From 210845d2cd6e22f4cf8a9dd9fd5c0e224ee28a5a Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 3 May 2024 22:50:57 +0100 Subject: [PATCH] feat: create space for the open governance --- applications/open_goverance/README.md | 12 ++++ .../open_goverance/open_goverance.nix | 70 +++++++++++++++++++ applications/skynet.ie.nix | 3 + 3 files changed, 85 insertions(+) create mode 100644 applications/open_goverance/README.md create mode 100644 applications/open_goverance/open_goverance.nix diff --git a/applications/open_goverance/README.md b/applications/open_goverance/README.md new file mode 100644 index 0000000..2c9a6b3 --- /dev/null +++ b/applications/open_goverance/README.md @@ -0,0 +1,12 @@ +# Open Governance + +Started by DCU this is an initiative to make the running of (computer) societies more open and resilient. +The goal is to back these up in multiple locations. + + +| Uni | Tag | Repo | Notes | +|-----|----------|----------------------------------------------------------|-------| +| DCU | redbrick | https://github.com/redbrick/open-governance | | +| UL | skynet | https://gitlab.skynet.ie/compsoc1/compsoc/open-goverance | | +| | | | | + diff --git a/applications/open_goverance/open_goverance.nix b/applications/open_goverance/open_goverance.nix new file mode 100644 index 0000000..544a503 --- /dev/null +++ b/applications/open_goverance/open_goverance.nix @@ -0,0 +1,70 @@ +/* +This file is for hosting teh open governance for other societies +*/ +{ + lib, + config, + pkgs, + ... +}: +with lib; let + # - instead of _ for dns reasons + name = "open-goverance"; + + cfg = config.services.skynet."${name}"; + folder = "/var/skynet/${name}"; +in { + imports = [ + ../acme.nix + ../dns.nix + ]; + + options.services.skynet."${name}" = { + host = { + ip = mkOption { + type = types.str; + }; + name = mkOption { + type = types.str; + }; + }; + }; + + config = { + skynet_acme.domains = [ + "${name}.skynet.ie" + ]; + + skynet_dns.records = [ + { + record = "${name}"; + r_type = "CNAME"; + value = cfg.host.name; + } + ]; + + # create a folder to store the archives + systemd.tmpfiles.rules = [ + "d ${folder} 0755 ${config.services.nginx.user} ${config.services.nginx.group}" + "L+ ${folder}/README.md - - - - ${./README.md}" + ]; + + services.nginx.virtualHosts = { + "${name}.skynet.ie" = { + forceSSL = true; + useACMEHost = "skynet"; + root = folder; + locations = { + "/".extraConfig = "autoindex on;"; + + # show md files as plain text + "~ \.md".extraConfig = '' + types { + text/plain md; + } + ''; + }; + }; + }; + }; +} diff --git a/applications/skynet.ie.nix b/applications/skynet.ie.nix index a691388..b1bed7a 100644 --- a/applications/skynet.ie.nix +++ b/applications/skynet.ie.nix @@ -11,6 +11,7 @@ in { imports = [ ./acme.nix ./dns.nix + ./open_goverance/open_goverance.nix ]; options.services.skynet = { @@ -62,6 +63,8 @@ in { } ]; + services.skynet.open-goverance.host = cfg.host; + networking.firewall.allowedTCPPorts = [80 443]; services.nginx = { enable = true;