From patchwork Fri Feb 14 23:15:06 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 38627 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id BF64027BBEA; Fri, 14 Feb 2025 23:21:01 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-8.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H2,RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL, RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 096D827BBE2 for ; Fri, 14 Feb 2025 23:21:01 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tj4z6-0005Gd-Mv; Fri, 14 Feb 2025 18:20:36 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tj4uh-0004q7-8n; Fri, 14 Feb 2025 18:16:03 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tj4ug-0003sh-Ub; Fri, 14 Feb 2025 18:16:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:From:To:Subject; bh=RPQYlr2dzxkCvo3rfJBYdJTGSL4FMea7lCqCT5redEM=; b=XH9uD7Zp+HkIG4UeRs/z3ZnMxDK2RYKLYJLQYgcvC5uBpCvbdX1ZGgMsI3gdKMC78NXhofjn9lIdUJJpez9r9RHkCeNAmPz1NnoFJBqMdEMdxJPjpewrF9jFEmBFTlb31sZNijUQvvz170BqXXYuxfV42CeP0TUD8E6xTKJP90wQZZezrRQxBfx0NdxW+YBOj4puFTFMaph7N+oMYsMkizv/VWvI2g0rrq7eIr8UNAmGvXE22sfJKLTNQ752nI2KRVG8aaJDO/NF3BXAUSs0Uihff/r5gNWyZS2p2i84PQGBv9BT0qrferX/aR4P/RkwADB4yES81qB0GEdEulsUkw==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tj4ug-0000vI-PD; Fri, 14 Feb 2025 18:16:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#76296] [PATCH maintenance] hydra: bayfront: Set up =?utf-8?b?4oCYZ2l0Lmd1aXguZ251Lm9yZ+KAmQ==?= as a redirect to Savannah. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-sysadmin@gnu.org, guix-patches@gnu.org Resent-Date: Fri, 14 Feb 2025 23:16:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 76296 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 76296@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= , guix-sysadmin@gnu.org X-Debbugs-Original-To: guix-patches@gnu.org X-Debbugs-Original-Xcc: guix-sysadmin@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.17395749493514 (code B ref -1); Fri, 14 Feb 2025 23:16:02 +0000 Received: (at submit) by debbugs.gnu.org; 14 Feb 2025 23:15:49 +0000 Received: from localhost ([127.0.0.1]:52267 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tj4uN-0000uW-0f for submit@debbugs.gnu.org; Fri, 14 Feb 2025 18:15:48 -0500 Received: from lists.gnu.org ([2001:470:142::17]:49538) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1tj4uI-0000uC-Ef for submit@debbugs.gnu.org; Fri, 14 Feb 2025 18:15:40 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tj4u8-0004ni-GW for guix-patches@gnu.org; Fri, 14 Feb 2025 18:15:29 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tj4u7-0003pa-B0; Fri, 14 Feb 2025 18:15:27 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=RPQYlr2dzxkCvo3rfJBYdJTGSL4FMea7lCqCT5redEM=; b=YChNX9zUE/zQUI pvmQ4hzmknlvWL3T09yoDyuHP9eZOeGRHdjqaUFAqFv+ltpMOET8L4ccRO9c0C8bU7TLu0YnooHlo zwMaqae+8ePu0m0ZhV7l0VdxvIz7qjS3NAJGU0N2IF/i4gMi68CczQzt5vduGIsyeZYWGLx9G4EpN TBJ8aHIKFA/ApqtunTz9LhVMAWHb/USyVbNadonTgqul8YN4+PCmg9VTMlbgzLZrHb0dukYFLnIqz vXR6olgf/Nv15uANLxJoxP3/kfFK3BPipI2GDUp6n3JPsy5pBKWtDhW/OZvVnarfFg1xzLGdAb3bc xg6MMaTxt26V93LsCE0g==; From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Sat, 15 Feb 2025 00:15:06 +0100 Message-ID: <20250214231506.14125-1-ludo@gnu.org> X-Mailer: git-send-email 2.48.1 MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * hydra/modules/sysadmin/dns.scm (git-ip4, git-ip6): New variables. (guix.gnu.org.zone): Add “git” A and AAAA records. (guix.gnu.org-zone)[serial]: Bump. * hydra/modules/sysadmin/nginx.scm (git.guix.gnu.org-nginx-servers): New procedure. * hydra/modules/sysadmin/web.scm (git.guix.gnu.org-service-type): New variable. * hydra/bayfront.scm : Use it. --- hydra/bayfront.scm | 5 ++++- hydra/modules/sysadmin/dns.scm | 7 ++++++- hydra/modules/sysadmin/nginx.scm | 29 +++++++++++++++++++++++++++-- hydra/modules/sysadmin/web.scm | 21 +++++++++++++++++++-- 4 files changed, 56 insertions(+), 6 deletions(-) Hello! As part of preliminary discussions around GCD #002 (“Migrating repositories, issues, and patches to Codeberg”), some suggested having a git.guix.gnu.org DNS entry to make Git migration in general easier. This patch implements that; technically we have to have an HTTP redirect, which means that clients pay the cost of an extra connection and get nothing if bayfront is down. That’s the price to pay for this indirection, but it’s probably worth it. Note that I haven’t been able to test this patch for real since it depends of the state and environments of bayfront: certificates, networking set up, host names, etc. This patch could be applied whether or not the GCD is eventually accepted. Thoughts? Ludo’. base-commit: 9c10ac82b270cb27ff7b92c6f44eac2efd0b7193 diff --git a/hydra/bayfront.scm b/hydra/bayfront.scm index e85d715..6b89470 100644 --- a/hydra/bayfront.scm +++ b/hydra/bayfront.scm @@ -1,5 +1,5 @@ ;; OS configuration for bayfront -;; Copyright © 2016-2024 Ludovic Courtès +;; Copyright © 2016-2025 Ludovic Courtès ;; Copyright © 2016, 2017, 2018, 2019, 2020, 2023, 2024 Andreas Enge ;; Copyright © 2017, 2019, 2024 Ricardo Wurmus ;; Copyright © 2019 Julien Lepiller @@ -1683,6 +1683,9 @@ access_log /var/log/nginx/git.qa.access.log;")) static-web-site-service-type (list ten-years-of-guix-web-site)) + ;; Running the git.guix.gnu.org HTTP redirect. + (service git.guix.gnu.org-service-type) + ;; hpcguix-web as it can be seen at ;; . (service hpcguix-web-service-type diff --git a/hydra/modules/sysadmin/dns.scm b/hydra/modules/sysadmin/dns.scm index d5b8a98..72b2b7f 100644 --- a/hydra/modules/sysadmin/dns.scm +++ b/hydra/modules/sysadmin/dns.scm @@ -63,6 +63,8 @@ (define dover-ip6 "2a02:8010:68c1::e2ff:f7ff:fe00:20b3") (define hatysa-ip6 "2a02:8010:68c1::d263:b4ff:fe03:b9af") (define hamal-ip6 "2a02:8010:68c1::d263:b4ff:fe02:e65b") +(define git-ip4 bayfront-ip4) +(define git-ip6 bayfront-ip6) ;; The SOA MNAME and one NS record must always be consistent. (define primary-ns "ns1.gnu.org.") @@ -142,6 +144,9 @@ ("packages" "" "IN" "A" bayfront-ip4) ("packages" "" "IN" "AAAA" bayfront-ip6) + ("git" "" "IN" "A" git-ip4) + ("git" "" "IN" "AAAA" git-ip6) + ;; This record is required in order to prove to Amazon ACM that we ;; own the domain. As long as it exists, ACM will automatically ;; renew the TLS certificate for the CloudFront distribution we use @@ -155,4 +160,4 @@ (origin "guix.gnu.org") (ns primary-ns) (entries guix.gnu.org.zone) - (serial 2024120821))))) + (serial 2025021421))))) diff --git a/hydra/modules/sysadmin/nginx.scm b/hydra/modules/sysadmin/nginx.scm index d1f67e0..a087f35 100644 --- a/hydra/modules/sysadmin/nginx.scm +++ b/hydra/modules/sysadmin/nginx.scm @@ -1,5 +1,5 @@ ;; Nginx configuration for ci.guix.gnu.org -;; Copyright © 2016-2024 Ludovic Courtès +;; Copyright © 2016-2025 Ludovic Courtès ;; Copyright © 2017, 2018, 2019, 2020, 2021 Ricardo Wurmus ;; Copyright © 2020 Christopher Baines ;; Copyright © 2020, 2021, 2024 Florian Pelz @@ -14,7 +14,8 @@ #:export (%tls-settings le accept-languages - guix.gnu.org-nginx-server)) + guix.gnu.org-nginx-server + git.guix.gnu.org-nginx-servers)) ;;; @@ -783,3 +784,27 @@ synonymous IETF language tags that should be mapped to the same $lang." "rewrite (.*)/$ $1/index.html;" "access_log /var/log/nginx/guix-gnu-org.https.access.log;"))))) + +(define (git.guix.gnu.org-nginx-servers base-url) + (let ((redirect (nginx-location-configuration + (uri "/") + (body `("expires 24h;" + ,(string-append "return 302 " + base-url "$request_uri;")))))) + (list (nginx-server-configuration + (server-name '("git.guix.gnu.org")) + (listen '("80" "[::]:80")) + (raw-content + '("access_log /var/log/nginx/git.access.log;")) + (locations (list (nginx-location-configuration + (uri "^~ /.well-known") + (body '("root /var/www;"))) + redirect))) + (nginx-server-configuration + (listen '("443 ssl" "[::]:443 ssl")) + (server-name '("git.guix.gnu.org")) + (ssl-certificate (le "guix.gnu.org")) + (ssl-certificate-key (le "guix.gnu.org" 'key)) + (locations (list redirect)) + (raw-content + '("access_log /var/log/nginx/git.access.log;")))))) diff --git a/hydra/modules/sysadmin/web.scm b/hydra/modules/sysadmin/web.scm index b07c080..e662a09 100644 --- a/hydra/modules/sysadmin/web.scm +++ b/hydra/modules/sysadmin/web.scm @@ -1,6 +1,6 @@ ;;; GNU Guix system administration tools. ;;; -;;; Copyright © 2019-2023 Ludovic Courtès +;;; Copyright © 2019-2023, 2025 Ludovic Courtès ;;; Copyright © 2020, 2021 Ricardo Wurmus ;;; ;;; This program is free software: you can redistribute it and/or modify @@ -48,7 +48,8 @@ static-web-site-service-type guix-web-site-service-type - gwl-web-service-type)) + gwl-web-service-type + git.guix.gnu.org-service-type)) (define guix-extensions (match (package-transitive-propagated-inputs @@ -333,6 +334,22 @@ taken from a Git repository.") "This service provides the web site of the GNU Guix project.") (default-value #t))) + +;;; +;;; git.guix.gnu.org redirect. +;;; + +(define git.guix.gnu.org-service-type + (service-type + (name 'git.guix.gnu.org-redirect) + (extensions + (list (service-extension nginx-service-type + git.guix.gnu.org-nginx-servers))) + (description + "This service sets up an HTTP redirect from +@url{https://git.guix.gnu.org/guix.git} to the underlying server.") + (default-value "https://git.savannah.gnu.org/git"))) + ;;; ;;; Guix Workflow Language.