about summary refs log tree commit diff
path: root/nix/hosts/corrino/www/cs.emile.space.nix
diff options
context:
space:
mode:
authorEmile <git@emile.space>2024-03-09 22:56:01 +0100
committerEmile <git@emile.space>2024-03-09 22:56:01 +0100
commit55ee036fd7ebed24097c8da1ca8a0b0829264670 (patch)
tree9c600d75a4f59f8ec253c5caadc1f77b2cecb0da /nix/hosts/corrino/www/cs.emile.space.nix
big bang
Diffstat (limited to 'nix/hosts/corrino/www/cs.emile.space.nix')
-rw-r--r--nix/hosts/corrino/www/cs.emile.space.nix56
1 files changed, 56 insertions, 0 deletions
diff --git a/nix/hosts/corrino/www/cs.emile.space.nix b/nix/hosts/corrino/www/cs.emile.space.nix
new file mode 100644
index 0000000..de4d67e
--- /dev/null
+++ b/nix/hosts/corrino/www/cs.emile.space.nix
@@ -0,0 +1,56 @@
+# Run sourcegraph, including its entire machinery, in a container.
+# Running it outside of a container is a futile endeavour for now.
+
+# adapted from https://cs.tvl.fyi/depot/-/blob/ops/modules/sourcegraph.nix
+
+{ ... }:
+
+{
+  services.nginx.virtualHosts."cs.emile.space" = {
+    forceSSL = true;
+    enableACME = true;
+
+    locations = {
+      "/" = {
+        proxyPass = "http://127.0.0.1:3463";
+
+        extraConfig = ''
+          location = / {
+            return 301 https://cs.emile.space/hefe;
+          }
+
+          location / {
+            proxy_set_header X-Sg-Auth "Anonymous";
+            proxy_pass http://localhost:7080;
+          }
+
+          location /users/Anonymous/settings {
+            return 301 https://cs.emile.space;
+          }
+        '';
+      };
+    };
+  };
+
+  virtualisation.oci-containers.backend = "docker";
+  virtualisation.oci-containers.containers.sourcegraph = {
+    image = "sourcegraph/server:5.1.1";
+
+    ports = [
+      "127.0.0.1:3463:7080"
+    ];
+
+    volumes = [
+      "/var/lib/sourcegraph/etc:/etc/sourcegraph"
+      "/var/lib/sourcegraph/data:/var/opt/sourcegraph"
+    ];
+
+    # Sourcegraph needs a higher nofile limit, it logs warnings
+    # otherwise (unclear whether it actually affects the service).
+    extraOptions = [
+      "--ulimit"
+      "nofile=10000:10000"
+    ];
+  };
+}
+