comparing f452d8286a45900d78abdc48b93ca9b59a100919 and push-oqkkllmzurup on tangled.org/infra

+10 -10

flake.lock

··· 256 256 }, 257 257 "nixpkgs_2": { 258 258 "locked": { 259 - "lastModified": 1767634882, 260 - "narHash": "sha256-2GffSfQxe3sedHzK+sTKlYo/NTIAGzbFCIsNMUPAAnk=", 259 + "lastModified": 1767379071, 260 + "narHash": "sha256-EgE0pxsrW9jp9YFMkHL9JMXxcqi/OoumPJYwf+Okucw=", 261 261 "owner": "nixos", 262 262 "repo": "nixpkgs", 263 - "rev": "3c9db02515ef1d9b6b709fc60ba9a540957f661c", 263 + "rev": "fb7944c166a3b630f177938e478f0378e64ce108", 264 264 "type": "github" 265 265 }, 266 266 "original": { 267 267 "owner": "nixos", 268 - "ref": "nixos-25.11", 268 + "ref": "nixos-unstable", 269 269 "repo": "nixpkgs", 270 270 "type": "github" 271 271 } ··· 354 354 "sqlite-lib-src": "sqlite-lib-src" 355 355 }, 356 356 "locked": { 357 - "lastModified": 1767767073, 358 - "narHash": "sha256-BSZJ1TY5lGt7xNgFRtcKwYcSOI6VC2CHLfm7y/GgHwU=", 357 + "lastModified": 1767683698, 358 + "narHash": "sha256-MFrfNmTKTdOOsyXUvvqPwH6zqvDZZpURnd7QdJkVOgU=", 359 359 "ref": "refs/heads/master", 360 - "rev": "6dc86ffbed5a290ca6a4890caa2dadea5c8b8a81", 361 - "revCount": 1792, 360 + "rev": "b31a2a3590fefc4c70817f94a20076df2428b4d3", 361 + "revCount": 1791, 362 362 "type": "git", 363 - "url": "https://tangled.org/tangled.org/core" 363 + "url": "https://tangled.org/@tangled.org/core" 364 364 }, 365 365 "original": { 366 366 "type": "git", 367 - "url": "https://tangled.org/tangled.org/core" 367 + "url": "https://tangled.org/@tangled.org/core" 368 368 } 369 369 } 370 370 },

+9 -19

flake.nix

··· 2 2 description = "nix infra for tangled"; 3 3 4 4 inputs = { 5 - nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; 6 - tangled.url = "git+https://tangled.org/tangled.org/core"; 5 + nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable"; 6 + tangled.url = "git+https://tangled.org/@tangled.org/core"; 7 7 colmena.url = "github:zhaofengli/colmena/release-0.4.x"; 8 8 disko = { 9 9 url = "github:nix-community/disko"; ··· 22 22 system = "x86_64-linux"; 23 23 commonArgs = import ./common/ssh.nix; 24 24 25 - colmenaHive = colmena.lib.makeHive { 26 - meta = { 27 - nixpkgs = nixpkgs.legacyPackages.x86_64-linux; 28 - specialArgs = { 29 - nixery-pkgs = import nixery-flake.outPath { 30 - pkgs = import nixpkgs { system = "x86_64-linux"; }; 31 - }; 32 - tangled-pkgs = tangled.packages.x86_64-linux; 33 - commonArgs = import ./common/ssh.nix; 34 - }; 35 25 # Helper function to create nixosConfiguration 36 26 mkHost = hostname: extraModules: 37 27 nixpkgs.lib.nixosSystem { ··· 44 34 }; 45 35 46 36 # Helper function to create colmena host 47 - mkColmenaHost = hostname: targetHost: extraModules: 37 + mkColmenaHost = hostname: targetHost: targetPort: extraModules: 48 38 { 49 39 deployment = { 50 40 inherit targetHost; 51 - targetPort = 22; 41 + inherit targetPort; 52 42 targetUser = "tangler"; 53 43 buildOnTarget = true; 54 44 }; ··· 137 127 environment.systemPackages = [ pkgs.curl ]; 138 128 }; 139 129 140 - appview = mkColmenaHost "appview" hosts.appview.target hosts.appview.modules; 141 - pds = mkColmenaHost "pds" hosts.pds.target hosts.pds.modules; 142 - nixery = mkColmenaHost "nixery" hosts.nixery.target hosts.nixery.modules; 143 - spindle = mkColmenaHost "spindle" hosts.spindle.target hosts.spindle.modules; 144 - knot1 = mkColmenaHost "knot1" hosts.knot1.target hosts.knot1.modules; 130 + appview = mkColmenaHost "appview" hosts.appview.target 2222 hosts.appview.modules; 131 + pds = mkColmenaHost "pds" hosts.pds.target 22 hosts.pds.modules; 132 + nixery = mkColmenaHost "nixery" hosts.nixery.target 22 hosts.nixery.modules; 133 + spindle = mkColmenaHost "spindle" hosts.spindle.target 22 hosts.spindle.modules; 134 + knot1 = mkColmenaHost "knot1" hosts.knot1.target 22 hosts.knot1.modules; 145 135 }; 146 136 }; 147 137 }

+1

hosts/appview/configuration.nix

··· 19 19 networking.hostName = "appview-arn"; 20 20 services = { 21 21 openssh.enable = true; 22 + openssh.ports = [2222]; 22 23 }; 23 24 24 25 # networking.extraHosts = ''

+20 -7

hosts/appview/services/nginx.nix

··· 7 7 recommendedOptimisation = true; 8 8 recommendedGzipSettings = true; 9 9 10 + streamConfig = '' 11 + upstream knot-sailor { 12 + server 94.237.110.185:22; 13 + } 14 + 15 + server { 16 + listen 22; 17 + listen [::]:22; 18 + proxy_pass knot-sailor; 19 + } 20 + ''; 21 + 10 22 virtualHosts = { 11 23 # Redirect tangled.sh → tangled.org 12 24 "tangled.sh" = { ··· 53 65 ''; 54 66 55 67 locations."~ ^/@tangled\\.sh(/.*)?$" = { 56 - return = "301 https://tangled.org/@tangled.org$1$is_args$args"; 68 + extraConfig = '' 69 + rewrite ^/@tangled\.sh(.*)$ https://tangled.org/@tangled.org$1 permanent; 70 + ''; 57 71 }; 58 72 59 73 locations."~ ^/tangled\\.sh(/.*)?$" = { 60 - return = "301 https://tangled.org/tangled.org$1$is_args$args"; 74 + extraConfig = '' 75 + rewrite ^/tangled\.sh(.*)$ https://tangled.org/tangled.org$1 permanent; 76 + ''; 61 77 }; 62 78 79 + 63 80 locations."~ /logs$" = { 64 81 proxyPass = "http://127.0.0.1:3000"; 65 82 proxyWebsockets = true; ··· 71 88 locations."/" = { 72 89 proxyPass = "http://127.0.0.1:3000"; 73 90 extraConfig = '' 74 - proxy_set_header Host $host; 75 - proxy_set_header X-Real-IP $remote_addr; 76 - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 77 - proxy_set_header X-Forwarded-Proto $scheme; 78 91 client_max_body_size 100M; 79 92 ''; 80 93 }; ··· 83 96 }; 84 97 85 98 # Open firewall ports 86 - networking.firewall.allowedTCPPorts = [ 80 443 ]; 99 + networking.firewall.allowedTCPPorts = [ 80 443 2222 22 ]; 87 100 88 101 # ACME configuration for Let's Encrypt 89 102 security.acme = {

-11

hosts/nixery/services/nginx.nix

··· 1 - { tangled-pkgs, pkgs, ... }: 2 - 3 1 { 4 2 services.nginx = { 5 3 enable = true; 6 4 virtualHosts = { 7 - "docs.tangled.org" = { 8 - forceSSL = true; 9 - enableACME = true; 10 - root = "${tangled-pkgs.docs}"; 11 - locations."/" = { 12 - tryFiles = "$uri $uri/ =404"; 13 - index = "index.html"; 14 - }; 15 - }; 16 5 "nixery.tangled.sh" = { 17 6 forceSSL = true; 18 7 enableACME = true;

Compare changes