diff options
-rw-r--r-- | krebs/3modules/tv/default.nix | 16 | ||||
-rw-r--r-- | tv/2configs/default.nix | 4 | ||||
-rw-r--r-- | tv/2configs/elm-packages-proxy.nix | 154 |
3 files changed, 165 insertions, 9 deletions
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 756caa03e..6a09cc834 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -32,7 +32,7 @@ in { }; hosts = mapAttrs hostDefaults { alnus = { - ci = false; + ci = true; cores = 2; nets = { retiolum = { @@ -56,7 +56,7 @@ in { ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP9JS2Nyjx4Pn+/4MrFi1EvBBYVKkGm2Q4lhgaAiSuiGLol53OSsL2KIo01mbcSSBWow9QpQpn8KDoRnT2aMLDrdTFqL20ztDLOXmtrSsz3flgCjmW4f6uOaoZF0RNjAybd1coqwSJ7EINugwoqOsg1zzN2qeIGKYFvqFIKibYFAnQ8hcksmkvPdIO5O8CbdIiP9sZSrSDp0ZyLK2T0PML2jensVZOeqSPulQDFqLsbmavpVLkpDjdzzPRwbZWNB4++YeipbYNOkX4GR1EB4wMZ93IbBV7kpJtib2Zb2AnUf7UW37hxWBjILdstj9ClwNOQggn8kD9ub7YxBzH1dz0Xd8a0mPOAWIDJz9MypXgFRc3vdvPB/W1I4Se0CLbgOkORun9CkgijKr9oEY8JNt8HFd6viZcAaQxOyIm6PNHZTnHfdSc7bIBS2n3e3IZBv0fTd77knGLXg402aTuu2bm/kxsKivxsILXIaGbeXe4ceN3Fynr3FzSM2bUkzHb0mAHu1BQ9YaX0xzCwjVueA5nzGls7ODSFkXsiBfg2FvMN/sTLFca6tnwyqcnD6nujoiS5+BxjDWPgnZYqCaW3B/IkpTsRMsX6QrfhOFcsP8qlJ2Cp82orWoDK/D0vZ9pdzAc6PFGga0RofuJKY2yiq+SRZ7/e9E6VncIVCYZ1OfN0Q=="; }; au = { - ci = false; + ci = true; cores = 4; nets = { retiolum = { @@ -83,7 +83,7 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsqDuhGJpjpqNv4QmjoOhcODObrPyY3GHLvtVkgXV0g root@au"; }; mu = { - ci = false; + ci = true; cores = 2; nets = { retiolum = { @@ -155,7 +155,7 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILGDdcKwFm6udU0/x6XGGb87k9py0VlrxF54HeYu9Izb"; }; nomic = { - ci = false; + ci = true; cores = 2; nets = { retiolum = { @@ -181,7 +181,7 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMIHmwXHV7E9UGuk4voVCADjlLkyygqNw054jvrsPn5t root@nomic"; }; wu = { - ci = false; + ci = true; cores = 4; nets = { retiolum = { @@ -207,7 +207,7 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcJvu8JDVzObLUtlAQg9qVugthKSfitwCljuJ5liyHa"; }; querel = { - ci = false; + ci = true; cores = 2; nets = { retiolum = { @@ -239,7 +239,7 @@ in { binary-cache = { pubkey = "xu-1:pYRENvaxZqGeImwLA9qHmRwHV4jfKaYx4u1VcZ31x0s="; }; - ci = false; + ci = true; cores = 4; nets = { retiolum = { @@ -266,7 +266,7 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnjfceKuHNQu7S4eYFN1FqgzMqiL7haNZMh2ZLhvuhK root@xu"; }; zu = { - ci = false; + ci = true; cores = 4; nets = { retiolum = { diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 2d813fe32..975266f6f 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -90,7 +90,9 @@ with import <stockholm/lib>; { services.cron.enable = false; - services.nscd.enable = false; + services.nscd.enable = + # Since 20.09 nscd doesn't cache anymore. + versionOlder version "20.09"; services.ntp.enable = false; services.timesyncd.enable = true; } diff --git a/tv/2configs/elm-packages-proxy.nix b/tv/2configs/elm-packages-proxy.nix new file mode 100644 index 000000000..17a0d2304 --- /dev/null +++ b/tv/2configs/elm-packages-proxy.nix @@ -0,0 +1,154 @@ +{ config, lib, pkgs, ... }: let + + cfg.nameserver = "1.1.1.1"; + cfg.packageDir = "/var/lib/elm-packages"; + cfg.port = 7782; + +in { + services.nginx.virtualHosts."package.elm-lang.org" = { + addSSL = true; + + # TODO secret files + sslCertificate = "/var/lib/certs/package.elm-lang.org/fullchain.pem"; + sslCertificateKey = "/var/lib/certs/package.elm-lang.org/key.pem"; + + locations."/all-packages/since/".extraConfig = '' + proxy_pass http://127.0.0.1:${toString config.krebs.htgen.elm-packages-proxy.port}; + proxy_pass_header Server; + ''; + + locations."~ ^/packages/(?<author>[A-Za-z0-9-]+)/(?<pname>[A-Za-z0-9-]+)/(?<version>(?<major>0|[1-9]\\d*)\\.(?<minor>0|[1-9]\\d*)\\.(?<patch>0|[1-9]\\d*)(?:-(?<prerelease>(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+(?<buildmetadata>[0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?)/(?:zipball|elm.json|endpoint.json)\$".extraConfig = '' + set $zipball "${cfg.packageDir}/$author/$pname/$version/zipball"; + proxy_set_header X-Author $author; + proxy_set_header X-Package $pname; + proxy_set_header X-Version $version; + proxy_set_header X-Zipball $zipball; + proxy_pass_header Server; + resolver ${cfg.nameserver}; + + if (-f $zipball) { + set $new_uri http://127.0.0.1:${toString config.krebs.htgen.elm-packages-proxy.port}; + } + if (!-f $zipball) { + set $new_uri https://package.elm-lang.org$request_uri; + } + + proxy_pass $new_uri; + ''; + }; + + krebs.htgen.elm-packages-proxy = { + port = cfg.port; + script = /* sh */ ''(. ${pkgs.writeDash "elm-packages-proxy.sh" '' + PATH=${lib.makeBinPath [ + pkgs.coreutils + pkgs.curl + pkgs.findutils + pkgs.gnugrep + pkgs.jq + pkgs.unzip + ]} + export PATH + file_response() {( + status_code=$1 + status_reason=$2 + file=$3 + content_type=$4 + + content_length=$(wc -c "$file" | cut -d\ -f1) + + printf "HTTP/1.1 $status_code $status_reason\r\n" + printf 'Connection: close\r\n' + printf 'Content-Length: %d\r\n' "$content_length" + printf 'Content-Type: %s\r\n' "$content_type" + printf 'Server: %s\r\n' "$Server" + printf '\r\n' + cat "$file" + )} + string_response() {( + status_code=$1 + status_reason=$2 + response_body=$3 + content_type=$4 + + printf "HTTP/1.1 $status_code $status_reason\r\n" + printf 'Connection: close\r\n' + printf 'Content-Length: %d\r\n' ''${#response_body} + printf 'Content-Type: %s\r\n' "$content_type" + printf 'Server: %s\r\n' "$Server" + printf '\r\n' + printf '%s\n' "$response_body" + )} + + case "$Method $Request_URI" in + 'GET /packages/'*) + + author=$req_x_author + pname=$req_x_package + version=$req_x_version + + zipball=${cfg.packageDir}/$author/$pname/$version/zipball + elmjson=$HOME/cache/$author%2F$pname%2F$version%2Felm.json + endpointjson=$HOME/cache/$author%2F$pname%2F$version%2Fendpoint.json + mkdir -p "$HOME/cache" + + case $(basename $Request_URI) in + zipball) + file_response 200 OK "$zipball" application/zip + exit + ;; + elm.json) + if ! test -f "$elmjson"; then + unzip -p "$zipball" \*/elm.json > "$elmjson" + fi + file_response 200 OK "$elmjson" 'application/json; charset=UTF-8' + exit + ;; + endpoint.json) + if ! test -f "$endpointjson"; then + hash=$(sha1sum "$zipball" | cut -d\ -f1) + url=https://package.elm-lang.org/packages/$author/$pname/$version/zipball + jq -n \ + --arg hash "$hash" \ + --arg url "$url" \ + '{ $hash, $url }' \ + > "$endpointjson" + fi + file_response 200 OK "$endpointjson" 'application/json; charset=UTF-8' + exit + ;; + esac + ;; + 'POST /all-packages/since/'*) + + # TODO only show newest? + my_packages=$( + cd ${cfg.packageDir} + find -mindepth 3 -maxdepth 3 | + jq -Rs ' + split("\n") | + map( + select(.!="") | + sub("^\\./(?<author>[^/]+)/(?<pname>[^/]+)/(?<version>[^/]+)$";"\(.author)/\(.pname)@\(.version)") + ) + ' + ) + + new_upstream_packages=$( + curl -fsS https://package.elm-lang.org"$Request_URI" + ) + + response=$( + jq -n \ + --argjson my_packages "$my_packages" \ + --argjson new_upstream_packages "$new_upstream_packages" \ + '$new_upstream_packages + $my_packages' + ) + + string_response 200 OK "$response" 'application/json; charset=UTF-8' + exit + ;; + esac + ''})''; + }; +} |