[PATCH maintenance] hydra: bayfront: Set up ‘git.guix.gnu.org’ as a redirect to Savannah.

  • Open
  • quality assurance status badge
Details
2 participants
  • Ludovic Courtès
  • Maxim Cournoyer
Owner
unassigned
Submitted by
Ludovic Courtès
Severity
normal

Debbugs page

Ludovic Courtès wrote 4 weeks ago
[PATCH maintenance] hydra: bayfront: Set up ‘git.gu ix.gnu.org’ as a redirect to Savannah.
(address . guix-patches@gnu.org)(name . Ludovic Courtès)(address . ludo@gnu.org)
20250214231506.14125-1-ludo@gnu.org
* hydra/modules/sysadmin/dns.scm (git-ip4, git-ip6): New variables.
(guix.gnu.org.zone): Add “git” A and AAAA records.
(guix.gnu.org-zone)[serial]: Bump.
* hydra/modules/sysadmin/nginx.scm (git.guix.gnu.org-nginx-servers): New
procedure.
* hydra/modules/sysadmin/web.scm (git.guix.gnu.org-service-type): New
variable.
* hydra/bayfront.scm <top level>: Use it.
---
hydra/bayfront.scm | 5 ++++-
hydra/modules/sysadmin/dns.scm | 7 ++++++-
hydra/modules/sysadmin/nginx.scm | 29 +++++++++++++++++++++++++++--
hydra/modules/sysadmin/web.scm | 21 +++++++++++++++++++--
4 files changed, 56 insertions(+), 6 deletions(-)

Hello!

As part of preliminary discussions around GCD #002 (“Migrating repositories,
issues, and patches to Codeberg”), some suggested having a git.guix.gnu.org
DNS entry to make Git migration in general easier.

This patch implements that; technically we have to have an HTTP redirect,
which means that clients pay the cost of an extra connection and get nothing
if bayfront is down. That’s the price to pay for this indirection, but
it’s probably worth it.

Note that I haven’t been able to test this patch for real since it depends
of the state and environments of bayfront: certificates, networking set up,
host names, etc.

This patch could be applied whether or not the GCD is eventually accepted.

Thoughts?

Ludo’.

Toggle diff (148 lines)
diff --git a/hydra/bayfront.scm b/hydra/bayfront.scm
index e85d715..6b89470 100644
--- a/hydra/bayfront.scm
+++ b/hydra/bayfront.scm
@@ -1,5 +1,5 @@
;; OS configuration for bayfront
-;; Copyright © 2016-2024 Ludovic Courtès <ludo@gnu.org>
+;; Copyright © 2016-2025 Ludovic Courtès <ludo@gnu.org>
;; Copyright © 2016, 2017, 2018, 2019, 2020, 2023, 2024 Andreas Enge <andreas@enge.fr>
;; Copyright © 2017, 2019, 2024 Ricardo Wurmus <rekado@elephly.net>
;; Copyright © 2019 Julien Lepiller <julien@lepiller.eu>
@@ -1683,6 +1683,9 @@ access_log /var/log/nginx/git.qa.access.log;"))
static-web-site-service-type
(list ten-years-of-guix-web-site))
+ ;; Running the git.guix.gnu.org HTTP redirect.
+ (service git.guix.gnu.org-service-type)
+
;; hpcguix-web as it can be seen at
;; <https://hpc.guix.info/browse>.
(service hpcguix-web-service-type
diff --git a/hydra/modules/sysadmin/dns.scm b/hydra/modules/sysadmin/dns.scm
index d5b8a98..72b2b7f 100644
--- a/hydra/modules/sysadmin/dns.scm
+++ b/hydra/modules/sysadmin/dns.scm
@@ -63,6 +63,8 @@
(define dover-ip6 "2a02:8010:68c1::e2ff:f7ff:fe00:20b3")
(define hatysa-ip6 "2a02:8010:68c1::d263:b4ff:fe03:b9af")
(define hamal-ip6 "2a02:8010:68c1::d263:b4ff:fe02:e65b")
+(define git-ip4 bayfront-ip4)
+(define git-ip6 bayfront-ip6)
;; The SOA MNAME and one NS record must always be consistent.
(define primary-ns "ns1.gnu.org.")
@@ -142,6 +144,9 @@
("packages" "" "IN" "A" bayfront-ip4)
("packages" "" "IN" "AAAA" bayfront-ip6)
+ ("git" "" "IN" "A" git-ip4)
+ ("git" "" "IN" "AAAA" git-ip6)
+
;; This record is required in order to prove to Amazon ACM that we
;; own the domain. As long as it exists, ACM will automatically
;; renew the TLS certificate for the CloudFront distribution we use
@@ -155,4 +160,4 @@
(origin "guix.gnu.org")
(ns primary-ns)
(entries guix.gnu.org.zone)
- (serial 2024120821)))))
+ (serial 2025021421)))))
diff --git a/hydra/modules/sysadmin/nginx.scm b/hydra/modules/sysadmin/nginx.scm
index d1f67e0..a087f35 100644
--- a/hydra/modules/sysadmin/nginx.scm
+++ b/hydra/modules/sysadmin/nginx.scm
@@ -1,5 +1,5 @@
;; Nginx configuration for ci.guix.gnu.org
-;; Copyright © 2016-2024 Ludovic Courtès <ludo@gnu.org>
+;; Copyright © 2016-2025 Ludovic Courtès <ludo@gnu.org>
;; Copyright © 2017, 2018, 2019, 2020, 2021 Ricardo Wurmus <rekado@elephly.net>
;; Copyright © 2020 Christopher Baines <mail@cbaines.net>
;; Copyright © 2020, 2021, 2024 Florian Pelz <pelzflorian@pelzflorian.de>
@@ -14,7 +14,8 @@
#:export (%tls-settings
le
accept-languages
- guix.gnu.org-nginx-server))
+ guix.gnu.org-nginx-server
+ git.guix.gnu.org-nginx-servers))
;;;
@@ -783,3 +784,27 @@ synonymous IETF language tags that should be mapped to the same $lang."
"rewrite (.*)/$ $1/index.html;"
"access_log /var/log/nginx/guix-gnu-org.https.access.log;")))))
+
+(define (git.guix.gnu.org-nginx-servers base-url)
+ (let ((redirect (nginx-location-configuration
+ (uri "/")
+ (body `("expires 24h;"
+ ,(string-append "return 302 "
+ base-url "$request_uri;"))))))
+ (list (nginx-server-configuration
+ (server-name '("git.guix.gnu.org"))
+ (listen '("80" "[::]:80"))
+ (raw-content
+ '("access_log /var/log/nginx/git.access.log;"))
+ (locations (list (nginx-location-configuration
+ (uri "^~ /.well-known")
+ (body '("root /var/www;")))
+ redirect)))
+ (nginx-server-configuration
+ (listen '("443 ssl" "[::]:443 ssl"))
+ (server-name '("git.guix.gnu.org"))
+ (ssl-certificate (le "guix.gnu.org"))
+ (ssl-certificate-key (le "guix.gnu.org" 'key))
+ (locations (list redirect))
+ (raw-content
+ '("access_log /var/log/nginx/git.access.log;"))))))
diff --git a/hydra/modules/sysadmin/web.scm b/hydra/modules/sysadmin/web.scm
index b07c080..e662a09 100644
--- a/hydra/modules/sysadmin/web.scm
+++ b/hydra/modules/sysadmin/web.scm
@@ -1,6 +1,6 @@
;;; GNU Guix system administration tools.
;;;
-;;; Copyright © 2019-2023 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2019-2023, 2025 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2020, 2021 Ricardo Wurmus <rekado@elephly.net>
;;;
;;; This program is free software: you can redistribute it and/or modify
@@ -48,7 +48,8 @@
static-web-site-service-type
guix-web-site-service-type
- gwl-web-service-type))
+ gwl-web-service-type
+ git.guix.gnu.org-service-type))
(define guix-extensions
(match (package-transitive-propagated-inputs
@@ -333,6 +334,22 @@ taken from a Git repository.")
"This service provides the web site of the GNU Guix project.")
(default-value #t)))
+
+;;;
+;;; git.guix.gnu.org redirect.
+;;;
+
+(define git.guix.gnu.org-service-type
+ (service-type
+ (name 'git.guix.gnu.org-redirect)
+ (extensions
+ (list (service-extension nginx-service-type
+ git.guix.gnu.org-nginx-servers)))
+ (description
+ "This service sets up an HTTP redirect from
+@url{https://git.guix.gnu.org/guix.git} to the underlying server.")
+ (default-value "https://git.savannah.gnu.org/git")))
+
;;;
;;; Guix Workflow Language.

base-commit: 9c10ac82b270cb27ff7b92c6f44eac2efd0b7193
--
2.48.1
Maxim Cournoyer wrote 4 weeks ago
Re: [bug#76296] [PATCH maintenance] hydra: bayfront: Set up ‘git.guix.gnu.org’ as a redirect to Savannah.
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 76296@debbugs.gnu.org)(address . guix-sysadmin@gnu.org)
87bjv38fmd.fsf@gmail.com
Hi,

Ludovic Courtès <ludo@gnu.org> writes:

[...]

Toggle quote (17 lines)
> As part of preliminary discussions around GCD #002 (“Migrating repositories,
> issues, and patches to Codeberg”), some suggested having a git.guix.gnu.org
> DNS entry to make Git migration in general easier.
>
> This patch implements that; technically we have to have an HTTP redirect,
> which means that clients pay the cost of an extra connection and get nothing
> if bayfront is down. That’s the price to pay for this indirection, but
> it’s probably worth it.
>
> Note that I haven’t been able to test this patch for real since it depends
> of the state and environments of bayfront: certificates, networking set up,
> host names, etc.
>
> This patch could be applied whether or not the GCD is eventually accepted.

> Thoughts?

It's a bit eager to my taste :-). I'd rather the GCD process complete
its course before doing something concrete. I'd keep it around for when
we get to it.

--
Thanks,
Maxim
Ludovic Courtès wrote 3 weeks ago
Re: bug#76296: [PATCH maintenance] hydra: bayfront: Set up ‘git.guix.gnu.org’ as a redirect to Savannah.
(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)(address . 76296@debbugs.gnu.org)(address . guix-sysadmin@gnu.org)
87a5af8lqp.fsf_-_@gnu.org
Hi,

Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:

Toggle quote (8 lines)
>> This patch could be applied whether or not the GCD is eventually accepted.
>
>> Thoughts?
>
> It's a bit eager to my taste :-). I'd rather the GCD process complete
> its course before doing something concrete. I'd keep it around for when
> we get to it.

Sure, I don’t mind putting this on hold.

Ludo’.
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 76296@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 76296
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch
You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags
mumi command -t +confirmed -t +easy
Or, remove the moreinfo tag and set the help tag
mumi command -t -moreinfo -t +help