feat: create space for the open governance

This commit is contained in:
silver 2024-05-03 22:50:57 +01:00
parent ebefd81def
commit 210845d2cd
3 changed files with 85 additions and 0 deletions

View file

@ -0,0 +1,12 @@
# Open Governance
Started by DCU this is an initiative to make the running of (computer) societies more open and resilient.
The goal is to back these up in multiple locations.
| Uni | Tag | Repo | Notes |
|-----|----------|----------------------------------------------------------|-------|
| DCU | redbrick | https://github.com/redbrick/open-governance | |
| UL | skynet | https://gitlab.skynet.ie/compsoc1/compsoc/open-goverance | |
| | | | |

View file

@ -0,0 +1,70 @@
/*
This file is for hosting teh open governance for other societies
*/
{
lib,
config,
pkgs,
...
}:
with lib; let
# - instead of _ for dns reasons
name = "open-goverance";
cfg = config.services.skynet."${name}";
folder = "/var/skynet/${name}";
in {
imports = [
../acme.nix
../dns.nix
];
options.services.skynet."${name}" = {
host = {
ip = mkOption {
type = types.str;
};
name = mkOption {
type = types.str;
};
};
};
config = {
skynet_acme.domains = [
"${name}.skynet.ie"
];
skynet_dns.records = [
{
record = "${name}";
r_type = "CNAME";
value = cfg.host.name;
}
];
# create a folder to store the archives
systemd.tmpfiles.rules = [
"d ${folder} 0755 ${config.services.nginx.user} ${config.services.nginx.group}"
"L+ ${folder}/README.md - - - - ${./README.md}"
];
services.nginx.virtualHosts = {
"${name}.skynet.ie" = {
forceSSL = true;
useACMEHost = "skynet";
root = folder;
locations = {
"/".extraConfig = "autoindex on;";
# show md files as plain text
"~ \.md".extraConfig = ''
types {
text/plain md;
}
'';
};
};
};
};
}

View file

@ -11,6 +11,7 @@ in {
imports = [ imports = [
./acme.nix ./acme.nix
./dns.nix ./dns.nix
./open_goverance/open_goverance.nix
]; ];
options.services.skynet = { options.services.skynet = {
@ -62,6 +63,8 @@ in {
} }
]; ];
services.skynet.open-goverance.host = cfg.host;
networking.firewall.allowedTCPPorts = [80 443]; networking.firewall.allowedTCPPorts = [80 443];
services.nginx = { services.nginx = {
enable = true; enable = true;