From 75fe623d9745d5eb7f4242b63b1652756885b02b Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Sun, 2 Feb 2025 01:28:14 +0300
Subject: feat(ops/nevsky): run keycloak/panettone/paroxysm

These are the postgres-database using services.

Change-Id: I4e8d854e798d85e1b14bfa78aae8827ac0881c7d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13092
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
---
 ops/glesys/main.tf              |  4 ++--
 ops/machines/nevsky/default.nix | 47 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 49 insertions(+), 2 deletions(-)

diff --git a/ops/glesys/main.tf b/ops/glesys/main.tf
index e24272bc920f..2e84f7ca59ba 100644
--- a/ops/glesys/main.tf
+++ b/ops/glesys/main.tf
@@ -94,14 +94,14 @@ variable "sanduny_ipv6" {
 locals {
   # Hostnames of all public services on whitby
   whitby_services = [
-    "auth",
-    "b",
     "deploys",
     "status",
   ]
 
   # Hostnames of all public services on nevsky
   nevsky_services = [
+    "auth",
+    "b",
     "cl",
     "code",
     "cs",
diff --git a/ops/machines/nevsky/default.nix b/ops/machines/nevsky/default.nix
index 08861e1ffbe2..c1c42d426a04 100644
--- a/ops/machines/nevsky/default.nix
+++ b/ops/machines/nevsky/default.nix
@@ -8,6 +8,7 @@ in
   imports = [
     (mod "builderball.nix")
     (mod "cgit.nix")
+    (mod "cheddar.nix")
     (mod "clbot.nix")
     (mod "harmonia.nix")
     (mod "irccat.nix")
@@ -16,14 +17,19 @@ in
     (mod "livegrep.nix")
     (mod "monorepo-gerrit.nix")
     (mod "owothia.nix")
+    (mod "panettone.nix")
+    (mod "paroxysm.nix")
     (mod "restic.nix")
     (mod "smtprelay.nix")
     (mod "tvl-buildkite.nix")
     (mod "tvl-slapd/default.nix")
     (mod "tvl-users.nix")
+    (mod "www/auth.tvl.fyi.nix")
+    (mod "www/b.tvl.fyi.nix")
     (mod "www/cache.tvl.fyi.nix")
     (mod "www/cl.tvl.fyi.nix")
     (mod "www/code.tvl.fyi.nix")
+    (mod "www/cs.tvl.fyi.nix")
     (mod "www/grep.tvl.fyi.nix")
     (mod "www/self-cache.tvl.fyi.nix")
     (mod "www/self-redirect.nix")
@@ -307,6 +313,9 @@ in
 
     builderball.enable = true;
 
+    # Run Markdown/code renderer
+    cheddar.enable = true;
+
     # Run a livegrep code search instance
     livegrep.enable = true;
 
@@ -333,6 +342,17 @@ in
       agentCount = 16;
     };
 
+    # Run the Panettone issue tracker
+    panettone = {
+      enable = true;
+      dbUser = "panettone";
+      dbName = "panettone";
+      irccatChannel = "#tvl";
+    };
+
+    # Run the first cursed bot (quote bot)
+    paroxysm.enable = true;
+
     # make our channel more owo
     owothia = {
       enable = true;
@@ -433,6 +453,33 @@ in
     };
   };
 
+  services.keycloak = {
+    enable = true;
+
+    settings = {
+      http-port = 5925; # kycl
+      hostname = "auth.tvl.fyi";
+      http-relative-path = "/auth";
+      proxy-headers = "xforwarded";
+      http-enabled = true;
+    };
+
+    database = {
+      type = "postgresql";
+      passwordFile = config.age.secretsDir + "/keycloak-db";
+      createLocally = false;
+    };
+  };
+
+  services.postgresqlBackup = {
+    enable = true;
+    databases = [
+      "keycloak"
+      "panettone"
+      "tvldb"
+    ];
+  };
+
   # Use TVL cache locally through the proxy; for cross-builder substitution.
   tvl.cache.enable = true;
   tvl.cache.builderball = true;
-- 
cgit 1.4.1