diff --git a/.gitattributes b/.gitattributes index 1a9fc77..d688e0f 100644 --- a/.gitattributes +++ b/.gitattributes @@ -3,4 +3,3 @@ /secrets/** filter=git-crypt diff=git-crypt /newinfra/secrets-git-crypt/** filter=git-crypt diff=git-crypt -/secrets-git-crypt/** filter=git-crypt diff=git-crypt diff --git a/.github/workflows/apply.yaml b/.github/workflows/apply.yaml new file mode 100644 index 0000000..f18fb9f --- /dev/null +++ b/.github/workflows/apply.yaml @@ -0,0 +1,27 @@ +name: Run playbooks + +on: + workflow_dispatch: + +jobs: + build: + runs-on: ubuntu-latest + name: Run playbooks + steps: + - uses: actions/checkout@8b5e8b768746b50394015010d25e690bfab9dfbc # v3.6.0 + - name: Unlock secrets + uses: sliteteam/github-action-git-crypt-unlock@8b1fa3ccc81e322c5c45fbab261eee46513fd3f8 # v1.2.0 + env: + GIT_CRYPT_KEY: ${{ secrets.GIT_CRYPT_KEY_BASE64 }} + - name: Run Ansible playbook + uses: dawidd6/action-ansible-playbook@260ab3adce54d53c5db8f1b2eed1380ae5c73fea # v2.6.1 + with: + playbook: all.yml + directory: playbooks + key: ${{ secrets.VPS_DEPLOY_KEY }} + known_hosts: | + vps1.nilstrieb.dev ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOjiNfzZQpN2KWd1LSM/LL+dLx8snlCV6jYys+W4NOBH + vps2.nilstrieb.dev ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKzt3OZAOG2sih8T9Bhoqg8ANBP5ZX60z0xmUW4cBWvX + options: | + --inventory inventory.yml + -u root diff --git a/Dockerfile.test b/Dockerfile.test new file mode 100644 index 0000000..449fd74 --- /dev/null +++ b/Dockerfile.test @@ -0,0 +1 @@ +FROM scratch \ No newline at end of file diff --git a/README.md b/README.md index 4093fce..fd16598 100644 --- a/README.md +++ b/README.md @@ -1,30 +1,39 @@ -# new infra +# Infra setup -New infra based on more servers and more shit. +## TODOS -All servers have their hostname as their name here and are reachable via `$hostname.infra.noratrieb.dev`. -They will have different firewall configurations depending on their roles. +There are many todos here. First, grep this codebase for `todo`. In addition to that: +- backups +- data replication across the two servers. i have two servers, let's use that power. maybe rsync or something like that? -## DNS +## server?? -Two [knot-dns](https://www.knot-dns.cz/) nameservers (`dns1`, `dns2`). -All records are fully static, generated in the NixOS config. +Each VPS has a caddy running _on the host_, not inside docker. It's the entrypoint to the stuff. +Everything else runs in a docker container via docker compose. -## HTTP(S) +## extra setup -stuff. +every app needs some secrets in places. -## provisioning +there are also "global secrets" used for the docker-compose, for example +for env vars. those should be placed in `/apps/.env`. -NixOS is provisioned by running [nixos-infect](https://github.com/elitak/nixos-infect) over a default image. - -> Contabo sets the hostname to something like vmi######.contaboserver.net, Nixos only allows RFC 1035 compliant hostnames (see here). -> Run `hostname something_without_dots` before running the script. -> If you run the script before changing the hostname - remove the /etc/nixos/configuration.nix so it's regenerated with the new hostname. +Right now the global secrets are ``` -hostname tmp -curl -LO https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect -bash nixos-infect +KILLUA_BOT_TOKEN= +HUGO_CHAT_DB_PASSWORD= ``` + +## things that shall not be forgotten + +there once was some custom k8s cluster setup in `./k8s-cluster`. it was incomplete and pretty cursed. + +also some kubernetes config in `./kube`. why. + +gloriously not great docker configs in `./docker`. + +`nginx`, `registry` with config for the two. + +`run_scripts` with not good scripts for starting containers. diff --git a/nix/apps/openolat/extra-properties.properties b/apps/openolat/extra-properties.properties similarity index 100% rename from nix/apps/openolat/extra-properties.properties rename to apps/openolat/extra-properties.properties diff --git a/ci/build.sh b/ci/build.sh index e5c7a26..7a40715 100755 --- a/ci/build.sh +++ b/ci/build.sh @@ -7,9 +7,9 @@ APP="$1" if [ "$APP" = "hugo-chat" ]; then REPO="https://github.com/C0RR1T/HugoChat.git" elif [ "$APP" = "cors" ]; then - REPO="https://github.com/noratrieb-lehre/davinci-cors.git" + REPO="https://github.com/nilstrieb-lehre/davinci-cors.git" else - REPO="https://github.com/Noratrieb/$APP.git" + REPO="https://github.com/Nilstrieb/$APP.git" fi echo "Checking out $REPO" diff --git a/misc/vps_deploy_key.pub b/misc/vps_deploy_key.pub new file mode 100644 index 0000000..ce48e01 --- /dev/null +++ b/misc/vps_deploy_key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0Yl4+vAFgN+d82emRY8tHDgM7Pp0rLIsKBZku+YUsd vps-deploy-key diff --git a/newinfra/README.md b/newinfra/README.md new file mode 100644 index 0000000..fe67e82 --- /dev/null +++ b/newinfra/README.md @@ -0,0 +1,41 @@ +# new infra + +New infra based on more servers and more shit. + +All servers have their hostname as their name here and are reachable via `$hostname.infra.noratrieb.dev`. +They will have different firewall configurations depending on their roles. + +``` + +-------- -------- +| dns1 | | dns2 | +-------- -------- + +-------- +| vps1 | +-------- + +``` + +## DNS + +Two [knot-dns](https://www.knot-dns.cz/) nameservers (`dns1`, `dns2`). +All records are fully static, generated in the NixOS config. + +## HTTP(S) + +stuff. + +## provisioning + +NixOS is provisioned by running [nixos-infect](https://github.com/elitak/nixos-infect) over a default image. + +> Contabo sets the hostname to something like vmi######.contaboserver.net, Nixos only allows RFC 1035 compliant hostnames (see here). +> Run `hostname something_without_dots` before running the script. +> If you run the script before changing the hostname - remove the /etc/nixos/configuration.nix so it's regenerated with the new hostname. + +``` +hostname tmp +curl -LO https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect +bash nixos-infect +``` diff --git a/nix/apps/cargo-bisect-rustc-service/default.nix b/newinfra/nix/apps/cargo-bisect-rustc-service/default.nix similarity index 100% rename from nix/apps/cargo-bisect-rustc-service/default.nix rename to newinfra/nix/apps/cargo-bisect-rustc-service/default.nix diff --git a/nix/apps/does-it-build/default.nix b/newinfra/nix/apps/does-it-build/default.nix similarity index 100% rename from nix/apps/does-it-build/default.nix rename to newinfra/nix/apps/does-it-build/default.nix diff --git a/nix/apps/forgejo/default.nix b/newinfra/nix/apps/forgejo/default.nix similarity index 100% rename from nix/apps/forgejo/default.nix rename to newinfra/nix/apps/forgejo/default.nix diff --git a/nix/apps/hugo-chat/default.nix b/newinfra/nix/apps/hugo-chat/default.nix similarity index 100% rename from nix/apps/hugo-chat/default.nix rename to newinfra/nix/apps/hugo-chat/default.nix diff --git a/nix/apps/killua/default.nix b/newinfra/nix/apps/killua/default.nix similarity index 100% rename from nix/apps/killua/default.nix rename to newinfra/nix/apps/killua/default.nix diff --git a/nix/apps/openolat/default.nix b/newinfra/nix/apps/openolat/default.nix similarity index 100% rename from nix/apps/openolat/default.nix rename to newinfra/nix/apps/openolat/default.nix diff --git a/newinfra/nix/apps/openolat/extra-properties.properties b/newinfra/nix/apps/openolat/extra-properties.properties new file mode 100644 index 0000000..17343fa --- /dev/null +++ b/newinfra/nix/apps/openolat/extra-properties.properties @@ -0,0 +1 @@ +enforce.utf8.filesystem=false diff --git a/nix/apps/upload-files/default.nix b/newinfra/nix/apps/upload-files/default.nix similarity index 100% rename from nix/apps/upload-files/default.nix rename to newinfra/nix/apps/upload-files/default.nix diff --git a/nix/apps/uptime/default.nix b/newinfra/nix/apps/uptime/default.nix similarity index 100% rename from nix/apps/uptime/default.nix rename to newinfra/nix/apps/uptime/default.nix diff --git a/nix/apps/uptime/uptime.json b/newinfra/nix/apps/uptime/uptime.json similarity index 100% rename from nix/apps/uptime/uptime.json rename to newinfra/nix/apps/uptime/uptime.json diff --git a/nix/apps/widetom/default.nix b/newinfra/nix/apps/widetom/default.nix similarity index 100% rename from nix/apps/widetom/default.nix rename to newinfra/nix/apps/widetom/default.nix diff --git a/nix/deploy/deploy-dns.sh b/newinfra/nix/deploy/deploy-dns.sh similarity index 100% rename from nix/deploy/deploy-dns.sh rename to newinfra/nix/deploy/deploy-dns.sh diff --git a/nix/deploy/smoke-tests.sh b/newinfra/nix/deploy/smoke-tests.sh similarity index 100% rename from nix/deploy/smoke-tests.sh rename to newinfra/nix/deploy/smoke-tests.sh diff --git a/nix/hive.nix b/newinfra/nix/hive.nix similarity index 92% rename from nix/hive.nix rename to newinfra/nix/hive.nix index 6182440..6410db8 100644 --- a/nix/hive.nix +++ b/newinfra/nix/hive.nix @@ -53,16 +53,7 @@ wg = { privateIP = "10.0.0.1"; publicKey = "5tg3w/TiCuCeKIBJCd6lHUeNjGEA76abT1OXnhNVyFQ="; - peers = [ "vps2" "vps3" "vps4" "vps5" ]; - }; - }; - vps2 = { - publicIPv4 = "184.174.32.252"; - publicIPv6 = null; - wg = { - privateIP = "10.0.0.2"; - publicKey = "SficHHJ0ynpZoGah5heBpNKnEVIVrgs72Z5HEKd3jHA="; - peers = [ "vps1" "vps3" "vps4" "vps5" ]; + peers = [ "vps3" "vps4" "vps5" ]; }; }; vps3 = { @@ -71,7 +62,7 @@ wg = { privateIP = "10.0.0.3"; publicKey = "pdUxG1vhmYraKzIIEFxTRAMhGwGztBL/Ly5icJUV3g0="; - peers = [ "vps1" "vps2" "vps4" "vps5" "dns1" "dns2" ]; + peers = [ "vps1" "vps4" "vps5" "dns1" "dns2" ]; }; }; vps4 = { @@ -82,7 +73,7 @@ wg = { privateIP = "10.0.0.4"; publicKey = "+n2XKKaSFdCanEGRd41cvnuwJ0URY0HsnpBl6ZrSBRs="; - peers = [ "vps1" "vps2" "vps3" "vps5" ]; + peers = [ "vps1" "vps3" "vps5" ]; }; }; vps5 = { @@ -91,7 +82,7 @@ wg = { privateIP = "10.0.0.5"; publicKey = "r1cwt63fcOR+FTqMTUpZdK4/MxpalkDYRHXyy7osWUk="; - peers = [ "vps1" "vps2" "vps3" "vps4" ]; + peers = [ "vps1" "vps3" "vps4" ]; }; }; }; @@ -199,19 +190,6 @@ deployment.tags = [ "caddy" "eu" "apps" "website" ]; system.stateVersion = "23.11"; }; - # VPS2 exists - vps2 = { name, nodes, modulesPath, config, lib, ... }: { - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - ./modules/contabo - ./modules/wg-mesh - ./modules/caddy - ./modules/garage - ]; - - deployment.tags = [ "caddy" "eu" "apps" ]; - system.stateVersion = "23.11"; - }; # VPS3 is the primary monitoring/metrics server. vps3 = { name, nodes, modulesPath, config, ... }: { imports = [ diff --git a/nix/modules/backup/backup.sh b/newinfra/nix/modules/backup/backup.sh similarity index 100% rename from nix/modules/backup/backup.sh rename to newinfra/nix/modules/backup/backup.sh diff --git a/nix/modules/backup/default.nix b/newinfra/nix/modules/backup/default.nix similarity index 100% rename from nix/modules/backup/default.nix rename to newinfra/nix/modules/backup/default.nix diff --git a/nix/modules/caddy/base.Caddyfile b/newinfra/nix/modules/caddy/base.Caddyfile similarity index 100% rename from nix/modules/caddy/base.Caddyfile rename to newinfra/nix/modules/caddy/base.Caddyfile diff --git a/nix/modules/caddy/caddy-build.nix b/newinfra/nix/modules/caddy/caddy-build.nix similarity index 100% rename from nix/modules/caddy/caddy-build.nix rename to newinfra/nix/modules/caddy/caddy-build.nix diff --git a/nix/modules/caddy/caddy-static-prepare/default.nix b/newinfra/nix/modules/caddy/caddy-static-prepare/default.nix similarity index 100% rename from nix/modules/caddy/caddy-static-prepare/default.nix rename to newinfra/nix/modules/caddy/caddy-static-prepare/default.nix diff --git a/nix/modules/caddy/caddy-static-prepare/prepare.py b/newinfra/nix/modules/caddy/caddy-static-prepare/prepare.py similarity index 100% rename from nix/modules/caddy/caddy-static-prepare/prepare.py rename to newinfra/nix/modules/caddy/caddy-static-prepare/prepare.py diff --git a/nix/modules/caddy/debugging-page/index.html b/newinfra/nix/modules/caddy/debugging-page/index.html similarity index 100% rename from nix/modules/caddy/debugging-page/index.html rename to newinfra/nix/modules/caddy/debugging-page/index.html diff --git a/nix/modules/caddy/default.nix b/newinfra/nix/modules/caddy/default.nix similarity index 100% rename from nix/modules/caddy/default.nix rename to newinfra/nix/modules/caddy/default.nix diff --git a/nix/modules/caddy/vps1.Caddyfile b/newinfra/nix/modules/caddy/vps1.Caddyfile similarity index 100% rename from nix/modules/caddy/vps1.Caddyfile rename to newinfra/nix/modules/caddy/vps1.Caddyfile diff --git a/nix/modules/caddy/vps3.Caddyfile b/newinfra/nix/modules/caddy/vps3.Caddyfile similarity index 100% rename from nix/modules/caddy/vps3.Caddyfile rename to newinfra/nix/modules/caddy/vps3.Caddyfile diff --git a/nix/modules/caddy/vps4.Caddyfile b/newinfra/nix/modules/caddy/vps4.Caddyfile similarity index 100% rename from nix/modules/caddy/vps4.Caddyfile rename to newinfra/nix/modules/caddy/vps4.Caddyfile diff --git a/nix/modules/contabo/default.nix b/newinfra/nix/modules/contabo/default.nix similarity index 100% rename from nix/modules/contabo/default.nix rename to newinfra/nix/modules/contabo/default.nix diff --git a/nix/modules/default/default.nix b/newinfra/nix/modules/default/default.nix similarity index 100% rename from nix/modules/default/default.nix rename to newinfra/nix/modules/default/default.nix diff --git a/nix/modules/dns/default.nix b/newinfra/nix/modules/dns/default.nix similarity index 100% rename from nix/modules/dns/default.nix rename to newinfra/nix/modules/dns/default.nix diff --git a/nix/modules/dns/nilstrieb.dev.nix b/newinfra/nix/modules/dns/nilstrieb.dev.nix similarity index 94% rename from nix/modules/dns/nilstrieb.dev.nix rename to newinfra/nix/modules/dns/nilstrieb.dev.nix index 1d0fb7d..f804411 100644 --- a/nix/modules/dns/nilstrieb.dev.nix +++ b/newinfra/nix/modules/dns/nilstrieb.dev.nix @@ -37,6 +37,11 @@ let ns1 = dns1; ns2 = dns2; + # apps + cors-school = vps2 // { + subdomains.api = vps2; + }; + localhost.A = [ (a "127.0.0.1") ]; # --- retired: diff --git a/nix/modules/dns/noratrieb.dev.nix b/newinfra/nix/modules/dns/noratrieb.dev.nix similarity index 96% rename from nix/modules/dns/noratrieb.dev.nix rename to newinfra/nix/modules/dns/noratrieb.dev.nix index dc52c14..9a4da25 100644 --- a/nix/modules/dns/noratrieb.dev.nix +++ b/newinfra/nix/modules/dns/noratrieb.dev.nix @@ -9,6 +9,9 @@ let lib.optionalAttrs (publicIPv4 != null) { A = [ (a publicIPv4) ]; } // lib.optionalAttrs (publicIPv6 != null) { AAAA = [ (aaaa publicIPv6) ]; }) networkingConfig; + vps2 = { + A = [ "184.174.32.252" ]; + }; combine = hosts: { A = lib.lists.flatten (map (host: if builtins.hasAttr "A" host then host.A else [ ]) hosts); @@ -60,6 +63,9 @@ let }; }; + # --- legacy crap + old-docker = vps2; + # --- apps bisect-rustc = vps1; docker = vps1; diff --git a/nix/modules/garage/README.md b/newinfra/nix/modules/garage/README.md similarity index 72% rename from nix/modules/garage/README.md rename to newinfra/nix/modules/garage/README.md index 75b1116..c16f1d1 100644 --- a/nix/modules/garage/README.md +++ b/newinfra/nix/modules/garage/README.md @@ -6,6 +6,13 @@ - co-du -> Contabo Düsseldorf - he-nu -> Hetzner Nürnberg +| name | disk space | identifier | zone | +| ---- | ---------- | ---------- | ----- | +| vps3 | 70GB | cabe | co-du | +| vps3 | 100GB | 020bd | co-ka | +| vps4 | 30GB | 41e40 | he-nu | +| vps5 | 100GB | 848d8 | co-du | + ## buckets - `caddy-store`: Store for Caddy webservers @@ -28,7 +35,6 @@ - `loki`: `GK84ffae2a0728abff0f96667b` - `backups`: `GK8cb8454a6f650326562bff2f` - `forgejo`: `GKc8bfd905eb7f85980ffe84c9` -- `upload-files`: `GK607464882f6e29fb31e0f553` - `admin`: `GKaead6cf5340e54a4a19d9490` - RW permissions on ~every bucket diff --git a/nix/modules/garage/default.nix b/newinfra/nix/modules/garage/default.nix similarity index 100% rename from nix/modules/garage/default.nix rename to newinfra/nix/modules/garage/default.nix diff --git a/nix/modules/podman/default.nix b/newinfra/nix/modules/podman/default.nix similarity index 100% rename from nix/modules/podman/default.nix rename to newinfra/nix/modules/podman/default.nix diff --git a/nix/modules/prometheus/default.nix b/newinfra/nix/modules/prometheus/default.nix similarity index 95% rename from nix/modules/prometheus/default.nix rename to newinfra/nix/modules/prometheus/default.nix index b30d69d..18ce407 100644 --- a/nix/modules/prometheus/default.nix +++ b/newinfra/nix/modules/prometheus/default.nix @@ -15,7 +15,6 @@ { targets = [ "dns1.local:9100" ]; } { targets = [ "dns2.local:9100" ]; } { targets = [ "vps1.local:9100" ]; } - { targets = [ "vps2.local:9100" ]; } { targets = [ "vps3.local:9100" ]; } { targets = [ "vps4.local:9100" ]; } { targets = [ "vps5.local:9100" ]; } @@ -25,7 +24,6 @@ job_name = "caddy"; static_configs = [ { targets = [ "vps1.local:9010" ]; } - { targets = [ "vps2.local:9010" ]; } { targets = [ "vps3.local:9010" ]; } { targets = [ "vps4.local:9010" ]; } { targets = [ "vps5.local:9010" ]; } @@ -41,7 +39,6 @@ job_name = "garage"; static_configs = [ { targets = [ "vps1.local:3903" ]; } - { targets = [ "vps2.local:3903" ]; } { targets = [ "vps3.local:3903" ]; } { targets = [ "vps4.local:3903" ]; } { targets = [ "vps5.local:3903" ]; } @@ -60,7 +57,6 @@ { targets = [ "dns1.local:9150" ]; } { targets = [ "dns2.local:9150" ]; } { targets = [ "vps1.local:9150" ]; } - { targets = [ "vps2.local:9150" ]; } { targets = [ "vps3.local:9150" ]; } { targets = [ "vps4.local:9150" ]; } { targets = [ "vps5.local:9150" ]; } diff --git a/nix/modules/registry/default.nix b/newinfra/nix/modules/registry/default.nix similarity index 100% rename from nix/modules/registry/default.nix rename to newinfra/nix/modules/registry/default.nix diff --git a/nix/modules/wg-mesh/default.nix b/newinfra/nix/modules/wg-mesh/default.nix similarity index 100% rename from nix/modules/wg-mesh/default.nix rename to newinfra/nix/modules/wg-mesh/default.nix diff --git a/nix/my-projects.json b/newinfra/nix/my-projects.json similarity index 82% rename from nix/my-projects.json rename to newinfra/nix/my-projects.json index e1e8ac0..ff195a2 100644 --- a/nix/my-projects.json +++ b/newinfra/nix/my-projects.json @@ -5,5 +5,5 @@ "pretense": "270b01fc1118dfd713c1c41530d1a7d98f04527d", "quotdd": "e922229e1d9e055be35dabd112bafc87a0686548", "does-it-build": "81790825173d87f89656f66f12a123bc99e2f6f1", - "upload.files.noratrieb.dev": "0124fa5ba5446cb463fb6b3c4f52e7e6b84e5077" + "upload.files.noratrieb.dev": "90f6a6a82fb24c61fd19643d383ea7c8415f558a" } diff --git a/newinfra/nix/secrets/backup_s3_secret.age b/newinfra/nix/secrets/backup_s3_secret.age new file mode 100644 index 0000000..6e4b2ae Binary files /dev/null and b/newinfra/nix/secrets/backup_s3_secret.age differ diff --git a/newinfra/nix/secrets/caddy_s3_key_secret.age b/newinfra/nix/secrets/caddy_s3_key_secret.age new file mode 100644 index 0000000..a0e5c46 Binary files /dev/null and b/newinfra/nix/secrets/caddy_s3_key_secret.age differ diff --git a/newinfra/nix/secrets/docker_registry_password.age b/newinfra/nix/secrets/docker_registry_password.age new file mode 100644 index 0000000..3d42d33 --- /dev/null +++ b/newinfra/nix/secrets/docker_registry_password.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 qM6TYg QziuzHQxmWyRdv8dUPBWTgnMxFtqR6ttP16Z3XdvD3Y +Krxmha5J+gTU0DjzPDTDIwz1mW0Q84XR2FgQyPm4bf4 +--- t4Mea1Y35o5t2dhREnp8Zq1AyR4DAWMFW7Vv3CkgGKw +lTS+Ƴ6yrOn&c`ϰ :7V-tfpuwIw \ No newline at end of file diff --git a/nix/secrets/encrypt.sh b/newinfra/nix/secrets/encrypt.sh similarity index 100% rename from nix/secrets/encrypt.sh rename to newinfra/nix/secrets/encrypt.sh diff --git a/newinfra/nix/secrets/forgejo_s3_key_secret.age b/newinfra/nix/secrets/forgejo_s3_key_secret.age new file mode 100644 index 0000000..6bfaa64 --- /dev/null +++ b/newinfra/nix/secrets/forgejo_s3_key_secret.age @@ -0,0 +1,6 @@ +age-encryption.org/v1 +-> ssh-ed25519 qM6TYg ecu0Ic6o+WyT7XhZPo0Yf46bOye2LAgnJ5MxFPTY/E0 +JqJCtQmtxgktMl/4HsHh0uRp/rzEoqT9Z81H9v1RXio +--- /CmBzuDf0AcCk6rAvEh5SmIMxpwCTjfj9IQtRLv5qYA +}=5i +#4bpzCajnBN%nOGKϔ'Z>TًM<}//}|u5s* \ No newline at end of file diff --git a/newinfra/nix/secrets/garage_secrets.age b/newinfra/nix/secrets/garage_secrets.age new file mode 100644 index 0000000..57eb61b --- /dev/null +++ b/newinfra/nix/secrets/garage_secrets.age @@ -0,0 +1,12 @@ +age-encryption.org/v1 +-> ssh-ed25519 qM6TYg B17o68OCsoljQLd4yLx1gZbt9zsFhQE8/QJeZ3Gx+AI +ADxN8iqNN5ApzHMtIXMnMTN4qe/7ba+ZoqkpHDpq9dE +-> ssh-ed25519 XzACZQ Jp5WvbUVmfecvN95vM6+DQmJicVf4u94Vm0mYtBVODw +XAdVpk6bAwAU7OQxvedepr3g8HQo5sY5efy3lYhf1xA +-> ssh-ed25519 51bcvA DUkgjLS805iAsnaCl3B8BOP6cdKOJCx0aK23UEDmTyw +dUZhXJiYkCZvassxSg0Cgf9c+ta2Oc2PNhLdvHBP24M +-> ssh-ed25519 vT7ExA 0Z2/GFY2aqO2HJJet3CRSh3yxchGt7AYTzkl0D2aoEQ +GuMqW7tbsEl/SskgN1hPa0B/aWtet/+pHxmbwsTzPCM +--- vgf72fLRkTVRtJoxh+qfim9YYELE0W74L6ZVjpo+8vI +=&C#/nܤ29o[S+ uWʶ4f/hA#Os_RVEVAlT/VtJNU;nGQݣO{x[#PH9P:z +yX`]%>+~)`Vx۰i-F$xH)TMcZ \ No newline at end of file diff --git a/newinfra/nix/secrets/grafana_admin_password.age b/newinfra/nix/secrets/grafana_admin_password.age new file mode 100644 index 0000000..aa33f26 Binary files /dev/null and b/newinfra/nix/secrets/grafana_admin_password.age differ diff --git a/newinfra/nix/secrets/hugochat_db_password.age b/newinfra/nix/secrets/hugochat_db_password.age new file mode 100644 index 0000000..1c4ea95 Binary files /dev/null and b/newinfra/nix/secrets/hugochat_db_password.age differ diff --git a/newinfra/nix/secrets/killua_env.age b/newinfra/nix/secrets/killua_env.age new file mode 100644 index 0000000..54a0777 Binary files /dev/null and b/newinfra/nix/secrets/killua_env.age differ diff --git a/newinfra/nix/secrets/loki_env.age b/newinfra/nix/secrets/loki_env.age new file mode 100644 index 0000000..f071802 Binary files /dev/null and b/newinfra/nix/secrets/loki_env.age differ diff --git a/newinfra/nix/secrets/minio_env_file.age b/newinfra/nix/secrets/minio_env_file.age new file mode 100644 index 0000000..bf78046 Binary files /dev/null and b/newinfra/nix/secrets/minio_env_file.age differ diff --git a/newinfra/nix/secrets/openolat_db_password.age b/newinfra/nix/secrets/openolat_db_password.age new file mode 100644 index 0000000..a9e307c Binary files /dev/null and b/newinfra/nix/secrets/openolat_db_password.age differ diff --git a/newinfra/nix/secrets/registry_htpasswd.age b/newinfra/nix/secrets/registry_htpasswd.age new file mode 100644 index 0000000..738862b Binary files /dev/null and b/newinfra/nix/secrets/registry_htpasswd.age differ diff --git a/newinfra/nix/secrets/registry_s3_key_secret.age b/newinfra/nix/secrets/registry_s3_key_secret.age new file mode 100644 index 0000000..3b6cb41 Binary files /dev/null and b/newinfra/nix/secrets/registry_s3_key_secret.age differ diff --git a/newinfra/nix/secrets/s3_mc_admin_client.age b/newinfra/nix/secrets/s3_mc_admin_client.age new file mode 100644 index 0000000..719f1ed Binary files /dev/null and b/newinfra/nix/secrets/s3_mc_admin_client.age differ diff --git a/nix/secrets/secrets.nix b/newinfra/nix/secrets/secrets.nix similarity index 78% rename from nix/secrets/secrets.nix rename to newinfra/nix/secrets/secrets.nix index 456c560..1d3b484 100644 --- a/nix/secrets/secrets.nix +++ b/newinfra/nix/secrets/secrets.nix @@ -2,7 +2,6 @@ let dns1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBKoyDczFntyQyWj47Z8JeewKcCobksd415WM1W56eS"; dns2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINZ1yLdDhI2Vou/9qrPIUP8RU8Sg0WxLI2njtP5hkdL7"; vps1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII4Xj3TsDPStoHquTfOlyxShbA/kgMfQskKN8jpfiY4R"; - vps2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKzt3OZAOG2sih8T9Bhoqg8ANBP5ZX60z0xmUW4cBWvX"; vps3 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHvupo7d9YMZw56qhjB+tZPijxiG1dKChLpkOWZN0Y7C"; vps4 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMpoLgBTWj1BcNxXVdM26jDBZl+BCtUTj20Wv4sZdCHz"; vps5 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBWbIznvWQSqRF1E9Gv9y7JXMy3LZxMAWj6K0Nq91kyZ"; @@ -14,21 +13,20 @@ in "hugochat_db_password.age".publicKeys = [ vps1 ]; "openolat_db_password.age".publicKeys = [ vps1 ]; "minio_env_file.age".publicKeys = [ vps1 vps3 ]; - "garage_secrets.age".publicKeys = [ vps1 vps2 vps3 vps4 vps5 ]; - "caddy_s3_key_secret.age".publicKeys = [ vps1 vps2 vps3 vps4 vps5 ]; + "garage_secrets.age".publicKeys = [ vps1 vps3 vps4 vps5 ]; + "caddy_s3_key_secret.age".publicKeys = [ vps1 vps3 vps4 vps5 ]; "registry_htpasswd.age".publicKeys = [ vps1 ]; "registry_s3_key_secret.age".publicKeys = [ vps1 ]; "grafana_admin_password.age".publicKeys = [ vps3 ]; "loki_env.age".publicKeys = [ vps3 ]; - "backup_s3_secret.age".publicKeys = [ vps1 vps2 vps3 vps4 vps5 ]; - "s3_mc_admin_client.age".publicKeys = [ vps1 vps2 vps3 vps4 vps5 ]; + "backup_s3_secret.age".publicKeys = [ vps1 vps3 vps4 vps5 ]; + "s3_mc_admin_client.age".publicKeys = [ vps1 vps3 vps4 vps5 ]; "killua_env.age".publicKeys = [ vps1 ]; "forgejo_s3_key_secret.age".publicKeys = [ vps1 ]; "upload_files_s3_secret.age".publicKeys = [ vps1 ]; "wg_private_dns1.age".publicKeys = [ dns1 ]; "wg_private_dns2.age".publicKeys = [ dns2 ]; "wg_private_vps1.age".publicKeys = [ vps1 ]; - "wg_private_vps2.age".publicKeys = [ vps2 ]; "wg_private_vps3.age".publicKeys = [ vps3 ]; "wg_private_vps4.age".publicKeys = [ vps4 ]; "wg_private_vps5.age".publicKeys = [ vps5 ]; diff --git a/newinfra/nix/secrets/upload_files_s3_secret.age b/newinfra/nix/secrets/upload_files_s3_secret.age new file mode 100644 index 0000000..a556152 Binary files /dev/null and b/newinfra/nix/secrets/upload_files_s3_secret.age differ diff --git a/newinfra/nix/secrets/wg_private_dns1.age b/newinfra/nix/secrets/wg_private_dns1.age new file mode 100644 index 0000000..0f4a0d0 --- /dev/null +++ b/newinfra/nix/secrets/wg_private_dns1.age @@ -0,0 +1,6 @@ +age-encryption.org/v1 +-> ssh-ed25519 LZU5Eg dlH/b9FXAowA5m9KYdF+MirRu9fKXhf76jHXuKA6OAI +ADHjmdwYkyd24vbi2jbeI9GmFZuf86/Twm48J3g958s +--- WVLjItfhBqlv55yTzq0/OzfTSfD1ypQfu9EGFf1vUUE +<{\VLv ++v_#PIF%(ㄠ>ȟC'n 1|jNT^6o \ No newline at end of file diff --git a/newinfra/nix/secrets/wg_private_dns2.age b/newinfra/nix/secrets/wg_private_dns2.age new file mode 100644 index 0000000..8495f12 --- /dev/null +++ b/newinfra/nix/secrets/wg_private_dns2.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 5bWSnQ Li1ITKUHcUQFJX0NQCaz9Abjf6NjyVGTwE9WAzjJAU0 +UekGYi4xmM88U0BX52iKGWnBTWCGrxMyMeN6zed12D4 +--- MUD9AikW/zNM+W3GiR23pw95ZsDhsxZVn5EMqr0X+DU +ʂ]?@TH]~?7q"W+`+L]aSx*]6Љf \ No newline at end of file diff --git a/newinfra/nix/secrets/wg_private_vps1.age b/newinfra/nix/secrets/wg_private_vps1.age new file mode 100644 index 0000000..c4e3f87 --- /dev/null +++ b/newinfra/nix/secrets/wg_private_vps1.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 qM6TYg 4aRY2+KMkGoSJtRfdkTRwIj6bYGSQJvJjq669297MHE +Kjf7jo93e4oMRKmN5u3Xa3CUpIp9bZPoUAGqjdgOulw +--- wapYiQbpT4gfZyI5cMnB4O+LdM9PvsUxM7nTv954nNg +eVn?]Ł3!l0ر<[o[?B'W( \ No newline at end of file diff --git a/newinfra/nix/secrets/wg_private_vps3.age b/newinfra/nix/secrets/wg_private_vps3.age new file mode 100644 index 0000000..0e7dec1 --- /dev/null +++ b/newinfra/nix/secrets/wg_private_vps3.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 XzACZQ J67LUjHa64q/z1K8zZpx1rsnoQ94NzhkeXEpfNr4ZVQ +dy5Tre9IicxhLBHoqvQAZepG7bNg2dEXFT5iPRcWOcA +--- 9dJKhJeue6VNi0Sw05BX/t8jsxXyRIKz0K3/sy0kT7w +h9isM =TnwW)㲛\<2*%_ܳgLN5cD5@ͻ \ No newline at end of file diff --git a/newinfra/nix/secrets/wg_private_vps4.age b/newinfra/nix/secrets/wg_private_vps4.age new file mode 100644 index 0000000..414c14b --- /dev/null +++ b/newinfra/nix/secrets/wg_private_vps4.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 51bcvA P7ouUh98Mfi9Jsu6MDWaWH0NB2alXRIK8hxBIs0Nylg +tUZ1sWLlvPizsSWhK3fnVVhr4C9Ign5rwowxePGXFII +--- PHPizXT8GPP9mIFg1paqqc8w3qsX63XpLkeT0APybik +B?*8-nLsj< k*.@6KUg '8 #h.l~S3%!VYKlR ؘo \ No newline at end of file diff --git a/newinfra/nix/secrets/wg_private_vps5.age b/newinfra/nix/secrets/wg_private_vps5.age new file mode 100644 index 0000000..f677cad --- /dev/null +++ b/newinfra/nix/secrets/wg_private_vps5.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 vT7ExA 9+j3VYkFAW1obbLc31nv+45SyPMqH1zZPkI+PU4lVH8 +G9QkkyTNH499EWhjiXCyXt7HgHlzJTZsaLiR+yOF18E +--- vq7bT3yTioJ1UsD7hSu5jyYKhOE6UMIMsosu4f5pK1w +QV#(7EY\Z?G٫_C I gNiVe]tx@w+ \ No newline at end of file diff --git a/newinfra/nix/secrets/widetom_bot_token.age b/newinfra/nix/secrets/widetom_bot_token.age new file mode 100644 index 0000000..105c8e5 --- /dev/null +++ b/newinfra/nix/secrets/widetom_bot_token.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 qM6TYg sAwuep3NgetXEKK5N8ZFP6Y0IDAGtTLIXH1hh5L0Hyc +8pB7uytmRSkJMKi5S9YSLHKLgpYKkv5w2WaKaJL9sT4 +--- JucAnOMMuFLpIyg9t+Azths9ttk6by6SKcMWA6Cwa+0 +v(TR͘䴐JpD%J*^l߱Y/'zBٞ4G6Ʒ( /\,Wr7 en%@ \ No newline at end of file diff --git a/newinfra/nix/secrets/widetom_config_toml.age b/newinfra/nix/secrets/widetom_config_toml.age new file mode 100644 index 0000000..13998d2 Binary files /dev/null and b/newinfra/nix/secrets/widetom_config_toml.age differ diff --git a/secrets-git-crypt/backup_s3_secret b/newinfra/secrets-git-crypt/backup_s3_secret similarity index 100% rename from secrets-git-crypt/backup_s3_secret rename to newinfra/secrets-git-crypt/backup_s3_secret diff --git a/secrets-git-crypt/caddy_s3_key_secret b/newinfra/secrets-git-crypt/caddy_s3_key_secret similarity index 100% rename from secrets-git-crypt/caddy_s3_key_secret rename to newinfra/secrets-git-crypt/caddy_s3_key_secret diff --git a/secrets-git-crypt/docker_registry_password b/newinfra/secrets-git-crypt/docker_registry_password similarity index 100% rename from secrets-git-crypt/docker_registry_password rename to newinfra/secrets-git-crypt/docker_registry_password diff --git a/secrets-git-crypt/forgejo_s3_key_secret b/newinfra/secrets-git-crypt/forgejo_s3_key_secret similarity index 100% rename from secrets-git-crypt/forgejo_s3_key_secret rename to newinfra/secrets-git-crypt/forgejo_s3_key_secret diff --git a/secrets-git-crypt/garage_secrets b/newinfra/secrets-git-crypt/garage_secrets similarity index 100% rename from secrets-git-crypt/garage_secrets rename to newinfra/secrets-git-crypt/garage_secrets diff --git a/secrets-git-crypt/grafana_admin_password b/newinfra/secrets-git-crypt/grafana_admin_password similarity index 100% rename from secrets-git-crypt/grafana_admin_password rename to newinfra/secrets-git-crypt/grafana_admin_password diff --git a/secrets-git-crypt/hugochat_db_password b/newinfra/secrets-git-crypt/hugochat_db_password similarity index 100% rename from secrets-git-crypt/hugochat_db_password rename to newinfra/secrets-git-crypt/hugochat_db_password diff --git a/secrets-git-crypt/killua_env b/newinfra/secrets-git-crypt/killua_env similarity index 100% rename from secrets-git-crypt/killua_env rename to newinfra/secrets-git-crypt/killua_env diff --git a/secrets-git-crypt/loki_env b/newinfra/secrets-git-crypt/loki_env similarity index 100% rename from secrets-git-crypt/loki_env rename to newinfra/secrets-git-crypt/loki_env diff --git a/secrets-git-crypt/minio_env_file b/newinfra/secrets-git-crypt/minio_env_file similarity index 100% rename from secrets-git-crypt/minio_env_file rename to newinfra/secrets-git-crypt/minio_env_file diff --git a/secrets-git-crypt/openolat_db_password b/newinfra/secrets-git-crypt/openolat_db_password similarity index 100% rename from secrets-git-crypt/openolat_db_password rename to newinfra/secrets-git-crypt/openolat_db_password diff --git a/secrets-git-crypt/registry_htpasswd b/newinfra/secrets-git-crypt/registry_htpasswd similarity index 100% rename from secrets-git-crypt/registry_htpasswd rename to newinfra/secrets-git-crypt/registry_htpasswd diff --git a/secrets-git-crypt/registry_s3_key_secret b/newinfra/secrets-git-crypt/registry_s3_key_secret similarity index 100% rename from secrets-git-crypt/registry_s3_key_secret rename to newinfra/secrets-git-crypt/registry_s3_key_secret diff --git a/secrets-git-crypt/s3_mc_admin_client b/newinfra/secrets-git-crypt/s3_mc_admin_client similarity index 100% rename from secrets-git-crypt/s3_mc_admin_client rename to newinfra/secrets-git-crypt/s3_mc_admin_client diff --git a/secrets-git-crypt/upload_files_s3_secret b/newinfra/secrets-git-crypt/upload_files_s3_secret similarity index 100% rename from secrets-git-crypt/upload_files_s3_secret rename to newinfra/secrets-git-crypt/upload_files_s3_secret diff --git a/secrets-git-crypt/wg_private_dns1 b/newinfra/secrets-git-crypt/wg_private_dns1 similarity index 100% rename from secrets-git-crypt/wg_private_dns1 rename to newinfra/secrets-git-crypt/wg_private_dns1 diff --git a/secrets-git-crypt/wg_private_dns2 b/newinfra/secrets-git-crypt/wg_private_dns2 similarity index 100% rename from secrets-git-crypt/wg_private_dns2 rename to newinfra/secrets-git-crypt/wg_private_dns2 diff --git a/secrets-git-crypt/wg_private_vps1 b/newinfra/secrets-git-crypt/wg_private_vps1 similarity index 100% rename from secrets-git-crypt/wg_private_vps1 rename to newinfra/secrets-git-crypt/wg_private_vps1 diff --git a/secrets-git-crypt/wg_private_vps3 b/newinfra/secrets-git-crypt/wg_private_vps3 similarity index 100% rename from secrets-git-crypt/wg_private_vps3 rename to newinfra/secrets-git-crypt/wg_private_vps3 diff --git a/secrets-git-crypt/wg_private_vps4 b/newinfra/secrets-git-crypt/wg_private_vps4 similarity index 100% rename from secrets-git-crypt/wg_private_vps4 rename to newinfra/secrets-git-crypt/wg_private_vps4 diff --git a/secrets-git-crypt/wg_private_vps5 b/newinfra/secrets-git-crypt/wg_private_vps5 similarity index 100% rename from secrets-git-crypt/wg_private_vps5 rename to newinfra/secrets-git-crypt/wg_private_vps5 diff --git a/secrets-git-crypt/widetom_bot_token b/newinfra/secrets-git-crypt/widetom_bot_token similarity index 100% rename from secrets-git-crypt/widetom_bot_token rename to newinfra/secrets-git-crypt/widetom_bot_token diff --git a/secrets-git-crypt/widetom_config.toml b/newinfra/secrets-git-crypt/widetom_config.toml similarity index 100% rename from secrets-git-crypt/widetom_config.toml rename to newinfra/secrets-git-crypt/widetom_config.toml diff --git a/update-my-projects.mjs b/newinfra/update-my-projects.mjs similarity index 100% rename from update-my-projects.mjs rename to newinfra/update-my-projects.mjs diff --git a/nix/secrets/backup_s3_secret.age b/nix/secrets/backup_s3_secret.age deleted file mode 100644 index 4ef1361..0000000 Binary files a/nix/secrets/backup_s3_secret.age and /dev/null differ diff --git a/nix/secrets/caddy_s3_key_secret.age b/nix/secrets/caddy_s3_key_secret.age deleted file mode 100644 index 39bb560..0000000 Binary files a/nix/secrets/caddy_s3_key_secret.age and /dev/null differ diff --git a/nix/secrets/docker_registry_password.age b/nix/secrets/docker_registry_password.age deleted file mode 100644 index 13f02ef..0000000 --- a/nix/secrets/docker_registry_password.age +++ /dev/null @@ -1,5 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 qM6TYg UtoSFhZQ2PW1y3ifXgSdQQswoi5kdRg2gvczlEateC4 -ir2FpFkYo17MGBy+C4thM4lit7vn2CiBi09DcTb6ubs ---- YvRhsfFzedjeKssmOTzHvKkvIG0zXVVCIJsRNc/LTVg -:ˠK$Prm;۷ + qE@v]m=͙'Sm \ No newline at end of file diff --git a/nix/secrets/forgejo_s3_key_secret.age b/nix/secrets/forgejo_s3_key_secret.age deleted file mode 100644 index 2c66a3a..0000000 --- a/nix/secrets/forgejo_s3_key_secret.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 qM6TYg GNYf0FjEDEqCe09mS9Hl7OIIjvhKTu8urwUPtY+yyB0 -xmAtm4n3s0rfq3S5OKFEG2k/noXFTKMt8hiW5QrD9SU ---- HGBYxXQGM254m2YP5twgjgDme80f0uOL2m4uKy19ZBs -( -T -{F-\6{mtM-X{%bQd]E]i}F2$7#k4;8ZG_o \ No newline at end of file diff --git a/nix/secrets/garage_secrets.age b/nix/secrets/garage_secrets.age deleted file mode 100644 index af23541..0000000 --- a/nix/secrets/garage_secrets.age +++ /dev/null @@ -1,13 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 qM6TYg F9aj1EmsmRSXt1m3a41zpuwFmDBOuuaIrHkqP7PTVno -tVs8Oxa9gV/HdUf0hN/JLuWhbrXI9BXIrsh5HnsKBQI --> ssh-ed25519 pP9cdg dQdPm3OfbWl5Y8kJxmsUZ4rwpUo8w3+P3CHCiXw9VCw -9yWbGgzgBz9GICAgYiOyPtMjDk/tBb4vsOveTuYP9bw --> ssh-ed25519 XzACZQ 4lldtotM16DN/75dRX3QEmOzfIEySHcNOlFWqymI+Rs -oOaD7dZu0xC0R7CrVpfwoBU7eSgaWyJmAZ4WptCQdes --> ssh-ed25519 51bcvA k9eq2Tc3A9MztsdTvt3sDYUj/usYBJMp9IJQZAR67Ac -ezccfIhPZaHKsVcUrxJL7u3jSA/kCTqLmWuQfxrFQBo --> ssh-ed25519 vT7ExA BOCylq1RqaburnXxfsl3xqAmGSJnIxVhXK8H2xeFynk -OWhqsbJgHWlo3hsRZVQgEaArK32OI25N4Poi2qJ9wQs ---- bBQkNfDI0onJOyxOJIN3Yl2jkK5iRgYbK67RWsipXOE -3A9AnۯtyCj-{Ň)6DfOQ}'_n>UPNDR-"?>)E0v(~7 eCO\UJJ$S8`FQ0u3mH~PLqf~in]=rSre#wG @|X# \ No newline at end of file diff --git a/nix/secrets/grafana_admin_password.age b/nix/secrets/grafana_admin_password.age deleted file mode 100644 index 2d2fac7..0000000 --- a/nix/secrets/grafana_admin_password.age +++ /dev/null @@ -1,5 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 XzACZQ g3qlnIBoRdlhvAhDd1oLC7sdWAYGw5FobFAbOp0Eamo -FGoPMBeNp63zkvTml9cnXspAS65/G2+3hzaeMu/ack8 ---- /cGmX9i8KBgLSiv0HC7QGJoF5+C6wBHbBOhoIw5iRIE -?޳[%N+uee8YЕFkMx&k+jfW*U4&dymNb?Aci݀:n}<$]É0Em=/U6-j \ No newline at end of file diff --git a/nix/secrets/hugochat_db_password.age b/nix/secrets/hugochat_db_password.age deleted file mode 100644 index 3e48ca0..0000000 --- a/nix/secrets/hugochat_db_password.age +++ /dev/null @@ -1,5 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 qM6TYg ZIBHuyNI3wIg1GaFtgZM+ubYEM2yoaM0cbG+Pei+chY -Bp4xfIz7PzmFADD+w8fnZ73KwAojT22WADuUA3kQc8Q ---- HvjuHpMC7XvjiM/y0zgOyg080PO3BbwnSWNgbZSIUWc -!C5YY>co+5\ڵjG1sF Pݷ*3ֳ,,U(^;bgegt:ݮ`a_>"e=hC_@ڳ\SCo[4x&9Y @ۃ'Kd#a ^tą \ No newline at end of file diff --git a/nix/secrets/killua_env.age b/nix/secrets/killua_env.age deleted file mode 100644 index d9e3d98..0000000 --- a/nix/secrets/killua_env.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 qM6TYg i9WKTDnkYrTPkHzEDzbpwE0UzYvsHGNdezC43k9N6xA -mQdIAyNO+1spsyKXdu4VxF18Dlh6ORkIn8qQVew6b0E ---- JA923cG0dvBxGC7zsjdKFKZLcHvTj3PgyISIFpEsKBE -;: -^}cud -ڕLmTzzM0Ra=i !Ui=I%@ąp܉K[Fm/ajx^cD0,u,فQߞ-ϼV \ No newline at end of file diff --git a/nix/secrets/loki_env.age b/nix/secrets/loki_env.age deleted file mode 100644 index 010ee28..0000000 --- a/nix/secrets/loki_env.age +++ /dev/null @@ -1,5 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 XzACZQ 4ra1tOKgtlquGn8NV4e5WVP9/x3hfV86Bq7xSv3bFmI -6aPQO3Sc++l2NpmmRhPo4RcdL3bsRLcbqHF4bWfYqJg ---- b739OmteTR/Z3J3HZqcmqKYvMucyNSbTabqopToJHpY -0C,]wj<4js@̂eW9jw|Y2J{T3N6) $&;ptC9&y$JAcIGh:OʝHVn%Ș}r3Ha89p5 \ No newline at end of file diff --git a/nix/secrets/minio_env_file.age b/nix/secrets/minio_env_file.age deleted file mode 100644 index daf2e33..0000000 --- a/nix/secrets/minio_env_file.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 qM6TYg FPuST3lWjHKcylkh0mlRbQm8lM28wce4Bb2/rp1zu2k -cmA9aRF8zDe6YYmBCH7pOtl1FflKxwAiHtMYTQ0OWMk --> ssh-ed25519 XzACZQ 2M5O5Rj2LAS1T9UXRYeUZrq3iBiJu/0TPOtz5yC+nyE -A1JFvr1iVj2Mc4F7/yjGxikmdAbofTuOMvI8QtyzTr4 ---- 7JakO0Kuuskiup7D+cYP7OKQtld7h7salUMRoOGa88Q -k5  JOU/St!k2vm] o5V  ҷBE!QtJ!|[5(Fx ssh-ed25519 qM6TYg 0lWcSdSricBNu8i0oMnNe0gOsoDrY9DfPvmCIS63ohc -fY0M+k7xXU5nlLTSbJQF7iDevujQVxZ2lLca9CiBTaI ---- 5ObZSaeWsTlkqKq5D8vWKsrY8WCku2ndSlrjBKRtQE8 -Iye$Q|h'Q1Q1CހmQ:Q.SE=cm @-9j7fǺFT"o"|0DΒ,Wŋm*̬~5'{ jluuy+ \ No newline at end of file diff --git a/nix/secrets/registry_htpasswd.age b/nix/secrets/registry_htpasswd.age deleted file mode 100644 index 9d1e5fd..0000000 Binary files a/nix/secrets/registry_htpasswd.age and /dev/null differ diff --git a/nix/secrets/registry_s3_key_secret.age b/nix/secrets/registry_s3_key_secret.age deleted file mode 100644 index eee2e12..0000000 Binary files a/nix/secrets/registry_s3_key_secret.age and /dev/null differ diff --git a/nix/secrets/s3_mc_admin_client.age b/nix/secrets/s3_mc_admin_client.age deleted file mode 100644 index 2cc8862..0000000 Binary files a/nix/secrets/s3_mc_admin_client.age and /dev/null differ diff --git a/nix/secrets/upload_files_s3_secret.age b/nix/secrets/upload_files_s3_secret.age deleted file mode 100644 index 01042a4..0000000 --- a/nix/secrets/upload_files_s3_secret.age +++ /dev/null @@ -1,5 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 qM6TYg Tq8qyikECRKhPhMbKFDd+YZIGkx9uj3vOWk7QRHEkn8 -wDbkM7KZWGDF3mECEa1MPPTC5F7uxe8nGtIZZkVCWU0 ---- hpRMWveZaPAIS44Jr6rRGHMOQfRi7nFpN0nxHU6fPOQ -t4`:,PʍN?ij\ȱ雵uAH_?Pg# T+R-ȺX,!YeZFmd\4bDAkLk1Rz6xo(8gzV+s|.T;OM6 zAQV~mNXI qkt#JyrSu?ږN Ոb!Ksy, AyfW##"`nPX,$z1 (P "y|sTxBFtl!6ۉ0os*.H/o5ۭl \ No newline at end of file diff --git a/nix/secrets/wg_private_dns1.age b/nix/secrets/wg_private_dns1.age deleted file mode 100644 index e9a0be3..0000000 --- a/nix/secrets/wg_private_dns1.age +++ /dev/null @@ -1,5 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 LZU5Eg C3IfbvL4t0pOHEb3Bc54+r6DZESgN6K6zPDhBlDumXk -UwOtrqp8I90Vux6L7CsV5K+2SDFB8LBiyLO8ud7IsQU ---- 2tIecoG70broXFTtgjCUMcvk2RdKqpe5tihO6meI8DY -Akڳ& `!M_v`-Ep^U#:]їDmy^O+t8.͚; \ No newline at end of file diff --git a/nix/secrets/wg_private_dns2.age b/nix/secrets/wg_private_dns2.age deleted file mode 100644 index d986ea6..0000000 --- a/nix/secrets/wg_private_dns2.age +++ /dev/null @@ -1,6 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 5bWSnQ wqkRMdob+7G2mTNKySF2kiGhOKt4GLN/ne+4lM3pIwA -Iz2Brik6I6YHjVxQcoDL0UTJOWcjuiErf5kCeWpnaV0 ---- 1ZkP0GiP78eGKl8te1w+o5I5kEbyPaiJFq7WGH4k1LE -61zITU/5'|h>zr^ɋwanoglX,kܶG -cP!Rh׻fWh䠧 \ No newline at end of file diff --git a/nix/secrets/wg_private_vps1.age b/nix/secrets/wg_private_vps1.age deleted file mode 100644 index 089fc55..0000000 Binary files a/nix/secrets/wg_private_vps1.age and /dev/null differ diff --git a/nix/secrets/wg_private_vps2.age b/nix/secrets/wg_private_vps2.age deleted file mode 100644 index a92b028..0000000 --- a/nix/secrets/wg_private_vps2.age +++ /dev/null @@ -1,5 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 pP9cdg GI2CXAYTJWUqmab/Fnl/cFZVCCBxYZX/snQ+w0aPjSk -8D6TxN4VYH14GQJ/XhUqyfKNLjM8f3LDmykLAvtl+IM ---- 6ru8v60LKlJjpy2PnmcwBdV09KMEh+neITYyuFscSIQ -F Йy#<ﯗ֋mߘQ2^T2L9]LĞh[br!jEnS?jCR%s;m\R \ No newline at end of file diff --git a/nix/secrets/wg_private_vps3.age b/nix/secrets/wg_private_vps3.age deleted file mode 100644 index 2536ac0..0000000 --- a/nix/secrets/wg_private_vps3.age +++ /dev/null @@ -1,5 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 XzACZQ pOD3jNWIufLkEVtkFJu6W0QjdzPJTK+t1MwgACv1zXU -EJQ+9xPw6MnB6nJW6nDBUlzfHyY9XlfBIQlgje+FVE4 ---- BmTwJED+mJ/Qr0WFDELozwR2BgGDkHDcR2I9eSxuVn8 -K~alNh. kiAF*/MYZdpA+-٬Aܢ*SZ NFfb3try \ No newline at end of file diff --git a/nix/secrets/wg_private_vps4.age b/nix/secrets/wg_private_vps4.age deleted file mode 100644 index ca2ab16..0000000 --- a/nix/secrets/wg_private_vps4.age +++ /dev/null @@ -1,6 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 51bcvA mzB9FcwUgPczK4/Rd2DZvCYoQfjT4qE+Z7HE9yHjgGU -sPDlr+YNhvbjYagyJb/kua9dWeG9tSt6KNjKh+/p+ps ---- uZVoWpqKjapTtWRGpc7cUoifwOVFfd5DU+9pQpwruuo -Fv6ڋ,Kӆ(k~Y4.`z(]w2MV "%JU$ȫǸCG -_:Fݧ S \ No newline at end of file diff --git a/nix/secrets/wg_private_vps5.age b/nix/secrets/wg_private_vps5.age deleted file mode 100644 index fa70bad..0000000 --- a/nix/secrets/wg_private_vps5.age +++ /dev/null @@ -1,5 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 vT7ExA WsT1cFerSGwOnhrLBTN62zydQVC1oPQxXtwQxGUSY1w -Je1zd3NJ16yaOHQD8iPX7eaPJV3WH6Z3eiDkFip/2FY ---- J6ZhIFcXF12n+pV4JEaAut/QB2c5ycYSIGo6j3nLICQ -SOƍsILJ i=m|,gnYւDvA d{ q)~3!8 xPL7" \ No newline at end of file diff --git a/nix/secrets/widetom_bot_token.age b/nix/secrets/widetom_bot_token.age deleted file mode 100644 index d3d06bf..0000000 --- a/nix/secrets/widetom_bot_token.age +++ /dev/null @@ -1,5 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 qM6TYg n/6/3HfVk0IWfGRbgBB7qLkEXylLgYDxNzbLTaJWyhs -jNP6viJqbOgpNke072hDeaGmApVc51wAN/O+8Gc58U4 ---- WoF4XMNOMMwKJ16Q7QrH97cGdyJ4nB4Dw04dyznfmL8 -#"Li"WAE-?ؕ~Z\gO&xv &w]"S2Vɯ/ \ No newline at end of file diff --git a/nix/secrets/widetom_config_toml.age b/nix/secrets/widetom_config_toml.age deleted file mode 100644 index aa4e0f9..0000000 Binary files a/nix/secrets/widetom_config_toml.age and /dev/null differ diff --git a/playbooks/all.yml b/playbooks/all.yml new file mode 100644 index 0000000..94e52dd --- /dev/null +++ b/playbooks/all.yml @@ -0,0 +1,5 @@ +--- +- name: Generic setup + ansible.builtin.import_playbook: ./basic-setup.yml +- name: VPS 2 + ansible.builtin.import_playbook: ./vps2.yml diff --git a/playbooks/basic-setup.yml b/playbooks/basic-setup.yml new file mode 100644 index 0000000..3116e49 --- /dev/null +++ b/playbooks/basic-setup.yml @@ -0,0 +1,112 @@ +--- +- name: Basic Server setup + hosts: all + gather_facts: false + tasks: + - name: Change hostname + ansible.builtin.hostname: + name: "{{ inventory_hostname }}" + - name: apt update + ansible.builtin.apt: + update_cache: true + upgrade: yes + - name: Install fish + ansible.builtin.apt: + name: "fish" + state: present + - name: "Change root's shell to fish" + ansible.builtin.user: + name: root + shell: /usr/bin/fish + - name: Install useful tools + ansible.builtin.apt: + name: "{{ item }}" + state: present + with_items: + - htop + - awscli + - name: Install keyring packages + ansible.builtin.apt: + name: "{{ item }}" + with_items: + - debian-keyring + - debian-archive-keyring + - apt-transport-https + - name: Add caddy keyrings + ansible.builtin.shell: | + set -euo pipefail + + rm -f /usr/share/keyrings/caddy-stable-archive-keyring.gpg + curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg + + # todo: show ok/changed + args: + executable: /bin/bash + - name: Add caddy repository + ansible.builtin.get_url: + url: "https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt" + dest: "/etc/apt/sources.list.d/caddy-stable.list" + mode: "u=rw,g=r,o=r" + - name: Add the docker GPG key + ansible.builtin.get_url: + url: "https://download.docker.com/linux/ubuntu/gpg" + dest: "/etc/apt/keyrings/docker.asc" + mode: "u=r,g=r,o=r" + - name: Add docker repository + ansible.builtin.copy: + dest: "/etc/apt/sources.list.d/docker.list" + content: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu jammy stable" + - name: Install docker + ansible.builtin.apt: + name: "{{ item }}" + state: present + with_items: + - docker-ce + - docker-ce-cli + - docker-compose-plugin + - name: Ensure docker is started + ansible.builtin.service: + name: docker + state: started + - name: Install caddy + ansible.builtin.apt: + name: caddy + state: present + args: + update_cache: true + - name: Ensure caddy is started + ansible.builtin.service: + name: caddy + state: started + - name: Create debug html root + ansible.builtin.file: + path: /var/www/html/debug + state: directory + mode: "u=rwx,g=rx,o=rx" + - name: Create debug webserver file + ansible.builtin.copy: + dest: /var/www/html/debug/index.html + src: "../debug.html" + mode: "u=rw,g=r,o=r" + - name: Copy Caddyfile + ansible.builtin.copy: + dest: /etc/caddy/Caddyfile + src: "../{{ inventory_hostname }}/Caddyfile" # TODO: Choose the right caddyfile depending on the server. + mode: "u=rw,g=r,o=r" + notify: + - "Caddyfile changed" + - name: Create /apps + ansible.builtin.file: + path: /apps + state: directory + mode: u=rwx,g=rx,o=rx + - name: Copy docker-compose + ansible.builtin.copy: + dest: /apps/docker-compose.yml + src: "../{{ inventory_hostname }}/docker-compose.yml" # TODO: choose the right directory + mode: "u=r,g=r,o=r" + handlers: + - name: "Caddyfile changed" + ansible.builtin.service: + name: caddy + state: reloaded diff --git a/playbooks/inventory.yml b/playbooks/inventory.yml new file mode 100644 index 0000000..c1e8d80 --- /dev/null +++ b/playbooks/inventory.yml @@ -0,0 +1,4 @@ +vps: + hosts: + vps2: + ansible_host: vps2.noratrieb.dev diff --git a/playbooks/vps2.yml b/playbooks/vps2.yml new file mode 100644 index 0000000..4435e61 --- /dev/null +++ b/playbooks/vps2.yml @@ -0,0 +1,97 @@ +--- +- name: VPS 2 setup + hosts: vps2 + gather_facts: false + tasks: + - name: Copy backup file + ansible.builtin.copy: + src: "../vps2/backup.sh" + dest: "/apps/backup.sh" + mode: "u=rx,g=rx,o=rx" + - name: Configure backup cron + ansible.builtin.cron: + name: Daily backup + minute: "5" + hour: "7" + job: "/apps/backup.sh" + ##### + # APP: karin bot, /apps/karin-bot + ##### + - name: Create /apps/karin-bot + ansible.builtin.file: + path: /apps/karin-bot + state: directory + mode: "u=rwx,g=rx,o=rx" + - name: "Copy karin .env secret" + ansible.builtin.copy: + dest: "/apps/karin-bot/.env" + src: "../secrets/karin-bot/.env" + mode: "u=r,g=r,o=r" + # TODO: Mount a volume in the karin-db to this directory + ##### + # APP: cors-school, /apps/cors-school + ##### + - name: Create /apps/cors-school + ansible.builtin.file: + path: /apps/cors-school + state: directory + mode: "u=rwx,g=rx,o=rx" + - name: Copy secret envs + ansible.builtin.copy: + dest: "/apps/cors-school/{{ item }}" + src: "../secrets/cors-school/{{ item }}" + mode: "u=r,g=r,o=r" + with_items: + - bot.env + - db.env + - server.env + ##### + # APP: minecraft server, /apps/minecraft + ##### + - name: Create /apps/minecraft + ansible.builtin.file: + path: /apps/minecraft + state: directory + mode: "u=rwx,g=rx,o=rx" + - name: Copy minecraft secrets + ansible.builtin.copy: + dest: "/apps/minecraft/.env" + src: "../secrets/minecraft/.env" + mode: "u=r,g=r,o=r" + ##### + # APP: openolat, /apps/openolat + ##### + - name: Create /apps/openolat + ansible.builtin.file: + path: /apps/openolat + state: directory + mode: "u=rwx,g=rx,o=rx" + - name: Copy extra properties + ansible.builtin.copy: + dest: /apps/openolat/extra-properties.properties + src: ../apps/openolat/extra-properties.properties + mode: "u=r,g=r,o=r" + - name: Olat data file permissions # TODO: a bit hacky. + ansible.builtin.file: + path: /apps/openolat/olatdata + state: directory + mode: "u=rwx,g=rwx,o=rwx" + ##### + # END: docker compose up! + ##### + # We want this to be last so that all app-specific config has been done. + - name: Copy .env + ansible.builtin.copy: + dest: "/apps/.env" + src: "../secrets/vps2.env" + mode: "u=r,g=r,o=r" + - name: Docker compose up! 🚀 + community.docker.docker_compose_v2: + project_src: /apps + state: "present" + ##### + # POST: things after starting up + ##### + - name: Run CORS db migrations + ansible.builtin.shell: | + docker exec -w /app/server cors-school-server diesel migration run diff --git a/run.sh b/run.sh new file mode 100755 index 0000000..86e34f8 --- /dev/null +++ b/run.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +ansible-playbook -i playbooks/inventory.yml playbooks/all.yml -u root diff --git a/scripts/copy-deploy-key.sh b/scripts/copy-deploy-key.sh new file mode 100755 index 0000000..4a30d19 --- /dev/null +++ b/scripts/copy-deploy-key.sh @@ -0,0 +1,23 @@ +#!/usr/bin/env bash + +# Copies a base64 encoded deploy key to the servers. + +set -eu + +printf "Enter private key (base64 encoded): " +read -r key64 + +private=$(echo "$key64" | base64 -d) +public=$(ssh-keygen -f <(echo "$private") -y) + +tmp=$(mktemp -d) +echo "$private" > "$tmp/id" +echo "$public" > "$tmp/id.pub" + +delete() { + rm -r "$tmp" +} +trap delete EXIT + +ssh-copy-id -i "$tmp/id" root@vps1.nilstrieb.dev +ssh-copy-id -i "$tmp/id" root@vps2.nilstrieb.dev diff --git a/secrets-git-crypt/wg_private_vps2 b/secrets-git-crypt/wg_private_vps2 deleted file mode 100644 index 77cd133..0000000 Binary files a/secrets-git-crypt/wg_private_vps2 and /dev/null differ diff --git a/secrets/cors-school/bot.env b/secrets/cors-school/bot.env new file mode 100644 index 0000000..b3a54fd Binary files /dev/null and b/secrets/cors-school/bot.env differ diff --git a/secrets/cors-school/db.env b/secrets/cors-school/db.env new file mode 100644 index 0000000..6954a69 Binary files /dev/null and b/secrets/cors-school/db.env differ diff --git a/secrets/cors-school/server.env b/secrets/cors-school/server.env new file mode 100644 index 0000000..44ecd71 Binary files /dev/null and b/secrets/cors-school/server.env differ diff --git a/secrets/karin-bot/.env b/secrets/karin-bot/.env new file mode 100644 index 0000000..1440911 Binary files /dev/null and b/secrets/karin-bot/.env differ diff --git a/secrets/minecraft/.env b/secrets/minecraft/.env new file mode 100644 index 0000000..86936a7 Binary files /dev/null and b/secrets/minecraft/.env differ diff --git a/secrets/vps1.env b/secrets/vps1.env new file mode 100644 index 0000000..bdcfc28 Binary files /dev/null and b/secrets/vps1.env differ diff --git a/secrets/vps2.env b/secrets/vps2.env new file mode 100644 index 0000000..bdcfc28 Binary files /dev/null and b/secrets/vps2.env differ diff --git a/shell.nix b/shell.nix index 896485e..e845754 100644 --- a/shell.nix +++ b/shell.nix @@ -1,6 +1,9 @@ { pkgs ? import { } }: pkgs.mkShell { packages = with pkgs; [ + ansible + ansible-lint awscli + certbot colmena dig openssl diff --git a/vps2/Caddyfile b/vps2/Caddyfile new file mode 100644 index 0000000..f5e1903 --- /dev/null +++ b/vps2/Caddyfile @@ -0,0 +1,47 @@ +{ + email nilstrieb@gmail.com +} + +# https://gist.github.com/ryanburnette/d13575c9ced201e73f8169d3a793c1a3 +(cors) { + @cors_preflight{args.0} method OPTIONS + @cors{args.0} header Origin {args.0} + + handle @cors_preflight{args.0} { + header { + Access-Control-Allow-Origin "{args.0}" + Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS" + Access-Control-Allow-Credentials "false" + Access-Control-Allow-Headers "${args.1}" + Access-Control-Max-Age "86400" + defer + } + respond "" 204 + } + + handle @cors{args.0} { + header { + Access-Control-Allow-Origin "{args.0}" + Access-Control-Expose-Headers * + defer + } + } +} + +vps2.nilstrieb.dev { + root * /var/www/html/debug + file_server +} + +old-docker.noratrieb.dev { + reverse_proxy * localhost:5000 +} + +api.cors-school.nilstrieb.dev { + import cors https://cors-school.nilstrieb.dev "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,token,refresh-token,Authorization" + reverse_proxy * localhost:5003 +} + +cors-school.nilstrieb.dev { + reverse_proxy * localhost:5004 +} diff --git a/vps2/backup.sh b/vps2/backup.sh new file mode 100755 index 0000000..560d54b --- /dev/null +++ b/vps2/backup.sh @@ -0,0 +1,76 @@ +#!/usr/bin/env bash + +set -euxo pipefail + +BUCKET=nilstrieb-backups +PREFIX="1/$(date --rfc-3339 seconds --utc)" + +cd /apps + +function upload_file { + local file="$1" + local tmppath + tmppath="$(mktemp)" + + cp "$file" "$tmppath" + xz "$tmppath" + aws s3api put-object --bucket "$BUCKET" --key "${PREFIX}/${file}.xz" --body "${tmppath}.xz" + + rm "$tmppath.xz" +} + +function upload_pg_dump { + local appname="$1" + local containername="$2" + local dbname="$3" + local username="$4" + local tmppath + tmppath="$(mktemp)" + + docker exec "$containername" pg_dump --format=custom --file /tmp/db.bak --host "127.0.0.1" --dbname "$dbname" --username "$username" + docker cp "$containername:/tmp/db.bak" "$tmppath" + xz "$tmppath" + aws s3api put-object --bucket "$BUCKET" --key "${PREFIX}/$appname/postgres.bak.xz" --body "$tmppath.xz" + + docker exec "$containername" rm "/tmp/db.bak" + rm "$tmppath.xz" +} + +function upload_dump_mongo { + local appname="$1" + local containername="$2" + local usernamepassword="$3" + local tmppath + tmppath="$(mktemp)" + + docker exec "$containername" mongodump --archive=/tmp/db.bak --uri="mongodb://${usernamepassword}@127.0.0.1:27017" + docker cp "$containername:/tmp/db.bak" "$tmppath" + xz "$tmppath" + aws s3api put-object --bucket "$BUCKET" --key "${PREFIX}/$appname/db.bak.xz" --body "$tmppath.xz" + + docker exec "$containername" rm "/tmp/db.bak" + rm "$tmppath.xz" +} + +function upload_directory { + local appname="$1" + local directory="$2" + local filename="$3" + local tmppath + tmppath="$(mktemp)" + + tar -cJf "$tmppath" "$directory" + aws s3api put-object --bucket "$BUCKET" --key "${PREFIX}/$appname/$filename" --body "$tmppath" + + rm "$tmppath" +} + +upload_pg_dump "cors-school" "cors-school-db" "davinci" "postgres" + +# shellcheck disable=SC1091 +source "karin-bot/.env" +upload_dump_mongo "karin-bot" "karin-bot-db" "$MONGO_INITDB_ROOT_USERNAME:$MONGO_INITDB_ROOT_PASSWORD" + +upload_directory "openolat" "openolat/olatdata" "olatdata.tar.xz" + +echo "Finished backup!" diff --git a/vps2/docker-compose.yml b/vps2/docker-compose.yml new file mode 100644 index 0000000..b66cc6c --- /dev/null +++ b/vps2/docker-compose.yml @@ -0,0 +1,109 @@ +version: "3.8" +services: + #### Karin + karin_bot_db: + container_name: karin-bot-db + image: "mongo:latest" + restart: always + volumes: + - "/apps/karin-bot/data:/data/db" + environment: + RUST_LOG: info + PRETTY: "true" + env_file: + - "/apps/karin-bot/.env" + networks: + - karin-bot + deploy: + resources: + limits: + cpus: "0.5" + memory: 500M + karin_bot: + container_name: karin-bot + image: "docker.noratrieb.dev/discord-court-bot:921be642" + restart: always + env_file: + - "/apps/karin-bot/.env" + environment: + DB_NAME: court_bot + MONGO_URI: "mongodb://karin-bot-db:27017" + RUST_LOG: INFO + PRETTY: "false" + networks: + - karin-bot + #### Cors School + cors_school_db: + container_name: cors-school-db + image: "postgres:latest" + restart: always + volumes: + - "/apps/cors-school/data:/var/lib/postgresql/data" + env_file: + # POSTGRES_PASSWORD=PASSWORD + - "/apps/cors-school/db.env" + environment: + POSTGRES_DB: davinci + PGDATA: "/var/lib/postgresql/data/pgdata" + networks: + - cors-school + cors_school_server: + container_name: cors-school-server + image: "docker.noratrieb.dev/cors-school-server:bef75a80" + restart: always + env_file: + # DATABASE_URL=postgres://postgres:PASSWORD@cors-school-db/davinci + # JWT_SECRET=secret + - "/apps/cors-school/server.env" + environment: + RUST_LOG: info + networks: + - cors-school + ports: + - "5003:8080" + cors_school_client: + container_name: cors-school-client + image: "docker.noratrieb.dev/cors-school-client:bef75a80" + restart: always + ports: + - "5004:80" + cors_school_bot: + container_name: cors-school-bot + image: "docker.noratrieb.dev/cors-school-bot:bef75a80" + restart: always + volumes: + # DISCORD_TOKEN= + # CORS_API_TOKEN= + - "/apps/cors-school/bot.env:/.env" + environment: + APPLICATION_ID: "867725027080142870" + RUST_LOG: info + BACKEND_URL: "http://cors-school-server:8080/api" + networks: + - cors-school + # minecraft_server: + # container_name: minecraft-server + # image: itzg/minecraft-server:latest + # restart: always + # environment: + # - TYPE=VANILLA + # - VERSION=1.20.1 + # - DIFFICULTY=HARD + # - EULA=TRUE + # - MOTD=baden + # - MEMORY=6G + # - MODE=creative + # - PVP=true + # - SERVER_NAME=hallenbad + # - USE_AIKAR_FLAGS=true + # env_file: + # # For example, storing the WHITELIST and OPS + # - /apps/minecraft/.env + # ports: + # - "25565:25565" + # volumes: + # - /apps/minecraft/server:/data + +networks: + cors-school: + karin-bot: