From 63c3c97d7c5adefd95c8f02ed5055d251a20ddc5 Mon Sep 17 00:00:00 2001 From: Nilstrieb <48135649+Nilstrieb@users.noreply.github.com> Date: Fri, 26 Jul 2024 23:29:32 +0200 Subject: [PATCH] :tom: --- newinfra/nix/hive.nix | 7 ++++ newinfra/nix/modules/widetom/default.nix | 33 ++++++++++++++++++ .../nix/secrets/docker_registry_password.age | 5 +++ newinfra/nix/secrets/secrets.nix | 8 +++++ newinfra/nix/secrets/widetom_bot_token.age | Bin 0 -> 272 bytes newinfra/nix/secrets/widetom_config_toml.age | Bin 0 -> 4007 bytes playbooks/vps2.yml | 18 ---------- shell.nix | 1 + vps2/docker-compose.yml | 9 ----- 9 files changed, 54 insertions(+), 27 deletions(-) create mode 100644 newinfra/nix/modules/widetom/default.nix create mode 100644 newinfra/nix/secrets/docker_registry_password.age create mode 100644 newinfra/nix/secrets/secrets.nix create mode 100644 newinfra/nix/secrets/widetom_bot_token.age create mode 100644 newinfra/nix/secrets/widetom_config_toml.age diff --git a/newinfra/nix/hive.nix b/newinfra/nix/hive.nix index 1669820..3eb637a 100644 --- a/newinfra/nix/hive.nix +++ b/newinfra/nix/hive.nix @@ -27,6 +27,10 @@ dnsutils ]; + imports = [ + "${builtins.fetchTarball "https://github.com/ryantm/agenix/archive/de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6.tar.gz"}/modules/age.nix" # main 2024-07-26 + ]; + time.timeZone = "Europe/Zurich"; users.users.root.openssh.authorizedKeys.keys = [ ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG0n1ikUG9rYqobh7WpAyXrqZqxQoQ2zNJrFPj12gTpP nilsh@PC-Nils'' ]; @@ -113,8 +117,11 @@ imports = [ (modulesPath + "/profiles/qemu-guest.nix") ./modules/ingress + ./modules/widetom ]; + age.secrets.docker_registry_password.file = ./secrets/docker_registry_password.age; + # The name and nodes parameters are supported in Colmena, # allowing you to reference configurations in other nodes. networking.hostName = name; diff --git a/newinfra/nix/modules/widetom/default.nix b/newinfra/nix/modules/widetom/default.nix new file mode 100644 index 0000000..0cabaf3 --- /dev/null +++ b/newinfra/nix/modules/widetom/default.nix @@ -0,0 +1,33 @@ +{ config, ... }: { + age.secrets.widetom_bot_token.file = ../../secrets/widetom_bot_token.age; + age.secrets.widetom_config_toml.file = ../../secrets/widetom_config_toml.age; + + virtualisation.oci-containers.containers = { + /* + container_name: widetom + image: "docker.nilstrieb.dev/widetom:33d17387" + restart: always + volumes: + - "/apps/widetom:/app/config" + environment: + CONFIG_PATH: /app/config/config.toml + BOT_TOKEN_PATH: /app/config/bot_token + */ + widetom = { + image = "docker.nilstrieb.dev/widetom:33d17387"; + volumes = [ + "${config.age.secrets.widetom_config_toml.path}:/config.toml" + "${config.age.secrets.widetom_bot_token.path}:/token" + ]; + environment = { + CONFIG_PATH = "/config.toml"; + BOT_TOKEN_PATH = "/token"; + }; + login = { + registry = "docker.nilstrieb.dev"; + username = "nils"; + passwordFile = config.age.secrets.docker_registry_password.path; + }; + }; + }; +} diff --git a/newinfra/nix/secrets/docker_registry_password.age b/newinfra/nix/secrets/docker_registry_password.age new file mode 100644 index 0000000..9c0736b --- /dev/null +++ b/newinfra/nix/secrets/docker_registry_password.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 cVCt6g AAbb0ErTvg38WthfQ3l812GEevHWHclMOyFaPj4+GT0 +Rd83XSOPBQQVfCur8qOpMAxl0G25Obg/d4sLWW86Qb4 +--- fRS0N8vuoOh7BdE2mcDZrQJDwN+MgTwmYWfYDDvwFnY +Ni:l÷"½03Ç4‚²}zØV „òàžÖÁXÜ-†z—Ø­ð(k'Åæf[”÷>ôÐþáî¢ý® \ No newline at end of file diff --git a/newinfra/nix/secrets/secrets.nix b/newinfra/nix/secrets/secrets.nix new file mode 100644 index 0000000..8501dac --- /dev/null +++ b/newinfra/nix/secrets/secrets.nix @@ -0,0 +1,8 @@ +let + vps1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOixcV3SGAWRCMYYn+ybioFSBhpfkYzSU1nX+g6e5jI5"; +in +{ + "widetom_bot_token.age".publicKeys = [ vps1 ]; + "widetom_config_toml.age".publicKeys = [ vps1 ]; + "docker_registry_password.age".publicKeys = [ vps1 ]; +} diff --git a/newinfra/nix/secrets/widetom_bot_token.age b/newinfra/nix/secrets/widetom_bot_token.age new file mode 100644 index 0000000000000000000000000000000000000000..a801ee8a908dc55dac6edc8628a7f3d0a83d0873 GIT binary patch literal 272 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSn4s$LsOIOg>_bWF@ z4s&-kb@%gk(hm>G&2dUf&DSr_4$7_w_Xsl6H%iR&&JPU=E9Wwa%&78niZTuN2}v_g zDGfC74EHs+D9-T8atwDZG%+yB^fb!$H7p4C59QL;)l~=#_o;9x&hm3fHp|oxcFqbg z$n_7(cP&gT%uLL34GQxvHZbkBQzm8{(Ov>}8#p&!2T#!8d YOlN#Y{^S+jzxY-a2wm@C-SN8!09A8nCIA2c literal 0 HcmV?d00001 diff --git a/newinfra/nix/secrets/widetom_config_toml.age b/newinfra/nix/secrets/widetom_config_toml.age new file mode 100644 index 0000000000000000000000000000000000000000..00ae96ec2b7e3f912660b0930e0979e1b7dc670e GIT binary patch literal 4007 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSn4s$LsOIL^tbu~8e z)GsQ@%FA^Q%yuacG0F3a%rEiC)lYGX$V%}wbk3?U&&w#!HsG=hwzNz%Ff%NOh%hp! zG78K|Dh>>YEHS7GF-$G+atXCaEzigbDEHKMbmY?2)m6wX4bU!5)%MEsc6ahfa&jpu zGxGKDPS@6sN~|(SHjOlKjWjPwG_S}BaphV#!@D&jY~!1iGtItDJbupdU$g(WWuAYg zvj;w!|%`YG8wmSAAH1y=@PoI}t z9nlE#ub8c5Fx&KU@w}8Hw+|@4JbE_Rb92Fq-WOX|dY4&eI&HbQb5H9ecEc_5ZM**$ z@A~-2E5^Ozik!ihf9KaU`SBiUEa-_|#3j7_qvk6C)}NuTMK|V4J8K2K{I+-F-024I zcQ^fXGA?FOYVOFtAe{G9GOB&T^7v13`WpOC^u^AwTJK2h5Okld8{Cz!alUTDGY-SN zC7Ef#uM?hcDoj{?v#Z@-&t+QgWb?_lvnPK!wY@U@woJ7`QN-WVNujol9rs(Dr@cMD zq;J71FaN#IqLyyE71`GpxLN4XG*K<~Lw}$BZd43+e!Q_|;j-<`XE&xr{&eb^EcEJu zNEEX<$9WD8^?hawJNMh1IB6>I_w2ST&Q8{n3(2at7qaZ!zG&0Le{t+QGaV0mezlyb zU3`|w=l@gbsqU+TUg~e%8=&`}{j1lR>{D)O8_d4;?AvtsUv}s@vw3;Gl9lQya+9A+ zHYwju*ItqPtu?zWXG4J^OD*R$#oD#JeUn-`m_(oV}_g?&EH*EO8Cz9qaUuw<~Bp65gd#V0r3bvvBW8$Mc_?I~U>Fg6G4Sk1i|5;t5AwxVeOR94xa8+wevWJMGivAPEfOpa zG+)Xbn0HJ>`~NrbjekSpKYB!)bma4#&6>65-I;TyxA#8S=VorgKhg0Vi@i+2?z;^E zZx)(HYH8|_(tT@ zVZ&(Fq8)9%204v4VhXxf$ju4e#3rDzx?|m$>TPp%ewEBV1zFg{n)2s1{A+Mou{q-=xA@g_k+Y>%e{_$o?Uq_8&%tLpy0;X7r^ zvP|r2OTtXHsa~bZYbG%r;Q1)?tZC;V_6p{kdrnSHsPd|cx0q`1L+T38vgiL!h5Juz z@YU97?GE?rN@Teu&C1v|tI_h_=B3gn69Vd=&93)QyB+Ma`1zN`6Emfc2VB1)e*O>h z{p}o8lW%Fg>-q7XW9nn4oh+H0u^Vqqx+#&VBYpqh8B_r$NcGu2z4h86A1hd_iDIovy&EwEi1$zNIN<4f4rme}8saPo|Pei16(#t}t`|$>hdnR_*81H%ha^`i;=|M_! z1dmEC;MgN1ueUDICUY7`M*Os|`afSsw904h;$;5m=@H<6L^non$?F8Erb6EW)m2OG z`5l?G=+(Qgc{6!FJZgFRnjus_`tjYzyLPU77vihh9hrOA`2ERikK>G+U-=!;lb`8% z;O~hm+gJZ&p0`nb+8(bfp3B`gDi>|f5jhyM>}o=hV$7+@b4{xs9@o*{D|Gi8Q_b!W zk(Vi=v!nIi*s4l(?3es!w4nOP-JMa@(=;zfYWu?OS=4rM&WkRak=X6W zV$YT%6*xKc;k@FRF4g{a4%7L^anj=%f|83q)T z>0A4GHEWglnLkUuzQ1xRW;ps+s_VS$d_k(Ur=WFhtyX^Ou=P^<{ zRhF*pJMJxU)~<1enVSXQ``=DK=iT18E$78zqlzrON z=L8>@zNNMM?h-quY@tojmknL!vV@mfEVy&?!mUvG`(M7l_-phnV+*g1=My z{<-tD@as1roAqxkn;w_CVA}hiH&x$P%=bO)e%dO>YhQBLX+NRue7Ua=GoFuM={@b# z-j~}~udOQT|G<2p&FiYcYqy-Q+w**cQHy^!tT|U3a zJX@f?-zDXa)1k;cMm^3m7Jn+|DmYVcS$MKEPfxnc5{s-Ct*mEqlIN_S`g_^WofBd& zX_hegbVW|v!*Q;5#-pZ=sF^)Z44DFRml*%pQ~YU5pJebqv&_2Zy3H-CeOliyj9rwV zKmEr`^`$>FE*G%+c&C0mw8iygJgZFD<2$bB1tT`!Rof*jAZovNQtOp{&X%vYoxl3^ ztMAMUnLB3aulD$mBYxN6>9M<;&bjFHKX}pC^@9ELZrfwQt9`ZYDyOC_{-XQ4{nSdo z?~|1Ln!e{wC_Zdb{-ydgGxP7MddU;CcAiq-Jn`~l=ZIM{>IT-9P_#x!Zd&M4Na7 zpAOr6HP7yl9=AAe?0NQATK^Y*o44UDpMAzMm%?zS=-{X|+Q(N+*e<6zPiOI?M5{-P z>E17jQ+{5SHk z;#;su>bS@6koUK;C%CPA)$r1%_|bBo508~kEWdhBuu9&BS*0x0REWdy%2!(v>!lyW zH(a=9^upQe>gy}AKNcJ|IP{WxPJQ8WYyRi$KmL_ByB1E_@hExDs)*?tMzTVCl>W*d zQ(9hsSo!OcX>Ov7$2vH5Og}Y zbML%uS;tot>+}5ApY5Q!TsCeU*WX92nJfA9b=rGecU!)@&^rIxpA8GWXK!QnZCzvi zJ!#%4&0|sl(@yyZpM8;YsdPok4WV`krZR&fDd86vCm9`Y^U!DsiJL#?a`nwCil6td z-xVUnYW+iR>7Hu}$!&eBis#=A&??DOH#M(45r5#WhWhS0wdP~?+*R6#*Phae30}MK z^WvwQt2C>oKXXt_ai4FaCjNA?)IF7}?Yhldmn@TKv9Q_x^NHvC?T6>jQl0o;NjcwV z*7W&b9vTK_uAGojXY+wK?X{i$&(+x}9uuX0q&Z%VU+XNe+5O~cKF1lmXRQ2YAnR0V zD=By&Hs?XgS;dDsNA4Oe%$R8>d-Z)=jkfOEo`=V7w*1^ttA6RU@%QMQgkRqiUKC!* z&<sw3RN2vnD8<)7iOR^+s$<WgQ+>MQ=7JHX( zby&JL#Y*McG#R(Jed}EgmrAPK^0-sLd8OfT^WRimMzMd4Ta%r6m#}WRp7>V$gu?$R z(QH?kFSYgB9s6YWndR83oDV7a9L>oB+t1DTaez;@XGgFFElnD_eq}3^Z29hyVAuMsnVD z)(kynXNef^O_H$c*WST&WX*$GQ$Ghg!hB)KlR&VRad9?$l~ol*^+Hw}%-*EIj-nfftEvwDigBi%F0 zf7PdKw%Yq?>bBe8-k6+vdRJNGM0uw4{ZzS_$LC%>GpT2(XnOI%?745>xo>~$zRY>j!~BhxXIRhM?OY`M(dWw7$oF-VRaSexd$c@J@F5FVCL%C+N}k zv%;6%y( zG@p1{c*%;YF6+I^CT~t~m1Ok$uq3^zxTV>=xJ4_9Pre-D?r7l(Q@wrWG z7Zw%l+?&yQCFT1<^_@RI{EJKTdRv>haD@?joy6Mb(rae86-IA$y3p{#Qzf^0!e#mU zU-#*rXHH~UGA*=UVp-g}o9#Se{~F~V$xi)ixnh3F61R$Vl9QjkSN^c@#{EmJN8RsV QEjy5+*VjBF&7|uI0CPpP3jhEB literal 0 HcmV?d00001 diff --git a/playbooks/vps2.yml b/playbooks/vps2.yml index ef71895..7c78958 100644 --- a/playbooks/vps2.yml +++ b/playbooks/vps2.yml @@ -63,24 +63,6 @@ src: "../secrets/registry/htpasswd" mode: "u=r,g=r,o=r" ##### - # APP: widetom, /apps/widetom - ##### - - name: Create /apps/widetom - ansible.builtin.file: - path: "/apps/widetom" - state: directory - mode: u=rwx,g=rx,o=rx - - name: Copy widetom config.toml - ansible.builtin.copy: - dest: "/apps/widetom/config.toml" - src: "../secrets/widetom/config.toml" - mode: "u=r,g=r,o=r" - - name: Copy widetom bot_token - ansible.builtin.copy: - dest: "/apps/widetom/bot_token" - src: "../secrets/widetom/bot_token" - mode: "u=r,g=r,o=r" - ##### # APP: killua bot, /apps/killua ##### - name: Create /apps/killua diff --git a/shell.nix b/shell.nix index a665039..dde9947 100644 --- a/shell.nix +++ b/shell.nix @@ -11,5 +11,6 @@ shellcheck git-crypt opentofu + (import (builtins.fetchTarball "https://github.com/ryantm/agenix/archive/de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6.tar.gz") { }).agenix ]; } diff --git a/vps2/docker-compose.yml b/vps2/docker-compose.yml index c9bee86..c72cbaa 100644 --- a/vps2/docker-compose.yml +++ b/vps2/docker-compose.yml @@ -19,15 +19,6 @@ services: - "/apps/prometheus/data:/opt/bitnami/prometheus/data" networks: - prometheus - widetom: - container_name: widetom - image: "docker.nilstrieb.dev/widetom:33d17387" - restart: always - volumes: - - "/apps/widetom:/app/config" - environment: - CONFIG_PATH: /app/config/config.toml - BOT_TOKEN_PATH: /app/config/bot_token killua: container_name: killua image: "docker.nilstrieb.dev/killua-bot:ac8203d2"