[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
07/07: hydra: bayfront: Add preliminary configuration for the Guix-HPC w
From: |
Ludovic Courtès |
Subject: |
07/07: hydra: bayfront: Add preliminary configuration for the Guix-HPC web site. |
Date: |
Thu, 11 Jul 2019 08:56:17 -0400 (EDT) |
civodul pushed a commit to branch master
in repository maintenance.
commit e707366590d01e0aa28282a72824627edb4bb946
Author: Ludovic Courtès <address@hidden>
Date: Thu Jul 11 14:41:53 2019 +0200
hydra: bayfront: Add preliminary configuration for the Guix-HPC web site.
* hydra/bayfront.scm (%nginx-deploy-hook, %certbot-configuration)
(guix-hpc-web-site): New variables.
(%nginx-config): Add guix-hpc-locations.conf.
<services>: Add instances of 'static-web-site-service-type',
'hpcguix-web-service-type', and 'certbot-service-type'.
* hydra/nginx/bayfront.conf: Add 'server' blocks for hpc.guix.info and
guix-hpc.bordeaux.inria.fr.
* hydra/nginx/guix-hpc-locations.conf: New file.
---
hydra/bayfront.scm | 52 +++++++++++++++++++++++++++++++++++--
hydra/nginx/bayfront.conf | 38 +++++++++++++++++++++++++++
hydra/nginx/guix-hpc-locations.conf | 28 ++++++++++++++++++++
3 files changed, 116 insertions(+), 2 deletions(-)
diff --git a/hydra/bayfront.scm b/hydra/bayfront.scm
index a60d256..0ac365b 100644
--- a/hydra/bayfront.scm
+++ b/hydra/bayfront.scm
@@ -1,7 +1,8 @@
;; OS configuration for bayfront, the frontend of the compile farm.
-(use-modules (gnu) (guix) (sysadmin people) (sysadmin services) (sysadmin dns))
-(use-service-modules base dns networking admin shepherd)
+(use-modules (gnu) (guix) (sysadmin people) (sysadmin services)
+ (sysadmin dns) (sysadmin web))
+(use-service-modules admin base certbot dns networking shepherd web)
(use-package-modules admin certs linux ssh tls vim package-management web wget)
(define %sysadmins
@@ -43,9 +44,36 @@
(copy-file #$(local-file
"nginx/bayfront-locations.conf")
"bayfront-locations.conf")
+ (copy-file #$(local-file
+ "nginx/guix-hpc-locations.conf")
+ "guix-hpc-locations.conf")
(substitute* "bayfront-locations.conf"
(("@WWWROOT@")
#$(local-file "nginx/html" #:recursive? #t)))))))
+
+(define %nginx-deploy-hook
+ ;; Hook that restarts nginx when a new certificate is deployed.
+ (program-file "nginx-deploy-hook"
+ #~(let ((pid (call-with-input-file "/var/run/nginx/pid"
+ read)))
+ (kill pid SIGHUP))))
+
+(define %certbot-configuration
+ (certbot-configuration
+ (webroot "/var/www")
+ (email "address@hidden")
+ (certificates
+ (list (certificate-configuration
+ (domains '("hpc.guix.info"
+ "hpc.guixsd.org"
+ "guix-hpc.bordeaux.inria.fr"))
+ (deploy-hook %nginx-deploy-hook))))))
+
+(define guix-hpc-web-site
+ (static-web-site-configuration
+ (git-url "https://gitlab.inria.fr/guix-hpc/website.git")
+ (directory "/srv/guix-hpc-web")))
+
(define %motd
;; Message of the day! Libcaca's img2txt gives something that's not so
;; great.
@@ -157,6 +185,26 @@ Happy hacking!\n"))
(id "gnu-master")
(address (list gnu-ns1-ip4)))))))
+ ;; Runnning hpc.guix.info.
+ (service static-web-site-service-type
+ guix-hpc-web-site)
+
+ ;; hpcguix-web as it can be seen at
+ ;; <https://hpc.guix.info/browse>.
+ (service hpcguix-web-service-type
+ (hpcguix-web-configuration
+ (specs
+ #~(define site-config
+ (hpcweb-configuration
+ (title-prefix "Guix-HPC — ")
+ (package-filter-proc (const #t))
+ (package-page-extension-proc (const '()))
+ (menu '(("/about" "ABOUT")
+ ("/browse" "BROWSE")
+ ("/blog" "BLOG"))))))))
+
+ (service certbot-service-type %certbot-configuration)
+
(frontend-services %sysadmins
#:nar-ttl (* 45 24 3600)
#:motd %motd
diff --git a/hydra/nginx/bayfront.conf b/hydra/nginx/bayfront.conf
index 814d8e4..185e7b3 100644
--- a/hydra/nginx/bayfront.conf
+++ b/hydra/nginx/bayfront.conf
@@ -116,6 +116,20 @@ http {
server {
listen 80;
+ server_name hpc.guix.info;
+ access_log /var/log/nginx/guix-hpc.access.log;
+ include guix-hpc-locations.conf;
+ }
+
+ server {
+ listen 80;
+ server_name guix-hpc.bordeaux.inria.fr;
+ access_log /var/log/nginx/guix-hpc.access.log;
+ include guix-hpc-locations.conf;
+ }
+
+ server {
+ listen 80;
server_name logs.guix.gnu.org;
access_log /var/log/nginx/logs.access.log;
location / {
@@ -151,4 +165,28 @@ http {
include bayfront-locations.conf;
}
+
+ # HTTPS server.
+ server {
+ listen 443 ssl;
+ server_name hpc.guix.info;
+
+ ssl_certificate
/etc/letsencrypt/live/bayfront.guixsd.org/fullchain.pem;
+ ssl_certificate_key
/etc/letsencrypt/live/bayfront.guixsd.org/privkey.pem;
+
+ # Make sure SSL is disabled.
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+
+ # Disable weak cipher suites.
+ ssl_ciphers HIGH:!aNULL:!MD5;
+ ssl_prefer_server_ciphers on;
+
+ # Use our own DH parameters created with:
+ # openssl dhparam -out dhparams.pem 2048
+ # as suggested at <https://weakdh.org/sysadmin.html>.
+ ssl_dhparam /etc/dhparams.pem;
+
+ access_log /var/log/nginx/guix-hpc.access.log;
+ include guix-hpc-locations.conf;
+ }
}
diff --git a/hydra/nginx/guix-hpc-locations.conf
b/hydra/nginx/guix-hpc-locations.conf
new file mode 100644
index 0000000..b0aa5be
--- /dev/null
+++ b/hydra/nginx/guix-hpc-locations.conf
@@ -0,0 +1,28 @@
+location / {
+ root /srv/guix-hpc-web;
+}
+
+# For the package browsing interface.
+location @gnupackages {
+ return 307 https://www.gnu.org/software/guix/packages/;
+}
+location /browse {
+ proxy_pass http://localhost:5000;
+ rewrite .* / break;
+ proxy_connect_timeout 3s;
+ proxy_read_timeout 2s;
+ error_page 500 502 503 504 = @gnupackages;
+}
+location /package {
+ proxy_pass http://localhost:5000;
+ proxy_connect_timeout 3s;
+ proxy_read_timeout 2s;
+ error_page 500 502 503 504 = @gnupackages;
+}
+location ~ /static/.*\.js {
+ # JS for hpcguix-web.
+ proxy_pass http://localhost:5000;
+}
+location ~ /static/images/sort_.*\.png {
+ proxy_pass http://localhost:5000;
+}
- branch master updated (bf5bbce -> e707366), Ludovic Courtès, 2019/07/11
- 02/07: berlin: Remove unused nginx config block., Ludovic Courtès, 2019/07/11
- 03/07: nginx: berlin: Remove server block for 'qualif.ci.guix.gnu.org'., Ludovic Courtès, 2019/07/11
- 04/07: roadmap: Add references for the Guix System web UI., Ludovic Courtès, 2019/07/11
- 01/07: nginx: berlin: Add redirects inherited from gnu.org/s/guix., Ludovic Courtès, 2019/07/11
- 05/07: hydra: web: Add 'static-web-site-service-type'., Ludovic Courtès, 2019/07/11
- 07/07: hydra: bayfront: Add preliminary configuration for the Guix-HPC web site.,
Ludovic Courtès <=
- 06/07: hydra: build-machines: Use non-deprecated forms for services., Ludovic Courtès, 2019/07/11