darkkirb/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests 2 Projects Releases Packages Wiki Activity Actions

update

Browse source
This commit is contained in:
Charlotte 🦝 Delenk 2023-09-26 17:11:21 +01:00
parent 26f1da96ac
commit 6335470db5
Signed by: darkkirb
GPG key ID: AB2BD8DAF2E37122
4 changed files with 37 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
config/services/chir-rs.dhall
View file

@ -55,9 +55,10 @@
in Config::{
, listenPort = 62936
, database = PostgresConfig::{ connectionString }
, database = PostgresConfig::{ connectionString = secretsFile.connectionString }
, logLevel = LogLevel.Type.LogLevelInfo
, signUpKey
, signUpKey = secretsFile.signUpKey
, rpId = "lotte-test.chir.rs"
, staticDir
, staticDir = secretsFile.staticDir
, nodeName = secretsFile.nodeName
}

22
config/services/chir-rs.nix
View file

@ -12,13 +12,12 @@ let staticDir = pkgs.stdenvNoCC.mkDerivation {
'';
};
auxCfg = pkgs.writeText "config.dhall" ''
${./chir-rs.dhall}
{
staticDir = "${staticDir}",
connectionString = "postgres://chir_rs:" ++ (${config.sops.secrets."services/chir-rs/database-password".path} as Text) ++ @nixos-8gb-fsn1-1.int.chir.rs/chir_rs",
signUpKey = ${config.sops.secrets."services/chir-rs/signup-secret".path} as Text,
nodeName = "${config.networking.hostName}"
}
${./chir-rs.dhall} {
staticDir = "${staticDir}",
connectionString = "postgres://chir_rs:" ++ (${config.sops.secrets."services/chir-rs/database-password".path} as Text) ++ "@nixos-8gb-fsn1-1.int.chir.rs/chir_rs",
signUpKey = ${config.sops.secrets."services/chir-rs/signup-secret".path} as Text,
nodeName = "${config.networking.hostName}"
}
'';
in
{
@ -52,10 +51,13 @@ in
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
UMask = "0077";
ExeStart = ''
${chir-rs.packages.${system}.chir-rs} ${auxCfg}
ExecStart = ''
${chir-rs.packages.${system}.chir-rs}/bin/chir-rs
'';
};
environment = {
CHIR_RS_CONFIG="${auxCfg}";
};
};
sops.secrets."services/chir-rs/database-password".owner = "chir-rs";
sops.secrets."services/chir-rs/signup-secret".owner = "chir-rs";
@ -76,7 +78,7 @@ in
extraConfig = ''
import baseConfig
reverse_proxy http://[::1]:57448 {
reverse_proxy http://127.0.0.1:62936 {
trusted_proxies private_ranges
}
'';

38
flake.lock
View file

@ -153,11 +153,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1695651960,
"narHash": "sha256-Szm1jq0rindDRQbnSzKmKsIzyvTCt3H1LXMucQUT12g=",
"lastModified": 1695732801,
"narHash": "sha256-c7cbWRBE1X7wRJDLUIkO4HTRKx0kCh4a2nEQX2k1RH8=",
"owner": "DarkKirb",
"repo": "chir.rs",
"rev": "8d0d60c36cd969642a9f3a4a3ec0e867ad27c329",
"rev": "65d31575bb83580abd3a2f2ece70c0b3b5a79f02",
"type": "github"
},
"original": {
@ -730,11 +730,11 @@
]
},
"locked": {
"lastModified": 1695550077,
"narHash": "sha256-xoxR/iY69/3lTnnZDP6gf3J46DUKPcf+Y1jH03tfZXE=",
"lastModified": 1695738267,
"narHash": "sha256-LTNAbTQ96xSj17xBfsFrFS9i56U2BMLpD0BduhrsVkU=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "a88df2fb101778bfd98a17556b3a2618c6c66091",
"rev": "0f4e5b4999fd6a42ece5da8a3a2439a50e48e486",
"type": "github"
},
"original": {
@ -1011,11 +1011,11 @@
]
},
"locked": {
"lastModified": 1695656636,
"narHash": "sha256-aWNsycaRcfb+74tkAk/nr/NGHFIc/CPHCv+YGR/tSQc=",
"lastModified": 1695730444,
"narHash": "sha256-knV1Mp6VESGQg5EIaVDGtHoPLXNIDj2MoryXB/SqzvM=",
"ref": "main",
"rev": "7308061928ea56fbb9bc03892d1da01624a7e5e4",
"revCount": 1014,
"rev": "7ff4a90a0fa1bc779210a382a5472774e01dcb79",
"revCount": 1018,
"type": "git",
"url": "https://git.chir.rs/darkkirb/nix-packages.git"
},
@ -1268,11 +1268,11 @@
},
"nixpkgs_4": {
"locked": {
"lastModified": 1695656499,
"narHash": "sha256-kWq5qv257//eVjzQrE99DLQkcJxxHTNjUiXMJzLcdvc=",
"lastModified": 1695742428,
"narHash": "sha256-pwMGp0Rxu3HfooLRvDici/rpRaCP1i877zE3u4zq3ZM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "12d9af932f7eec42d826c0395515dab2d0cd8f27",
"rev": "81aa88d4c485c0f41e4d3515508726ed750e936e",
"type": "github"
},
"original": {
@ -1298,11 +1298,11 @@
},
"nur_2": {
"locked": {
"lastModified": 1695656745,
"narHash": "sha256-GdivHNuf8HxrWkUbojHH3q7vgaG3T7KoVJ/SJ9IUD5Q=",
"lastModified": 1695743201,
"narHash": "sha256-rmGErmGQPO4ymsmHvQsVM0nFtQQwCRD3Np1BA5vHDIQ=",
"owner": "nix-community",
"repo": "NUR",
"rev": "f8ad482a1c42596b3491914e8cba8fa0d08471d1",
"rev": "7ca7f65124ac3e7655e9ad9ab8cd2e7d9ec07d5a",
"type": "github"
},
"original": {
@ -1365,11 +1365,11 @@
]
},
"locked": {
"lastModified": 1695607919,
"narHash": "sha256-PU6yIbHXdm3W8bBlhO6aL+VIjK5UQCRnOvCqa1lYQ6M=",
"lastModified": 1695694299,
"narHash": "sha256-0CucEiOZzOVHwmGDJKNXLj7aDYOqbRtqChp9nbGrh18=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "014e0035c262e5506f904829e6b925ee3cfdb55e",
"rev": "c89a55d2d91cf55234466934b25deeffa365188a",
"type": "github"
},
"original": {

7
secrets/instance-20221213-1915.yaml
View file

@ -18,9 +18,6 @@ services:
attic: ENC[AES256_GCM,data:piBIi+r/WKVnGwl00q1lZjdyQz2PqFGrM8xTxf5/0MOv4UTJjw9I/9HdQAKgMH7okiAh94BTyGCM4EzwiHRbErQoQC9OihIgUkvQW6/SzIeSgSw3n8oBe7UKiXIedsjzLoPNjH1gDg8lLDgg5Iq389+AY+qPFfmF61tpcG35bkvKd1XWUL/elTMff+yILndu9fvcmmkDk4IGSdzB2fVcB+1k6JOWiL5Mo42RF2dUu7cvbnrsh/MpC0nzMrkQUBENfhPPuEjMGZ2ZwSqbW2B6FfZI9uCtdmRpXhwytzHBgwxetbKKe61a+mPTjSyItG/bqoSw4v+O8T8UBy2y/aAmZjvw+fhl+sb+ro90sOZMzY9jNVenZqVvTyZk12gD/ljpzRbGpIxE9l0WdLLlB9aNIaRa3EGbe9oNpGg4p6I+kEe4mx1+qhUpNgrCpv1jUORyfbKGNrPp//NiO3C7nrm//5D2U+Y4vg4Xc80RHsHTrHuKdpk=,iv:SoK0B7bf8TiFXCPTWYr2G1+XoFzFIIJzruwXfOjCsxg=,tag:bxsUXluNqqcuOixOz6cSjA==,type:str]
ssh:
host-key: ENC[AES256_GCM,data:oiy1thPKRVgH0XltFQCKwGMdLZde8zp1Ag1dL/el/2jXp1be1Evtr+kkZv56nhlaJ6KpYi5VsfrfpFVnKUkcYGUMmqVf2lFDu2fPcWB+PW7nol9K+sVRhHgTPP1wz385o5bof4OnbMF9sUbV0PT/pd4yAvluKq9s2vBBb2GEZ+HDBwkurmgVrFqUb66AvCdncXTpK47qpWZQMDTMGKqv5d1hJOoCCIulX3iJ4ko2xDD7qRlFtcdLNFLw3q4R6eP+L0OqoQs8dnjpIQOLVItzHTHTTcQRVoFvD7OMYSyU5RIIxTIOoS9tWzQu/QpHpO4cgjQ/GX09uj+a6/Cy8Itavd88YeSoYEPGwBYEciYLakFpNQ8aFl0yEsEMdZbfHgOUAOlbv28Mv93+RFMs5HrdIup/lZr5PsCBSsrMVkwJNVQKTxbN34LCTGOeCkuzohAwmwEVB/Ysuh23WyFKcdkGWAwlnVvgaNT5/TsNTCCI8Hf6fJecD4imWrJAtlXG7o+mnE+f0LlixxsnMgSnlkX4,iv:mnW23zPiSDoluMjQJEUFHDkVO6IT/4+RgAlaKuie3Qw=,tag:F+KOH/MkjrF1wYCR9OzFkQ==,type:str]
chir-rs:
auth:
password: ENC[AES256_GCM,data:9tJQIoCgquUkX+FeAT0+1tfyIF9YdNT26AOyd7hiS8BgLSa8WdG+v3H0zMt48ETc8duCMTDKII0sJTtgYxtaKQ==,iv:ZukeYF4yTf7fkrkTpbUsuNkpMOgjMDGbYtUcbvfu50g=,tag:HutgW+KyEVoePVZIO+uExg==,type:str]
nextcloud:
adminpass: ENC[AES256_GCM,data:xB6PspGdPXCxLW2pTTisgGSDefuUui/y0rUUCKbpSXZQcjlOu2n8T1tyFvb3sv2PwkF7bEvzIqmXLfOFxXX0mA==,iv:AwGxw3czHeD5fgAor0EZtZDXHVT71mUUeguWpXytRRI=,tag:7w0AdobWwrXEo0HMHRE2Tw==,type:str]
s3: ENC[AES256_GCM,data:6eaoosPsBl1K5W76/KPAkw58nMNhhMFS7b/3v3WCbg==,iv:C+JVjSN3MG4CzaYmBr6Lzh6jdFbwQsDJYJfBPfllZYw=,tag:YHie0LMPg2gahnGF+cEGZg==,type:str]
@ -55,8 +52,8 @@ sops:
bVJUcDZLWTk3MiszOWp4enRRQmNsajQKF8QJs/Wb0SqnvsQEkRKlS1Ms9xLIdyvZ
QCFAPclaOfaTLTiRJWXjDneBkMBduYKkRPiXCR+Bn7i4z8ixLXFmWw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-09-25T18:36:20Z"
mac: ENC[AES256_GCM,data:Ot8GWCq9Jz7Gd8CwRkdOGlpQgXHbwkP1Y7c2NozmOg8rrTjF6xpZtrYL45n+wNvEREKCbhhbspGW0EcXdCh2IJWN0Dq4prVyq0/+NSnqbOsh6YYtoGgaMb0lyOgecVyHkxRKTNKIXDKsyrjKSbumql1Q3G9Aa7u1ZFFsEhV8paQ=,iv:RtQbJF33dhX8VLvdktKTohAYRYy8T9VqRblSPomGD4s=,tag:ckDVTlKrbWdehcfJxeh1qQ==,type:str]
lastmodified: "2023-09-25T19:20:46Z"
mac: ENC[AES256_GCM,data:yS7B951OXH8HmZnhAQVAtSJEA6d/Jop1MjRaPYG+HmaevtzR1QMv3MVoKGgfjQqgaCU7uFoMWiB7PyJX1ELQlpe1GkOL/2JQrTzKqPvFCcEo+SUhoVP3yj0ZJd6hC6pMEirFUuci+0aKFxYX2T16ud2f7wPikMYWMpCpwo877FQ=,iv:H3/0xUgIjjXf7wFVE3KevHwsaZ16xuUWlCLq2ozpSA0=,tag:PnE8Oms96Y9kcRTLdjTXdg==,type:str]
pgp:
- created_at: "2022-12-14T15:34:13Z"
enc: |