diff options
Diffstat (limited to 'krebs')
-rw-r--r-- | krebs/2configs/wiki.nix | 14 | ||||
-rw-r--r-- | krebs/3modules/ci.nix | 17 | ||||
-rw-r--r-- | krebs/5pkgs/simple/generate-krebs-intermediate-ca/default.nix | 1 | ||||
-rw-r--r-- | krebs/6assets/krebsAcmeCA.crt | 22 |
4 files changed, 35 insertions, 19 deletions
diff --git a/krebs/2configs/wiki.nix b/krebs/2configs/wiki.nix index e7faca1f4..40d946f7d 100644 --- a/krebs/2configs/wiki.nix +++ b/krebs/2configs/wiki.nix @@ -29,6 +29,7 @@ in { services.gollum = { enable = true; + address = "::1"; extraConfig = '' Gollum::Hook.register(:post_commit, :hook_id) do |committer, sha1| system('${pushCgit}') @@ -45,12 +46,13 @@ in virtualHosts."wiki.r" = { enableACME = true; addSSL = true; - locations."/".extraConfig = '' - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:${toString config.services.gollum.port}; - ''; + locations."/" = { + proxyPass = "http://[::1]:${toString config.services.gollum.port}"; + proxyWebsockets = true; + extraConfig = '' + proxy_set_header Host $host; + ''; + }; }; }; diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index bb941a1fb..822dbab61 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -108,8 +108,21 @@ let # create a ShellCommand for each stage and add them to the build stages = self.extract_stages(self.observer.getStdout()) self.build.addStepsAfterCurrentStep([ - steps.ShellCommand(name=stage, command=[stages[stage]]) - for stage in stages + steps.ShellCommand( + name=stage, + env=dict( + build_name = stage, + build_script = stages[stage], + ), + command="${pkgs.writeDash "build.sh" '' + set -xefu + profile=${shell.escape profileRoot}/$build_name + result=$("$build_script") + if [ -n "$result" ]; then + ${pkgs.nix}/bin/nix-env -p "$profile" --set "$result" + fi + ''}", + ) for stage in stages ]) return result diff --git a/krebs/5pkgs/simple/generate-krebs-intermediate-ca/default.nix b/krebs/5pkgs/simple/generate-krebs-intermediate-ca/default.nix index 8cec54327..5055a78aa 100644 --- a/krebs/5pkgs/simple/generate-krebs-intermediate-ca/default.nix +++ b/krebs/5pkgs/simple/generate-krebs-intermediate-ca/default.nix @@ -23,6 +23,7 @@ pkgs.writers.writeDashBin "generate-intermediate-ca" '' ${pkgs.step-cli}/bin/step certificate create "Krebs ACME CA" intermediate_ca.crt intermediate_ca.key \ --template "$TMPDIR/intermediate.tpl" \ + --not-after 8760h \ --ca "$TMPDIR/krebs/ca.crt" \ --ca-key "$TMPDIR/krebs/ca.key" \ --no-password --insecure diff --git a/krebs/6assets/krebsAcmeCA.crt b/krebs/6assets/krebsAcmeCA.crt index 54729e250..1cd5aed0b 100644 --- a/krebs/6assets/krebsAcmeCA.crt +++ b/krebs/6assets/krebsAcmeCA.crt @@ -1,15 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICWzCCAcSgAwIBAgIQVavHn7XtM7NJ8bnph6hGoTANBgkqhkiG9w0BAQsFADCB +MIICWTCCAcKgAwIBAgIQbAfVX2J0VIzhEYSPVAB4SzANBgkqhkiG9w0BAQsFADCB gTELMAkGA1UEBhMCWloxEjAQBgNVBAgMCXN0YXRlbGVzczEQMA4GA1UECgwHS3Jl YnNjbzELMAkGA1UECwwCS00xFjAUBgNVBAMMDUtyZWJzIFJvb3QgQ0ExJzAlBgkq -hkiG9w0BCQEWGHJvb3QtY2FAc3ludGF4LWZlaGxlci5kZTAeFw0yMTEyMDgxNTU5 -MDRaFw0yMTEyMDkxNTU5MDRaMBoxGDAWBgNVBAMTD0tyZWJzIEFDTUUgQ0EgMTBZ -MBMGByqGSM49AgEGCCqGSM49AwEHA0IABDOK4g3pJPhOErk49zQgpNKE1cAyoeLp -PqWXkHZVLIVg8CBzPyCYiHS8RtaJ1kwWxwo5OTypCDOLxf1isR5HgZOjgYAwfjAO -BgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUv758 -A4RPewsRtgjdB6AE1tn632swHwYDVR0jBBgwFoAUinqtNfqwMKe8gF8M5cGQaNxB -lS8wGAYDVR0eAQH/BA4wDKAKMAOCAXIwA4IBdzANBgkqhkiG9w0BAQsFAAOBgQAT -ewOSGWGTCWcJFGSxgnt8/WspMERq1hL1PikwwVMp7wzJmbHcbA0Es4fcrE5Xf8vQ -dGenlvyQjkQNahbsyGBoja7bpWpnw9qofLQkns1AZWp7q7GBqyKm30keM/E/stjH -YkgY4QaxlIL+6N0f4nKL3RSf6GQ1hWJOHf+RrboaMw== +hkiG9w0BCQEWGHJvb3QtY2FAc3ludGF4LWZlaGxlci5kZTAeFw0yMTEyMTAwODQ5 +MDZaFw0yMjEyMTAwODQ5MDZaMBgxFjAUBgNVBAMTDUtyZWJzIEFDTUUgQ0EwWTAT +BgcqhkjOPQIBBggqhkjOPQMBBwNCAATL8dNO7ajNe60Km7wHrG06tCUj5kQKWsrQ +Ay7KX8zO+RwQpYhd/i4bqpeGkGWh8uHLZ+164FlZaLgHO10DRja5o4GAMH4wDgYD +VR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFMt9yJED +mPRhXsrNZ0x+GtzjdnTLMB8GA1UdIwQYMBaAFIp6rTX6sDCnvIBfDOXBkGjcQZUv +MBgGA1UdHgEB/wQOMAygCjADggFyMAOCAXcwDQYJKoZIhvcNAQELBQADgYEANo/2 +teIuEsniwxVdqu+ukjqOXHIkBK7F91+G7BuDjBlx2U96v1MwsmT4D9upajERnOOD +tLx990Sj4t3avRTpytt+qLeIMIxt62YksUXVjDWndqaDcEUat5ZVEQsZ0ZmjOHrA +BaB65eU0xhJWKAZdk55GqHEFz3Ym4rx7WUaomzk= -----END CERTIFICATE----- |