diff options
author | Vincent Ambo <mail@tazj.in> | 2023-06-22T15·55+0300 |
---|---|---|
committer | tazjin <tazjin@tvl.su> | 2023-06-29T08·54+0000 |
commit | d356f94ef15f9f8e517cc1bcc4b997b1c60d3b63 (patch) | |
tree | 00b38b3568ea203a371fa52d93b25c1992c5b45c | |
parent | ab8386440735c85120a009203b72a9ff2b43aebd (diff) |
feat(tazjin/nixos): deploy monica on koptevo r/6360
Change-Id: Iaa74d995f3b2556673095a32ec2b718dcb2d82a4 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8849 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
-rw-r--r-- | users/tazjin/nixos/default.nix | 1 | ||||
-rw-r--r-- | users/tazjin/nixos/koptevo/default.nix | 1 | ||||
-rw-r--r-- | users/tazjin/nixos/modules/monica.nix | 26 | ||||
-rw-r--r-- | users/tazjin/secrets/monica-appkey.age | 12 | ||||
-rw-r--r-- | users/tazjin/secrets/secrets.nix | 1 |
5 files changed, 41 insertions, 0 deletions
diff --git a/users/tazjin/nixos/default.nix b/users/tazjin/nixos/default.nix index 65c8de114eb6..c0191846e313 100644 --- a/users/tazjin/nixos/default.nix +++ b/users/tazjin/nixos/default.nix @@ -6,5 +6,6 @@ in depot.nix.readTree.drvTargets { frogSystem = systemFor depot.users.tazjin.nixos.frog; tverskoySystem = systemFor depot.users.tazjin.nixos.tverskoy; zamalekSystem = systemFor depot.users.tazjin.nixos.zamalek; + koptevoRaw = depot.ops.nixos.nixosFor depot.users.tazjin.nixos.koptevo; koptevoSystem = systemFor depot.users.tazjin.nixos.koptevo; } diff --git a/users/tazjin/nixos/koptevo/default.nix b/users/tazjin/nixos/koptevo/default.nix index c8185ba99c8f..dba8550da051 100644 --- a/users/tazjin/nixos/koptevo/default.nix +++ b/users/tazjin/nixos/koptevo/default.nix @@ -12,6 +12,7 @@ in (mod "quassel.nix") (mod "www/base.nix") (mod "www/tazj.in.nix") + (usermod "monica.nix") (usermod "predlozhnik.nix") (usermod "tgsa.nix") (depot.third_party.agenix.src + "/modules/age.nix") diff --git a/users/tazjin/nixos/modules/monica.nix b/users/tazjin/nixos/modules/monica.nix new file mode 100644 index 000000000000..493bffb2f986 --- /dev/null +++ b/users/tazjin/nixos/modules/monica.nix @@ -0,0 +1,26 @@ +# Host the Monica personal CRM software. +{ depot, config, ... }: + +{ + imports = [ + (depot.third_party.agenix.src + "/modules/age.nix") + ]; + + age.secrets.monica-appkey = { + group = config.services.monica.group; + file = depot.users.tazjin.secrets."monica-appkey.age"; + mode = "0440"; + }; + + services.monica = { + enable = true; + hostname = "monica.tazj.in"; + appKeyFile = "/run/agenix/monica-appkey"; + database.createLocally = true; + + nginx = { + enableACME = true; + forceSSL = true; + }; + }; +} diff --git a/users/tazjin/secrets/monica-appkey.age b/users/tazjin/secrets/monica-appkey.age new file mode 100644 index 000000000000..ee9def472382 --- /dev/null +++ b/users/tazjin/secrets/monica-appkey.age @@ -0,0 +1,12 @@ +age-encryption.org/v1 +-> ssh-ed25519 dcsaLw YpW0HEN2i+xqWzJNgex2uGeHqMspQZAdAMgIf8nOBlg +ot20y/5FlP76ec6zapE4NIlAotT0m37oh1kQTfnCLdk +-> ssh-ed25519 zcCuhA SvQxLh0QerqZqkD17hsEoAVVoQtK6cOrVl0VdrvYfTo +YpVvFUH9YKHu4RJ/jqxwL1MvQAOTD5t+f0qZ1XMpmy8 +-> ssh-ed25519 At5Mag Tf7xk0a16cvZdvwiUvwa34n+6U8QWUtHNzDDZ32fan8 +tsZ42RdDaRG4oBQwHcb4HbAaNAT9sGw8krY5A7hA6PQ +-> /-grease c0+~w )QpN[Rj !0 +ilVbEBr3oQ +--- IBiBsuTMQaM+qCwPTP/lacDgo//6QmlWeJ5dN2CGx2g +Ën€q. + ¹ø 8{þ:a0#”(ѳO`yß"S¤2Î-®“!✿ø ʼnX.HÒÖkðu–ÜâóˆÌ[b7X+K=ô'4* \ No newline at end of file diff --git a/users/tazjin/secrets/secrets.nix b/users/tazjin/secrets/secrets.nix index d6f86decc5dd..65546bd50435 100644 --- a/users/tazjin/secrets/secrets.nix +++ b/users/tazjin/secrets/secrets.nix @@ -10,4 +10,5 @@ let in { "tgsa-yandex.age".publicKeys = allKeys; + "monica-appkey.age".publicKeys = allKeys; } |