diff --git a/hive/deimos/default.nix b/hive/deimos/default.nix index 8ea4dbe..75b8e33 100644 --- a/hive/deimos/default.nix +++ b/hive/deimos/default.nix @@ -1,15 +1,10 @@ -{ system, lib, ... }: -let - blog = builtins.getFlake - "github:jrpotter/blog/29a44a257989ab85a38690b18debfe1b27a70674"; - portfolio = builtins.getFlake - "github:jrpotter/portfolio/0f89bdf6c17dd7a61988f8b3629db1988e6f7357"; - bookshelf = builtins.getFlake - "github:jrpotter/bookshelf/bf9888c050b7a62f58be0198af19a6de7c40b375"; -in +{ lib, ... }: { imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [ ../../digital-ocean/configuration.nix + ../../services/blog.nix + ../../services/bookshelf.nix + ../../services/portfolio.nix ]; deployment.targetHost = "24.199.110.222"; @@ -25,39 +20,7 @@ in programs.mosh.enable = true; services = { - nginx = { - enable = true; - virtualHosts = { - "www.jrpotter.com" = { - forceSSL = true; - enableACME = true; - serverAliases = [ "jrpotter.com" ]; - locations."/" = { - root = portfolio.packages.${system}.app; - }; - }; - "blog.jrpotter.com" = { - forceSSL = true; - enableACME = true; - locations."/" = { - root = blog.packages.${system}.app; - }; - }; - "bookshelf.jrpotter.com" = { - forceSSL = true; - enableACME = true; - locations."/" = { - root = bookshelf.packages.${system}.app; - }; - }; - "git.jrpotter.com" = { - locations."/" = { - recommendedProxySettings = true; - proxyPass = "http://127.0.0.1:3000"; - }; - }; - }; - }; + nginx.enable = true; openssh.enable = true; }; diff --git a/hive/phobos/default.nix b/hive/phobos/default.nix index 5467645..c08eba0 100644 --- a/hive/phobos/default.nix +++ b/hive/phobos/default.nix @@ -1,14 +1,10 @@ -{ system, sops-nix, pkgs, lib, ... }: -let - boardwise = builtins.getFlake - "github:boardwise-gg/website/db73e3b4f06659fd477be8e76594c01a185f1496"; - coach-scraper = builtins.getFlake - "github:boardwise-gg/coach-scraper/58815d3ae5a69cac12436a01e77019a5ac5d16a7"; -in +{ sops-nix, lib, ... }: { imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [ - ../../digital-ocean/configuration.nix sops-nix.nixosModules.sops + ../../digital-ocean/configuration.nix + ../../services/boardwise + ../../services/forgejo.nix ]; deployment.targetHost = "143.198.142.171"; @@ -24,57 +20,9 @@ in programs.mosh.enable = true; services = { - forgejo.enable = true; - nginx = { - enable = true; - virtualHosts = { - "www.boardwise.gg" = { - forceSSL = true; - enableACME = true; - serverAliases = [ "boardwise.gg" ]; - locations."/" = { - recommendedProxySettings = true; - proxyPass = "http://127.0.0.1:4000"; - }; - }; - }; - }; + nginx.enable = true; openssh.enable = true; - postgresql = { - enable = true; - package = pkgs.postgresql_15; - ensureDatabases = [ "boardwise" ]; - authentication = lib.mkOverride 10 '' - # TYPE DATABASE USER ADDRESS METHOD - local all all trust - host all all 127.0.0.1/32 trust - ''; - }; - }; - - systemd.services.boardwise = { - enable = true; - description = "BoardWise Server"; - after = [ "postgresql.service" ]; - requires = [ "postgresql.service" ]; - serviceConfig = { - Environment = [ - "DATABASE_URL=ecto://postgres:postgres@localhost/boardwise" - ]; - EnvironmentFile = "/run/secrets/SECRET_KEY_BASE"; - ExecStartPre = "${boardwise.packages.${system}.app}/bin/migrate"; - ExecStart = "${boardwise.packages.${system}.app}/bin/boardwise start"; - Restart = "on-failure"; - }; - }; - - environment.systemPackages = [ - coach-scraper.packages.${system}.app - ]; - - sops = { - defaultSopsFile = ./secrets.yaml; - secrets.SECRET_KEY_BASE = {}; + postgresql.enable = true; }; security.acme = { diff --git a/services/blog.nix b/services/blog.nix new file mode 100644 index 0000000..5cc81e7 --- /dev/null +++ b/services/blog.nix @@ -0,0 +1,14 @@ +{ system, ... }: +let + blog = builtins.getFlake + "github:jrpotter/blog/29a44a257989ab85a38690b18debfe1b27a70674"; +in +{ + services.nginx.virtualHosts."blog.jrpotter.com" = { + forceSSL = true; + enableACME = true; + locations."/" = { + root = blog.packages.${system}.app; + }; + }; +} diff --git a/services/boardwise/default.nix b/services/boardwise/default.nix new file mode 100644 index 0000000..56b2730 --- /dev/null +++ b/services/boardwise/default.nix @@ -0,0 +1,54 @@ +{ system, sops-nix, pkgs, lib, ... }: +let + boardwise = builtins.getFlake + "github:boardwise-gg/website/db73e3b4f06659fd477be8e76594c01a185f1496"; + coach-scraper = builtins.getFlake + "github:boardwise-gg/coach-scraper/58815d3ae5a69cac12436a01e77019a5ac5d16a7"; +in +{ + services = { + nginx.virtualHosts."www.boardwise.gg" = { + forceSSL = true; + enableACME = true; + serverAliases = [ "boardwise.gg" ]; + locations."/" = { + recommendedProxySettings = true; + proxyPass = "http://127.0.0.1:4000"; + }; + }; + postgresql = { + package = pkgs.postgresql_15; + ensureDatabases = [ "boardwise" ]; + authentication = lib.mkOverride 10 '' + # TYPE DATABASE USER ADDRESS METHOD + local all all trust + host all all 127.0.0.1/32 trust + ''; + }; + }; + + systemd.services.boardwise = { + enable = true; + description = "BoardWise Server"; + after = [ "postgresql.service" ]; + requires = [ "postgresql.service" ]; + serviceConfig = { + Environment = [ + "DATABASE_URL=ecto://postgres:postgres@localhost/boardwise" + ]; + EnvironmentFile = "/run/secrets/SECRET_KEY_BASE"; + ExecStartPre = "${boardwise.packages.${system}.app}/bin/migrate"; + ExecStart = "${boardwise.packages.${system}.app}/bin/boardwise start"; + Restart = "on-failure"; + }; + }; + + environment.systemPackages = [ + coach-scraper.packages.${system}.app + ]; + + sops = { + defaultSopsFile = ./secrets.yaml; + secrets.SECRET_KEY_BASE = {}; + }; +} diff --git a/hive/phobos/secrets.yaml b/services/boardwise/secrets.yaml similarity index 100% rename from hive/phobos/secrets.yaml rename to services/boardwise/secrets.yaml diff --git a/services/bookshelf.nix b/services/bookshelf.nix new file mode 100644 index 0000000..066f72e --- /dev/null +++ b/services/bookshelf.nix @@ -0,0 +1,14 @@ +{ system, ... }: +let + bookshelf = builtins.getFlake + "github:jrpotter/bookshelf/bf9888c050b7a62f58be0198af19a6de7c40b375"; +in +{ + services.nginx.virtualHosts."bookshelf.jrpotter.com" = { + forceSSL = true; + enableACME = true; + locations."/" = { + root = bookshelf.packages.${system}.app; + }; + }; +} diff --git a/services/forgejo.nix b/services/forgejo.nix new file mode 100644 index 0000000..02656e3 --- /dev/null +++ b/services/forgejo.nix @@ -0,0 +1,12 @@ +{ ... }: +{ + services = { + forgejo.enable = true; + nginx.virtualHosts."forgejo.jrpotter.com" = { + locations."/" = { + recommendedProxySettings = true; + proxyPass = "http://127.0.0.1:3000"; + }; + }; + }; +} diff --git a/services/portfolio.nix b/services/portfolio.nix new file mode 100644 index 0000000..66ea7d4 --- /dev/null +++ b/services/portfolio.nix @@ -0,0 +1,15 @@ +{ system, ... }: +let + portfolio = builtins.getFlake + "github:jrpotter/portfolio/0f89bdf6c17dd7a61988f8b3629db1988e6f7357"; +in +{ + services.nginx.virtualHosts."www.jrpotter.com" = { + forceSSL = true; + enableACME = true; + serverAliases = [ "jrpotter.com" ]; + locations."/" = { + root = portfolio.packages.${system}.app; + }; + }; +}