From dbbdde76c7369d7e984e8275fd12c08b095a6d3c Mon Sep 17 00:00:00 2001
From: stuebinm <stuebinm@disroot.org>
Date: Wed, 17 Mar 2021 22:35:51 +0100
Subject: [PATCH] mumble.hacc.space: move site from gitlab into nix derivation

Since the delivery of mumble.hacc.space/murmur.hacc.space via gitlab pages
broke (for whatever reason), I've packaged the site into an ad-hoc nix
derivation, which is now delivered locally by nginx instead. This has a
couple benefits (mainly that we no longer depend on gitlab pages), but
also the downside that we can't just update the site via gitlab's CI/CD
pipelines anymore.
---
 hosts/hainich/services/murmur.nix | 38 ++++++++++++++++++++++---------
 1 file changed, 27 insertions(+), 11 deletions(-)

diff --git a/hosts/hainich/services/murmur.nix b/hosts/hainich/services/murmur.nix
index 82e0718..836b4a5 100644
--- a/hosts/hainich/services/murmur.nix
+++ b/hosts/hainich/services/murmur.nix
@@ -1,5 +1,23 @@
 { config, lib, pkgs, ... }:
 
+
+let
+  mumblesite = pkgs.stdenv.mkDerivation {
+    name = "mumble.hacc.space-website";
+    src = pkgs.fetchgit {
+      url = "https://gitlab.infra4future.de/hacc/infra4future/mumble.infra4future.de";
+      rev = "597c4a2fa7a146f2fd58924cb2b181d530a2a866";
+      sha256 = "15vh0xqx0xcm09ij877jxkd6gb5nm2hbmyz47y5019xywa766s3h";
+    };
+    buildPhase = ''
+      ${pkgs.jekyll.outPath}/bin/jekyll build
+    '';
+    installPhase = ''
+      mkdir -p $out
+      cp -r _site/* $out
+    '';
+  };
+in
 {
   services.murmur = {
     enable = true;
@@ -14,18 +32,16 @@
   networking.firewall.allowedTCPPorts = [ config.services.murmur.port ];
   networking.firewall.allowedUDPPorts = [ config.services.murmur.port ];
 
-  services.nginx.virtualHosts = let
-    vhost = {
-          forceSSL = true;
-          enableACME = true;
-          locations."/" = {
-            proxyPass = "https://hacc.4future.dev/infra4future/mumble.infra4future.de/";
-          };
-        };
-    in {
-      "mumble.infra4future.de" = vhost;
-      "mumble.hacc.space" = vhost;
+  services.nginx.virtualHosts =
+    let  vhost = {
+      forceSSL = true;
+      enableACME = true;
+      root = mumblesite.outPath;
     };
+  in {
+    "mumble.infra4future.de" = vhost;
+    "mumble.hacc.space" = vhost;
+  };
 
   # set ACLs so that the murmur user can read the certificates
   security.acme.certs."mumble.hacc.space".postRun = "setfacl -Rm u:murmur:rX /var/lib/acme/mumble.hacc.space";