~abcdw/trop.in

3ab2f46e485b6432098da0bc97f80415b8e13601 — Andrew Tropin 1 year, 5 months ago 3cf7d29
Migrate to rde flavored nginx-service-type.
1 files changed, 104 insertions(+), 148 deletions(-)

M src/tropin/machines.scm
M src/tropin/machines.scm => src/tropin/machines.scm +104 -148
@@ 13,166 13,122 @@
  #:use-module (gnu services base)
  #:use-module (gnu services networking)
  #:use-module (gnu services ssh)
  #:use-module (gnu services web)
  #:use-module (gnu services shepherd)
  #:use-module (gnu packages bootloaders)
  #:use-module (gnu packages)
  #:use-module (gnu packages ssh)
  #:use-module (gnu packages web)
  #:use-module (rde system services web)
  #:use-module (guix gexp))

(define* (guix-mirror-server-context
          #:key
          domain-prefix
          (cert-path-prefix "/srv/nginx/ssl"))
  (let ((backend-host (string-append domain-prefix "gnu.org")))
    `(server
      ((listen 80)
       (listen ,#~"[::]:80")
       (listen 443 ssl)
       (listen ,#~"[::]:443" ssl)
       ,#~""
       (ssl_certificate
        ,#~#$(string-append cert-path-prefix "/hundredrps.pem"))
       (ssl_certificate_key
        ,#~#$(string-append cert-path-prefix "/hundredrps.key"))
       (ssl_protocols TLSv1.2)
       ,#~""
       (server_name ,#~#$(string-append domain-prefix "trop.in")
                    ,#~#$(string-append domain-prefix "ygg.trop.in"))
       ,#~""
       (location
        /
        ((proxy_pass ,#~#$(string-append "https://" backend-host))
         (proxy_set_header HOST ,#~#$backend-host)))))))

(define main-server-context
  `(server
    ((listen 80)
     (listen ,#~"[::]:80")
     (listen 443 ssl)
     (listen ,#~"[::]:443" ssl)
     ,#~""
     (ssl_certificate /etc/letsencrypt/live/trop.in/fullchain.pem)
     (ssl_certificate_key /etc/letsencrypt/live/trop.in/privkey.pem)
     (ssl_protocols TLSv1.2)
     ,#~""
     (server_name trop.in *.trop.in)
     ,#~""
     (location
      /
      ((root /srv/nginx/trop.in)
       (if ,#~"($request_uri ~ ^/(.*)\\.html(\\?|$))"
           ((return 302 /$1)))
       (try_files $uri $uri.html $uri/ =404))))))

(define files-server-context
  `(server
    ((listen 80)
     (listen ,#~"[::]:80")
     ,#~""
     (server_name files.trop.in files.ygg.trop.in)
     (root /srv/nginx/public)
     (autoindex on))))

(define interpose (@ (rde serializers utils) interpose))

(define* (rtmp-context
          #:key
          youtube-rtmp-key
          peertube-rtmp-key)
  `(rtmp
    ((server
      ((listen 1935)
       (chunk_size 4096)
       (application
        live
        ((live on)
         (push ,#~#$(string-append
                     "rtmp://a.rtmp.youtube.com/live2/" youtube-rtmp-key))
         (push ,#~#$(string-append
                     "rtmp://diode.zone:1935/live/" peertube-rtmp-key))
         (record off))))))))

(define (get-nginx-conf)
  `(;; TODO: Move it to nginx service
    (user nginx nginx)
    (pid /var/run/nginx/pid)

    (load_module ,(file-append nginx-rtmp-module
                               "/etc/nginx/modules/ngx_rtmp_module.so"))
    ,#~""
    (events ())
    ,#~""
    (http
     ,(append
       `((include  ,(file-append nginx "/share/nginx/conf/mime.types")))
       (interpose
        (list
         (guix-mirror-server-context
          #:domain-prefix "guix.")
         (guix-mirror-server-context
          #:domain-prefix "ci.guix.")
         (guix-mirror-server-context
          #:domain-prefix "issues.guix.")
         main-server-context
         files-server-context)
        #~"")))
    ,#~""
    ,(rtmp-context
      #:youtube-rtmp-key (getenv "YOUTUBE_RTMP_KEY")
      #:peertube-rtmp-key (getenv "PEERTUBE_RTMP_KEY"))))

(define nginx-service
  (service
   nginx-service-type
   (nginx-configuration
    (modules
     (list
      (file-append nginx-rtmp-module "\
/etc/nginx/modules/ngx_rtmp_module.so")))
    (extra-content
     (format #f "\
server {
    listen 80;
    listen [::]:80;
    listen 443 ssl;
    listen [::]:443 ssl;

    ssl_certificate /srv/nginx/ssl/hundredrps.pem;
    ssl_certificate_key /srv/nginx/ssl/hundredrps.key;
    ssl_protocols TLSv1.2;

    server_name guix.trop.in guix.ygg.trop.in;

    location / {
        proxy_pass https://guix.gnu.org;
        proxy_set_header HOST guix.gnu.org;
    }
}

server {
    listen 80;
    listen [::]:80;
    listen 443 ssl;
    listen [::]:443 ssl;

    ssl_certificate /srv/nginx/ssl/hundredrps.pem;
    ssl_certificate_key /srv/nginx/ssl/hundredrps.key;
    ssl_protocols TLSv1.2;

    server_name issues.guix.trop.in issues.guix.ygg.trop.in;

    location / {
        proxy_pass https://issues.guix.gnu.org;
        proxy_set_header HOST issues.guix.gnu.org;
    }
}

server {
    listen 80;
    listen [::]:80;
    listen 443 ssl;
    listen [::]:443 ssl;

    ssl_certificate /srv/nginx/ssl/hundredrps.pem;
    ssl_certificate_key /srv/nginx/ssl/hundredrps.key;
    ssl_protocols TLSv1.2;

    server_name ci.guix.trop.in ci.guix.ygg.trop.in;

    location / {
        proxy_pass https://ci.guix.gnu.org;
        proxy_set_header HOST ci.guix.gnu.org;
    }
}

server {
    listen 80;
    listen [::]:80;

    listen 443 ssl;
    listen [::]:443 ssl;

    ssl_certificate     /etc/letsencrypt/live/trop.in/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/trop.in/privkey.pem;
    ssl_protocols TLSv1.2;

    server_name trop.in *.trop.in;

    location / {
        root /srv/nginx/trop.in;
        if ($request_uri ~~ ^/(.*)\\.html(\\?|$)) {
            return 302 /$1;
        }
        try_files $uri $uri.html $uri/ =404;
    }

    # rtmp stat
    location /stat {
        rtmp_stat all;
        rtmp_stat_stylesheet stat.xsl;
    }

    location /stat.xsl {
        root /var/www/html/rtmp;
    }

    # rtmp control
    location /control {
        rtmp_control all;
    }

}

server {
    listen 80;
    listen [::]:80;

    server_name files.trop.in files.ygg.trop.in;
    root /srv/nginx/public;
    autoindex on;
}

server {
    listen 80;
    listen [::]:80;

    server_name hundredrps.project.trop.in;
    root /srv/nginx/public;
    autoindex on;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name hundredrps.project.trop.in;
    ssl_certificate /srv/nginx/ssl/hundredrps.pem;
    ssl_certificate_key /srv/nginx/ssl/hundredrps.key;
    ssl_protocols TLSv1.2;

    location / {
        proxy_pass http://localhost:50080;
    }
}

}
rtmp {
        server {
                listen 1935;
                chunk_size 4096;

                application live {
                        live on;
                        record off;
                        push rtmp://a.rtmp.youtube.com/live2/~a;
                        push rtmp://diode.zone:1935/live/~a;
                }
        }
"
             (getenv "YOUTUBE_RTMP_KEY")
             (getenv "PEERTUBE_RTMP_KEY"))))))
    (nginx-conf (get-nginx-conf)))))

;; Operating system description
(define* (get-os #:key (user "bob"))
  (operating-system
   (host-name "pinky")