Compare commits
No commits in common. "5c6e336e39907c2cb3fa6216a5f94600a6bb9ad3" and "d66927eb669988ca6d3e044e00184fa7f7784bab" have entirely different histories.
5c6e336e39
...
d66927eb66
|
@ -1,7 +1,6 @@
|
||||||
keys:
|
keys:
|
||||||
- &admin_jrpotter age1huyyxsy4g0e5svmcejxvvdjnnk6qkulgd3qfpue59exnfrnqzudspxnn62
|
- &admin_jrpotter age1huyyxsy4g0e5svmcejxvvdjnnk6qkulgd3qfpue59exnfrnqzudspxnn62
|
||||||
- &server_thebe age1pjgqvdyzxz30rxvu3zysjpmxrjjsvklggfepswhmwdaunx0kg3vsfept24
|
- &server_thebe age1pjgqvdyzxz30rxvu3zysjpmxrjjsvklggfepswhmwdaunx0kg3vsfept24
|
||||||
- &server_europa age1z0rfzzfll963msxfschxn7m65pz5p8nuz9p3h940mhhfr6uxe5mqpl4dul
|
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: .*
|
- path_regex: .*
|
||||||
key_groups:
|
key_groups:
|
||||||
|
|
11
flake.nix
11
flake.nix
|
@ -49,9 +49,6 @@
|
||||||
thebe = {
|
thebe = {
|
||||||
inherit (tapir) sops-nix;
|
inherit (tapir) sops-nix;
|
||||||
};
|
};
|
||||||
europa = {
|
|
||||||
inherit (tapir) sops-nix;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -86,14 +83,6 @@
|
||||||
targetHost = "64.23.168.148";
|
targetHost = "64.23.168.148";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
europa = {
|
|
||||||
imports = [ ./hive/europa ];
|
|
||||||
deployment = {
|
|
||||||
allowLocalDeployment = false;
|
|
||||||
targetHost = "147.182.255.90";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
packages.${system}.digital-ocean = {
|
packages.${system}.digital-ocean = {
|
||||||
|
|
|
@ -1,31 +0,0 @@
|
||||||
{ sops-nix, lib, ... }:
|
|
||||||
{
|
|
||||||
imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [
|
|
||||||
sops-nix.nixosModules.sops
|
|
||||||
../../digital-ocean/configuration.nix
|
|
||||||
../../services/reconn
|
|
||||||
];
|
|
||||||
|
|
||||||
networking = {
|
|
||||||
hostName = "europa";
|
|
||||||
firewall = {
|
|
||||||
enable = true;
|
|
||||||
allowedTCPPorts = [ 80 443 ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
programs.mosh.enable = true;
|
|
||||||
|
|
||||||
services = {
|
|
||||||
nginx.enable = true;
|
|
||||||
openssh.enable = true;
|
|
||||||
postgresql.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
security.acme = {
|
|
||||||
acceptTerms = true;
|
|
||||||
defaults.email = "jrpotter2112@gmail.com";
|
|
||||||
};
|
|
||||||
|
|
||||||
system.stateVersion = "23.11";
|
|
||||||
}
|
|
|
@ -73,7 +73,6 @@
|
||||||
firefox
|
firefox
|
||||||
gimp
|
gimp
|
||||||
obsidian
|
obsidian
|
||||||
signal-desktop
|
|
||||||
virt-manager
|
virt-manager
|
||||||
vlc
|
vlc
|
||||||
wezterm
|
wezterm
|
||||||
|
@ -124,7 +123,6 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# time.timeZone = "America/Los_Angeles";
|
|
||||||
time.timeZone = "America/Denver";
|
time.timeZone = "America/Denver";
|
||||||
# time.timeZone = "America/New_York";
|
# time.timeZone = "America/New_York";
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{ system, ... }:
|
{ system, ... }:
|
||||||
let
|
let
|
||||||
notebook = builtins.getFlake
|
notebook = builtins.getFlake
|
||||||
"github:jrpotter/notebook/79b715a64c703279f593cad08775b0d73400a19b";
|
"github:jrpotter/notebook/4b65764c8973f54b82a0192aef19391fc61e1fef";
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
services.nginx.virtualHosts."notebook.jrpotter.com" = {
|
services.nginx.virtualHosts."notebook.jrpotter.com" = {
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{ system, ... }:
|
{ system, ... }:
|
||||||
let
|
let
|
||||||
portfolio = builtins.getFlake
|
portfolio = builtins.getFlake
|
||||||
"github:jrpotter/portfolio/eca5e764f26faaa64f6966dbf3970b86eaaf2195";
|
"github:jrpotter/portfolio/357999e784102ba11c52cf1fc9edbfaa8a00912d";
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
services.nginx.virtualHosts."www.jrpotter.com" = {
|
services.nginx.virtualHosts."www.jrpotter.com" = {
|
||||||
|
|
|
@ -1,53 +0,0 @@
|
||||||
{ system, pkgs, lib, ... }:
|
|
||||||
let
|
|
||||||
reconn-url = "git+https://git.jrpotter.com/r/reconn?rev=fa031b2507c625c54abca36fd3f86fc8338e8777";
|
|
||||||
reconn = (builtins.getFlake reconn-url).packages.${system}.app;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
services = {
|
|
||||||
nginx.virtualHosts."www.hideandseek.live" = {
|
|
||||||
forceSSL = true;
|
|
||||||
enableACME = true;
|
|
||||||
serverAliases = [ "hideandseek.live" ];
|
|
||||||
locations."/" = {
|
|
||||||
recommendedProxySettings = true;
|
|
||||||
proxyPass = "http://127.0.0.1:4000";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
postgresql = {
|
|
||||||
package = (pkgs.postgresql_15.withPackages (pkgs: [ pkgs.postgis ]));
|
|
||||||
ensureDatabases = [ "reconn" ];
|
|
||||||
authentication = lib.mkOverride 10 ''
|
|
||||||
# TYPE DATABASE USER ADDRESS METHOD
|
|
||||||
local all all trust
|
|
||||||
host all all 127.0.0.1/32 trust
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.reconn = {
|
|
||||||
enable = true;
|
|
||||||
description = "Reconn Server";
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
after = [ "network.target" "postgresql.service" ];
|
|
||||||
requires = [ "network-online.target" "postgresql.service" ];
|
|
||||||
environment = {
|
|
||||||
DATABASE_URL = "ecto://postgres:postgres@localhost/reconn";
|
|
||||||
};
|
|
||||||
serviceConfig = {
|
|
||||||
Type = "exec";
|
|
||||||
EnvironmentFile = "/run/secrets/RECONN_SECRET_KEY_BASE";
|
|
||||||
ExecStartPre = "${reconn}/bin/migrate";
|
|
||||||
ExecStart = "${reconn}/bin/reconn start";
|
|
||||||
ExecStop = "${reconn}/bin/reconn stop";
|
|
||||||
ExecReload = "${reconn}/bin/reconn restart";
|
|
||||||
Restart = "on-failure";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
sops = {
|
|
||||||
secrets.RECONN_SECRET_KEY_BASE = {
|
|
||||||
sopsFile = ./secrets.yaml;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,30 +0,0 @@
|
||||||
RECONN_SECRET_KEY_BASE: ENC[AES256_GCM,data:uJa1Yb9YaoNtm7YH8Sn7lbG+NX2bBc8NAFaybyKRktMMnX3yBcEc8YviPXP/WYSakqq2DpmgJoUe4mciPDW3aadT3ufkDchWFpSvItkndXg=,iv:fkc2nuQrIqOrUiCqx1vK+hWa87yZgsVphSEo+pWv+Ig=,tag:TXUXHo7TdCz75wat8tK5qg==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age1huyyxsy4g0e5svmcejxvvdjnnk6qkulgd3qfpue59exnfrnqzudspxnn62
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqTEY1UzlkcjVlQzQzVUww
|
|
||||||
QWtvNnZXY2g5UU84aStUd3JyQnIrUGYzVzIwCmROcWdCNjZ5ZkxVaW5jSS94YTV5
|
|
||||||
ZWZZaWo0Rms2cldtYkxlV0dZSWhxMWMKLS0tIFZXNG9CKzRzQmtUNjN4UjQvcU1t
|
|
||||||
U1JmLzdFMTlvQnRFbnd4eVFNSlFsQWsKFxYi7rNAcjWUR5l8leh6e6YtrnpAj14B
|
|
||||||
KhrPUwiG4fwHMF9kWMEH05nWHQh41Vl43AYt7aEs0IO4uVqhXFghug==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1z0rfzzfll963msxfschxn7m65pz5p8nuz9p3h940mhhfr6uxe5mqpl4dul
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXWUJ0bW1sVjlBRVNnaU42
|
|
||||||
YmdhWEUyeStCalNQdWdybm5GdjV4TWFGYjE0CmViOGY2TlFqVW1iaVBSQ0l3L0d1
|
|
||||||
N3UzcUNlTkcrMjNUMWRJZHU1V1J0V00KLS0tIE5BdHZVak1oWnlhdy85NXhmQWhs
|
|
||||||
SEJMWFczYmhqOVkyT3JWYVI5c2I0TkEKyxl9d1C/ONI6TemSTYbyjopS4pDf7fUp
|
|
||||||
sbS77k1QzGb3EM2rD16WUu9i6mfqaaDboaO2D3Ltf4FVWdXTDQyt0w==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2024-04-12T18:11:00Z"
|
|
||||||
mac: ENC[AES256_GCM,data:MK4DB60A07e5pjroITCd9RqOOnL1NRpKkQXbLPkHG/JgxR8n3PqzPs25tayBs9qogD/M3kHwLuyEiZdJOvMxqsMGqPYkrN26QVgEy3GFgAP6XfcFmBj+k0J18FNabnZNbiGMhgX+n1uwqxucRC93fcd99CItZC5DDBXbk2zl87o=,iv:apc5SjAS71dtVqGDvnUSe9phJlYG8wobu9luuo2CDOI=,tag:Bap5KTqiLGahbV/1L2YsPg==,type:str]
|
|
||||||
pgp: []
|
|
||||||
unencrypted_suffix: _unencrypted
|
|
||||||
version: 3.7.3
|
|
Loading…
Reference in New Issue