Setup the reconn service on a new machine (europa).

Update timezone. Install signal.
Update timezone.
2024-04-12 12:19:23 -06:00 · 2024-04-09 16:00:11 -07:00 · 2024-03-28 06:50:43 -07:00 · 2024-03-24 07:17:48 -06:00
8 changed files with 130 additions and 2 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -1,6 +1,7 @@
 keys:
  - &admin_jrpotter age1huyyxsy4g0e5svmcejxvvdjnnk6qkulgd3qfpue59exnfrnqzudspxnn62
  - &server_thebe age1pjgqvdyzxz30rxvu3zysjpmxrjjsvklggfepswhmwdaunx0kg3vsfept24
+  - &server_europa age1z0rfzzfll963msxfschxn7m65pz5p8nuz9p3h940mhhfr6uxe5mqpl4dul
 creation_rules:
  - path_regex: .*
    key_groups:
--- a/flake.nix
+++ b/flake.nix
@ -49,6 +49,9 @@
            thebe = {
              inherit (tapir) sops-nix;
            };
+            europa = {
+              inherit (tapir) sops-nix;
+            };
          };
        };

@ -83,6 +86,14 @@
            targetHost = "64.23.168.148";
          };
        };
+
+        europa = {
+          imports = [ ./hive/europa ];
+          deployment = {
+            allowLocalDeployment = false;
+            targetHost = "147.182.255.90";
+          };
+        };
      };

      packages.${system}.digital-ocean = {
--- a/hive/europa/default.nix
+++ b/hive/europa/default.nix
@ -0,0 +1,31 @@
+{ sops-nix, lib, ... }:
+{
+  imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [
+    sops-nix.nixosModules.sops
+    ../../digital-ocean/configuration.nix
+    ../../services/reconn
+  ];
+
+  networking = {
+    hostName = "europa";
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [ 80 443 ];
+    };
+  };
+
+  programs.mosh.enable = true;
+
+  services = {
+    nginx.enable = true;
+    openssh.enable = true;
+    postgresql.enable = true;
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "jrpotter2112@gmail.com";
+  };
+
+  system.stateVersion = "23.11";
+}
--- a/hive/framework/default.nix
+++ b/hive/framework/default.nix
@ -73,6 +73,7 @@
        firefox
        gimp
        obsidian
+        signal-desktop
        virt-manager
        vlc
        wezterm
@ -123,6 +124,7 @@
    };
  };

+  # time.timeZone = "America/Los_Angeles";
  time.timeZone = "America/Denver";
  # time.timeZone = "America/New_York";

--- a/services/notebook.nix
+++ b/services/notebook.nix
@ -1,7 +1,7 @@
 { system, ... }:
 let
  notebook = builtins.getFlake
-    "github:jrpotter/notebook/4b65764c8973f54b82a0192aef19391fc61e1fef";
+    "github:jrpotter/notebook/79b715a64c703279f593cad08775b0d73400a19b";
 in
 {
  services.nginx.virtualHosts."notebook.jrpotter.com" = {
--- a/services/portfolio.nix
+++ b/services/portfolio.nix
@ -1,7 +1,7 @@
 { system, ... }:
 let
  portfolio = builtins.getFlake
-    "github:jrpotter/portfolio/357999e784102ba11c52cf1fc9edbfaa8a00912d";
+    "github:jrpotter/portfolio/eca5e764f26faaa64f6966dbf3970b86eaaf2195";
 in
 {
  services.nginx.virtualHosts."www.jrpotter.com" = {
--- a/services/reconn/default.nix
+++ b/services/reconn/default.nix
@ -0,0 +1,53 @@
+{ system, pkgs, lib, ... }:
+let
+  reconn-url = "git+https://git.jrpotter.com/r/reconn?rev=fa031b2507c625c54abca36fd3f86fc8338e8777";
+  reconn = (builtins.getFlake reconn-url).packages.${system}.app;
+in
+{
+  services = {
+    nginx.virtualHosts."www.hideandseek.live" = {
+      forceSSL = true;
+      enableACME = true;
+      serverAliases = [ "hideandseek.live" ];
+      locations."/" = {
+        recommendedProxySettings = true;
+        proxyPass = "http://127.0.0.1:4000";
+      };
+    };
+    postgresql = {
+      package = (pkgs.postgresql_15.withPackages (pkgs: [ pkgs.postgis ]));
+      ensureDatabases = [ "reconn" ];
+      authentication = lib.mkOverride 10 ''
+        # TYPE     DATABASE     USER     ADDRESS         METHOD
+          local    all          all                      trust
+          host     all          all      127.0.0.1/32    trust
+      '';
+    };
+  };
+
+  systemd.services.reconn = {
+    enable = true;
+    description = "Reconn Server";
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" "postgresql.service" ];
+    requires = [ "network-online.target" "postgresql.service" ];
+    environment = {
+      DATABASE_URL = "ecto://postgres:postgres@localhost/reconn";
+    };
+    serviceConfig = {
+      Type = "exec";
+      EnvironmentFile = "/run/secrets/RECONN_SECRET_KEY_BASE";
+      ExecStartPre = "${reconn}/bin/migrate";
+      ExecStart = "${reconn}/bin/reconn start";
+      ExecStop = "${reconn}/bin/reconn stop";
+      ExecReload = "${reconn}/bin/reconn restart";
+      Restart = "on-failure";
+    };
+  };
+
+  sops = {
+    secrets.RECONN_SECRET_KEY_BASE = {
+      sopsFile = ./secrets.yaml;
+    };
+  };
+}
--- a/services/reconn/secrets.yaml
+++ b/services/reconn/secrets.yaml
@ -0,0 +1,30 @@
+RECONN_SECRET_KEY_BASE: ENC[AES256_GCM,data:uJa1Yb9YaoNtm7YH8Sn7lbG+NX2bBc8NAFaybyKRktMMnX3yBcEc8YviPXP/WYSakqq2DpmgJoUe4mciPDW3aadT3ufkDchWFpSvItkndXg=,iv:fkc2nuQrIqOrUiCqx1vK+hWa87yZgsVphSEo+pWv+Ig=,tag:TXUXHo7TdCz75wat8tK5qg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1huyyxsy4g0e5svmcejxvvdjnnk6qkulgd3qfpue59exnfrnqzudspxnn62
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqTEY1UzlkcjVlQzQzVUww
+            QWtvNnZXY2g5UU84aStUd3JyQnIrUGYzVzIwCmROcWdCNjZ5ZkxVaW5jSS94YTV5
+            ZWZZaWo0Rms2cldtYkxlV0dZSWhxMWMKLS0tIFZXNG9CKzRzQmtUNjN4UjQvcU1t
+            U1JmLzdFMTlvQnRFbnd4eVFNSlFsQWsKFxYi7rNAcjWUR5l8leh6e6YtrnpAj14B
+            KhrPUwiG4fwHMF9kWMEH05nWHQh41Vl43AYt7aEs0IO4uVqhXFghug==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1z0rfzzfll963msxfschxn7m65pz5p8nuz9p3h940mhhfr6uxe5mqpl4dul
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXWUJ0bW1sVjlBRVNnaU42
+            YmdhWEUyeStCalNQdWdybm5GdjV4TWFGYjE0CmViOGY2TlFqVW1iaVBSQ0l3L0d1
+            N3UzcUNlTkcrMjNUMWRJZHU1V1J0V00KLS0tIE5BdHZVak1oWnlhdy85NXhmQWhs
+            SEJMWFczYmhqOVkyT3JWYVI5c2I0TkEKyxl9d1C/ONI6TemSTYbyjopS4pDf7fUp
+            sbS77k1QzGb3EM2rD16WUu9i6mfqaaDboaO2D3Ltf4FVWdXTDQyt0w==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-04-12T18:11:00Z"
+    mac: ENC[AES256_GCM,data:MK4DB60A07e5pjroITCd9RqOOnL1NRpKkQXbLPkHG/JgxR8n3PqzPs25tayBs9qogD/M3kHwLuyEiZdJOvMxqsMGqPYkrN26QVgEy3GFgAP6XfcFmBj+k0J18FNabnZNbiGMhgX+n1uwqxucRC93fcd99CItZC5DDBXbk2zl87o=,iv:apc5SjAS71dtVqGDvnUSe9phJlYG8wobu9luuo2CDOI=,tag:Bap5KTqiLGahbV/1L2YsPg==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3
Author	SHA1	Message	Date
Joshua Potter	5c6e336e39	Setup the reconn service on a new machine (europa).	2024-04-12 12:19:23 -06:00
Joshua Potter	c9773a7d9e	Update timezone. Install signal.	2024-04-09 16:00:11 -07:00
Joshua Potter	cec7f58a4c	Update timezone.	2024-03-28 06:50:43 -07:00
Joshua Potter	31691a6356	Bump portfolio and notebook.	2024-03-24 07:17:48 -06:00