From d9d0810c969b7a5c4029775b4552bb78c23a4603 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charlotte=20=F0=9F=A6=9D=20Delenk?= Date: Mon, 17 Jan 2022 20:53:47 +0100 Subject: [PATCH] Add chir.rs for real --- config/services/chir-rs.nix | 13 +++++++- config/sops.nix | 1 + flake.lock | 43 +++++++++++++++++++++------ flake.nix | 8 ++++- secrets/nixos-8gb-fsn1-1/secrets.yaml | 5 ++-- 5 files changed, 57 insertions(+), 13 deletions(-) diff --git a/config/services/chir-rs.nix b/config/services/chir-rs.nix index c3babcd0..77cc4da8 100644 --- a/config/services/chir-rs.nix +++ b/config/services/chir-rs.nix @@ -1 +1,12 @@ -{ chir-rs, ... }: { } +{ pkgs, ... } @ args: { + systemd.services.chirrs = { + enable = true; + description = builtins.trace args "chir.rs"; + script = "${chir-rs}/chir-rs-server"; + serviceConfig = { + WorkingDirectory = chir-rs; + EnvironmentFile = "/run/secrets/services/chir.rs"; + }; + wantedBy = [ "multi-user.target" ]; + }; +} diff --git a/config/sops.nix b/config/sops.nix index 15fbc8f8..0d7e48bf 100644 --- a/config/sops.nix +++ b/config/sops.nix @@ -11,4 +11,5 @@ owner = "prometheus"; }; sops.secrets."services/old-homepage" = { }; + sops.secrets."services/chir.rs" = { }; } diff --git a/flake.lock b/flake.lock index b5842cdf..885ab0c3 100644 --- a/flake.lock +++ b/flake.lock @@ -90,6 +90,21 @@ "type": "github" } }, + "flake-utils_4": { + "locked": { + "lastModified": 1638122382, + "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -143,6 +158,22 @@ } }, "nixpkgs_3": { + "locked": { + "lastModified": 1642130244, + "narHash": "sha256-/5FhZkZFQCRQIRFosUQW1zmDrsNHVOJIB/+XgRPHiPU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "bc59ba15b64d0a0ee1d1764f18b4f3480d2c3e5a", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { "locked": { "lastModified": 1642446922, "narHash": "sha256-JrZGVj5tL/64WUMvEKOdC92yaWbVccx9NkGJp3lHSpk=", @@ -161,7 +192,7 @@ "inputs": { "chir-rs": "chir-rs", "home-manager": "home-manager", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "sops-nix": "sops-nix" } }, @@ -186,14 +217,8 @@ }, "rust-overlay_2": { "inputs": { - "flake-utils": [ - "chir-rs", - "flake-utils" - ], - "nixpkgs": [ - "chir-rs", - "nixpkgs" - ] + "flake-utils": "flake-utils_4", + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1642387353, diff --git a/flake.nix b/flake.nix index 84f0990c..c236588b 100644 --- a/flake.nix +++ b/flake.nix @@ -28,8 +28,14 @@ rec { ./config/default.nix sops-nix.nixosModules.sops home-manager.nixosModules.home-manager + ({ pkgs, ... }: { + nixpkgs.overlays = [ + (self: super: { + chir-rs = chir-rs.outputs.defaultPackage.x86_64-linux; + }) + ]; + }) ]; - inherit chir-rs; }; }) systems); diff --git a/secrets/nixos-8gb-fsn1-1/secrets.yaml b/secrets/nixos-8gb-fsn1-1/secrets.yaml index d5a8ff6e..c331e814 100644 --- a/secrets/nixos-8gb-fsn1-1/secrets.yaml +++ b/secrets/nixos-8gb-fsn1-1/secrets.yaml @@ -12,6 +12,7 @@ services: gitea.nix: ENC[AES256_GCM,data:51YBcqkQJFbvJEZ7U9Fr6YPqtF6Sn+huLKPQHXoIFlrhlSTZDtGpPci1MQVI7X/UWSpdCTtOa22doguWEqWG9rUaekfmDTL8jb/WbV7jtDYnFINE1NRRFb/RIFmQJ/UPODsesewtg8vNPiU9ZAQgep9ttPMpqnRWkEHcFisTrHO1gZ0D6pF2EFbBEZX3Z5q7rPcr5907KiF0HALFueVqzONGCYGxmzBIFWA8Um1wYKlwWieqjos60Ip2,iv:wMOKydq0NLazAQC3joFTyhbmEIvwDGFc4sEhcQ3a/gc=,tag:c5MndmKCjBm7u63R9VWwgA==,type:str] minio_scrape: ENC[AES256_GCM,data:Kk4HMqMMfAlfrJf81rdgaQVClzYz8di8+qTjRfR/V+QV19aqlhyYtW2Y9XirntwNiD5OIjyunxd6uI+WsKg5DRpenG5o4KjPXjU7e5WoyOIBDnUAIFnnW5WAZkVrBK2jeX2DU4dFz16MRRp6JSDCDiw4xnvSu10FTbSvcAFmLzcNzRUvGR28CIdX/8eyZL3RORMueDJ4zuy9siGgQiWkG3M3UA1g/hFGukyS2GiQkrJ9/68VdkpJtqqV7w29m5hw2Z9c9A==,iv:kTeWuWHRvgLryK4F/2oEvwwu3BFPHV54jXsYEk1anmw=,tag:rUVrVWAC7K8mvn+rRlbsxA==,type:str] old-homepage: ENC[AES256_GCM,data:8onkNrhxaIQP5XJWcypXHKwK5aMhGx9zDEE5Xgi7JqyHY0DIAaqLYZ1EFZZDKUXY7Ry7fY7o/XhB8rpOSfBIg6eQ4zaDAqP8zAL+2DCuviVJNWLpvEgvkechx3M2cGkL6kEmRvy4Uc/+AdY/BZsjFfhxy60ZWKz2x5NYmnzZdMbRoLVXs6BLckE3OdHQ0IXOdBooKK8hHzT+cC+yld+UMYSfm3eugyqFAyIhIIsmrG3cx1XsnEXNGgU7Ujyd6MC0L8UsLj4Fa6vc3SeiHSs=,iv:9A1LNDDllfovoPMxR5soVOao4u37q3locM9c8GLMPcU=,tag:pILeZxXJG2ODUo7g2Y/m9Q==,type:str] + chir.rs: ENC[AES256_GCM,data:FcDpWq14wMkElVhViZx7xkhzQUmZ0ZMN9DreGGCNho9afqsPbbfAexvuBv37OO3fe/+lItDrqs+V96JjQ6ctI9AKc2PvhFsPrFaLlf0FWNA9kf0EcSsgIBgsuHugaOQ4xsHjohB/8X2yeNAwljma8IptRxN33xxxo1+BXp6Jgn4qStUmm4e4i+MttUC8Wg2VI8lDQxO9duBVPqhor884EfBWNkyhVxfZOfTIB2ijqAHlDzMlgmg/U3bJ71AaLsips8gApmEbwzce0uGEgPcwXTaBRGC06rmKgyJuNlxqFM3/hC3BZ/y6Yr0cc2PZ80vUty1ezPPWks9ei0fkYlVXeWlEa8rDQmfq9ra6RSLkgi34ArusFnVEJvEwFTAZaWIFTE9b/tFkhKO+7E3lQuzqWyFDWbwUQM+2h/SbfyGGeE5daL46mifzWIgXwqibXItG1cYshhx0eXZzRwQCpucS28c7I1WN742jIXUe,iv:gF82hHxYXJtXsjnVzxbG/AEgyq4bLZT/dhrZQ+y4j48=,tag:HrzLIssWL6NF1W9IJq5YvA==,type:str] sops: kms: [] gcp_kms: [] @@ -36,8 +37,8 @@ sops: QkkzbUVrVWtYMWhLa0N5MzJ2KzV4MW8KEAtd2cnwNH01rYUFr+qWyAhHvUsqsxXg not2RQLEIGbo80Z7CMIwqCIpUYOL4m70KlEKrFzflXFbOFX2en82iA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-01-17T14:52:03Z" - mac: ENC[AES256_GCM,data:gjXzbUY5J6KMWsiJP7vKa7mruU6FpEyAfAgyi0kFSzxkiFHaQx+fM0ZYFJQVn328nOoUCvd2kS+p8eoeT96x+hBGmZuc9Gz4vrfVeR60Sj5IeFwY5HNZp/qTOoZdVzTfJhGzOJaWlhJwgLOLiU40TXmrnXnvGok2yQ1TzZXZRn8=,iv:i62QhSJdk5zDM74FqjegxQlwdE85C4LlQd+khju8Ek4=,tag:/Npkm/K6d1daqeySp8TS6w==,type:str] + lastmodified: "2022-01-17T19:53:29Z" + mac: ENC[AES256_GCM,data:EmLDIP1J8+5MTmhzy/5Aajbz+dUPgNRPKGrdpiAjbpEv77LlQB33VgYiboF/6MWmeK97iiARJ76DhlinCPoJ66WiR02ZiHNh66w0wkgHXQ78/JnnCG5KrTC8Ty0xV0UlIbgSVkakqFKyvBqRjIynLF0oEZYVqLCdy9ZqRmuc4Fg=,iv:f1r9xGHyacI+Q5d297xcTX/exuOMxHubbe2/FIWRuGs=,tag:YPxZCsJgpo6H7blkPibkMQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.1