Break out services into separate modules.

2023-12-23 14:29:18 -07:00 · 2023-12-23 14:29:18 -07:00 · 88402600ae
parent 9a9316b31f
commit 88402600ae
8 changed files with 120 additions and 100 deletions
--- a/hive/deimos/default.nix
+++ b/hive/deimos/default.nix
@ -1,15 +1,10 @@
-{ system, lib, ... }:
+{ lib, ... }:
 let
  blog = builtins.getFlake
    "github:jrpotter/blog/29a44a257989ab85a38690b18debfe1b27a70674";
  portfolio = builtins.getFlake
    "github:jrpotter/portfolio/0f89bdf6c17dd7a61988f8b3629db1988e6f7357";
  bookshelf = builtins.getFlake
    "github:jrpotter/bookshelf/bf9888c050b7a62f58be0198af19a6de7c40b375";
 in
 {
  imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [
    ../../digital-ocean/configuration.nix
    ../../services/blog.nix
    ../../services/bookshelf.nix
    ../../services/portfolio.nix
  ];
  deployment.targetHost = "24.199.110.222";
@ -25,39 +20,7 @@ in
  programs.mosh.enable = true;
  services = {
-    nginx = {
+    nginx.enable = true;
      enable = true;
      virtualHosts = {
        "www.jrpotter.com" = {
          forceSSL = true;
          enableACME = true;
          serverAliases = [ "jrpotter.com" ];
          locations."/" = {
            root = portfolio.packages.${system}.app;
          };
        };
        "blog.jrpotter.com" = {
          forceSSL = true;
          enableACME = true;
          locations."/" = {
            root = blog.packages.${system}.app;
          };
        };
        "bookshelf.jrpotter.com" = {
          forceSSL = true;
          enableACME = true;
          locations."/" = {
            root = bookshelf.packages.${system}.app;
          };
        };
        "git.jrpotter.com" = {
          locations."/" = {
            recommendedProxySettings = true;
            proxyPass = "http://127.0.0.1:3000";
          };
        };
      };
    };
    openssh.enable = true;
  };
--- a/hive/phobos/default.nix
+++ b/hive/phobos/default.nix
@ -1,14 +1,10 @@
-{ system, sops-nix, pkgs, lib, ... }:
+{ sops-nix, lib, ... }:
 let
  boardwise = builtins.getFlake
    "github:boardwise-gg/website/db73e3b4f06659fd477be8e76594c01a185f1496";
  coach-scraper = builtins.getFlake
    "github:boardwise-gg/coach-scraper/58815d3ae5a69cac12436a01e77019a5ac5d16a7";
 in
 {
  imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [
    ../../digital-ocean/configuration.nix
    sops-nix.nixosModules.sops
    ../../digital-ocean/configuration.nix
    ../../services/boardwise
    ../../services/forgejo.nix
  ];
  deployment.targetHost = "143.198.142.171";
@ -24,57 +20,9 @@ in
  programs.mosh.enable = true;
  services = {
-    forgejo.enable = true;
+    nginx.enable = true;
    nginx = {
      enable = true;
      virtualHosts = {
        "www.boardwise.gg" = {
          forceSSL = true;
          enableACME = true;
          serverAliases = [ "boardwise.gg" ];
          locations."/" = {
            recommendedProxySettings = true;
            proxyPass = "http://127.0.0.1:4000";
          };
        };
      };
    };
    openssh.enable = true;
-    postgresql = {
+    postgresql.enable = true;
      enable = true;
      package = pkgs.postgresql_15;
      ensureDatabases = [ "boardwise" ];
      authentication = lib.mkOverride 10 ''
        # TYPE     DATABASE     USER     ADDRESS         METHOD
          local    all          all                      trust
          host     all          all      127.0.0.1/32    trust
      '';
    };
  };
  systemd.services.boardwise = {
    enable = true;
    description = "BoardWise Server";
    after = [ "postgresql.service" ];
    requires = [ "postgresql.service" ];
    serviceConfig = {
      Environment = [
        "DATABASE_URL=ecto://postgres:postgres@localhost/boardwise"
      ];
      EnvironmentFile = "/run/secrets/SECRET_KEY_BASE";
      ExecStartPre = "${boardwise.packages.${system}.app}/bin/migrate";
      ExecStart = "${boardwise.packages.${system}.app}/bin/boardwise start";
      Restart = "on-failure";
    };
  };
  environment.systemPackages = [
    coach-scraper.packages.${system}.app
  ];
  sops = {
    defaultSopsFile = ./secrets.yaml;
    secrets.SECRET_KEY_BASE = {};
  };
  security.acme = {
--- a/services/blog.nix
+++ b/services/blog.nix
@ -0,0 +1,14 @@
 { system, ... }:
 let
  blog = builtins.getFlake
    "github:jrpotter/blog/29a44a257989ab85a38690b18debfe1b27a70674";
 in
 {
  services.nginx.virtualHosts."blog.jrpotter.com" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      root = blog.packages.${system}.app;
    };
  };
 }
--- a/services/boardwise/default.nix
+++ b/services/boardwise/default.nix
@ -0,0 +1,54 @@
 { system, sops-nix, pkgs, lib, ... }:
 let
  boardwise = builtins.getFlake
    "github:boardwise-gg/website/db73e3b4f06659fd477be8e76594c01a185f1496";
  coach-scraper = builtins.getFlake
    "github:boardwise-gg/coach-scraper/58815d3ae5a69cac12436a01e77019a5ac5d16a7";
 in
 {
  services = {
    nginx.virtualHosts."www.boardwise.gg" = {
      forceSSL = true;
      enableACME = true;
      serverAliases = [ "boardwise.gg" ];
      locations."/" = {
        recommendedProxySettings = true;
        proxyPass = "http://127.0.0.1:4000";
      };
    };
    postgresql = {
      package = pkgs.postgresql_15;
      ensureDatabases = [ "boardwise" ];
      authentication = lib.mkOverride 10 ''
        # TYPE     DATABASE     USER     ADDRESS         METHOD
          local    all          all                      trust
          host     all          all      127.0.0.1/32    trust
      '';
    };
  };
  systemd.services.boardwise = {
    enable = true;
    description = "BoardWise Server";
    after = [ "postgresql.service" ];
    requires = [ "postgresql.service" ];
    serviceConfig = {
      Environment = [
        "DATABASE_URL=ecto://postgres:postgres@localhost/boardwise"
      ];
      EnvironmentFile = "/run/secrets/SECRET_KEY_BASE";
      ExecStartPre = "${boardwise.packages.${system}.app}/bin/migrate";
      ExecStart = "${boardwise.packages.${system}.app}/bin/boardwise start";
      Restart = "on-failure";
    };
  };
  environment.systemPackages = [
    coach-scraper.packages.${system}.app
  ];
  sops = {
    defaultSopsFile = ./secrets.yaml;
    secrets.SECRET_KEY_BASE = {};
  };
 }
--- a/services/boardwise/secrets.yaml
+++ b/services/boardwise/secrets.yaml
--- a/services/bookshelf.nix
+++ b/services/bookshelf.nix
@ -0,0 +1,14 @@
 { system, ... }:
 let
  bookshelf = builtins.getFlake
    "github:jrpotter/bookshelf/bf9888c050b7a62f58be0198af19a6de7c40b375";
 in
 {
  services.nginx.virtualHosts."bookshelf.jrpotter.com" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      root = bookshelf.packages.${system}.app;
    };
  };
 }
--- a/services/forgejo.nix
+++ b/services/forgejo.nix
@ -0,0 +1,12 @@
 { ... }:
 {
  services = {
    forgejo.enable = true;
    nginx.virtualHosts."forgejo.jrpotter.com" = {
      locations."/" = {
        recommendedProxySettings = true;
        proxyPass = "http://127.0.0.1:3000";
      };
    };
  };
 }
--- a/services/portfolio.nix
+++ b/services/portfolio.nix
@ -0,0 +1,15 @@
 { system, ... }:
 let
  portfolio = builtins.getFlake
    "github:jrpotter/portfolio/0f89bdf6c17dd7a61988f8b3629db1988e6f7357";
 in
 {
  services.nginx.virtualHosts."www.jrpotter.com" = {
    forceSSL = true;
    enableACME = true;
    serverAliases = [ "jrpotter.com" ];
    locations."/" = {
      root = portfolio.packages.${system}.app;
    };
  };
 }