darkkirb/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests 2 Projects Releases Packages Wiki Activity Actions

delete auth.chir.rs

Browse source
This commit is contained in:
Charlotte 🦝 Delenk 2023-08-06 10:37:03 +01:00
parent c6470ae0da
commit 151f31e874
Signed by: darkkirb
GPG key ID: AB2BD8DAF2E37122
8 changed files with 17 additions and 228 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
config/instance-20221213-1915.nix
View file

@ -14,7 +14,6 @@
./wireguard/public-server.nix
./services/named-submissive.nix
./services/shitalloverme.nix
./services/chir.rs
./users/remote-build.nix
./services/atticd.nix
./services/minecraft.nix

1
config/nixos-8gb-fsn1-1.nix
View file

@ -31,7 +31,6 @@
./services/rspamd.nix
./wireguard/public-server.nix
./services/shitalloverme.nix
./services/chir.rs
./services/atticd.nix
./services/wordpress.nix
./services/initrd-ssh.nix

31
config/services/chir-rs.nix
View file

@ -1,31 +0,0 @@
{pkgs, ...}: {
systemd.services.chirrs = {
enable = true;
description = "chir.rs";
script = "${pkgs.chir-rs}/chir-rs-server";
serviceConfig = {
WorkingDirectory = pkgs.chir-rs;
EnvironmentFile = "/run/secrets/services/chir.rs";
};
wantedBy = ["multi-user.target"];
};
services.caddy.virtualHosts."api.chir.rs" = {
useACMEHost = "chir.rs";
logFormat = pkgs.lib.mkForce "";
extraConfig = ''
import baseConfig
rewrite * /api.chir.rs/{path}
reverse_proxy {
to http://localhost:8621
}
'';
};
services.postgresql.ensureDatabases = ["homepage"];
services.postgresql.ensureUsers = [
{
name = "homepage";
ensurePermissions = {"DATABASE homepage" = "ALL PRIVILEGES";};
}
];
sops.secrets."services/chir.rs" = {};
}

84
config/services/chir.rs/auth.nix
View file

@ -1,84 +0,0 @@
{
pkgs,
system,
chir-rs,
config,
...
}: let
d = "$";
dhallConfig = ''
let password = ${config.sops.secrets."services/chir-rs/auth/password".path} as Text
let BaseConfig =
{ Type =
{ database_url : Text
, listen_addr : Text
, redis_url : Text
, asset_path : Text
}
, default.listen_addr = "[::1]:5621"
}
in BaseConfig::{
, database_url = "postgres://auth_chir_rs:${d}{password}@nixos-8gb-fsn1-1.int.chir.rs"
, listen_addr = "127.0.0.1:7954"
, redis_url = "redis://:${d}{password}@nixos-8gb-fsn1-1.int.chir.rs:53538/0"
, asset_path = "${chir-rs.packages.${system}.chir-rs-auth-web}"
}
'';
in {
systemd.services.auth-chir-rs = {
description = "auth.chir.rs";
after = ["network.target"];
wantedBy = ["multi-user.target"];
script = ''
export CONFIG_FILE=${pkgs.writeText "config.dhall" dhallConfig}
export RUST_LOG=info
exec ${chir-rs.packages.${system}.chir-rs-auth}/bin/chir-rs-auth
'';
serviceConfig = {
Type = "simple";
User = "auth-chir-rs";
Group = "auth-chir-rs";
Restart = "always";
};
};
sops.secrets."services/chir-rs/auth/password".owner = "auth-chir-rs";
users.users.auth-chir-rs = {
description = "auth.chir.rs";
home = "/var/empty";
useDefaultShell = true;
group = "auth-chir-rs";
isSystemUser = true;
};
users.groups.auth-chir-rs = {};
services.postgresql.ensureDatabases = [
"auth_chir_rs"
];
services.postgresql.ensureUsers = [
{
name = "auth_chir_rs";
ensurePermissions = {
"DATABASE auth_chir_rs" = "ALL PRIVILEGES";
};
}
];
services.redis.servers."auth_chir_rs" = {
enable = config.networking.hostName == "nixos-8gb-fsn1-1";
port = 53538;
save = [];
requirePassFile = config.sops.secrets."services/chir-rs/auth/password".path;
bind = null;
};
networking.firewall.interfaces."wg0".allowedTCPPorts = [53538];
services.caddy.virtualHosts."auth.chir.rs" = {
useACMEHost = "chir.rs";
logFormat = pkgs.lib.mkForce "";
extraConfig = ''
import baseConfig
reverse_proxy http://127.0.0.1:7954 {
trusted_proxies private_ranges
}
'';
};
}

5
config/services/chir.rs/default.nix
View file

@ -1,5 +0,0 @@
{
imports = [
./auth.nix
];
}

107
flake.lock
View file

@ -36,7 +36,7 @@
"nixos-config-for-netboot",
"crane"
],
"flake-compat": "flake-compat_5",
"flake-compat": "flake-compat_4",
"flake-utils": [
"nixos-config-for-netboot",
"flake-utils"
@ -66,35 +66,7 @@
},
"cargo2nix": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-utils": [
"flake-utils"
],
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": [
"rust-overlay"
]
},
"locked": {
"lastModified": 1678094756,
"narHash": "sha256-FoVmeU9ITOhKO/wQt76JMZsIDxfNmzgkqHud6hrHB18=",
"owner": "DarkKirb",
"repo": "cargo2nix",
"rev": "a2c22af726db8fca367865d6631b3f321eadc647",
"type": "github"
},
"original": {
"owner": "DarkKirb",
"ref": "release-0.11.0",
"repo": "cargo2nix",
"type": "github"
}
},
"cargo2nix_2": {
"inputs": {
"flake-compat": "flake-compat_6",
"flake-compat": "flake-compat_5",
"flake-utils": [
"nixos-config-for-netboot",
"flake-utils"
@ -154,35 +126,6 @@
}
},
"chir-rs": {
"inputs": {
"cargo2nix": [
"cargo2nix"
],
"flake-utils": [
"flake-utils"
],
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": [
"rust-overlay"
]
},
"locked": {
"lastModified": 1691307631,
"narHash": "sha256-XC8ZCDsxO4yojGSvW63+M0P/bOUar8YSUSb8lgT9sss=",
"owner": "DarkKirb",
"repo": "chir.rs",
"rev": "2660c086545c3f1b0d66c9059c21baf00a376700",
"type": "github"
},
"original": {
"owner": "DarkKirb",
"repo": "chir.rs",
"type": "github"
}
},
"chir-rs_2": {
"inputs": {
"cargo2nix": [
"nixos-config-for-netboot",
@ -272,7 +215,7 @@
},
"crane": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat_2",
"flake-utils": [
"flake-utils"
],
@ -299,7 +242,7 @@
},
"crane_2": {
"inputs": {
"flake-compat": "flake-compat_7",
"flake-compat": "flake-compat_6",
"flake-utils": [
"nixos-config-for-netboot",
"flake-utils"
@ -543,11 +486,11 @@
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github"
},
"original": {
@ -559,11 +502,11 @@
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
@ -589,22 +532,6 @@
}
},
"flake-compat_5": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_6": {
"flake": false,
"locked": {
"lastModified": 1650374568,
@ -620,7 +547,7 @@
"type": "github"
}
},
"flake-compat_7": {
"flake-compat_6": {
"flake": false,
"locked": {
"lastModified": 1668681692,
@ -636,7 +563,7 @@
"type": "github"
}
},
"flake-compat_8": {
"flake-compat_7": {
"flake": false,
"locked": {
"lastModified": 1673956053,
@ -1151,7 +1078,7 @@
"attic": [
"attic"
],
"flake-compat": "flake-compat_4",
"flake-compat": "flake-compat_3",
"flake-utils": [
"flake-utils"
],
@ -1183,7 +1110,7 @@
"nixos-config-for-netboot",
"attic"
],
"flake-compat": "flake-compat_8",
"flake-compat": "flake-compat_7",
"flake-utils": [
"nixos-config-for-netboot",
"flake-utils"
@ -1235,8 +1162,8 @@
"nixos-config-for-netboot": {
"inputs": {
"attic": "attic_2",
"cargo2nix": "cargo2nix_2",
"chir-rs": "chir-rs_2",
"cargo2nix": "cargo2nix",
"chir-rs": "chir-rs",
"colorpickle": "colorpickle_2",
"crane": "crane_2",
"dns": "dns_2",
@ -1464,8 +1391,6 @@
"root": {
"inputs": {
"attic": "attic",
"cargo2nix": "cargo2nix",
"chir-rs": "chir-rs",
"colorpickle": "colorpickle",
"crane": "crane",
"dns": "dns",

13
flake.nix
View file

@ -11,19 +11,6 @@ rec {
inputs.nixpkgs.follows = "nixpkgs-for-crane";
inputs.nixpkgs-stable.follows = "nixpkgs-for-crane";
};
cargo2nix = {
url = "github:DarkKirb/cargo2nix/release-0.11.0";
inputs.flake-utils.follows = "flake-utils";
inputs.nixpkgs.follows = "nixpkgs";
inputs.rust-overlay.follows = "rust-overlay";
};
chir-rs = {
url = "github:DarkKirb/chir.rs";
inputs.cargo2nix.follows = "cargo2nix";
inputs.flake-utils.follows = "flake-utils";
inputs.nixpkgs.follows = "nixpkgs";
inputs.rust-overlay.follows = "rust-overlay";
};
colorpickle = {
url = "github:AgathaSorceress/colorpickle";
inputs.naersk.follows = "naersk";

3
zones/chir.rs.nix
View file

@ -144,7 +144,7 @@ with dns.lib.combinators; let
SOA = {
nameServer = "ns1.chir.rs.";
adminEmail = "lotte@chir.rs";
serial = 35;
serial = 36;
};
NS = [
"ns1.chir.rs."
@ -239,7 +239,6 @@ with dns.lib.combinators; let
akko = createZone {};
peertube = createZone {};
mediaproxy.CNAME = ["mediaproxy-chir-rs.b-cdn.net."];
auth = createFullZone {};
attic = createFullZone {};
cloud = createZone oracleBase;
lotte = createZone {};