move

2026-01-15 00:55:09 +01:00 · 2025-08-03 00:41:37 +02:00 · 2025-08-03 00:41:37 +02:00 · 0949cba7be
commit 0949cba7be
parent f456a5c626
92 changed files with 19 additions and 58 deletions
--- a/nix/apps/cargo-bisect-rustc-service/default.nix
+++ b/nix/apps/cargo-bisect-rustc-service/default.nix
@ -0,0 +1,35 @@
+{ config, lib, ... }:
+let
+  dockerLogin = {
+    registry = "docker.noratrieb.dev";
+    username = "nils";
+    passwordFile = config.age.secrets.docker_registry_password.path;
+  };
+in
+{
+  virtualisation.oci-containers.containers = {
+    cargo-bisect-rustc-service = {
+      image = "docker.noratrieb.dev/cargo-bisect-rustc-service:316a4044";
+      volumes = [
+        "/var/lib/cargo-bisect-rustc-service:/data"
+      ];
+      environment = {
+        SQLITE_DB = "/data/db.sqlite";
+      };
+      ports = [ "127.0.0.1:5005:4000" ];
+      login = dockerLogin;
+    };
+  };
+
+  services.custom-backup.jobs = [
+    {
+      app = "cargo-bisect-rustc-service";
+      file = "/var/lib/cargo-bisect-rustc-service/db.sqlite";
+    }
+  ];
+
+  system.activationScripts.makeCargoBisectRustcServiceDir = lib.stringAfter [ "var" ] ''
+    mkdir -p /var/lib/cargo-bisect-rustc-service/
+    chmod ugo+w /var/lib/cargo-bisect-rustc-service/
+  '';
+}
--- a/nix/apps/does-it-build/default.nix
+++ b/nix/apps/does-it-build/default.nix
@ -0,0 +1,43 @@
+{ pkgs, lib, does-it-build, my-projects-versions, ... }:
+let
+  does-it-build-base = does-it-build { inherit pkgs; };
+  does-it-build-with-commit = does-it-build-base.overrideAttrs (finalAttrs: previousAttrs: {
+    DOES_IT_BUILD_OVERRIDE_VERSION = my-projects-versions.does-it-build;
+  });
+in
+{
+  systemd.services.does-it-build = {
+    description = "https://github.com/Noratrieb/does-it-build";
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" ];
+    path = with pkgs; [ rustup gcc bash ];
+
+    serviceConfig = {
+      User = "does-it-build";
+      Group = "does-it-build";
+      ExecStart = "${lib.getExe' (does-it-build-with-commit) "does-it-build" }";
+      Environment = "DB_PATH=/var/lib/does-it-build/db.sqlite";
+    };
+  };
+
+  services.custom-backup.jobs = [
+    {
+      app = "does-it-build";
+      file = "/var/lib/does-it-build/db.sqlite";
+    }
+  ];
+
+  users.users.does-it-build = {
+    isSystemUser = true;
+    home = "/var/lib/does-it-build";
+    description = "does-it-build builder account";
+    group = "does-it-build";
+  };
+  users.groups.does-it-build = { };
+
+  # TODO: i feel like there's gotta be a better way to do the chown..
+  system.activationScripts.makeDoesItBuildDir = lib.stringAfter [ "var" ] ''
+    mkdir -p /var/lib/does-it-build/
+    chown does-it-build:does-it-build /var/lib/does-it-build/
+  '';
+}
--- a/nix/apps/forgejo/default.nix
+++ b/nix/apps/forgejo/default.nix
@ -0,0 +1,50 @@
+{ config, ... }: {
+  age.secrets.forgejo_s3_key_secret.file = ../../secrets/forgejo_s3_key_secret.age;
+
+
+  services.forgejo = {
+    enable = true;
+    database = {
+      type = "sqlite3";
+    };
+    lfs.enable = false;
+
+    settings = {
+      DEFAULT = {
+        APP_NAME = "this forge meows";
+        APP_SLOGAN = "this forge meows";
+      };
+
+      server = rec {
+        DOMAIN = "git.noratrieb.dev";
+        ROOT_URL = "https://${DOMAIN}/";
+        HTTP_PORT = 5015;
+      };
+
+      service = {
+        DISABLE_REGISTRATION = true;
+      };
+
+      storage = {
+        STORAGE_TYPE = "minio";
+        MINIO_ENDPOINT = "127.0.0.1:3900";
+        MINIO_ACCESS_KEY_ID = "GKc8bfd905eb7f85980ffe84c9";
+        MINIO_BUCKET = "forgejo";
+        MINIO_BUCKET_LOOKUP = "auto";
+        MINIO_LOCATION = "garage";
+        MINIO_USE_SSL = false;
+      };
+    };
+
+    secrets = {
+      storage = {
+        MINIO_SECRET_ACCESS_KEY = config.age.secrets.forgejo_s3_key_secret.path;
+      };
+    };
+  };
+
+  services.custom-backup.jobs = [{
+    app = "forgejo";
+    file = "/var/lib/forgejo/data/forgejo.db";
+  }];
+}
--- a/nix/apps/hugo-chat/default.nix
+++ b/nix/apps/hugo-chat/default.nix
@ -0,0 +1,67 @@
+{ config, lib, pkgs, ... }:
+let
+  dockerLogin = {
+    registry = "docker.noratrieb.dev";
+    username = "nils";
+    passwordFile = config.age.secrets.docker_registry_password.path;
+  };
+in
+{
+  age.secrets.hugochat_db_password.file = ../../secrets/hugochat_db_password.age;
+
+  virtualisation.oci-containers.containers = {
+    hugo-chat-client = {
+      image = "docker.noratrieb.dev/hugo-chat-client:89ce0b07";
+      login = dockerLogin;
+      ports = [ "127.0.0.1:5002:80" ];
+    };
+
+    hugo-chat-server = {
+      image = "docker.noratrieb.dev/hugo-chat-server:89ce0b07";
+      ports = [ "127.0.0.1:5001:8080" ];
+      environment = {
+        SPRING_DATASOURCE_URL = "jdbc:postgresql://hugo-chat-db:5432/postgres";
+      };
+      environmentFiles = [ config.age.secrets.hugochat_db_password.path ];
+      extraOptions = [ "--network=hugo-chat" ];
+
+      dependsOn = [ "hugo-chat-db" ];
+      login = dockerLogin;
+    };
+
+    hugo-chat-db = {
+      image = "postgres:16";
+      volumes = [ "/var/lib/hugo-chat/data:/var/lib/postgresql/data" ];
+      environment = {
+        PGDATA = "/var/lib/postgresql/data/pgdata";
+      };
+      extraOptions = [ "--network=hugo-chat" ];
+      environmentFiles = [ config.age.secrets.hugochat_db_password.path ];
+    };
+  };
+
+  services.custom-backup.jobs = [
+    {
+      app = "hugo-chat";
+      pgDump = {
+        containerName = "hugo-chat-db";
+        dbName = "postgres";
+        userName = "postgres";
+      };
+    }
+  ];
+
+  # https://www.reddit.com/r/NixOS/comments/13e5w6b/does_anyone_have_a_working_nixos_ocicontainers/
+  systemd.services.init-hugo-chat-podman-network = {
+    description = "Create the network bridge for hugo-chat.";
+    after = [ "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig.Type = "oneshot";
+    script = ''
+      	${lib.getExe pkgs.podman} network create hugo-chat || true
+      	'';
+  };
+  system.activationScripts.makeHugoChatDir = lib.stringAfter [ "var" ] ''
+    mkdir -p /var/lib/hugo-chat/data
+  '';
+}
--- a/nix/apps/killua/default.nix
+++ b/nix/apps/killua/default.nix
@ -0,0 +1,35 @@
+{ config, lib, ... }:
+let dataDir = "/var/lib/killua"; in
+{
+  age.secrets.killua_env.file = ../../secrets/killua_env.age;
+
+  virtualisation.oci-containers.containers = {
+    killua = {
+      image = "docker.noratrieb.dev/killua-bot:ac8203d2";
+      volumes = [
+        "${dataDir}:/data"
+      ];
+      environment = {
+        KILLUA_JSON_PATH = "/data/trivia_questions.json";
+      };
+      environmentFiles = [ config.age.secrets.killua_env.path ];
+      login = {
+        registry = "docker.noratrieb.dev";
+        username = "nils";
+        passwordFile = config.age.secrets.docker_registry_password.path;
+      };
+    };
+  };
+
+  services.custom-backup.jobs = [
+    {
+      app = "killua";
+      file = "${dataDir}/trivia_questions.json";
+    }
+  ];
+
+  system.activationScripts.makeKilluaDir = lib.stringAfter [ "var" ] ''
+    mkdir -p ${dataDir}
+    chmod ugo+w ${dataDir}
+  '';
+}
--- a/nix/apps/openolat/default.nix
+++ b/nix/apps/openolat/default.nix
@ -0,0 +1,72 @@
+{ config, lib, pkgs, ... }:
+let
+  dockerLogin = {
+    registry = "docker.noratrieb.dev";
+    username = "nils";
+    passwordFile = config.age.secrets.docker_registry_password.path;
+  };
+in
+{
+  age.secrets.openolat_db_password.file = ../../secrets/openolat_db_password.age;
+
+  virtualisation.oci-containers.containers = {
+    openolat = {
+      image = "docker.noratrieb.dev/openolat:69b3c8b6";
+      volumes = [
+        "/var/lib/openolat/files:/home/openolat/olatdata"
+        "${./extra-properties.properties}:/home/openolat/extra-properties.properties"
+      ];
+      ports = [ "127.0.0.1:5011:8088" ];
+      environment = {
+        # DB_PASSWORD = from openolat_db_password
+        DB_URL = "jdbc:postgresql://openolat-db:5432/oodb";
+        EXTRA_PROPERTIES = "/home/openolat/extra-properties.properties";
+        OLAT_HOST = "olat.noratrieb.dev";
+      };
+      environmentFiles = [ config.age.secrets.openolat_db_password.path ];
+      extraOptions = [ "--network=openolat" ];
+
+      dependsOn = [ "openolat-db" ];
+      login = dockerLogin;
+    };
+
+    openolat-db = {
+      image = "postgres:15";
+      volumes = [ "/var/lib/openolat/db:/var/lib/postgresql/data" ];
+      environment = {
+        POSTGRES_DB = "oodb";
+        POSTGRES_USER = "oodbu";
+        # POSTGRES_PASSWORD = from openolat_db_password
+        PGDATA = "/var/lib/postgresql/data/pgdata";
+      };
+      extraOptions = [ "--network=openolat" ];
+      environmentFiles = [ config.age.secrets.openolat_db_password.path ];
+    };
+  };
+
+  services.custom-backup.jobs = [
+    {
+      app = "openolat-db";
+      pgDump = {
+        containerName = "openolat-db";
+        dbName = "oodb";
+        userName = "oodbu";
+      };
+    }
+  ];
+
+  # https://www.reddit.com/r/NixOS/comments/13e5w6b/does_anyone_have_a_working_nixos_ocicontainers/
+  systemd.services.init-openolat-podman-network = {
+    description = "Create the network bridge for openolat.";
+    after = [ "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig.Type = "oneshot";
+    script = ''
+      	${lib.getExe pkgs.podman} network create openolat || true
+      	'';
+  };
+  system.activationScripts.makeOpenolatDir = lib.stringAfter [ "var" ] ''
+    mkdir -p /var/lib/openolat/db
+    mkdir -p /var/lib/openolat/files
+  '';
+}
--- a/nix/apps/openolat/extra-properties.properties
+++ b/nix/apps/openolat/extra-properties.properties
@ -0,0 +1 @@
+enforce.utf8.filesystem=false
--- a/nix/apps/upload-files/default.nix
+++ b/nix/apps/upload-files/default.nix
@ -0,0 +1,19 @@
+{ upload-files, pkgs, lib, config, ... }: {
+  age.secrets.upload_files_s3_secret.file = ../../secrets/upload_files_s3_secret.age;
+
+  systemd.services.upload-files = {
+    description = "upload.files.noratrieb.dev file uploader for files.noratrieb.dev";
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" ];
+    environment = {
+      UPLOAD_FILES_NORATRIEB_DEV_BUCKET = "files.noratrieb.dev";
+      UPLOAD_FILES_NORATRIEB_DEV_ENDPOINT = "http://localhost:3900";
+      UPLOAD_FILES_NORATRIEB_DEV_REGION = "garage";
+    };
+    serviceConfig = {
+      DynamicUser = true;
+      ExecStart = "${lib.getExe (upload-files {inherit pkgs;})}";
+      EnvironmentFile = [ config.age.secrets.upload_files_s3_secret.path ];
+    };
+  };
+}
--- a/nix/apps/uptime/default.nix
+++ b/nix/apps/uptime/default.nix
@ -0,0 +1,42 @@
+{ lib, config, ... }: {
+  virtualisation.oci-containers.containers.uptime = {
+    /*
+      uptime:
+      container_name: uptime
+      image: "docker.noratrieb.dev/uptime:50d15bc4"
+      restart: always
+      volumes:
+        - "/apps/uptime:/app/config"
+      environment:
+        UPTIME_CONFIG_PATH: /app/config/uptime.json
+      ports:
+        - "5010:3000"
+    */
+
+    image = "docker.noratrieb.dev/uptime:50d15bc4";
+    volumes = [
+      "${./uptime.json}:/uptime.json"
+      "/var/lib/uptime:/data"
+    ];
+    environment = {
+      UPTIME_CONFIG_PATH = "/uptime.json";
+    };
+    ports = [ "127.0.0.1:5010:3000" ];
+    login = {
+      registry = "docker.noratrieb.dev";
+      username = "nils";
+      passwordFile = config.age.secrets.docker_registry_password.path;
+    };
+  };
+
+  services.custom-backup.jobs = [
+    {
+      app = "uptime";
+      file = "/var/lib/uptime/uptime.db";
+    }
+  ];
+
+  system.activationScripts.makeUptimeDir = lib.stringAfter [ "var" ] ''
+    mkdir -p /var/lib/uptime/
+  '';
+}
--- a/nix/apps/uptime/uptime.json
+++ b/nix/apps/uptime/uptime.json
@ -0,0 +1,50 @@
+{
+  "interval_seconds": 30,
+  "db_url": "/data/uptime.db",
+  "websites": [
+    {
+      "name": "noratrieb.dev",
+      "url": "https://noratrieb.dev"
+    },
+    {
+      "name": "nilstrieb.dev",
+      "url": "https://nilstrieb.dev"
+    },
+    {
+      "name": "docker.nilstrieb.dev",
+      "url": "https://docker.noratrieb.dev"
+    },
+    {
+      "name": "vps1.nilstrieb.dev",
+      "url": "https://vps1.infra.noratrieb.dev"
+    },
+    {
+      "name": "vps2.nilstrieb.dev",
+      "url": "https://vps2.nilstrieb.dev"
+    },
+    {
+      "name": "bisect-rustc.nilstrieb.dev",
+      "url": "https://bisect-rustc.noratrieb.dev"
+    },
+    {
+      "name": "hugo-chat.nilstrieb.dev",
+      "url": "https://hugo-chat.noratrieb.dev"
+    },
+    {
+      "name": "api.hugo-chat.nilstrieb.dev",
+      "url": "https://api.hugo-chat.noratrieb.dev/api/v2/rooms"
+    },
+    {
+      "name": "cors-school.nilstrieb.dev",
+      "url": "https://cors-school.nilstrieb.dev"
+    },
+    {
+      "name": "api.cors-school.nilstrieb.dev",
+      "url": "https://api.cors-school.nilstrieb.dev/api/hugo"
+    },
+    {
+      "name": "olat.nilstrieb.dev",
+      "url": "https://olat.nilstrieb.dev/dmz/"
+    }
+  ]
+}
--- a/nix/apps/widetom/default.nix
+++ b/nix/apps/widetom/default.nix
@ -0,0 +1,33 @@
+{ config, ... }: {
+  age.secrets.widetom_bot_token.file = ../../secrets/widetom_bot_token.age;
+  age.secrets.widetom_config_toml.file = ../../secrets/widetom_config_toml.age;
+
+  virtualisation.oci-containers.containers = {
+    /*
+      container_name: widetom
+      image: "docker.noratrieb.dev/widetom:33d17387"
+      restart: always
+      volumes:
+        - "/apps/widetom:/app/config"
+      environment:
+        CONFIG_PATH: /app/config/config.toml
+        BOT_TOKEN_PATH: /app/config/bot_token
+    */
+    widetom = {
+      image = "docker.noratrieb.dev/widetom:33d17387";
+      volumes = [
+        "${config.age.secrets.widetom_config_toml.path}:/config.toml"
+        "${config.age.secrets.widetom_bot_token.path}:/token"
+      ];
+      environment = {
+        CONFIG_PATH = "/config.toml";
+        BOT_TOKEN_PATH = "/token";
+      };
+      login = {
+        registry = "docker.noratrieb.dev";
+        username = "nils";
+        passwordFile = config.age.secrets.docker_registry_password.path;
+      };
+    };
+  };
+}