Migrate portfolio to Phoenix server.

main
Joshua Potter 2024-05-18 12:02:14 -06:00
parent 5dfa4aaf96
commit fa3999a2a8
6 changed files with 83 additions and 46 deletions

View File

@ -1,5 +1,6 @@
keys: keys:
- &admin_jrpotter age1huyyxsy4g0e5svmcejxvvdjnnk6qkulgd3qfpue59exnfrnqzudspxnn62 - &admin_jrpotter age1huyyxsy4g0e5svmcejxvvdjnnk6qkulgd3qfpue59exnfrnqzudspxnn62
- &server_deimos age109zux7z2n5qjzfntvj9u52hr30hkvhecas0hvu9p6ehd9zugxqps4p4g4q
- &server_thebe age1pjgqvdyzxz30rxvu3zysjpmxrjjsvklggfepswhmwdaunx0kg3vsfept24 - &server_thebe age1pjgqvdyzxz30rxvu3zysjpmxrjjsvklggfepswhmwdaunx0kg3vsfept24
- &server_europa age1z0rfzzfll963msxfschxn7m65pz5p8nuz9p3h940mhhfr6uxe5mqpl4dul - &server_europa age1z0rfzzfll963msxfschxn7m65pz5p8nuz9p3h940mhhfr6uxe5mqpl4dul
creation_rules: creation_rules:

View File

@ -1,11 +1,11 @@
{ lib, ... }: { sops-nix, lib, ... }:
{ {
imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [ imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [
sops-nix.nixosModules.sops
../../digital-ocean/configuration.nix ../../digital-ocean/configuration.nix
../../services/blog.nix
../../services/bookshelf.nix ../../services/bookshelf.nix
../../services/notebook.nix ../../services/notebook.nix
../../services/portfolio.nix ../../services/portfolio
]; ];
networking = { networking = {

View File

@ -1,21 +0,0 @@
{ system, ... }:
let
blog = builtins.getFlake
"github:jrpotter/blog/457bfd6c521d5d8eeb41deb7d5d6a925fd55dda9";
in
{
services.nginx = {
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."blog.jrpotter.com" = {
forceSSL = true;
enableACME = true;
locations."/" = {
root = blog.packages.${system}.app;
};
};
};
}

View File

@ -1,22 +0,0 @@
{ system, ... }:
let
portfolio = builtins.getFlake
"github:jrpotter/portfolio/88457c1f03e467e965654d10998875f3b40a9eb5";
in
{
services.nginx = {
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."www.jrpotter.com" = {
forceSSL = true;
enableACME = true;
serverAliases = [ "jrpotter.com" ];
locations."/" = {
root = portfolio.packages.${system}.app;
};
};
};
}

View File

@ -0,0 +1,49 @@
{ system, ... }:
let
portfolio = (
builtins.getFlake "github:jrpotter/portfolio/0411360113e5afbab0c551dc16a7fbb88cc8be35"
).packages.${system}.app;
in
{
services.nginx = {
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."www.jrpotter.com" = {
forceSSL = true;
enableACME = true;
serverAliases = [ "jrpotter.com" ];
locations."/" = {
proxyPass = "http://127.0.0.1:4000";
proxyWebsockets = true;
};
};
};
systemd.services.portfolio = {
enable = true;
description = "Portfolio Server";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
requires = [ "network-online.target" ];
environment = {
PHX_HOST = "jrpotter.com";
};
serviceConfig = {
Type = "exec";
EnvironmentFile = "/run/secrets/PORTFOLIO_SECRET_KEY_BASE";
ExecStart = "${portfolio}/bin/server start";
ExecStop = "${portfolio}/bin/server stop";
ExecReload = "${portfolio}/bin/server restart";
Restart = "on-failure";
};
};
sops = {
secrets.PORTFOLIO_SECRET_KEY_BASE = {
sopsFile = ./secrets.yaml;
};
};
}

View File

@ -0,0 +1,30 @@
PORTFOLIO_SECRET_KEY_BASE: ENC[AES256_GCM,data:QaucF6l4KsSysB+Q0Z7N5dwhkcCvjJT5RtAxMpNP3jgYQE1Cn06m7KzZNnsQZ/xczOmv6IRmV/tBau0P3/zBLrwGgOn4C6684dUwoRGaY3Q=,iv:T1iHXsbKXwhJyFDPegaphF2r+mcDPBeRl3cx35y1OhE=,tag:PTArnILaBy6DBGfioIfIww==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1huyyxsy4g0e5svmcejxvvdjnnk6qkulgd3qfpue59exnfrnqzudspxnn62
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKb25BSUxGZDBLd1lOUDRj
VVF1b2xUalhzNldNQVB0dnNBMVplSkNwT21rCk92ZTQ0SE1WMGRoN0ZoT0JqTEJi
MjZnbHJjSmFnVzhoUUtjKy9RK1c1TDgKLS0tIDZBS0hidXBHN3RwSFc5dEdnNk9V
QUdnanR3YWZpbE4yVk90NW80RHFOTW8KR/1t8vkJbBPLnomWjsCVDk98e2U1yGdg
ah8vt4wCB80RfV7GK4ey+9RlV6jsZPLiuCbI/O+bkljnxwVenJyiSQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age109zux7z2n5qjzfntvj9u52hr30hkvhecas0hvu9p6ehd9zugxqps4p4g4q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHOFJTYWVkNk9HYXpibnVY
VERHT01GWmYzaVpOWC92WC9hcmpDR2ZKNUE0CnQ1OEd4UGlGUEE0Z0lBZ3B0MXRk
bElheVJhZkNLaUZFclhUZitnanEvelkKLS0tIHlNam1ncFFtNzBock5RQ3pNQnRq
YXY1Z3F0R2NNeWZ5aU95bm9nOXhCMVkK4wKE+2xJW6NCwP1UkdiRhCp4AfzGblDk
c1CrBFSXy1SPNoF1IFovzmXaeBTP/z2lL5V3acle/jUDu6lqiFoThA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-18T18:01:36Z"
mac: ENC[AES256_GCM,data:W/KwLKfYPjO4U21BeAWc2pXoHrQFvhUzuaBoxD42urTABM4rIRdFyfnZxOWvGONYx625pT0g50PaJQVdl3yKwhw7SrjLPnrB1i/eiGiDrHI1CYaO1JkCab4dVacSia8xu0Kn/A9dEhvh2l1kEafh1q9iplpSlnhhJY9VhHLBOfI=,iv:7JxLYbOgvs1yfeCPkySpcMKvJ1r4Kz+gA6A8P1nku38=,tag:Ql8yaiNFpX9W1irNVWY1RA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3