guix/maintenance
2
0
Fork 0
mirror of git://git.savannah.gnu.org/guix/maintenance.git synced 2023-12-14 03:33:04 +01:00
Code Issues Releases Wiki Activity
maintenance/hydra/nginx/berlin.scm

781 lines
42 KiB
Scheme
Raw Normal View History

hydra: berlin: Add nginx-configuration. * hydra/nginx/berlin.scm: New file.
2018-12-28 22:49:19 +01:00
;; Nginx configuration for ci.guix.info
hydra/berlin: Host git mirror. * hydra/nginx/berlin.scm (guix.gnu.org-locations): Add git HTTP configuration for serving /srv/git. * hydra/berlin.scm: Add git-minimal to packages.
2019-12-23 22:38:02 +01:00
(use-modules (gnu services web)
(gnu services version-control))
hydra: berlin: Add missing module import. * hydra/nginx/berlin.scm: Use (gnu services web) module.
2018-12-29 11:13:22 +01:00
hydra: berlin: Add nginx-configuration. * hydra/nginx/berlin.scm: New file.
2018-12-28 22:49:19 +01:00
(define* (le host #:optional privkey)
(string-append "/etc/letsencrypt/live/"
host "/"
(if privkey "privkey" "fullchain")
hydra: berlin: Remove extraneous semicolon. * hydra/nginx/berlin.scm (le): Remove trailing semicolon.
2018-12-29 11:11:33 +01:00
".pem"))
hydra: berlin: Add nginx-configuration. * hydra/nginx/berlin.scm: New file.
2018-12-28 22:49:19 +01:00
nginx: berlin: Add redirects inherited from gnu.org/s/guix. * hydra/nginx/berlin.scm (redirect): New procedure. (berlin-locations): Add many calls to 'redirect'.
2019-07-05 10:52:45 +02:00
(define (redirect old new)
(nginx-location-configuration
(uri old)
(body (list (string-append "return 301 " new ";\n")))))
nginx: berlin: Make the 'guix publish' URL a parameter. * hydra/nginx/berlin.scm (%publish-locations): Rename to... (publish-locations): ... this. Add 'url' parameter and honor it. (%berlin-locations): Rename to... (berlin-locations): ... this. Add 'publish-url' parameter and honor it. (%berlin-servers): Adjust accordingly.
2019-06-03 21:25:07 +02:00
(define (publish-locations url)
"Return the nginx location blocks for 'guix publish' running on URL."
nginx: berlin: Define locations for 'guix publish'. * hydra/nginx/berlin.scm (%publish-locations): New variable. (%berlin-locations): Use it.
2019-06-03 17:11:43 +02:00
(list (nginx-location-configuration
(uri "/nix-cache-info")
(body
(list
(string-append
nginx: berlin: Make the 'guix publish' URL a parameter. * hydra/nginx/berlin.scm (%publish-locations): Rename to... (publish-locations): ... this. Add 'url' parameter and honor it. (%berlin-locations): Rename to... (berlin-locations): ... this. Add 'publish-url' parameter and honor it. (%berlin-servers): Adjust accordingly.
2019-06-03 21:25:07 +02:00
"proxy_pass " url "/nix-cache-info;")
nginx: berlin: Define locations for 'guix publish'. * hydra/nginx/berlin.scm (%publish-locations): New variable. (%berlin-locations): Use it.
2019-06-03 17:11:43 +02:00
;; Cache this file since that's always the first thing we ask
;; for.
"proxy_cache static;"
"proxy_cache_valid 200 100d;" ; cache hits for a looong time.
"proxy_cache_valid any 5m;" ; cache misses/others for 5 min.
"proxy_ignore_client_abort on;"
;; We need to hide and ignore the Set-Cookie header to enable
;; caching.
"proxy_hide_header Set-Cookie;"
"proxy_ignore_headers Set-Cookie;")))
(nginx-location-configuration
(uri "/nar/")
(body
(list
nginx: berlin: Make the 'guix publish' URL a parameter. * hydra/nginx/berlin.scm (%publish-locations): Rename to... (publish-locations): ... this. Add 'url' parameter and honor it. (%berlin-locations): Rename to... (berlin-locations): ... this. Add 'publish-url' parameter and honor it. (%berlin-servers): Adjust accordingly.
2019-06-03 21:25:07 +02:00
(string-append "proxy_pass " url ";")
nginx: berlin: Define locations for 'guix publish'. * hydra/nginx/berlin.scm (%publish-locations): New variable. (%berlin-locations): Use it.
2019-06-03 17:11:43 +02:00
"client_body_buffer_size 256k;"
;; Be more tolerant of delays when fetching a nar.
"proxy_read_timeout 60s;"
"proxy_send_timeout 60s;"
;; Enable caching for nar files, to avoid reconstructing and
;; recompressing archives.
"proxy_cache nar;"
"proxy_cache_valid 200 30d;" ; cache hits for 1 month
"proxy_cache_valid 504 3m;" ; timeout, when hydra.gnu.org is overloaded
"proxy_cache_valid any 1h;" ; cache misses/others for 1h.
"proxy_ignore_client_abort on;"
;; Nars are already compressed.
"gzip off;"
;; We need to hide and ignore the Set-Cookie header to enable
;; caching.
"proxy_hide_header Set-Cookie;"
"proxy_ignore_headers Set-Cookie;"
;; Provide a 'content-length' header so that 'guix
;; substitute-binary' knows upfront how much it is downloading.
;; "add_header Content-Length $body_bytes_sent;"
)))
(nginx-location-configuration
(uri "~ \\.narinfo$")
(body
(list
;; Since 'guix publish' has its own caching, and since it relies
;; on the atime of cached narinfos to determine whether a
;; narinfo can be removed from the cache, don't do any caching
;; here.
nginx: berlin: Make the 'guix publish' URL a parameter. * hydra/nginx/berlin.scm (%publish-locations): Rename to... (publish-locations): ... this. Add 'url' parameter and honor it. (%berlin-locations): Rename to... (berlin-locations): ... this. Add 'publish-url' parameter and honor it. (%berlin-servers): Adjust accordingly.
2019-06-03 21:25:07 +02:00
(string-append "proxy_pass " url ";")
nginx: berlin: Define locations for 'guix publish'. * hydra/nginx/berlin.scm (%publish-locations): New variable. (%berlin-locations): Use it.
2019-06-03 17:11:43 +02:00
;; For HTTP pipelining. This has a dramatic impact on
;; performance.
"client_body_buffer_size 128k;"
;; Narinfos requests are short, serve many of them on a
;; connection.
"keepalive_requests 600;"
;; Do not tolerate slowness of hydra.gnu.org when fetching
;; narinfos: better return 504 quickly than wait forever.
"proxy_connect_timeout 2s;"
"proxy_read_timeout 2s;"
"proxy_send_timeout 2s;"
;; 'guix publish --ttl' produces a 'Cache-Control' header for
;; use by 'guix substitute'. Let it through rather than use
;; nginx's "expire" directive since the expiration time defined
;; by 'guix publish' is the right one.
"proxy_pass_header Cache-Control;"
"proxy_ignore_client_abort on;"
;; We need to hide and ignore the Set-Cookie header to enable
;; caching.
"proxy_hide_header Set-Cookie;"
"proxy_ignore_headers Set-Cookie;")))
(nginx-location-configuration
(uri "/log/")
(body
(list
nginx: berlin: Make the 'guix publish' URL a parameter. * hydra/nginx/berlin.scm (%publish-locations): Rename to... (publish-locations): ... this. Add 'url' parameter and honor it. (%berlin-locations): Rename to... (berlin-locations): ... this. Add 'publish-url' parameter and honor it. (%berlin-servers): Adjust accordingly.
2019-06-03 21:25:07 +02:00
(string-append "proxy_pass " url ";")
nginx: berlin: Define locations for 'guix publish'. * hydra/nginx/berlin.scm (%publish-locations): New variable. (%berlin-locations): Use it.
2019-06-03 17:11:43 +02:00
;; Enable caching for build logs.
"proxy_cache logs;"
"proxy_cache_valid 200 60d;" ; cache hits.
"proxy_cache_valid 504 3m;" ; timeout, when hydra.gnu.org is overloaded
"proxy_cache_valid any 1h;" ; cache misses/others.
"proxy_ignore_client_abort on;"
;; We need to hide and ignore the Set-Cookie header to enable
;; caching.
"proxy_hide_header Set-Cookie;"
"proxy_ignore_headers Set-Cookie;")))
;; Content-addressed files served by 'guix publish'.
(nginx-location-configuration
(uri "/file/")
(body
(list
nginx: berlin: Make the 'guix publish' URL a parameter. * hydra/nginx/berlin.scm (%publish-locations): Rename to... (publish-locations): ... this. Add 'url' parameter and honor it. (%berlin-locations): Rename to... (berlin-locations): ... this. Add 'publish-url' parameter and honor it. (%berlin-servers): Adjust accordingly.
2019-06-03 21:25:07 +02:00
(string-append "proxy_pass " url ";")
nginx: berlin: Define locations for 'guix publish'. * hydra/nginx/berlin.scm (%publish-locations): New variable. (%berlin-locations): Use it.
2019-06-03 17:11:43 +02:00
"proxy_cache cas;"
"proxy_cache_valid 200 200d;" ; cache hits
"proxy_cache_valid any 5m;" ; cache misses/others
"proxy_ignore_client_abort on;")))))
hydra: berlin: Add nginx-configuration. * hydra/nginx/berlin.scm: New file.
2018-12-28 22:49:19 +01:00
(define %tls-settings
(list
;; Make sure SSL is disabled.
"ssl_protocols TLSv1 TLSv1.1 TLSv1.2;"
;; Disable weak cipher suites.
"ssl_ciphers HIGH:!aNULL:!MD5;"
"ssl_prefer_server_ciphers on;"
;; Use our own DH parameters created with:
;; openssl dhparam -out dhparams.pem 2048
;; as suggested at <https://weakdh.org/sysadmin.html>.
"ssl_dhparam /etc/dhparams.pem;"))
nginx: berlin: Make the 'guix publish' URL a parameter. * hydra/nginx/berlin.scm (%publish-locations): Rename to... (publish-locations): ... this. Add 'url' parameter and honor it. (%berlin-locations): Rename to... (berlin-locations): ... this. Add 'publish-url' parameter and honor it. (%berlin-servers): Adjust accordingly.
2019-06-03 21:25:07 +02:00
(define (berlin-locations publish-url)
"Return nginx location blocks with 'guix publish' reachable at
PUBLISH-URL."
(append (publish-locations publish-url)
nginx: berlin: Define locations for 'guix publish'. * hydra/nginx/berlin.scm (%publish-locations): New variable. (%berlin-locations): Use it.
2019-06-03 17:11:43 +02:00
(list
;; Cuirass.
(nginx-location-configuration
(uri "/")
(body (list "proxy_pass http://localhost:8081;")))
nginx: berlin: Require authentication for Cuirass /admin routes. * hydra/nginx/berlin.scm (berlin-locations): Require client certificate authentication on /admin location. (%berlin-servers): Verify client certificate optionally on ci.guix.gnu.org.
2019-10-30 13:11:28 +01:00
(nginx-location-configuration
(uri "~ ^/admin")
(body
(list "if ($ssl_client_verify != SUCCESS) { return 403; } proxy_pass http://localhost:8081;")))
nginx: berlin: Define locations for 'guix publish'. * hydra/nginx/berlin.scm (%publish-locations): New variable. (%berlin-locations): Use it.
2019-06-03 17:11:43 +02:00
(nginx-location-configuration
(uri "/static")
(body
(list
"proxy_pass http://localhost:8081;"
;; Let browsers cache this for a while.
"expires 10d;"
;; Cache quite aggressively.
"proxy_cache static;"
"proxy_cache_valid 200 5d;"
"proxy_cache_valid any 10m;"
"proxy_ignore_client_abort on;")))
nginx: berlin: Add "/.well-known" location for ci.guix.gnu.org. * hydra/nginx/berlin.scm (berlin-locations): Add location for "/.well-known".
2020-01-02 18:11:45 +01:00
(nginx-location-configuration ;certbot
(uri "/.well-known")
(body (list "root /var/www;")))
nginx: berlin: Define locations for 'guix publish'. * hydra/nginx/berlin.scm (%publish-locations): New variable. (%berlin-locations): Use it.
2019-06-03 17:11:43 +02:00
(nginx-location-configuration
(uri "/berlin.guixsd.org-export.pub")
(body
nginx: berlin: Fix "/.i18n" handling. * hydra/nginx/berlin.scm (berlin-locations): Remove "/.well-known" location. Move "/.i18n" and "/guix" locations to... (guix.gnu.org-locations): ... here.
2019-10-21 14:57:01 +02:00
(list "root /var/www/guix;"))))))
nginx: berlin: Install redirects for guix.gnu.org. * hydra/nginx/berlin.scm (berlin-locations): Move redirects to... (guix.gnu.org-locations): ... here. New variable. (%berlin-servers): Use GUIX-GNU.ORG-LOCATIONS where appropriate.
2019-07-16 09:55:57 +02:00
(define guix.gnu.org-locations
(list
hydra: nginx: Add short URL for installation script. * hydra/nginx/berlin.scm (guix.gnu.org-locations): Add redirect for "/install.sh".
2019-08-08 17:37:08 +02:00
;; Short URL for the installation script
(redirect "/install.sh" "https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh")
nginx: berlin: Install redirects for guix.gnu.org. * hydra/nginx/berlin.scm (berlin-locations): Move redirects to... (guix.gnu.org-locations): ... here. New variable. (%berlin-servers): Use GUIX-GNU.ORG-LOCATIONS where appropriate.
2019-07-16 09:55:57 +02:00
;; What follows is a list of redirects for URLs that used to be
;; available at gnu.org/s/guix--e.g.,
;; <http://gnu.org/s/guix/news/porting-guix-and-guixsd.html>.
nginx: berlin: Add redirect for "/news/feed.xml". * hydra/nginx/berlin.scm (guix.gnu.org-locations): Add redirect for "/news/feed.xml".
2019-07-17 23:54:42 +02:00
(redirect "/news/feed.xml" "/feeds/blog.atom")
nginx: berlin: Fix redirects. * hydra/nginx/berlin.scm (guix.gnu.org-locations): Add leading slash to redirects.
2019-07-16 10:05:17 +02:00
(redirect "/news/porting-guix-and-guixsd.html" "/blog/2015/porting-guix-and-guixsd")
(redirect "/news/gnu-guix-welcomes-three-students-for-gsoc.html" "/blog/2015/gnu-guix-welcomes-three-students-for-gsoc")
(redirect "/news/gnu-guix-recruits-for-gsoc.html" "/blog/2015/gnu-guix-recruits-for-gsoc")
(redirect "/news/one-week-to-fosdem.html" "/blog/2014/one-week-to-fosdem")
(redirect "/news/gnu-dmd-02-released.html" "/blog/2014/gnu-dmd-02-released")
(redirect "/news/emacs-as-a-general-purpose-package-manager.html" "/blog/2014/emacs-as-a-general-purpose-package-manager")
(redirect "/news/join-gnu-guix-for-gsoc-2017.html" "/blog/2017/join-gnu-guix-for-gsoc-2017")
(redirect "/news/gnu-guix-05-released.html" "/blog/2013/gnu-guix-05-released")
(redirect "/news/guix-at-the-2014-gnu-hackers-meeting.html" "/blog/2014/guix-at-the-2014-gnu-hackers-meeting")
(redirect "/news/state-of-aarch64-on-guix.html" "/blog/2017/state-of-aarch64-on-guix")
(redirect "/news/coming-events.html" "/blog/2017/coming-events")
(redirect "/news/gnu-dmd-01-released.html" "/blog/2013/gnu-dmd-01-released")
(redirect "/news/announcing-guix-hpc.html" "/blog/2017/announcing-guix-hpc")
(redirect "/news/gnu-guix-looks-for-gsoc-students.html" "/blog/2014/gnu-guix-looks-for-gsoc-students")
(redirect "/news/guix-at-the-european-lisp-symposium.html" "/blog/2013/guix-at-the-european-lisp-symposium")
(redirect "/news/gnu-guix-08-released.html" "/blog/2014/gnu-guix-08-released")
(redirect "/news/gnu-guix-090-released.html" "/blog/2015/gnu-guix-090-released")
(redirect "/news/index.html" "/blog/")
(redirect "/news/gnu-guix-welcomes-four-students-for-gsoc.html" "/blog/2016/gnu-guix-welcomes-four-students-for-gsoc")
(redirect "/news/gnu-guix-081-released.html" "/blog/2015/gnu-guix-081-released")
(redirect "/news/timely-delivery-of-security-updates.html" "/blog/2016/timely-delivery-of-security-updates")
(redirect "/news/guix-at-openbio-codefest-2014.html" "/blog/2014/guix-at-openbio-codefest-2014")
(redirect "/news/gnu-guix-talk-in-boston-ma-usa-on-january-20th.html" "/blog/2016/gnu-guix-talk-in-boston-ma-usa-on-january-20th")
(redirect "/news/gnu-guix-at-fosdem.html" "/blog/2015/gnu-guix-at-fosdem")
(redirect "/news/gnu-guix-082-released.html" "/blog/2015/gnu-guix-082-released")
(redirect "/news/chris-webber-talks-about-guix-in-chicago-september-30th.html" "/blog/2015/chris-webber-talks-about-guix-in-chicago-september-30th")
(redirect "/news/back-from-the-gnu-hackers-meeting.html" "/blog/2013/back-from-the-gnu-hackers-meeting")
(redirect "/news/reproducible-build-summit-2nd-edition.html" "/blog/2016/reproducible-build-summit-2nd-edition")
(redirect "/news/gnu-guix-talk-in-rennes-france-november-9th.html" "/blog/2015/gnu-guix-talk-in-rennes-france-november-9th")
(redirect "/news/gnu-guix-01-released.html" "/blog/2013/gnu-guix-01-released")
(redirect "/news/guix-tox-talk-at-pyconfr-october-17th.html" "/blog/2015/guix-tox-talk-at-pyconfr-october-17th")
(redirect "/news/gnu-guix-and-guixsd-0.13.0-released.html" "/blog/2017/gnu-guix-and-guixsd-0.13.0-released")
(redirect "/news/guix-gets-cross-compilation-support.html" "/blog/2013/guix-gets-cross-compilation-support")
(redirect "/news/gnu-guix-06-released.html" "/blog/2014/gnu-guix-06-released")
(redirect "/news/meet-guix-at-fosdem.html" "/blog/2016/meet-guix-at-fosdem")
(redirect "/news/reproducible-and-user-controlled-software-environments-in-hpc-with-guix.html" "/blog/2015/reproducible-and-user-controlled-software-environments-in-hpc-with-guix")
(redirect "/news/container-provisioning-with-guix.html" "/blog/2015/container-provisioning-with-guix")
(redirect "/news/guixsd-system-tests.html" "/blog/2016/guixsd-system-tests")
(redirect "/news/gnu-guix--guixsd-0100-released.html" "/blog/2016/gnu-guix--guixsd-0100-released")
(redirect "/news/gnu-guix-and-guixsd-0110-released.html" "/blog/2016/gnu-guix-and-guixsd-0110-released")
(redirect "/news/boot-to-guile.html" "/blog/2013/boot-to-guile")
(redirect "/news/gnu-guix-talk-at-opentechsummit-berlin-may-14th.html" "/blog/2015/gnu-guix-talk-at-opentechsummit-berlin-may-14th")
(redirect "/news/running-system-services-in-containers.html" "/blog/2017/running-system-services-in-containers")
(redirect "/news/growing-our-build-farm.html" "/blog/2016/growing-our-build-farm")
(redirect "/news/distro-of-the-linux-based-gnu-system-ported-to-mips.html" "/blog/2013/distro-of-the-linux-based-gnu-system-ported-to-mips")
(redirect "/news/guix-at-libreplanet-2016.html" "/blog/2016/guix-at-libreplanet-2016")
(redirect "/news/guix--gsoc.html" "/blog/2013/guix--gsoc")
(redirect "/news/service-composition-in-guixsd.html" "/blog/2015/service-composition-in-guixsd")
(redirect "/news/creating-bundles-with-guix-pack.html" "/blog/2017/creating-bundles-with-guix-pack")
(redirect "/news/back-from-the-european-lisp-symposium.html" "/blog/2013/back-from-the-european-lisp-symposium")
(redirect "/news/gnu-guix-04-released-happy-birthday-gnu.html" "/blog/2013/gnu-guix-04-released-happy-birthday-gnu")
(redirect "/news/reproducible-builds-a-status-update.html" "/blog/2017/reproducible-builds-a-status-update")
(redirect "/news/gnu-guix-083-released.html" "/blog/2015/gnu-guix-083-released")
(redirect "/news/join-gnu-guix-for-gsoc.html" "/blog/2016/join-gnu-guix-for-gsoc")
(redirect "/news/gnu-guix-and-guixsd-0120-released.html" "/blog/2016/gnu-guix-and-guixsd-0120-released")
(redirect "/news/meet-guix-at-fosdem-2017.html" "/blog/2017/meet-guix-at-fosdem-2017")
(redirect "/news/join-guix-for-an-on-line-hackathon-on-sep-28-29.html" "/blog/2013/join-guix-for-an-on-line-hackathon-on-sep-28-29")
(redirect "/news/gnome-in-guixsd.html" "/blog/2016/gnome-in-guixsd")
(redirect "/news/introducing-guix-a-package-manager-and-distro-for-gnu.html" "/blog/2012/introducing-guix-a-package-manager-and-distro-for-gnu")
(redirect "/news/gnu-guix-03-released.html" "/blog/2013/gnu-guix-03-released")
(redirect "/news/gnu-guix-07-released.html" "/blog/2014/gnu-guix-07-released")
(redirect "/news/gsoc-update.html" "/blog/2015/gsoc-update")
(redirect "/news/gnu-guix-02-released.html" "/blog/2013/gnu-guix-02-released")
(redirect "/news/guix-starts-fundraising-campaign-with-support-from-the-fsf.html" "/blog/2015/guix-starts-fundraising-campaign-with-support-from-the-fsf")
(redirect "/news/gnu-guix-ported-to-arm-and-other-niceties-of-the-new-year.html" "/blog/2015/gnu-guix-ported-to-arm-and-other-niceties-of-the-new-year")
(redirect "/news/reproducible-builds-a-means-to-an-end.html" "/blog/2015/reproducible-builds-a-means-to-an-end")
(redirect "/manual/html_node/Substitutes.html" "../en/html_node/Substitutes.html")
(redirect "/manual/html_node/GNU-Free-Documentation-License.html" "../en/html_node/GNU-Free-Documentation-License.html")
(redirect "/manual/html_node/The-Store-Monad.html" "../en/html_node/The-Store-Monad.html")
(redirect "/manual/html_node/Running-Guix-Before-It-Is-Installed.html" "../en/html_node/Running-Guix-Before-It-Is-Installed.html")
(redirect "/manual/html_node/rngd_002dservice.html" "../en/html_node/rngd_002dservice.html")
(redirect "/manual/html_node/Data-Types-and-Pattern-Matching.html" "../en/html_node/Data-Types-and-Pattern-Matching.html")
(redirect "/manual/html_node/Version-Numbers.html" "../en/html_node/Version-Numbers.html")
(redirect "/manual/html_node/The-Perfect-Setup.html" "../en/html_node/The-Perfect-Setup.html")
(redirect "/manual/html_node/G_002dExpressions.html" "../en/html_node/G_002dExpressions.html")
(redirect "/manual/html_node/Programming-Paradigm.html" "../en/html_node/Programming-Paradigm.html")
(redirect "/manual/html_node/Installing-GuixSD-in-a-VM.html" "../en/html_node/Installing-GuixSD-in-a-VM.html")
(redirect "/manual/html_node/syslog_002dconfiguration_002dtype.html" "../en/html_node/syslog_002dconfiguration_002dtype.html")
(redirect "/manual/html_node/Running-the-Test-Suite.html" "../en/html_node/Running-the-Test-Suite.html")
(redirect "/manual/html_node/Coding-Style.html" "../en/html_node/Coding-Style.html")
(redirect "/manual/html_node/Version-Control-Services.html" "../en/html_node/Version-Control-Services.html")
(redirect "/manual/html_node/client_002dsubstitute_002durls.html" "../en/html_node/client_002dsubstitute_002durls.html")
(redirect "/manual/html_node/Database-Services.html" "../en/html_node/Database-Services.html")
(redirect "/manual/html_node/Invoking-guix-download.html" "../en/html_node/Invoking-guix-download.html")
(redirect "/manual/html_node/Documentation.html" "../en/html_node/Documentation.html")
(redirect "/manual/html_node/Package-Naming.html" "../en/html_node/Package-Naming.html")
(redirect "/manual/html_node/Invoking-guix-hash.html" "../en/html_node/Invoking-guix-hash.html")
(redirect "/manual/html_node/Audio-Services.html" "../en/html_node/Audio-Services.html")
(redirect "/manual/html_node/Mapped-Devices.html" "../en/html_node/Mapped-Devices.html")
(redirect "/manual/html_node/operating_002dsystem-Reference.html" "../en/html_node/operating_002dsystem-Reference.html")
(redirect "/manual/html_node/Security-Updates.html" "../en/html_node/Security-Updates.html")
(redirect "/manual/html_node/Java-Packages.html" "../en/html_node/Java-Packages.html")
(redirect "/manual/html_node/user_002daccount_002dpassword.html" "../en/html_node/user_002daccount_002dpassword.html")
(redirect "/manual/html_node/System-Installation.html" "../en/html_node/System-Installation.html")
(redirect "/manual/html_node/Installation.html" "../en/html_node/Installation.html")
(redirect "/manual/html_node/Modules.html" "../en/html_node/Modules.html")
(redirect "/manual/html_node/File-Systems.html" "../en/html_node/File-Systems.html")
(redirect "/manual/html_node/Invoking-guix-gc.html" "../en/html_node/Invoking-guix-gc.html")
(redirect "/manual/html_node/package_002dpropagated_002dinputs.html" "../en/html_node/package_002dpropagated_002dinputs.html")
(redirect "/manual/html_node/Invoking-guix-lint.html" "../en/html_node/Invoking-guix-lint.html")
(redirect "/manual/html_node/Invoking-guix-pull.html" "../en/html_node/Invoking-guix-pull.html")
(redirect "/manual/html_node/Invoking-guix_002ddaemon.html" "../en/html_node/Invoking-guix_002ddaemon.html")
(redirect "/manual/html_node/Locales.html" "../en/html_node/Locales.html")
(redirect "/manual/html_node/Using-the-Configuration-System.html" "../en/html_node/Using-the-Configuration-System.html")
(redirect "/manual/html_node/X_002e509-Certificates.html" "../en/html_node/X_002e509-Certificates.html")
(redirect "/manual/html_node/guix_002dconfiguration_002dtype.html" "../en/html_node/guix_002dconfiguration_002dtype.html")
(redirect "/manual/html_node/USB-Stick-and-DVD-Installation.html" "../en/html_node/USB-Stick-and-DVD-Installation.html")
(redirect "/manual/html_node/Software-Freedom.html" "../en/html_node/Software-Freedom.html")
(redirect "/manual/html_node/Building-the-Installation-Image.html" "../en/html_node/Building-the-Installation-Image.html")
(redirect "/manual/html_node/Running-GuixSD-in-a-VM.html" "../en/html_node/Running-GuixSD-in-a-VM.html")
(redirect "/manual/html_node/Debugging-Build-Failures.html" "../en/html_node/Debugging-Build-Failures.html")
(redirect "/manual/html_node/daemon_002dsubstitute_002durls.html" "../en/html_node/daemon_002dsubstitute_002durls.html")
(redirect "/manual/html_node/Virtualization-Services.html" "../en/html_node/Virtualization-Services.html")
(redirect "/manual/html_node/Fonts.html" "../en/html_node/Fonts.html")
(redirect "/manual/html_node/Monitoring-Services.html" "../en/html_node/Monitoring-Services.html")
(redirect "/manual/html_node/Binary-Installation.html" "../en/html_node/Binary-Installation.html")
(redirect "/manual/html_node/Messaging-Services.html" "../en/html_node/Messaging-Services.html")
(redirect "/manual/html_node/X-Window.html" "../en/html_node/X-Window.html")
(redirect "/manual/html_node/Service-Types-and-Services.html" "../en/html_node/Service-Types-and-Services.html")
(redirect "/manual/html_node/Introduction.html" "../en/html_node/Introduction.html")
(redirect "/manual/html_node/Hardware-Considerations.html" "../en/html_node/Hardware-Considerations.html")
(redirect "/manual/html_node/System-Configuration.html" "../en/html_node/System-Configuration.html")
(redirect "/manual/html_node/VPN-Services.html" "../en/html_node/VPN-Services.html")
(redirect "/manual/html_node/Invoking-guix-system.html" "../en/html_node/Invoking-guix-system.html")
(redirect "/manual/html_node/index.html" "../en/html_node/index.html")
(redirect "/manual/html_node/package-Reference.html" "../en/html_node/package-Reference.html")
(redirect "/manual/html_node/Sending-a-Patch-Series.html" "../en/html_node/Sending-a-Patch-Series.html")
(redirect "/manual/html_node/package_002dcmd_002dpropagated_002dinputs.html" "../en/html_node/package_002dcmd_002dpropagated_002dinputs.html")
(redirect "/manual/html_node/Invoking-guix-refresh.html" "../en/html_node/Invoking-guix-refresh.html")
(redirect "/manual/html_node/GNU-Distribution.html" "../en/html_node/GNU-Distribution.html")
(redirect "/manual/html_node/Name-Service-Switch.html" "../en/html_node/Name-Service-Switch.html")
(redirect "/manual/html_node/The-Store.html" "../en/html_node/The-Store.html")
(redirect "/manual/html_node/Common-Build-Options.html" "../en/html_node/Common-Build-Options.html")
(redirect "/manual/html_node/Invoking-guix-import.html" "../en/html_node/Invoking-guix-import.html")
(redirect "/manual/html_node/Invoking-guix-edit.html" "../en/html_node/Invoking-guix-edit.html")
(redirect "/manual/html_node/Network-File-System.html" "../en/html_node/Network-File-System.html")
(redirect "/manual/html_node/Miscellaneous-Services.html" "../en/html_node/Miscellaneous-Services.html")
(redirect "/manual/html_node/Daemon-Offload-Setup.html" "../en/html_node/Daemon-Offload-Setup.html")
(redirect "/manual/html_node/Features.html" "../en/html_node/Features.html")
(redirect "/manual/html_node/guix_002dpublish_002dservice_002dtype.html" "../en/html_node/guix_002dpublish_002dservice_002dtype.html")
(redirect "/manual/html_node/Invoking-guix-pack.html" "../en/html_node/Invoking-guix-pack.html")
(redirect "/manual/html_node/Contributing.html" "../en/html_node/Contributing.html")
(redirect "/manual/html_node/fallback_002doption.html" "../en/html_node/fallback_002doption.html")
(redirect "/manual/html_node/Power-management-Services.html" "../en/html_node/Power-management-Services.html")
(redirect "/manual/html_node/build_002dcheck.html" "../en/html_node/build_002dcheck.html")
(redirect "/manual/html_node/Invoking-guix-package.html" "../en/html_node/Invoking-guix-package.html")
(redirect "/manual/html_node/Mail-Services.html" "../en/html_node/Mail-Services.html")
(redirect "/manual/html_node/Concept-Index.html" "../en/html_node/Concept-Index.html")
(redirect "/manual/html_node/Build-Environment-Setup.html" "../en/html_node/Build-Environment-Setup.html")
(redirect "/manual/html_node/Printing-Services.html" "../en/html_node/Printing-Services.html")
(redirect "/manual/html_node/Invoking-guix-build.html" "../en/html_node/Invoking-guix-build.html")
(redirect "/manual/html_node/Programming-Interface.html" "../en/html_node/Programming-Interface.html")
(redirect "/manual/html_node/profile_002dmanifest.html" "../en/html_node/profile_002dmanifest.html")
(redirect "/manual/html_node/Packaging-Guidelines.html" "../en/html_node/Packaging-Guidelines.html")
(redirect "/manual/html_node/Kerberos-Services.html" "../en/html_node/Kerberos-Services.html")
(redirect "/manual/html_node/Invoking-guix-graph.html" "../en/html_node/Invoking-guix-graph.html")
(redirect "/manual/html_node/Invoking-guix-container.html" "../en/html_node/Invoking-guix-container.html")
(redirect "/manual/html_node/Derivations.html" "../en/html_node/Derivations.html")
(redirect "/manual/html_node/Programming-Index.html" "../en/html_node/Programming-Index.html")
(redirect "/manual/html_node/Setting-Up-the-Daemon.html" "../en/html_node/Setting-Up-the-Daemon.html")
(redirect "/manual/html_node/Continuous-Integration.html" "../en/html_node/Continuous-Integration.html")
(redirect "/manual/html_node/User-Accounts.html" "../en/html_node/User-Accounts.html")
(redirect "/manual/html_node/guix-system-vm.html" "../en/html_node/guix-system-vm.html")
(redirect "/manual/html_node/Invoking-guix-weather.html" "../en/html_node/Invoking-guix-weather.html")
(redirect "/manual/html_node/USB-Stick-Installation.html" "../en/html_node/USB-Stick-Installation.html")
(redirect "/manual/html_node/Telephony-Services.html" "../en/html_node/Telephony-Services.html")
(redirect "/manual/html_node/Additional-Build-Options.html" "../en/html_node/Additional-Build-Options.html")
(redirect "/manual/html_node/Requirements.html" "../en/html_node/Requirements.html")
(redirect "/manual/html_node/Acknowledgments.html" "../en/html_node/Acknowledgments.html")
(redirect "/manual/html_node/Formatting-Code.html" "../en/html_node/Formatting-Code.html")
(redirect "/manual/html_node/Certificate-Services.html" "../en/html_node/Certificate-Services.html")
(redirect "/manual/html_node/Invoking-guix-copy.html" "../en/html_node/Invoking-guix-copy.html")
(redirect "/manual/html_node/Package-Modules.html" "../en/html_node/Package-Modules.html")
(redirect "/manual/html_node/Proxy-Settings.html" "../en/html_node/Proxy-Settings.html")
(redirect "/manual/html_node/locales_002dand_002dlocpath.html" "../en/html_node/locales_002dand_002dlocpath.html")
(redirect "/manual/html_node/Substitute-Server-Authorization.html" "../en/html_node/Substitute-Server-Authorization.html")
(redirect "/manual/html_node/Setuid-Programs.html" "../en/html_node/Setuid-Programs.html")
(redirect "/manual/html_node/Bootstrapping.html" "../en/html_node/Bootstrapping.html")
(redirect "/manual/html_node/Defining-Services.html" "../en/html_node/Defining-Services.html")
(redirect "/manual/html_node/pam_002dlimits_002dservice.html" "../en/html_node/pam_002dlimits_002dservice.html")
(redirect "/manual/html_node/Desktop-Services.html" "../en/html_node/Desktop-Services.html")
(redirect "/manual/html_node/Utilities.html" "../en/html_node/Utilities.html")
(redirect "/manual/html_node/Services.html" "../en/html_node/Services.html")
(redirect "/manual/html_node/Limitations.html" "../en/html_node/Limitations.html")
(redirect "/manual/html_node/Invoking-guix-size.html" "../en/html_node/Invoking-guix-size.html")
(redirect "/manual/html_node/Shepherd-Services.html" "../en/html_node/Shepherd-Services.html")
(redirect "/manual/html_node/system_002dshepherd_002dgraph.html" "../en/html_node/system_002dshepherd_002dgraph.html")
(redirect "/manual/html_node/Invoking-guix-environment.html" "../en/html_node/Invoking-guix-environment.html")
(redirect "/manual/html_node/Invoking-guix-publish.html" "../en/html_node/Invoking-guix-publish.html")
(redirect "/manual/html_node/Log-Rotation.html" "../en/html_node/Log-Rotation.html")
(redirect "/manual/html_node/Building-from-Git.html" "../en/html_node/Building-from-Git.html")
(redirect "/manual/html_node/Defining-Packages.html" "../en/html_node/Defining-Packages.html")
(redirect "/manual/html_node/DNS-Services.html" "../en/html_node/DNS-Services.html")
(redirect "/manual/html_node/Bootloader-Configuration.html" "../en/html_node/Bootloader-Configuration.html")
(redirect "/manual/html_node/Invoking-guix-challenge.html" "../en/html_node/Invoking-guix-challenge.html")
(redirect "/manual/html_node/nginx_002dlocation_002dconfiguration-body.html" "../en/html_node/nginx_002dlocation_002dconfiguration-body.html")
(redirect "/manual/html_node/Proceeding-with-the-Installation.html" "../en/html_node/Proceeding-with-the-Installation.html")
(redirect "/manual/html_node/Initial-RAM-Disk.html" "../en/html_node/Initial-RAM-Disk.html")
(redirect "/manual/html_node/syslog_002dservice.html" "../en/html_node/syslog_002dservice.html")
(redirect "/manual/html_node/Preparing-for-Installation.html" "../en/html_node/Preparing-for-Installation.html")
(redirect "/manual/html_node/Application-Setup.html" "../en/html_node/Application-Setup.html")
(redirect "/manual/html_node/Service-Composition.html" "../en/html_node/Service-Composition.html")
(redirect "/manual/html_node/Packages-with-Multiple-Outputs.html" "../en/html_node/Packages-with-Multiple-Outputs.html")
(redirect "/manual/html_node/Submitting-Patches.html" "../en/html_node/Submitting-Patches.html")
(redirect "/manual/html_node/Substitution-Failure.html" "../en/html_node/Substitution-Failure.html")
(redirect "/manual/html_node/Porting.html" "../en/html_node/Porting.html")
(redirect "/manual/html_node/Web-Services.html" "../en/html_node/Web-Services.html")
(redirect "/manual/html_node/Build-Systems.html" "../en/html_node/Build-Systems.html")
(redirect "/manual/html_node/Python-Modules.html" "../en/html_node/Python-Modules.html")
(redirect "/manual/html_node/On-Trusting-Binaries.html" "../en/html_node/On-Trusting-Binaries.html")
(redirect "/manual/html_node/Synopses-and-Descriptions.html" "../en/html_node/Synopses-and-Descriptions.html")
(redirect "/manual/html_node/Invoking-guix-archive.html" "../en/html_node/Invoking-guix-archive.html")
(redirect "/manual/html_node/Package-Transformation-Options.html" "../en/html_node/Package-Transformation-Options.html")
(redirect "/manual/html_node/Perl-Modules.html" "../en/html_node/Perl-Modules.html")
(redirect "/manual/html_node/Base-Services.html" "../en/html_node/Base-Services.html")
(redirect "/manual/html_node/origin-Reference.html" "../en/html_node/origin-Reference.html")
(redirect "/manual/html_node/Substitute-Authentication.html" "../en/html_node/Substitute-Authentication.html")
(redirect "/manual/html_node/Service-Reference.html" "../en/html_node/Service-Reference.html")
(redirect "/manual/html_node/system_002dextension_002dgraph.html" "../en/html_node/system_002dextension_002dgraph.html")
(redirect "/manual/html_node/Installing-Debugging-Files.html" "../en/html_node/Installing-Debugging-Files.html")
(redirect "/manual/html_node/Official-Substitute-Server.html" "../en/html_node/Official-Substitute-Server.html")
(redirect "/manual/html_node/Scheduled-Job-Execution.html" "../en/html_node/Scheduled-Job-Execution.html")
(redirect "/manual/html_node/Package-Management.html" "../en/html_node/Package-Management.html")
(redirect "/manual/html_node/Networking-Services.html" "../en/html_node/Networking-Services.html")
nginx: berlin: Fix /manual/html_node redirect. * hydra/nginx/berlin.scm (guix.gnu.org-locations): Fix /manual/html_node redirect.
2019-07-17 22:37:01 +02:00
(redirect "/manual/html_node" "en/html_node")
nginx: berlin: Fix redirects. * hydra/nginx/berlin.scm (guix.gnu.org-locations): Add leading slash to redirects.
2019-07-16 10:05:17 +02:00
(redirect "/manual/guix.html" "en/guix.html")
(redirect "/manual/en/html_node/Installing-GuixSD-in-a-VM.html" "Installing-Guix-in-a-VM.html")
(redirect "/manual/en/html_node/Running-GuixSD-in-a-VM.html"
nginx: berlin: Install redirects for guix.gnu.org. * hydra/nginx/berlin.scm (berlin-locations): Move redirects to... (guix.gnu.org-locations): ... here. New variable. (%berlin-servers): Use GUIX-GNU.ORG-LOCATIONS where appropriate.
2019-07-16 09:55:57 +02:00
"Running-Guix-in-a-VM.html")
berlin: Publish guix.gnu.org/manual/devel. * hydra/berlin.scm (services): Add 'static-web-site-service-type' instance for "/srv/guix-manual-devel". * hydra/nginx/berlin.scm (guix.gnu.org-locations): Add /manual/devel.
2019-07-17 22:23:14 +02:00
(nginx-location-configuration
(uri "/manual/devel")
(body (list "alias /srv/guix-manual-devel;")))
nginx: berlin: Install redirects for guix.gnu.org. * hydra/nginx/berlin.scm (berlin-locations): Move redirects to... (guix.gnu.org-locations): ... here. New variable. (%berlin-servers): Use GUIX-GNU.ORG-LOCATIONS where appropriate.
2019-07-16 09:55:57 +02:00
(nginx-location-configuration
(uri "/manual")
(body (list "alias /srv/guix-manual;")))
berlin: Build and publish the cookbook. * hydra/berlin.scm (services): Add 'static-web-site-service-type' instance for "/srv/guix-cookbook". * hydra/nginx/berlin.scm (guix.gnu.org-locations): Add "/cookbook" and "/cookbook/.*\.pdf".
2019-10-21 23:31:30 +02:00
(nginx-location-configuration
(uri "/cookbook")
(body (list "alias /srv/guix-cookbook;")))
nginx: berlin: Attempt to fix *.pdf locations. * hydra/nginx/berlin.scm (guix.gnu.org-locations): Adjust regexp for *.pdf. Add two locations for /manual/*.pdf and /manual/devel/*.pdf so they take precedence over it.
2019-07-18 00:35:12 +02:00
;; We want a regexp to match *.pdf at the top level, but we also want
;; /manual/*.pdf to go to a difference place; the latter needs to take
;; precedence over the former, hence these location blocks.
(nginx-location-configuration
(uri "~ /manual/devel/(.*\\.pdf)$")
(body (list "alias /srv/guix-manual-devel/$1;")))
nginx: berlin: Install redirects for guix.gnu.org. * hydra/nginx/berlin.scm (berlin-locations): Move redirects to... (guix.gnu.org-locations): ... here. New variable. (%berlin-servers): Use GUIX-GNU.ORG-LOCATIONS where appropriate.
2019-07-16 09:55:57 +02:00
(nginx-location-configuration
nginx: berlin: Attempt to fix *.pdf locations. * hydra/nginx/berlin.scm (guix.gnu.org-locations): Adjust regexp for *.pdf. Add two locations for /manual/*.pdf and /manual/devel/*.pdf so they take precedence over it.
2019-07-18 00:35:12 +02:00
(uri "~ /manual/(.*\\.pdf)$")
(body (list "alias /srv/guix-manual/$1;")))
berlin: Build and publish the cookbook. * hydra/berlin.scm (services): Add 'static-web-site-service-type' instance for "/srv/guix-cookbook". * hydra/nginx/berlin.scm (guix.gnu.org-locations): Add "/cookbook" and "/cookbook/.*\.pdf".
2019-10-21 23:31:30 +02:00
(nginx-location-configuration
(uri "~ /cookbook/(.*\\.pdf)$")
(body (list "alias /srv/guix-cookbook/$1;")))
nginx: berlin: Attempt to fix *.pdf locations. * hydra/nginx/berlin.scm (guix.gnu.org-locations): Adjust regexp for *.pdf. Add two locations for /manual/*.pdf and /manual/devel/*.pdf so they take precedence over it.
2019-07-18 00:35:12 +02:00
(nginx-location-configuration
(uri "~ \\.pdf$") ;*.pdf at the top level
nginx: berlin: Install redirects for guix.gnu.org. * hydra/nginx/berlin.scm (berlin-locations): Move redirects to... (guix.gnu.org-locations): ... here. New variable. (%berlin-servers): Use GUIX-GNU.ORG-LOCATIONS where appropriate.
2019-07-16 09:55:57 +02:00
(body (list "root /srv/guix-pdfs;")))
nginx: berlin: Attempt to fix *.pdf locations. * hydra/nginx/berlin.scm (guix.gnu.org-locations): Adjust regexp for *.pdf. Add two locations for /manual/*.pdf and /manual/devel/*.pdf so they take precedence over it.
2019-07-18 00:35:12 +02:00
nginx: berlin: Fix "/.i18n" handling. * hydra/nginx/berlin.scm (berlin-locations): Remove "/.well-known" location. Move "/.i18n" and "/guix" locations to... (guix.gnu.org-locations): ... here.
2019-10-21 14:57:01 +02:00
;; Testing the i18n'd web site.
(nginx-location-configuration
(uri "/.i18n")
(body (list "alias /srv/guix.gnu.org-i18n;")))
hydra/berlin: Host git mirror. * hydra/nginx/berlin.scm (guix.gnu.org-locations): Add git HTTP configuration for serving /srv/git. * hydra/berlin.scm: Add git-minimal to packages.
2019-12-23 22:38:02 +01:00
(git-http-nginx-location-configuration
(git-http-configuration))
nginx: berlin: Fix "/.i18n" handling. * hydra/nginx/berlin.scm (berlin-locations): Remove "/.well-known" location. Move "/.i18n" and "/guix" locations to... (guix.gnu.org-locations): ... here.
2019-10-21 14:57:01 +02:00
;; For Hurd bootstrap binaries.
(nginx-location-configuration
(uri "/guix")
(body (list "root /var/www;")))
nginx: berlin: Install redirects for guix.gnu.org. * hydra/nginx/berlin.scm (berlin-locations): Move redirects to... (guix.gnu.org-locations): ... here. New variable. (%berlin-servers): Use GUIX-GNU.ORG-LOCATIONS where appropriate.
2019-07-16 09:55:57 +02:00
(nginx-location-configuration ;certbot
(uri "/.well-known")
(body (list "root /var/www;")))))
hydra: berlin: Add nginx-configuration. * hydra/nginx/berlin.scm: New file.
2018-12-28 22:49:19 +01:00
nginx: berlin: "guix.info" redirects to "guix.gnu.org". * hydra/nginx/berlin.scm (guix.info-locations): New variable. (%berlin-servers): Remove "guix.info" and "www.guix.info" from the "guix.gnu.org" server block, and add a separate block for it.
2019-07-17 22:30:32 +02:00
(define guix.info-locations
(list (nginx-location-configuration ;certbot
(uri "~ ^/\\.well-known")
(body (list "root /var/www;")))
(nginx-location-configuration
(uri "~ /(.*)")
(body (list "return 301 $scheme://guix.gnu.org/$1;")))))
nginx: berlin: Make the 'guix publish' URL a parameter. * hydra/nginx/berlin.scm (%publish-locations): Rename to... (publish-locations): ... this. Add 'url' parameter and honor it. (%berlin-locations): Rename to... (berlin-locations): ... this. Add 'publish-url' parameter and honor it. (%berlin-servers): Adjust accordingly.
2019-06-03 21:25:07 +02:00
(define %publish-url "http://localhost:3000")
hydra: berlin: Add nginx-configuration. * hydra/nginx/berlin.scm: New file.
2018-12-28 22:49:19 +01:00
(define %berlin-servers
(list
;; Plain HTTP
(nginx-server-configuration
(listen '("80"))
(server-name '("berlin.guixsd.org"
hydra: berlin: Add *.guix.gnu.org to the nginx 'server-name' fields. * hydra/nginx/berlin.scm (%berlin-servers): Add *.guix.gnu.org to the 'server-name' fields.
2019-05-01 17:53:15 +02:00
"ci.guix.info"
"ci.guix.gnu.org"))
nginx: berlin: Make the 'guix publish' URL a parameter. * hydra/nginx/berlin.scm (%publish-locations): Rename to... (publish-locations): ... this. Add 'url' parameter and honor it. (%berlin-locations): Rename to... (berlin-locations): ... this. Add 'publish-url' parameter and honor it. (%berlin-servers): Adjust accordingly.
2019-06-03 21:25:07 +02:00
(locations (berlin-locations %publish-url))
hydra: berlin: Add nginx-configuration. * hydra/nginx/berlin.scm: New file.
2018-12-28 22:49:19 +01:00
(raw-content
(list
"access_log /var/log/nginx/http.access.log;"
"proxy_set_header X-Forwarded-Host $host;"
"proxy_set_header X-Forwarded-Port $server_port;"
"proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;")))
(nginx-server-configuration
(listen '("80"))
(server-name '("bootstrappable.org"
"www.bootstrappable.org"))
(root "/home/rekado/bootstrappable.org")
(raw-content
(list
"access_log /var/log/nginx/bootstrappable.access.log;")))
(nginx-server-configuration
(listen '("80"))
nginx: berlin: "guix.info" redirects to "guix.gnu.org". * hydra/nginx/berlin.scm (guix.info-locations): New variable. (%berlin-servers): Remove "guix.info" and "www.guix.info" from the "guix.gnu.org" server block, and add a separate block for it.
2019-07-17 22:30:32 +02:00
(server-name '("guix.gnu.org"))
hydra: berlin: Update configuration to serve guix.gnu.org and manual. * berlin.scm: Add static-website services to generate guix.gnu.org and the html manual. * nginx/berlin.scm: Serve guix.gnu.org from a proper directory generated by the former services.
2019-07-11 22:45:18 +02:00
(root "/srv/guix.gnu.org")
nginx: berlin: Install redirects for guix.gnu.org. * hydra/nginx/berlin.scm (berlin-locations): Move redirects to... (guix.gnu.org-locations): ... here. New variable. (%berlin-servers): Use GUIX-GNU.ORG-LOCATIONS where appropriate.
2019-07-16 09:55:57 +02:00
(locations guix.gnu.org-locations)
hydra: berlin: Add nginx-configuration. * hydra/nginx/berlin.scm: New file.
2018-12-28 22:49:19 +01:00
(raw-content
(list
"access_log /var/log/nginx/guix-info.access.log;")))
nginx: berlin: "guix.info" redirects to "guix.gnu.org". * hydra/nginx/berlin.scm (guix.info-locations): New variable. (%berlin-servers): Remove "guix.info" and "www.guix.info" from the "guix.gnu.org" server block, and add a separate block for it.
2019-07-17 22:30:32 +02:00
(nginx-server-configuration
(listen '("80"))
(server-name '("guix.info"
"www.guix.info"))
(locations guix.info-locations)
(raw-content
(append
%tls-settings
(list
"access_log /var/log/nginx/guix-info.https.access.log;"))))
hydra: berlin: Add nginx-configuration. * hydra/nginx/berlin.scm: New file.
2018-12-28 22:49:19 +01:00
(nginx-server-configuration
(listen '("80"))
hydra: berlin: Add *.guix.gnu.org to the nginx 'server-name' fields. * hydra/nginx/berlin.scm (%berlin-servers): Add *.guix.gnu.org to the 'server-name' fields.
2019-05-01 17:53:15 +02:00
(server-name '("issues.guix.info"
"issues.guix.gnu.org"))
hydra: berlin: Add nginx-configuration. * hydra/nginx/berlin.scm: New file.
2018-12-28 22:49:19 +01:00
(root "/home/rekado/mumi/")
(locations
hydra: nginx: berlin: Add certbot locations for issues.* and guixwl. * hydra/nginx/berlin.scm (%berlin-servers): Add .well-known location for issues.guix.gnu.org and www.guixwl.org.
2019-07-25 11:59:12 +02:00
(list (nginx-location-configuration ;certbot
(uri "/.well-known")
(body (list "root /var/www;")))
(nginx-location-configuration
hydra: berlin: Add nginx-configuration. * hydra/nginx/berlin.scm: New file.
2018-12-28 22:49:19 +01:00
(uri "/")
(body '("proxy_pass http://localhost:1234;")))))
(raw-content
(list
"access_log /var/log/nginx/issues-guix-info.access.log;")))
hydra: berlin: Add server configurations for GWL. * hydra/nginx/berlin.scm (%berlin-servers): Add server configurations for workflows.guix.info, guixwl.org, and www.guixwl.org for both HTTP and HTTPS.
2019-05-14 20:18:46 +02:00
(nginx-server-configuration
(listen '("80"))
(server-name '("workflows.guix.info"
hydra: nginx: Accept workflow.guix.info as a valid name. * hydra/nginx/berlin.scm (%berlin-servers): Add workflow.guix.info to the server names for the GWL website.
2019-05-15 09:17:20 +02:00
"workflow.guix.info"
hydra: berlin: Add server configurations for GWL. * hydra/nginx/berlin.scm (%berlin-servers): Add server configurations for workflows.guix.info, guixwl.org, and www.guixwl.org for both HTTP and HTTPS.
2019-05-14 20:18:46 +02:00
"guixwl.org"
"www.guixwl.org"))
(root "/home/rekado/gwl/")
(locations
hydra: nginx: berlin: Add certbot locations for issues.* and guixwl. * hydra/nginx/berlin.scm (%berlin-servers): Add .well-known location for issues.guix.gnu.org and www.guixwl.org.
2019-07-25 11:59:12 +02:00
(list (nginx-location-configuration ;certbot
(uri "/.well-known")
(body (list "root /var/www;")))
berlin: Comment on 'guix workflow --web-interface'. * hydra/nginx/berlin.scm (%berlin-servers): Add comment.
2019-09-02 15:10:26 +02:00
nginx: berlin: Handle GWL manual URL. * hydra/nginx/berlin.scm (%berlin-servers): Add /manual location for workflows.guix.info.
2020-02-16 15:43:01 +01:00
(nginx-location-configuration
(uri "/manual")
(body (list "alias /srv/gwl-manual;")))
berlin: Comment on 'guix workflow --web-interface'. * hydra/nginx/berlin.scm (%berlin-servers): Add comment.
2019-09-02 15:10:26 +02:00
;; Pass requests to 'guix workflow --web-interface'.
hydra: nginx: berlin: Add certbot locations for issues.* and guixwl. * hydra/nginx/berlin.scm (%berlin-servers): Add .well-known location for issues.guix.gnu.org and www.guixwl.org.
2019-07-25 11:59:12 +02:00
(nginx-location-configuration
hydra: berlin: Add server configurations for GWL. * hydra/nginx/berlin.scm (%berlin-servers): Add server configurations for workflows.guix.info, guixwl.org, and www.guixwl.org for both HTTP and HTTPS.
2019-05-14 20:18:46 +02:00
(uri "/")
(body '("proxy_pass http://localhost:5000;")))))
(raw-content
(list
"access_log /var/log/nginx/workflows-guix-info.access.log;")))
hydra: berlin: Add nginx-configuration. * hydra/nginx/berlin.scm: New file.
2018-12-28 22:49:19 +01:00
;; HTTPS servers
(nginx-server-configuration
(listen '("443 ssl"))
(server-name '("berlin.guixsd.org"
hydra: berlin: Add *.guix.gnu.org to the nginx 'server-name' fields. * hydra/nginx/berlin.scm (%berlin-servers): Add *.guix.gnu.org to the 'server-name' fields.
2019-05-01 17:53:15 +02:00
"ci.guix.info"
"ci.guix.gnu.org"))
hydra: berlin: Add nginx-configuration. * hydra/nginx/berlin.scm: New file.
2018-12-28 22:49:19 +01:00
(ssl-certificate (le "berlin.guixsd.org"))
(ssl-certificate-key (le "berlin.guixsd.org" 'key))
nginx: berlin: Make the 'guix publish' URL a parameter. * hydra/nginx/berlin.scm (%publish-locations): Rename to... (publish-locations): ... this. Add 'url' parameter and honor it. (%berlin-locations): Rename to... (berlin-locations): ... this. Add 'publish-url' parameter and honor it. (%berlin-servers): Adjust accordingly.
2019-06-03 21:25:07 +02:00
(locations (berlin-locations %publish-url))
hydra: berlin: Add nginx-configuration. * hydra/nginx/berlin.scm: New file.
2018-12-28 22:49:19 +01:00
(raw-content
(append
%tls-settings
(list
"access_log /var/log/nginx/https.access.log;"
"proxy_set_header X-Forwarded-Host $host;"
"proxy_set_header X-Forwarded-Port $server_port;"
nginx: berlin: Require authentication for Cuirass /admin routes. * hydra/nginx/berlin.scm (berlin-locations): Require client certificate authentication on /admin location. (%berlin-servers): Verify client certificate optionally on ci.guix.gnu.org.
2019-10-30 13:11:28 +01:00
"proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;"
;; For Cuirass admin interface authentication
"ssl_client_certificate /etc/ssl-ca/certs/ca.crt;"
"ssl_crl /etc/ssl-ca/private/ca.crl;"
"ssl_verify_client optional;"))))
hydra: berlin: Add nginx-configuration. * hydra/nginx/berlin.scm: New file.
2018-12-28 22:49:19 +01:00
nginx: berlin: Add qualif.ci.guix.gnu.org. * hydra/nginx/berlin.scm (%berlin-servers): Add servers for "qualif.ci.guix.gnu.org", ports 80 and 443.
2019-06-04 10:05:55 +02:00
(nginx-server-configuration
(listen '("443 ssl"))
(server-name '("qualif.ci.guix.gnu.org"))
(locations (berlin-locations "http://localhost:3003"))
(raw-content
(append %tls-settings
'("access_log /var/log/nginx/qualif.access.log;"))))
hydra: berlin: Add nginx-configuration. * hydra/nginx/berlin.scm: New file.
2018-12-28 22:49:19 +01:00
(nginx-server-configuration
(listen '("443 ssl"))
(server-name '("bootstrappable.org"
"www.bootstrappable.org"))
(ssl-certificate (le "bootstrappable.org"))
(ssl-certificate-key (le "bootstrappable.org" 'key))
(root "/home/rekado/bootstrappable.org")
(raw-content
(append
%tls-settings
(list
"access_log /var/log/nginx/bootstrappable.https.access.log;"))))
(nginx-server-configuration
(listen '("443 ssl"))
(server-name '("guix.info"
hydra: nginx: Add server block for guix.gnu.org. This is necessary because we registered a separate Let's Encrypt certificate instead of expanding the certificate we used for guix.info. * hydra/nginx/berlin.scm (%berlin-servers): Separate server configurations for guix.info and guix.gnu.org.
2019-05-15 14:14:35 +02:00
"www.guix.info"))
hydra: berlin: Add nginx-configuration. * hydra/nginx/berlin.scm: New file.
2018-12-28 22:49:19 +01:00
(ssl-certificate (le "guix.info"))
(ssl-certificate-key (le "guix.info" 'key))
nginx: berlin: "guix.info" redirects to "guix.gnu.org". * hydra/nginx/berlin.scm (guix.info-locations): New variable. (%berlin-servers): Remove "guix.info" and "www.guix.info" from the "guix.gnu.org" server block, and add a separate block for it.
2019-07-17 22:30:32 +02:00
(locations guix.info-locations)
hydra: berlin: Add nginx-configuration. * hydra/nginx/berlin.scm: New file.
2018-12-28 22:49:19 +01:00
(raw-content
(append
%tls-settings
(list
"access_log /var/log/nginx/guix-info.https.access.log;"))))
(nginx-server-configuration
hydra: nginx: Add server block for guix.gnu.org. This is necessary because we registered a separate Let's Encrypt certificate instead of expanding the certificate we used for guix.info. * hydra/nginx/berlin.scm (%berlin-servers): Separate server configurations for guix.info and guix.gnu.org.
2019-05-15 14:14:35 +02:00
(listen '("443 ssl"))
(server-name '("guix.gnu.org"))
(ssl-certificate (le "guix.gnu.org"))
(ssl-certificate-key (le "guix.gnu.org" 'key))
hydra: berlin: Update configuration to serve guix.gnu.org and manual. * berlin.scm: Add static-website services to generate guix.gnu.org and the html manual. * nginx/berlin.scm: Serve guix.gnu.org from a proper directory generated by the former services.
2019-07-11 22:45:18 +02:00
(root "/srv/guix.gnu.org")
nginx: berlin: Install redirects for guix.gnu.org. * hydra/nginx/berlin.scm (berlin-locations): Move redirects to... (guix.gnu.org-locations): ... here. New variable. (%berlin-servers): Use GUIX-GNU.ORG-LOCATIONS where appropriate.
2019-07-16 09:55:57 +02:00
(locations guix.gnu.org-locations)
hydra: nginx: Add server block for guix.gnu.org. This is necessary because we registered a separate Let's Encrypt certificate instead of expanding the certificate we used for guix.info. * hydra/nginx/berlin.scm (%berlin-servers): Separate server configurations for guix.info and guix.gnu.org.
2019-05-15 14:14:35 +02:00
(raw-content
(append
%tls-settings
(list
"access_log /var/log/nginx/guix-gnu-org.https.access.log;"))))
(nginx-server-configuration
hydra: berlin: Add nginx-configuration. * hydra/nginx/berlin.scm: New file.
2018-12-28 22:49:19 +01:00
(listen '("443 ssl"))
hydra: nginx: Add server block for issues.guix.gnu.org. This is necessary because we registered a separate Let's Encrypt certificate instead of expanding the certificate we used for issues.guix.info. * hydra/nginx/berlin.scm (%berlin-servers): Separate server configurations for issues.guix.info and issues.guix.gnu.org.
2019-05-15 14:12:41 +02:00
(server-name '("issues.guix.info"))
hydra: berlin: Add nginx-configuration. * hydra/nginx/berlin.scm: New file.
2018-12-28 22:49:19 +01:00
(ssl-certificate (le "issues.guix.info"))
(ssl-certificate-key (le "issues.guix.info" 'key))
(root "/home/rekado/mumi/")
(locations
(list (nginx-location-configuration
(uri "/")
(body '("proxy_pass http://localhost:1234;")))))
(raw-content
(append
%tls-settings
(list
"proxy_set_header X-Forwarded-Host $host;"
"proxy_set_header X-Forwarded-Port $server_port;"
"proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;"
"proxy_connect_timeout 600;"
"proxy_send_timeout 600;"
"proxy_read_timeout 600;"
"send_timeout 600;"
hydra: berlin: Add server configurations for GWL. * hydra/nginx/berlin.scm (%berlin-servers): Add server configurations for workflows.guix.info, guixwl.org, and www.guixwl.org for both HTTP and HTTPS.
2019-05-14 20:18:46 +02:00
"access_log /var/log/nginx/issues-guix-info.https.access.log;"))))
hydra: nginx: Add server block for issues.guix.gnu.org. This is necessary because we registered a separate Let's Encrypt certificate instead of expanding the certificate we used for issues.guix.info. * hydra/nginx/berlin.scm (%berlin-servers): Separate server configurations for issues.guix.info and issues.guix.gnu.org.
2019-05-15 14:12:41 +02:00
(nginx-server-configuration
(listen '("443 ssl"))
(server-name '("issues.guix.gnu.org"))
(ssl-certificate (le "issues.guix.gnu.org"))
(ssl-certificate-key (le "issues.guix.gnu.org" 'key))
(root "/home/rekado/mumi/")
(locations
(list (nginx-location-configuration
(uri "/")
(body '("proxy_pass http://localhost:1234;")))))
(raw-content
(append
%tls-settings
(list
"proxy_set_header X-Forwarded-Host $host;"
"proxy_set_header X-Forwarded-Port $server_port;"
"proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;"
"proxy_connect_timeout 600;"
"proxy_send_timeout 600;"
"proxy_read_timeout 600;"
"send_timeout 600;"
"access_log /var/log/nginx/issues-guix-gnu-org.https.access.log;"))))
hydra: berlin: Add server configurations for GWL. * hydra/nginx/berlin.scm (%berlin-servers): Add server configurations for workflows.guix.info, guixwl.org, and www.guixwl.org for both HTTP and HTTPS.
2019-05-14 20:18:46 +02:00
(nginx-server-configuration
(listen '("443 ssl"))
(server-name '("workflows.guix.info"
hydra: nginx: Accept workflow.guix.info as a valid name. * hydra/nginx/berlin.scm (%berlin-servers): Add workflow.guix.info to the server names for the GWL website.
2019-05-15 09:17:20 +02:00
"workflow.guix.info"
hydra: berlin: Add server configurations for GWL. * hydra/nginx/berlin.scm (%berlin-servers): Add server configurations for workflows.guix.info, guixwl.org, and www.guixwl.org for both HTTP and HTTPS.
2019-05-14 20:18:46 +02:00
"guixwl.org"
"www.guixwl.org"))
hydra: nginx: berlin: Rename cert for guixwl. * hydra/nginx/berlin.scm (%berlin-servers): Use www.guixwl.org as main certificate name.
2019-07-25 13:30:15 +02:00
(ssl-certificate (le "www.guixwl.org"))
(ssl-certificate-key (le "www.guixwl.org" 'key))
hydra: berlin: Add server configurations for GWL. * hydra/nginx/berlin.scm (%berlin-servers): Add server configurations for workflows.guix.info, guixwl.org, and www.guixwl.org for both HTTP and HTTPS.
2019-05-14 20:18:46 +02:00
(root "/home/rekado/gwl/")
(locations
nginx: berlin: Handle GWL manual URL. * hydra/nginx/berlin.scm (%berlin-servers): Add /manual location for workflows.guix.info.
2020-02-16 15:43:01 +01:00
(list
(nginx-location-configuration
(uri "/manual")
(body (list "alias /srv/gwl-manual;")))
(nginx-location-configuration
(uri "/")
(body '("proxy_pass http://localhost:5000;")))))
hydra: berlin: Add server configurations for GWL. * hydra/nginx/berlin.scm (%berlin-servers): Add server configurations for workflows.guix.info, guixwl.org, and www.guixwl.org for both HTTP and HTTPS.
2019-05-14 20:18:46 +02:00
(raw-content
(append
%tls-settings
(list
"proxy_set_header X-Forwarded-Host $host;"
"proxy_set_header X-Forwarded-Port $server_port;"
"proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;"
"proxy_connect_timeout 600;"
"proxy_send_timeout 600;"
"proxy_read_timeout 600;"
"send_timeout 600;"
"access_log /var/log/nginx/workflows-guix-info.https.access.log;"))))))
hydra: berlin: Add nginx-configuration. * hydra/nginx/berlin.scm: New file.
2018-12-28 22:49:19 +01:00
(define %extra-content
(list
"default_type application/octet-stream;"
"sendfile on;"
;; Maximum chunk size to send. Partly this is a workaround for
;; <http://bugs.gnu.org/19939>, but also the nginx docs mention that
;; "Without the limit, one fast connection may seize the worker
;; process entirely."
;; <http://nginx.org/en/docs/http/ngx_http_core_module#sendfile_max_chunk>
"sendfile_max_chunk 1m;"
"keepalive_timeout 65;"
;; Use HTTP 1.1 to talk to the backend so we benefit from keep-alive
;; connections and chunked transfer encoding. The latter allows us to
;; make sure we do not cache partial downloads.
"proxy_http_version 1.1;"
;; The 'inactive' parameter for caching is not very useful in our
;; case: all that matters is that LRU sweeping happens when 'max_size'
;; is hit.
;; cache for nar files
"proxy_cache_path /var/cache/nginx/nar"
" levels=2"
" inactive=8d" ; inactive keys removed after 8d
" keys_zone=nar:4m" ; nar cache meta data: ~32K keys
" max_size=10g;" ; total cache data size max
;; cache for content-addressed files
"proxy_cache_path /var/cache/nginx/cas"
" levels=2"
" inactive=180d" ; inactive keys removed after 180d
" keys_zone=cas:8m" ; nar cache meta data: ~64K keys
" max_size=50g;" ; total cache data size max
;; cache for build logs
"proxy_cache_path /var/cache/nginx/logs"
" levels=2"
" inactive=60d" ; inactive keys removed after 60d
" keys_zone=logs:8m" ; narinfo meta data: ~64K keys
" max_size=4g;" ; total cache data size max
;; cache for static data
"proxy_cache_path /var/cache/nginx/static"
" levels=1"
" inactive=10d" ; inactive keys removed after 10d
" keys_zone=static:1m" ; nar cache meta data: ~8K keys
" max_size=200m;" ; total cache data size max
;; If Hydra cannot honor these delays, then something is wrong and
;; we'd better drop the connection and return 504.
"proxy_connect_timeout 7s;"
"proxy_read_timeout 10s;"
"proxy_send_timeout 10s;"
;; Cache timeouts for a little while to avoid increasing pressure.
"proxy_cache_valid 504 30s;"))
Revert "nginx: berlin: Really pass a "worker_processes" directive." This reverts commit bd9c3308f5b4c7b0d604a1a041072039add36093.
2020-03-15 11:42:52 +01:00
(define %nginx-configuration
hydra: berlin: Add nginx-configuration. * hydra/nginx/berlin.scm: New file.
2018-12-28 22:49:19 +01:00
(nginx-configuration
(server-blocks %berlin-servers)
nginx/berlin: Specify global directives. * hydra/nginx/berlin.scm (%extra-content): Remove global directives from here. (%nginx-configuration): Add field global-directives.
2020-03-15 12:05:56 +01:00
(global-directives
;; This is a 72-core machine, but let's not use all of them for nginx.
'((worker_processes . 16)
(pcre_jit . on)
(events . ((worker_connections . 1024)))))
hydra: berlin: Add nginx-configuration. * hydra/nginx/berlin.scm: New file.
2018-12-28 22:49:19 +01:00
(extra-content
(string-join %extra-content "\n"))))
Copy permalink