nginx: Don't look up localhost via DNS

This results in occasional failure to resolve proxies because it turns into [::1] for IPv6 reasons. We hard-code the IPv4 address since the containers don't currently support IPv6.
Add hydra
2021-05-14 12:21:20 +01:00 · 2021-05-14 12:21:13 +01:00
9 changed files with 25 additions and 57 deletions
--- a/configuration/default.nix
+++ b/configuration/default.nix
@ -1,4 +1,4 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, ... }:

 {
  imports = [
@ -55,21 +55,19 @@
    recommendedGzipSettings = true;
    recommendedProxySettings = true;
    clientMaxBodySize = "10G";
-    domain = "tlater.net";

    virtualHosts = let
      host = port: extra:
-        lib.recursiveUpdate {
+        {
          forceSSL = true;
          enableACME = true;
          locations."/" = { proxyPass = "http://127.0.0.1:${toString port}"; };
-        } extra;
-      domain = config.services.nginx.domain;
+        } // extra;
    in {
-      "${domain}" = host 3002 { serverAliases = [ "www.${domain}" ]; };
-      "gitea.${domain}" = host 3000 { };
-      "nextcloud.${domain}" = host 3001 { };
-      "hydra.${domain}" = host config.services.hydra.port { };
+      "tlater.net" = host 3002 { serverAliases = [ "www.tlater.net" ]; };
+      "gitea.tlater.net" = host 3000 { };
+      "nextcloud.tlater.net" = host 3001 { };
+      "hydra.tlater.net" = host config.services.hydra.port { };
    };
  };

--- a/configuration/services/gitea.nix
+++ b/configuration/services/gitea.nix
@ -14,7 +14,6 @@
  virtualisation.pods.gitea = {
    hostname = "gitea.tlater.net";
    publish = [ "3000:3000" "2221:2221" ];
-    network = "slirp4netns";

    containers = {
      gitea = {
@ -27,6 +26,7 @@
          DB_HOST = "gitea-postgres:5432";
          DB_NAME = "gitea";
          DB_USER = "gitea";
+          DB_PASSWD = "/qNDDK9WCMuubfA7D8DFwfl9T+Gy2IMDvPhiNpcxZjY=";

          USER_UID = toString config.users.extraUsers.gitea.uid;
          USER_GID = toString config.users.extraGroups.gitea.gid;
@ -42,6 +42,7 @@
        environment = {
          POSTGRES_DB = "gitea";
          POSTGRES_USER = "gitea";
+          POSTGRES_PASSWORD = "/qNDDK9WCMuubfA7D8DFwfl9T+Gy2IMDvPhiNpcxZjY=";
        };
        volumes = [ "gitea-db-data:/var/lib/postgresql/data" ];
      };
--- a/configuration/services/hydra.nix
+++ b/configuration/services/hydra.nix
@ -7,10 +7,5 @@

    hydraURL = "hydra.tlater.net";
    notificationSender = "hydra@tlater.net";
-    extraConfig = ''
-      <gitea_authorization>
-
-      </gitea_authorization>
-    '';
  };
 }
--- a/configuration/services/minecraft.nix
+++ b/configuration/services/minecraft.nix
@ -1,4 +1,4 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, ... }:

 let
  minecraft-server-args = [
@ -52,7 +52,7 @@ let

 in {
  nixpkgs.config.allowUnfreePredicate = pkg:
-    builtins.elem (lib.getName pkg) [ "forge-server" ];
+    builtins.elem (pkgs.lib.getName pkg) [ "forge-server" ];

  virtualisation.oci-containers.containers.minecraft-voor-kia = let
    properties = ./configs/minecraft/voor-kia/server.properties;
--- a/configuration/services/nextcloud.nix
+++ b/configuration/services/nextcloud.nix
@ -4,7 +4,6 @@
  virtualisation.pods.nextcloud = {
    hostname = "nextcloud.tlater.net";
    publish = [ "3001:80" ];
-    network = "slirp4netns";

    containers = {
      nextcloud = {
@ -19,6 +18,7 @@
          POSTGRES_DB = "nextcloud";
          POSTGRES_USER = "nextcloud";
          POSTGRES_HOST = "nextcloud-postgres";
+          POSTGRES_PASSWORD = "rI7t7Nek1yGA9ucrRc7Uhy0jcjwPjnXa8me4o8tJON8=";
          OVERWRITEPROTOCOL = "https";
        };
      };
@ -43,6 +43,7 @@
        environment = {
          POSTGRES_DB = "nextcloud";
          POSTGRES_USER = "nextcloud";
+          POSTGRES_PASSWORD = "rI7t7Nek1yGA9ucrRc7Uhy0jcjwPjnXa8me4o8tJON8=";
        };
        volumes = [ "nextcloud-db-data:/var/lib/postgresql/data" ];
      };
--- a/configuration/services/webserver.nix
+++ b/configuration/services/webserver.nix
@ -34,10 +34,6 @@

    ports = [ "3002:3002" ];
    volumes = [ "tlaternet-mail:/srv/mail" ];
-    extraOptions = [
-      "--hostname=tlater.net"
-      # This can change with rocket 0.5.
-      "--stop-signal=SIGKILL"
-    ];
+    extraOptions = [ "--hostname=tlater.net" ];
  };
 }
--- a/flake.lock
+++ b/flake.lock
@ -2,11 +2,11 @@
  "nodes": {
    "flake-utils": {
      "locked": {
-        "lastModified": 1620759905,
-        "narHash": "sha256-WiyWawrgmyN0EdmiHyG2V+fqReiVi8bM9cRdMaKQOFg=",
+        "lastModified": 1619345332,
+        "narHash": "sha256-qHnQkEp1uklKTpx3MvKtY6xzgcqXDsz5nLilbbuL+3A=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "b543720b25df6ffdfcf9227afafc5b8c1fabfae8",
+        "rev": "2ebf2558e5bf978c7fb8ea927dfaed8fefab2e28",
        "type": "github"
      },
      "original": {
@ -37,11 +37,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1620983891,
-        "narHash": "sha256-E2OKVgGo/cUqDsrIeYGVx64b4cxgzd7+bX33NHL0rbA=",
+        "lastModified": 1619336929,
+        "narHash": "sha256-joIC2D26jtSbHodR/o8r+5T9XL2hXs6NIp5mVyA4JOc=",
        "owner": "nixos",
        "repo": "nixos-hardware",
-        "rev": "c4399b921fa7ff5f93ee10b3521b56b722ed74d8",
+        "rev": "f7540d6c27704ec0fe56ecc8b2a9b663181850b0",
        "type": "github"
      },
      "original": {
@ -53,11 +53,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1621088295,
-        "narHash": "sha256-hn8Rk6o5nRbWK/GE+z2OK8DIDIgGxCmVkaXpNYkald0=",
+        "lastModified": 1619486598,
+        "narHash": "sha256-ZEvJ+uItcKLQ9uSjGbQFE6Euu9w1Y98x0TWydXIgHAI=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "17d3dab8647a31a00d8a11433a56cc12d84b5ab4",
+        "rev": "d4e7af972158a14ebdd9c828b1c2e07e2ce7ef1c",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -68,28 +68,12 @@
            (import ./modules)

            (import ./configuration)
-            ({ config, lib, ... }: {
+            ({ ... }: {
              users.users.tlater.password = "insecure";

              # Disable graphical tty so -curses works
              boot.kernelParams = [ "nomodeset" ];

-              # Sets the base domain for nginx to localhost so that we
-              # can easily test locally with the VM.
-              services.nginx.domain = lib.mkOverride 99 "localhost";
-
-              # Hydra uses X-Forwarded-Port to figure out how to
-              # include links to static files, but because we redirect
-              # 443 -> 3443 in the vm we need to explicitly set this
-              # (nginx can't see qemu's port redirection).
-              services.nginx.virtualHosts =
-                let domain = config.services.nginx.domain;
-                in {
-                  "hydra.${domain}".locations."/".extraConfig = ''
-                    proxy_set_header X-Forwarded-Port 3443;
-                  '';
-                };
-
              # # Set up VM settings to match real VPS
              # virtualisation.memorySize = 3941;
              # virtualisation.cores = 2;
--- a/modules/default.nix
+++ b/modules/default.nix
@ -1,12 +1,5 @@
-{ lib, ... }:
-
-with lib;
+{ ... }:

 {
  imports = [ ./virtualisation/pods.nix ];
-
-  options.services.nginx.domain = mkOption {
-    type = types.str;
-    description = "The base domain name to append to virtual domain names";
-  };
 }
Author	SHA1	Message	Date
Tristan Daniël Maat	4c05f0767f	nginx: Don't look up localhost via DNS This results in occasional failure to resolve proxies because it turns into [::1] for IPv6 reasons. We hard-code the IPv4 address since the containers don't currently support IPv6.	2021-05-14 12:21:20 +01:00
Tristan Daniël Maat	7ba4a8992c	Add hydra	2021-05-14 12:21:13 +01:00