diff options
| author | Vincent Ambo <mail@tazj.in> | 2025-02-01T22·28+0300 |
|---|---|---|
| committer | tazjin <mail@tazj.in> | 2025-02-02T14·58+0000 |
| commit | 75fe623d9745d5eb7f4242b63b1652756885b02b (patch) | |
| tree | d0e4e67d9dfacb028298f81e06b1c4bdb3532689 | |
| parent | 3a92f43ee54d9803711ab081fd59340acafb99e9 (diff) | |
feat(ops/nevsky): run keycloak/panettone/paroxysm r/9172
These are the postgres-database using services. Change-Id: I4e8d854e798d85e1b14bfa78aae8827ac0881c7d Reviewed-on: https://cl.tvl.fyi/c/depot/+/13092 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
| -rw-r--r-- | ops/glesys/main.tf | 4 | ||||
| -rw-r--r-- | ops/machines/nevsky/default.nix | 47 |
2 files changed, 49 insertions, 2 deletions
diff --git a/ops/glesys/main.tf b/ops/glesys/main.tf index e24272bc920f..2e84f7ca59ba 100644 --- a/ops/glesys/main.tf +++ b/ops/glesys/main.tf @@ -94,14 +94,14 @@ variable "sanduny_ipv6" { locals { # Hostnames of all public services on whitby whitby_services = [ - "auth", - "b", "deploys", "status", ] # Hostnames of all public services on nevsky nevsky_services = [ + "auth", + "b", "cl", "code", "cs", diff --git a/ops/machines/nevsky/default.nix b/ops/machines/nevsky/default.nix index 08861e1ffbe2..c1c42d426a04 100644 --- a/ops/machines/nevsky/default.nix +++ b/ops/machines/nevsky/default.nix @@ -8,6 +8,7 @@ in imports = [ (mod "builderball.nix") (mod "cgit.nix") + (mod "cheddar.nix") (mod "clbot.nix") (mod "harmonia.nix") (mod "irccat.nix") @@ -16,14 +17,19 @@ in (mod "livegrep.nix") (mod "monorepo-gerrit.nix") (mod "owothia.nix") + (mod "panettone.nix") + (mod "paroxysm.nix") (mod "restic.nix") (mod "smtprelay.nix") (mod "tvl-buildkite.nix") (mod "tvl-slapd/default.nix") (mod "tvl-users.nix") + (mod "www/auth.tvl.fyi.nix") + (mod "www/b.tvl.fyi.nix") (mod "www/cache.tvl.fyi.nix") (mod "www/cl.tvl.fyi.nix") (mod "www/code.tvl.fyi.nix") + (mod "www/cs.tvl.fyi.nix") (mod "www/grep.tvl.fyi.nix") (mod "www/self-cache.tvl.fyi.nix") (mod "www/self-redirect.nix") @@ -307,6 +313,9 @@ in builderball.enable = true; + # Run Markdown/code renderer + cheddar.enable = true; + # Run a livegrep code search instance livegrep.enable = true; @@ -333,6 +342,17 @@ in agentCount = 16; }; + # Run the Panettone issue tracker + panettone = { + enable = true; + dbUser = "panettone"; + dbName = "panettone"; + irccatChannel = "#tvl"; + }; + + # Run the first cursed bot (quote bot) + paroxysm.enable = true; + # make our channel more owo owothia = { enable = true; @@ -433,6 +453,33 @@ in }; }; + services.keycloak = { + enable = true; + + settings = { + http-port = 5925; # kycl + hostname = "auth.tvl.fyi"; + http-relative-path = "/auth"; + proxy-headers = "xforwarded"; + http-enabled = true; + }; + + database = { + type = "postgresql"; + passwordFile = config.age.secretsDir + "/keycloak-db"; + createLocally = false; + }; + }; + + services.postgresqlBackup = { + enable = true; + databases = [ + "keycloak" + "panettone" + "tvldb" + ]; + }; + # Use TVL cache locally through the proxy; for cross-builder substitution. tvl.cache.enable = true; tvl.cache.builderball = true; |