:tom:

2026-01-14 16:55:00 +01:00 · 2024-07-26 23:29:32 +02:00 · 2024-07-26 23:29:32 +02:00 · 63c3c97d7c
commit 63c3c97d7c
parent f1b44ee910
9 changed files with 54 additions and 27 deletions
--- a/newinfra/nix/hive.nix
+++ b/newinfra/nix/hive.nix
@ -27,6 +27,10 @@
      dnsutils
    ];

+    imports = [
+      "${builtins.fetchTarball "https://github.com/ryantm/agenix/archive/de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6.tar.gz"}/modules/age.nix" # main 2024-07-26
+    ];
+
    time.timeZone = "Europe/Zurich";
    users.users.root.openssh.authorizedKeys.keys = [ ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG0n1ikUG9rYqobh7WpAyXrqZqxQoQ2zNJrFPj12gTpP nilsh@PC-Nils'' ];

@ -113,8 +117,11 @@
    imports = [
      (modulesPath + "/profiles/qemu-guest.nix")
      ./modules/ingress
+      ./modules/widetom
    ];

+    age.secrets.docker_registry_password.file = ./secrets/docker_registry_password.age;
+
    # The name and nodes parameters are supported in Colmena,
    # allowing you to reference configurations in other nodes.
    networking.hostName = name;
--- a/newinfra/nix/modules/widetom/default.nix
+++ b/newinfra/nix/modules/widetom/default.nix
@ -0,0 +1,33 @@
+{ config, ... }: {
+  age.secrets.widetom_bot_token.file = ../../secrets/widetom_bot_token.age;
+  age.secrets.widetom_config_toml.file = ../../secrets/widetom_config_toml.age;
+
+  virtualisation.oci-containers.containers = {
+    /*
+      container_name: widetom
+      image: "docker.nilstrieb.dev/widetom:33d17387"
+      restart: always
+      volumes:
+        - "/apps/widetom:/app/config"
+      environment:
+        CONFIG_PATH: /app/config/config.toml
+        BOT_TOKEN_PATH: /app/config/bot_token
+    */
+    widetom = {
+      image = "docker.nilstrieb.dev/widetom:33d17387";
+      volumes = [
+        "${config.age.secrets.widetom_config_toml.path}:/config.toml"
+        "${config.age.secrets.widetom_bot_token.path}:/token"
+      ];
+      environment = {
+        CONFIG_PATH = "/config.toml";
+        BOT_TOKEN_PATH = "/token";
+      };
+      login = {
+        registry = "docker.nilstrieb.dev";
+        username = "nils";
+        passwordFile = config.age.secrets.docker_registry_password.path;
+      };
+    };
+  };
+}
--- a/newinfra/nix/secrets/docker_registry_password.age
+++ b/newinfra/nix/secrets/docker_registry_password.age
@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 cVCt6g AAbb0ErTvg38WthfQ3l812GEevHWHclMOyFaPj4+GT0
+Rd83XSOPBQQVfCur8qOpMAxl0G25Obg/d4sLWW86Qb4
+--- fRS0N8vuoOh7BdE2mcDZrQJDwN+MgTwmYWfYDDvwFnY
+Ni:l÷"½03Ç4‚²}zØV„òàžÖÁXÜ-†z—Øð(k'Åæf[”÷>ôÐþáî¢ý®
--- a/newinfra/nix/secrets/secrets.nix
+++ b/newinfra/nix/secrets/secrets.nix
@ -0,0 +1,8 @@
+let
+  vps1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOixcV3SGAWRCMYYn+ybioFSBhpfkYzSU1nX+g6e5jI5";
+in
+{
+  "widetom_bot_token.age".publicKeys = [ vps1 ];
+  "widetom_config_toml.age".publicKeys = [ vps1 ];
+  "docker_registry_password.age".publicKeys = [ vps1 ];
+}
--- a/newinfra/nix/secrets/widetom_bot_token.age
+++ b/newinfra/nix/secrets/widetom_bot_token.age
--- a/newinfra/nix/secrets/widetom_config_toml.age
+++ b/newinfra/nix/secrets/widetom_config_toml.age