about summary refs log tree commit diff
diff options
context:
space:
mode:
authorVincent Ambo <mail@tazj.in>2023-06-22T15·55+0300
committertazjin <tazjin@tvl.su>2023-06-29T08·54+0000
commitd356f94ef15f9f8e517cc1bcc4b997b1c60d3b63 (patch)
tree00b38b3568ea203a371fa52d93b25c1992c5b45c
parentab8386440735c85120a009203b72a9ff2b43aebd (diff)
feat(tazjin/nixos): deploy monica on koptevo r/6360
Change-Id: Iaa74d995f3b2556673095a32ec2b718dcb2d82a4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8849
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
-rw-r--r--users/tazjin/nixos/default.nix1
-rw-r--r--users/tazjin/nixos/koptevo/default.nix1
-rw-r--r--users/tazjin/nixos/modules/monica.nix26
-rw-r--r--users/tazjin/secrets/monica-appkey.age12
-rw-r--r--users/tazjin/secrets/secrets.nix1
5 files changed, 41 insertions, 0 deletions
diff --git a/users/tazjin/nixos/default.nix b/users/tazjin/nixos/default.nix
index 65c8de114eb6..c0191846e313 100644
--- a/users/tazjin/nixos/default.nix
+++ b/users/tazjin/nixos/default.nix
@@ -6,5 +6,6 @@ in depot.nix.readTree.drvTargets {
   frogSystem = systemFor depot.users.tazjin.nixos.frog;
   tverskoySystem = systemFor depot.users.tazjin.nixos.tverskoy;
   zamalekSystem = systemFor depot.users.tazjin.nixos.zamalek;
+  koptevoRaw = depot.ops.nixos.nixosFor depot.users.tazjin.nixos.koptevo;
   koptevoSystem = systemFor depot.users.tazjin.nixos.koptevo;
 }
diff --git a/users/tazjin/nixos/koptevo/default.nix b/users/tazjin/nixos/koptevo/default.nix
index c8185ba99c8f..dba8550da051 100644
--- a/users/tazjin/nixos/koptevo/default.nix
+++ b/users/tazjin/nixos/koptevo/default.nix
@@ -12,6 +12,7 @@ in
     (mod "quassel.nix")
     (mod "www/base.nix")
     (mod "www/tazj.in.nix")
+    (usermod "monica.nix")
     (usermod "predlozhnik.nix")
     (usermod "tgsa.nix")
     (depot.third_party.agenix.src + "/modules/age.nix")
diff --git a/users/tazjin/nixos/modules/monica.nix b/users/tazjin/nixos/modules/monica.nix
new file mode 100644
index 000000000000..493bffb2f986
--- /dev/null
+++ b/users/tazjin/nixos/modules/monica.nix
@@ -0,0 +1,26 @@
+# Host the Monica personal CRM software.
+{ depot, config, ... }:
+
+{
+  imports = [
+    (depot.third_party.agenix.src + "/modules/age.nix")
+  ];
+
+  age.secrets.monica-appkey = {
+    group = config.services.monica.group;
+    file = depot.users.tazjin.secrets."monica-appkey.age";
+    mode = "0440";
+  };
+
+  services.monica = {
+    enable = true;
+    hostname = "monica.tazj.in";
+    appKeyFile = "/run/agenix/monica-appkey";
+    database.createLocally = true;
+
+    nginx = {
+      enableACME = true;
+      forceSSL = true;
+    };
+  };
+}
diff --git a/users/tazjin/secrets/monica-appkey.age b/users/tazjin/secrets/monica-appkey.age
new file mode 100644
index 000000000000..ee9def472382
--- /dev/null
+++ b/users/tazjin/secrets/monica-appkey.age
@@ -0,0 +1,12 @@
+age-encryption.org/v1
+-> ssh-ed25519 dcsaLw YpW0HEN2i+xqWzJNgex2uGeHqMspQZAdAMgIf8nOBlg
+ot20y/5FlP76ec6zapE4NIlAotT0m37oh1kQTfnCLdk
+-> ssh-ed25519 zcCuhA SvQxLh0QerqZqkD17hsEoAVVoQtK6cOrVl0VdrvYfTo
+YpVvFUH9YKHu4RJ/jqxwL1MvQAOTD5t+f0qZ1XMpmy8
+-> ssh-ed25519 At5Mag Tf7xk0a16cvZdvwiUvwa34n+6U8QWUtHNzDDZ32fan8
+tsZ42RdDaRG4oBQwHcb4HbAaNAT9sGw8krY5A7hA6PQ
+-> /-grease c0+~w )QpN[Rj !0
+ilVbEBr3oQ
+--- IBiBsuTMQaM+qCwPTP/lacDgo//6QmlWeJ5dN2CGx2g
+Ën€q.
+ 
¹ø	8{þ:a0#”(ѳO`yß"S¤2Î-®“!✿ø
ʼnX.HÒÖkðu–ÜâóˆÌ[b7X+K=ô'4*
\ No newline at end of file
diff --git a/users/tazjin/secrets/secrets.nix b/users/tazjin/secrets/secrets.nix
index d6f86decc5dd..65546bd50435 100644
--- a/users/tazjin/secrets/secrets.nix
+++ b/users/tazjin/secrets/secrets.nix
@@ -10,4 +10,5 @@ let
 in
 {
   "tgsa-yandex.age".publicKeys = allKeys;
+  "monica-appkey.age".publicKeys = allKeys;
 }