hugo-chat works

newinfra/nix/apps/hugo-chat/default.nix

@@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:
 let
   dockerLogin = {
     registry = "docker.noratrieb.dev";
@@ -10,68 +10,46 @@ in
   age.secrets.hugochat_db_password.file = ../../secrets/hugochat_db_password.age;
 
   virtualisation.oci-containers.containers = {
-    /*
-      hugo_chat_client:
-        container_name: hugo-chat-client
-        image: "docker.noratrieb.dev/hugo-chat-client:63bd1922"
-        restart: always
-        ports:
-          - "5002:80"
-    */
     hugo-chat-client = {
-      image = "docker.noratrieb.dev/hugo-chat-client:63bd1922";
+      image = "docker.noratrieb.dev/hugo-chat-client:89ce0b07";
       login = dockerLogin;
       ports = [ "127.0.0.1:5002:80" ];
     };
-    /*
-      hugo_chat_server:
-        container_name: hugo-chat-server
-        image: "docker.noratrieb.dev/hugo-chat-server:63bd1922"
-        ports:
-          - "5001:8080"
-        environment:
-          SPRING_DATASOURCE_URL: "jdbc:postgresql://hugo-chat-db:5432/hugochat"
-          SPRING_DATASOURCE_PASSWORD: "${HUGO_CHAT_DB_PASSWORD}"
-        networks:
-          - hugo-chat
-    */
-    # disabled since the DB connection doesn't work yet.
-    #hugo-chat-server = {
-    #  image = "docker.noratrieb.dev/hugo-chat-server:63bd1922";
-    #  ports = [ "5001:80" ];
-    #  environment = {
-    #    SPRING_DATASOURCE_URL = "jdbc:postgresql://vps1.local:5003/hugochat";
-    #  };
-    #  environmentFiles = [ config.age.secrets.hugochat_db_password.path ];
-    #  login = dockerLogin;
-    #};
 
-    /*
+    hugo-chat-server = {
-      hugo_chat_db:
+      image = "docker.noratrieb.dev/hugo-chat-server:89ce0b07";
-        container_name: hugo-chat-db
+      ports = [ "127.0.0.1:5001:8080" ];
-        image: "postgres:latest"
+      environment = {
-        restart: always
+        SPRING_DATASOURCE_URL = "jdbc:postgresql://hugo-chat-db:5432/postgres";
-        volumes:
+      };
-          - "/apps/hugo-chat/data:/var/lib/postgresql/data"
+      environmentFiles = [ config.age.secrets.hugochat_db_password.path ];
-        environment:
+      extraOptions = [ "--network=hugo-chat" ];
-          POSTGRES_PASSWORD: "${HUGO_CHAT_DB_PASSWORD}"
+
-          PGDATA: "/var/lib/postgresql/data/pgdata"
+      dependsOn = [ "hugo-chat-db" ];
-        networks:
+      login = dockerLogin;
-          - hugo-chat
+    };
-    */
+
     hugo-chat-db = {
       image = "postgres:16";
-      ports = [ "127.0.0.1:5003:80" ];
       volumes = [ "/var/lib/hugo-chat/data:/var/lib/postgresql/data" ];
       environment = {
-        POSTGRES_PASSWORD = "\${HUGO_CHAT_DB_PASSWORD}";
         PGDATA = "/var/lib/postgresql/data/pgdata";
       };
+      extraOptions = [ "--network=hugo-chat" ];
       environmentFiles = [ config.age.secrets.hugochat_db_password.path ];
     };
   };
 
-
+  # https://www.reddit.com/r/NixOS/comments/13e5w6b/does_anyone_have_a_working_nixos_ocicontainers/
+  systemd.services.init-hugo-chat-podman-network = {
+    description = "Create the network bridge for hugo-chat.";
+    after = [ "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig.Type = "oneshot";
+    script = ''
+      	${lib.getExe pkgs.podman} network create hugo-chat || true
+      	'';
+  };
   system.activationScripts.makeHugoChatDir = lib.stringAfter [ "var" ] ''
     mkdir -p /var/lib/hugo-chat/data
   '';

newinfra/nix/hive.nix

@@ -140,13 +140,12 @@
       ./modules/contabo
       ./modules/wg-mesh
       ./modules/ingress
+      ./modules/podman
       ./apps/widetom
       ./apps/hugo-chat
       ./apps/uptime
     ];
 
-    age.secrets.docker_registry_password.file = ./secrets/docker_registry_password.age;
-
     deployment.tags = [ "ingress" "eu" "apps" "wg" ];
     system.stateVersion = "23.11";
   };

newinfra/nix/modules/ingress/Caddyfile

@@ -43,11 +43,6 @@ api.hugo-chat.noratrieb.dev {
 	reverse_proxy * localhost:5001
 }
 
-# TODO:
-# Set up a domain called gh-pages.noratrieb.dev that's a CNAME for noratrieb.github.io
-# such that all one-off repos use that domain, making links redirectable in the future.
-# i've posted a bunch of nilstrieb.github.io links that are now dead
-
 ################################################################
 # deadname redirects
 nilstrieb.dev {

newinfra/nix/modules/podman/default.nix

@@ -0,0 +1,8 @@
+{ ... }: {
+  virtualisation.podman = {
+    enable = true;
+  };
+  # https://github.com/NixOS/nixpkgs/issues/226365
+  networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 5353 ];
+  age.secrets.docker_registry_password.file = ../../secrets/docker_registry_password.age;
+}

newinfra/nix/secrets/docker_registry_password.age

@@ -1,6 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 qM6TYg 6TlkoQ0YMB4Cg0VqY8ec1RgRpfiRLh2YQpoc4D49uRg
+-> ssh-ed25519 qM6TYg lW7MJ/iW+nvXMk984BZjeEojIbqDojP1y6w0sRkQpzM
-BbqDPWQGmGrcDSdNNajm0GJJRlPiazgeF2/MRsyDZkw
+5t7qrvWDhmIfs0F2Av1kkq0zB9LMiHG1uM9G73KjgY8
---- OUif9tz9JRMMZEA1LTwPipE/Hezj5nVaN/qgiwoi3ws
+--- BrrUNOV8vvacVsORvb5tnuoZENT8dvSv9ZQPKDY2cbA
-ç"Õ<>7¦àl¹Ç1™<31>ÏÁª0ÀI—¯?²Cjãgé3ªäLè§
+<EFBFBD>ˆYE¥@¥u6Z®X_B†ðSÃõŒnj0Øiº9™7hC<68>“¨ÛyêSlH{Ø
Ôi<C394>
-æOŠ8äkIð+ð­îßh<

newinfra/nix/secrets/hugochat_db_password.age

@@ -1,5 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 qM6TYg AP0dV7U8/42OGcDtBv5eq3jSLdmXP3fMfTnd9o86EVM
+-> ssh-ed25519 qM6TYg KvzMXsvYp7qnuTxYxqtYLxGqYDXomluSaUFb8zjngn4
-e5ftZHvKL6uqhInQgFSclzvnExxwYnFu0/ANTpa9bBI
+HNM0YiyvFfr7nEcoIP/w7KRgfL+7bgF0PPkxPqhNoJA
---- Zyyydt+U1p6UR2BP+s3ynm2Q2MmzWWUSrhlBn5kZdCI
+--- 1fPbYebzO+9VHQsSr/wIshnrqXCvO5AL0roNBbR64DE
-W<>ë‘×{ÅõeÍ8ø,?nr4KžXÌ{'±2Ù­h°
<0A>ìåïÒÌÈÂç9<ݤfÝP¥„á,U_µNgþŠTø¬Dû4€<34>Z‚$¼„óÛKÍz¥Ý¦®&
+¤£^nÕj$‹w
{x–Ú`Éî€0Ì-Õó´6†8Yr
><1C>©Í¿Tà#Ôý¡$\Ü–ñœno%ž;´ñíÑpÔ„eõž‘ò±ÿÆŒ”NYñøín¶`Þ¶i#<23>ƒgíÍàLÀîÇ4È1*±Hùýþ
ÉÂbÂ¥úUEï¹6µj%aƒ)szFyJc02CèkK2?¾¢ÜM$v”!Á8£þ­Ï