simon/nixos-config
simon/nixos-config
1
1
Fork 0
Code Issues 8 Pull requests Actions Projects Activity

yuzuru/li7y: Init

Browse source 
For now, it is implemented using OCI containers for fast deployments.
This commit is contained in:
Simon Bruder 2024-07-19 11:35:19 +02:00
parent 7d23321c0f
commit 8627ed8dc1
Signed by: simon
GPG key ID: 347FF8699CDA0776
3 changed files with 64 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
machines/yuzuru/configuration.nix
View file

@ -10,6 +10,7 @@
../../modules ../../modules
./services/static-sites.nix ./services/static-sites.nix
./services/li7y.nix
]; ];
sbruder = { sbruder = {

5
machines/yuzuru/secrets.yaml
View file

@ -1,12 +1,13 @@
wg-home-private-key: ENC[AES256_GCM,data:0ylkx9p62CBGqVg+T52eHbMwbLcZM/v3tg/wJukDq76heN1TtQqbbqgVZKc=,iv:/aUkqKhihnBWQFLIRjS7kHigBCBXX7L4KY5q+cO9Q00=,tag:jQSMVElMfIyrG5hs7HuxUQ==,type:str] wg-home-private-key: ENC[AES256_GCM,data:0ylkx9p62CBGqVg+T52eHbMwbLcZM/v3tg/wJukDq76heN1TtQqbbqgVZKc=,iv:/aUkqKhihnBWQFLIRjS7kHigBCBXX7L4KY5q+cO9Q00=,tag:jQSMVElMfIyrG5hs7HuxUQ==,type:str]
li7y-environment: ENC[AES256_GCM,data:cm4+672JelbYsBm0rwrF/I9gS72XfAlj335v0+EfXmPSD1LCBJ3clR7jZC7SVH5D9ZSaSlrY8J/+7hgDmzsiR2kypNBvfMvN825AF5QFehnYeHhxUktU+uig7RzpRUeWSPM0r8j6lmpGNc7vd3S+L3TWn2ZfCJ8Kc28Ad2M9yFiZ7PPqB6qqLnsx2peQuafDhefuohLPOYA=,iv:84yL6l7zqeb7l3w3ARskJoQEvI1+HxoCCKrLhB0kx7E=,tag:GCetAOW7pvyjKEM26A9ZbA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: [] age: []
lastmodified: "2024-01-02T22:37:47Z" lastmodified: "2024-07-14T17:32:43Z"
mac: ENC[AES256_GCM,data:oBfM/DF/TfWJIW1VlvZ4Z+vBQxCmHm8J83pjILtHFBwU14f1H09iIsswY1xyAwO9wO3cttf4xjrSa6mGGUyQFqLdEzj8z/JkCm1vwpLZQW+j8FpRjH1ryyE6G/3eS5tboUZgmAwBPDsulJr3NBi121RHhZvWf1dv2T/J5IcZMxI=,iv://TpDpO8tNaibh8ABqE1AT6CPK62rtUZiFmYP9ST3MA=,tag:5SErG/jDycIdxX3ABOcsow==,type:str] mac: ENC[AES256_GCM,data:7D9xHNpdhI6CgX94PAoJJIJqVZ403ZL7dXbdnod2do4M+Qf0yRrRDxi6hPipf0BX0vsSq1npdiXcnwP50PZHal8LW7IJRjfefW5WnO+BLD42sIxt5mikdNfZhpyg3dHB7j+8m1lE1+veK/Ho06V32sckibhBG4AFBfMZ/k1VIns=,iv:NS9CaSyEUdmJEKFejiaugtZ5Nf8norhoaCaOwPZsxow=,tag:Y2Nu92iYO0PSqtXMLc3D7g==,type:str]
pgp: pgp:
- created_at: "2024-01-22T00:20:20Z" - created_at: "2024-01-22T00:20:20Z"
enc: |- enc: |-

60
machines/yuzuru/services/li7y.nix Normal file
View file

@ -0,0 +1,60 @@
# SPDX-FileCopyrightText: 2024 Simon Bruder <simon@sbruder.de>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
{ config, pkgs, ... }:
{
sops.secrets.li7y-environment = {
sopsFile = ../secrets.yaml;
owner = "li7y";
};
users.users.li7y = {
isSystemUser = true;
home = "/var/lib/li7y";
createHome = true;
group = "li7y";
};
users.groups.li7y = { };
virtualisation = {
podman = {
enable = true;
defaultNetwork.settings = {
ipv6_enabled = true;
};
};
};
systemd.services.podman-li7y = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStartPre = "${pkgs.podman}/bin/podman pull git.sbruder.de/simon/li7y";
ExecStart = "${pkgs.podman}/bin/podman run --rm --name=li7y --userns=keep-id -v /run/postgresql:/run/postgresql --env-file ${config.sops.secrets.li7y-environment.path} -e 'DATABASE_URL=postgres:///?port=5432&host=/run/postgresql' -e LISTEN_ADDRESS=:: -p 127.0.0.1:8080:8080 git.sbruder.de/simon/li7y";
User = "li7y";
};
};
services.nginx = {
enable = true;
virtualHosts."i7y.eu" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://127.0.0.1:8080";
};
};
services.postgresql = {
enable = true;
ensureDatabases = [ "li7y" ];
ensureUsers = [
{
name = "li7y";
ensureDBOwnership = true;
}
];
};
}