forked from hswaw/hscloud
hswaw/customs: hotfix laserproxy build by using old hscloud
Change-Id: I5a00d138ed7e5080e55997912413bf2f776cd295 Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1451 Reviewed-by: vuko <vuko@hackerspace.pl>
This commit is contained in:
parent
32624090e4
commit
aa077968f9
1 changed files with 47 additions and 13 deletions
|
@ -4,30 +4,65 @@ let
|
|||
name = "laserproxy";
|
||||
user = name;
|
||||
group = name;
|
||||
in {
|
||||
|
||||
# Building hscloud bazel from nix is often broken on master branch. Building
|
||||
# laserproxy from older hscloud is not a pretty solution, but seem like a
|
||||
# best option for now.
|
||||
# TODO use upstream laserproxy when CI testing is added
|
||||
# see https://issues.hackerspace.pl/issues/9
|
||||
laserproxy =
|
||||
let
|
||||
old = pkgs.fetchgit {
|
||||
url = "https://gerrit.hackerspace.pl/hscloud.git";
|
||||
rev = "5319e611b2be9241c01994eb8e42bd349bb6eabb";
|
||||
sha256 = "sha256-KdVAlaXHW2CE2kJoOT0jJ+a20u6HPAgx5g/7ifX8iqU=";
|
||||
};
|
||||
old-patched = pkgs.runCommandNoCC "hscloud" { } ''
|
||||
cp -r "${old}" $out
|
||||
chmod +w $out/WORKSPACE $out/default.nix
|
||||
|
||||
# backport passing system to allow (pure) builds from flakes
|
||||
chmod +w $out/default.nix
|
||||
echo "{ system ? builtins.currentSystem, ... }@args:" > $out/default.nix
|
||||
sed -e '1d' -e 's/import nixpkgsSrc {/\0 inherit system; /g' ${old}/default.nix >> $out/default.nix
|
||||
|
||||
# hotfix failing bazel build:
|
||||
#
|
||||
# Label '//hswaw/site:deps.bzl' is invalid because 'hswaw/site' is not
|
||||
# a package; perhaps you meant to put the colon here:
|
||||
# '//:hswaw/site/deps.bzl'?
|
||||
chmod +w $out/WORKSPACE
|
||||
sed '/hswaw.site.deps/d' "${old}/WORKSPACE" > $out/WORKSPACE
|
||||
'';
|
||||
in
|
||||
(import old-patched { inherit (pkgs) system; }).hswaw.laserproxy;
|
||||
|
||||
in
|
||||
{
|
||||
users.users."${user}" = {
|
||||
group = "${group}";
|
||||
group = "${group}";
|
||||
isSystemUser = true;
|
||||
uid = 1004;
|
||||
};
|
||||
users.groups."${group}" = {};
|
||||
users.groups."${group}" = { };
|
||||
|
||||
systemd.services."${name}" = {
|
||||
description = "Logging packet log from nftables";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = ["network-addresses-laser.service"];
|
||||
description = "HSWAW lasercutter proxy";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network-addresses-laser.service" ];
|
||||
|
||||
serviceConfig.User = "${user}";
|
||||
serviceConfig.Type = "simple";
|
||||
serviceConfig.Restart = "always";
|
||||
serviceConfig.RestartSec = "30";
|
||||
serviceConfig.ExecStart = "${workspace.hswaw.laserproxy}/bin/laserproxy -logtostderr -hspki_disable -web_address 127.0.0.1:2137";
|
||||
serviceConfig.ExecStart = "${laserproxy}/bin/laserproxy -logtostderr -hspki_disable -web_address 127.0.0.1:2137";
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."laser.waw.hackerspace.pl" = {
|
||||
listen = [
|
||||
{ addr = "10.8.1.2"; port=80; ssl=false; }
|
||||
#{ addr = "10.8.1.2"; port=433; ssl=true; }
|
||||
{ addr = "10.8.1.2"; port = 80; ssl = false; }
|
||||
# TODO fix certs / virtual hosts on customs and enable this
|
||||
# { addr = "10.8.1.2"; port=433; ssl=true; }
|
||||
];
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:2137/";
|
||||
|
@ -35,14 +70,13 @@ in {
|
|||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Host $host:$server_port;
|
||||
proxy_set_header X-Forwarded-Server $host;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $host:$server_port;
|
||||
proxy_set_header X-Forwarded-Server $host;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
allow 10.0.0.0/8;
|
||||
deny all;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue