+ .feat { background-color: #222;
+ color: #fff;
+ margin-top: 5em;
+ padding: 1em 0 2.5em 0;
+ }
+ .feat a {
+ color: #fff;
+ }
+ .feat code {
+ background-color: #111;
+ }
+ h2 {
+ margin: 1em 0;
+ padding-top: 1em;
+ }
+ p, ol, ul, dl {
+ margin: 1.6em 0;
+ line-height: 1.8em;
+ }
+ a { color: #333; }
+ a:hover { text-decoration: underline; }
+ a:img { border: none; }
+ code {
+ padding: .8ex;
+ background-color: #333;
+ border-radius: .5ex;
+ font-size: 110%;
+ color: #fff; }
+ code a { color: #fff; }
+ dl { margin-left: 2em; }
+ dt { font-weight: bold; }
+ dd { margin: 1ex 0 2em 1em; }
+ li { margin-top: 1ex; }
+ a:hover .logo {
+ opacity: .8;
+ }
+ .alert {
+ position: fixed;
+ left: 0;
+ top: 0;
+ width: 100%;
+ margin: 0;
+ padding: .5ex;
+ color: #fff;
+ background: #c00;
+ font-size: large;
+ box-shadow: 0 .1em 1em rgba(0,0,0,1);
+ text-align: center;
+ z-index: 10;
+ }
+ .alert:before {
+ content: "\26A0 ";
+ font-size: large;
+ }
+ .alert.good {
+ color: #fff;
+ background: #0c0;
+ }
+ .alert.good:before {
+ content: none;
+ }
+ </style>
+ </head>
+ <body>
+ <img
+ src="https://guix.gnu.org/static/base/img/Guix.png"
+ style="display:block; margin: 0 auto 1em auto" />
+ <h1>bishan.guix.gnu.org</h1>
+
+ <p>
+ This is a
+ <a href="https://guix.gnu.org/manual/en/html_node/Substitutes.html"
+ target="_blank">substitute server</a>
+ for <a href="https://guix.gnu.org/"
+ target="_blank">Guix</a>.
+ </p>
+
+ <p>
+ A mirror of
+ <a href="https://bordeaux.guix.gnu.org/">bordeaux.guix.gnu.org</a>.
+ </p>
+ </body>
+</html>
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- branch master updated: hydra: Add configuration for bishan.,
Christopher Baines <=