hswaw/customs: hotfix laserproxy build by using old hscloud
Change-Id: I5a00d138ed7e5080e55997912413bf2f776cd295
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1451
Reviewed-by: vuko <vuko@hackerspace.pl>
diff --git a/hswaw/machines/customs.hackerspace.pl/laserproxy/service.nix b/hswaw/machines/customs.hackerspace.pl/laserproxy/service.nix
index e9e361a..e76c51f 100644
--- a/hswaw/machines/customs.hackerspace.pl/laserproxy/service.nix
+++ b/hswaw/machines/customs.hackerspace.pl/laserproxy/service.nix
@@ -4,30 +4,65 @@
name = "laserproxy";
user = name;
group = name;
-in {
+
+ # Building hscloud bazel from nix is often broken on master branch. Building
+ # laserproxy from older hscloud is not a pretty solution, but seem like a
+ # best option for now.
+ # TODO use upstream laserproxy when CI testing is added
+ # see https://issues.hackerspace.pl/issues/9
+ laserproxy =
+ let
+ old = pkgs.fetchgit {
+ url = "https://gerrit.hackerspace.pl/hscloud.git";
+ rev = "5319e611b2be9241c01994eb8e42bd349bb6eabb";
+ sha256 = "sha256-KdVAlaXHW2CE2kJoOT0jJ+a20u6HPAgx5g/7ifX8iqU=";
+ };
+ old-patched = pkgs.runCommandNoCC "hscloud" { } ''
+ cp -r "${old}" $out
+ chmod +w $out/WORKSPACE $out/default.nix
+
+ # backport passing system to allow (pure) builds from flakes
+ chmod +w $out/default.nix
+ echo "{ system ? builtins.currentSystem, ... }@args:" > $out/default.nix
+ sed -e '1d' -e 's/import nixpkgsSrc {/\0 inherit system; /g' ${old}/default.nix >> $out/default.nix
+
+ # hotfix failing bazel build:
+ #
+ # Label '//hswaw/site:deps.bzl' is invalid because 'hswaw/site' is not
+ # a package; perhaps you meant to put the colon here:
+ # '//:hswaw/site/deps.bzl'?
+ chmod +w $out/WORKSPACE
+ sed '/hswaw.site.deps/d' "${old}/WORKSPACE" > $out/WORKSPACE
+ '';
+ in
+ (import old-patched { inherit (pkgs) system; }).hswaw.laserproxy;
+
+in
+{
users.users."${user}" = {
- group = "${group}";
+ group = "${group}";
isSystemUser = true;
uid = 1004;
};
- users.groups."${group}" = {};
+ users.groups."${group}" = { };
systemd.services."${name}" = {
- description = "Logging packet log from nftables";
- wantedBy = [ "multi-user.target" ];
- after = ["network-addresses-laser.service"];
+ description = "HSWAW lasercutter proxy";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network-addresses-laser.service" ];
serviceConfig.User = "${user}";
serviceConfig.Type = "simple";
serviceConfig.Restart = "always";
serviceConfig.RestartSec = "30";
- serviceConfig.ExecStart = "${workspace.hswaw.laserproxy}/bin/laserproxy -logtostderr -hspki_disable -web_address 127.0.0.1:2137";
+ serviceConfig.ExecStart = "${laserproxy}/bin/laserproxy -logtostderr -hspki_disable -web_address 127.0.0.1:2137";
};
services.nginx.virtualHosts."laser.waw.hackerspace.pl" = {
listen = [
- { addr = "10.8.1.2"; port=80; ssl=false; }
- #{ addr = "10.8.1.2"; port=433; ssl=true; }
+ { addr = "10.8.1.2"; port = 80; ssl = false; }
+ # TODO fix certs / virtual hosts on customs and enable this
+ # { addr = "10.8.1.2"; port=433; ssl=true; }
];
locations."/" = {
proxyPass = "http://127.0.0.1:2137/";
@@ -35,14 +70,13 @@
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Host $host:$server_port;
- proxy_set_header X-Forwarded-Server $host;
- proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Host $host:$server_port;
+ proxy_set_header X-Forwarded-Server $host;
+ proxy_set_header X-Forwarded-Proto $scheme;
allow 10.0.0.0/8;
deny all;
'';
};
};
-
}