Piotr Dobrowolski | a01905a | 2021-10-16 18:22:46 +0200 | [diff] [blame] | 1 | { pkgs, workspace, ... }: |
| 2 | |
| 3 | let |
| 4 | name = "laserproxy"; |
| 5 | user = name; |
| 6 | group = name; |
vuko | aa07796 | 2022-12-21 02:45:31 +0100 | [diff] [blame] | 7 | |
| 8 | # Building hscloud bazel from nix is often broken on master branch. Building |
| 9 | # laserproxy from older hscloud is not a pretty solution, but seem like a |
| 10 | # best option for now. |
| 11 | # TODO use upstream laserproxy when CI testing is added |
| 12 | # see https://issues.hackerspace.pl/issues/9 |
| 13 | laserproxy = |
| 14 | let |
| 15 | old = pkgs.fetchgit { |
| 16 | url = "https://gerrit.hackerspace.pl/hscloud.git"; |
| 17 | rev = "5319e611b2be9241c01994eb8e42bd349bb6eabb"; |
| 18 | sha256 = "sha256-KdVAlaXHW2CE2kJoOT0jJ+a20u6HPAgx5g/7ifX8iqU="; |
| 19 | }; |
| 20 | old-patched = pkgs.runCommandNoCC "hscloud" { } '' |
| 21 | cp -r "${old}" $out |
| 22 | chmod +w $out/WORKSPACE $out/default.nix |
| 23 | |
| 24 | # backport passing system to allow (pure) builds from flakes |
| 25 | chmod +w $out/default.nix |
| 26 | echo "{ system ? builtins.currentSystem, ... }@args:" > $out/default.nix |
| 27 | sed -e '1d' -e 's/import nixpkgsSrc {/\0 inherit system; /g' ${old}/default.nix >> $out/default.nix |
| 28 | |
| 29 | # hotfix failing bazel build: |
| 30 | # |
| 31 | # Label '//hswaw/site:deps.bzl' is invalid because 'hswaw/site' is not |
| 32 | # a package; perhaps you meant to put the colon here: |
| 33 | # '//:hswaw/site/deps.bzl'? |
| 34 | chmod +w $out/WORKSPACE |
| 35 | sed '/hswaw.site.deps/d' "${old}/WORKSPACE" > $out/WORKSPACE |
| 36 | ''; |
| 37 | in |
| 38 | (import old-patched { inherit (pkgs) system; }).hswaw.laserproxy; |
| 39 | |
| 40 | in |
| 41 | { |
Piotr Dobrowolski | a01905a | 2021-10-16 18:22:46 +0200 | [diff] [blame] | 42 | users.users."${user}" = { |
vuko | aa07796 | 2022-12-21 02:45:31 +0100 | [diff] [blame] | 43 | group = "${group}"; |
Piotr Dobrowolski | b6bc3e6 | 2021-10-16 21:56:59 +0200 | [diff] [blame] | 44 | isSystemUser = true; |
| 45 | uid = 1004; |
Piotr Dobrowolski | a01905a | 2021-10-16 18:22:46 +0200 | [diff] [blame] | 46 | }; |
vuko | aa07796 | 2022-12-21 02:45:31 +0100 | [diff] [blame] | 47 | users.groups."${group}" = { }; |
Piotr Dobrowolski | a01905a | 2021-10-16 18:22:46 +0200 | [diff] [blame] | 48 | |
| 49 | systemd.services."${name}" = { |
vuko | aa07796 | 2022-12-21 02:45:31 +0100 | [diff] [blame] | 50 | description = "HSWAW lasercutter proxy"; |
| 51 | wantedBy = [ "multi-user.target" ]; |
| 52 | after = [ "network-addresses-laser.service" ]; |
Piotr Dobrowolski | a01905a | 2021-10-16 18:22:46 +0200 | [diff] [blame] | 53 | |
| 54 | serviceConfig.User = "${user}"; |
| 55 | serviceConfig.Type = "simple"; |
vuko | e8a5d8f | 2022-06-26 19:09:43 +0200 | [diff] [blame] | 56 | serviceConfig.Restart = "always"; |
| 57 | serviceConfig.RestartSec = "30"; |
vuko | aa07796 | 2022-12-21 02:45:31 +0100 | [diff] [blame] | 58 | serviceConfig.ExecStart = "${laserproxy}/bin/laserproxy -logtostderr -hspki_disable -web_address 127.0.0.1:2137"; |
Piotr Dobrowolski | a01905a | 2021-10-16 18:22:46 +0200 | [diff] [blame] | 59 | }; |
| 60 | |
| 61 | services.nginx.virtualHosts."laser.waw.hackerspace.pl" = { |
| 62 | listen = [ |
vuko | aa07796 | 2022-12-21 02:45:31 +0100 | [diff] [blame] | 63 | { addr = "10.8.1.2"; port = 80; ssl = false; } |
| 64 | # TODO fix certs / virtual hosts on customs and enable this |
| 65 | # { addr = "10.8.1.2"; port=433; ssl=true; } |
Piotr Dobrowolski | a01905a | 2021-10-16 18:22:46 +0200 | [diff] [blame] | 66 | ]; |
| 67 | locations."/" = { |
| 68 | proxyPass = "http://127.0.0.1:2137/"; |
| 69 | extraConfig = '' |
| 70 | proxy_set_header Host $host; |
| 71 | proxy_set_header X-Real-IP $remote_addr; |
| 72 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
vuko | aa07796 | 2022-12-21 02:45:31 +0100 | [diff] [blame] | 73 | proxy_set_header X-Forwarded-Host $host:$server_port; |
| 74 | proxy_set_header X-Forwarded-Server $host; |
| 75 | proxy_set_header X-Forwarded-Proto $scheme; |
Piotr Dobrowolski | a01905a | 2021-10-16 18:22:46 +0200 | [diff] [blame] | 76 | |
| 77 | allow 10.0.0.0/8; |
| 78 | deny all; |
| 79 | ''; |
| 80 | }; |
| 81 | }; |
Piotr Dobrowolski | a01905a | 2021-10-16 18:22:46 +0200 | [diff] [blame] | 82 | } |