diff --git a/newinfra/nix/apps/hugo-chat/default.nix b/newinfra/nix/apps/hugo-chat/default.nix index d76beb3..43107af 100644 --- a/newinfra/nix/apps/hugo-chat/default.nix +++ b/newinfra/nix/apps/hugo-chat/default.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: let dockerLogin = { registry = "docker.noratrieb.dev"; @@ -10,68 +10,46 @@ in age.secrets.hugochat_db_password.file = ../../secrets/hugochat_db_password.age; virtualisation.oci-containers.containers = { - /* - hugo_chat_client: - container_name: hugo-chat-client - image: "docker.noratrieb.dev/hugo-chat-client:63bd1922" - restart: always - ports: - - "5002:80" - */ hugo-chat-client = { - image = "docker.noratrieb.dev/hugo-chat-client:63bd1922"; + image = "docker.noratrieb.dev/hugo-chat-client:89ce0b07"; login = dockerLogin; ports = [ "127.0.0.1:5002:80" ]; }; - /* - hugo_chat_server: - container_name: hugo-chat-server - image: "docker.noratrieb.dev/hugo-chat-server:63bd1922" - ports: - - "5001:8080" - environment: - SPRING_DATASOURCE_URL: "jdbc:postgresql://hugo-chat-db:5432/hugochat" - SPRING_DATASOURCE_PASSWORD: "${HUGO_CHAT_DB_PASSWORD}" - networks: - - hugo-chat - */ - # disabled since the DB connection doesn't work yet. - #hugo-chat-server = { - # image = "docker.noratrieb.dev/hugo-chat-server:63bd1922"; - # ports = [ "5001:80" ]; - # environment = { - # SPRING_DATASOURCE_URL = "jdbc:postgresql://vps1.local:5003/hugochat"; - # }; - # environmentFiles = [ config.age.secrets.hugochat_db_password.path ]; - # login = dockerLogin; - #}; - /* - hugo_chat_db: - container_name: hugo-chat-db - image: "postgres:latest" - restart: always - volumes: - - "/apps/hugo-chat/data:/var/lib/postgresql/data" - environment: - POSTGRES_PASSWORD: "${HUGO_CHAT_DB_PASSWORD}" - PGDATA: "/var/lib/postgresql/data/pgdata" - networks: - - hugo-chat - */ + hugo-chat-server = { + image = "docker.noratrieb.dev/hugo-chat-server:89ce0b07"; + ports = [ "127.0.0.1:5001:8080" ]; + environment = { + SPRING_DATASOURCE_URL = "jdbc:postgresql://hugo-chat-db:5432/postgres"; + }; + environmentFiles = [ config.age.secrets.hugochat_db_password.path ]; + extraOptions = [ "--network=hugo-chat" ]; + + dependsOn = [ "hugo-chat-db" ]; + login = dockerLogin; + }; + hugo-chat-db = { image = "postgres:16"; - ports = [ "127.0.0.1:5003:80" ]; volumes = [ "/var/lib/hugo-chat/data:/var/lib/postgresql/data" ]; environment = { - POSTGRES_PASSWORD = "\${HUGO_CHAT_DB_PASSWORD}"; PGDATA = "/var/lib/postgresql/data/pgdata"; }; + extraOptions = [ "--network=hugo-chat" ]; environmentFiles = [ config.age.secrets.hugochat_db_password.path ]; }; }; - + # https://www.reddit.com/r/NixOS/comments/13e5w6b/does_anyone_have_a_working_nixos_ocicontainers/ + systemd.services.init-hugo-chat-podman-network = { + description = "Create the network bridge for hugo-chat."; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig.Type = "oneshot"; + script = '' + ${lib.getExe pkgs.podman} network create hugo-chat || true + ''; + }; system.activationScripts.makeHugoChatDir = lib.stringAfter [ "var" ] '' mkdir -p /var/lib/hugo-chat/data ''; diff --git a/newinfra/nix/hive.nix b/newinfra/nix/hive.nix index b6ce4b2..ac7c1ea 100644 --- a/newinfra/nix/hive.nix +++ b/newinfra/nix/hive.nix @@ -140,13 +140,12 @@ ./modules/contabo ./modules/wg-mesh ./modules/ingress + ./modules/podman ./apps/widetom ./apps/hugo-chat ./apps/uptime ]; - age.secrets.docker_registry_password.file = ./secrets/docker_registry_password.age; - deployment.tags = [ "ingress" "eu" "apps" "wg" ]; system.stateVersion = "23.11"; }; diff --git a/newinfra/nix/modules/ingress/Caddyfile b/newinfra/nix/modules/ingress/Caddyfile index 1a5c396..d259690 100644 --- a/newinfra/nix/modules/ingress/Caddyfile +++ b/newinfra/nix/modules/ingress/Caddyfile @@ -43,11 +43,6 @@ api.hugo-chat.noratrieb.dev { reverse_proxy * localhost:5001 } -# TODO: -# Set up a domain called gh-pages.noratrieb.dev that's a CNAME for noratrieb.github.io -# such that all one-off repos use that domain, making links redirectable in the future. -# i've posted a bunch of nilstrieb.github.io links that are now dead - ################################################################ # deadname redirects nilstrieb.dev { diff --git a/newinfra/nix/modules/podman/default.nix b/newinfra/nix/modules/podman/default.nix new file mode 100644 index 0000000..8d97937 --- /dev/null +++ b/newinfra/nix/modules/podman/default.nix @@ -0,0 +1,8 @@ +{ ... }: { + virtualisation.podman = { + enable = true; + }; + # https://github.com/NixOS/nixpkgs/issues/226365 + networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 5353 ]; + age.secrets.docker_registry_password.file = ../../secrets/docker_registry_password.age; +} diff --git a/newinfra/nix/secrets/docker_registry_password.age b/newinfra/nix/secrets/docker_registry_password.age index 98217bb..2e36b9f 100644 --- a/newinfra/nix/secrets/docker_registry_password.age +++ b/newinfra/nix/secrets/docker_registry_password.age @@ -1,6 +1,5 @@ age-encryption.org/v1 --> ssh-ed25519 qM6TYg 6TlkoQ0YMB4Cg0VqY8ec1RgRpfiRLh2YQpoc4D49uRg -BbqDPWQGmGrcDSdNNajm0GJJRlPiazgeF2/MRsyDZkw ---- OUif9tz9JRMMZEA1LTwPipE/Hezj5nVaN/qgiwoi3ws -"՝7l10I?Cjg3L -O8kI+h< \ No newline at end of file +-> ssh-ed25519 qM6TYg lW7MJ/iW+nvXMk984BZjeEojIbqDojP1y6w0sRkQpzM +5t7qrvWDhmIfs0F2Av1kkq0zB9LMiHG1uM9G73KjgY8 +--- BrrUNOV8vvacVsORvb5tnuoZENT8dvSv9ZQPKDY2cbA +YE@u6ZX_BSnj0i97hCySlH{ i \ No newline at end of file diff --git a/newinfra/nix/secrets/hugochat_db_password.age b/newinfra/nix/secrets/hugochat_db_password.age index 855e776..f819d6b 100644 --- a/newinfra/nix/secrets/hugochat_db_password.age +++ b/newinfra/nix/secrets/hugochat_db_password.age @@ -1,5 +1,5 @@ age-encryption.org/v1 --> ssh-ed25519 qM6TYg AP0dV7U8/42OGcDtBv5eq3jSLdmXP3fMfTnd9o86EVM -e5ftZHvKL6uqhInQgFSclzvnExxwYnFu0/ANTpa9bBI ---- Zyyydt+U1p6UR2BP+s3ynm2Q2MmzWWUSrhlBn5kZdCI -W{e8,?nr4KX{'2٭h 9<fP,U_NgTD4Z$Kz & \ No newline at end of file +-> ssh-ed25519 qM6TYg KvzMXsvYp7qnuTxYxqtYLxGqYDXomluSaUFb8zjngn4 +HNM0YiyvFfr7nEcoIP/w7KRgfL+7bgF0PPkxPqhNoJA +--- 1fPbYebzO+9VHQsSr/wIshnrqXCvO5AL0roNBbR64DE +^nj$w{x`0-68Yr >ͿT#$\ܖno%;pԄeƌNYn`޶i#gíL41*Hb¥UE6j%a)szFyJc02CkK2?M$v!8 \ No newline at end of file diff --git a/newinfra/nix/secrets/minio_env_file.age b/newinfra/nix/secrets/minio_env_file.age index 0eca6a2..0998fdb 100644 Binary files a/newinfra/nix/secrets/minio_env_file.age and b/newinfra/nix/secrets/minio_env_file.age differ diff --git a/newinfra/nix/secrets/wg_private_vps1.age b/newinfra/nix/secrets/wg_private_vps1.age index 44caeed..3e85a7a 100644 Binary files a/newinfra/nix/secrets/wg_private_vps1.age and b/newinfra/nix/secrets/wg_private_vps1.age differ diff --git a/newinfra/nix/secrets/wg_private_vps3.age b/newinfra/nix/secrets/wg_private_vps3.age index 01e7b93..e6f2fc7 100644 Binary files a/newinfra/nix/secrets/wg_private_vps3.age and b/newinfra/nix/secrets/wg_private_vps3.age differ diff --git a/newinfra/nix/secrets/wg_private_vps4.age b/newinfra/nix/secrets/wg_private_vps4.age index b374081..c31183a 100644 Binary files a/newinfra/nix/secrets/wg_private_vps4.age and b/newinfra/nix/secrets/wg_private_vps4.age differ diff --git a/newinfra/nix/secrets/wg_private_vps5.age b/newinfra/nix/secrets/wg_private_vps5.age index 8c23103..9fdef5a 100644 Binary files a/newinfra/nix/secrets/wg_private_vps5.age and b/newinfra/nix/secrets/wg_private_vps5.age differ diff --git a/newinfra/nix/secrets/widetom_bot_token.age b/newinfra/nix/secrets/widetom_bot_token.age index 774c72a..811d2e4 100644 Binary files a/newinfra/nix/secrets/widetom_bot_token.age and b/newinfra/nix/secrets/widetom_bot_token.age differ diff --git a/newinfra/nix/secrets/widetom_config_toml.age b/newinfra/nix/secrets/widetom_config_toml.age index 1ef149d..adf61a3 100644 Binary files a/newinfra/nix/secrets/widetom_config_toml.age and b/newinfra/nix/secrets/widetom_config_toml.age differ diff --git a/newinfra/secrets-git-crypt/hugochat_db_password b/newinfra/secrets-git-crypt/hugochat_db_password index adfca8d..6826ead 100644 Binary files a/newinfra/secrets-git-crypt/hugochat_db_password and b/newinfra/secrets-git-crypt/hugochat_db_password differ