From 646221721e62e3b0f89e96f307be3f4daccb607a Mon Sep 17 00:00:00 2001 From: Drew Haven Date: Thu, 7 Aug 2025 12:15:33 -0700 Subject: [PATCH] [Tandoor] Adds tandoor service --- secrets/mcp.yaml | 6 ++-- .../mcp/containers/havenisms.com/default.nix | 1 + .../mcp/containers/havenisms.com/tandoor.nix | 30 +++++++++++++++++++ 3 files changed, 35 insertions(+), 2 deletions(-) create mode 100644 system/hosts/mcp/containers/havenisms.com/tandoor.nix diff --git a/secrets/mcp.yaml b/secrets/mcp.yaml index c80bfcd..50989ae 100644 --- a/secrets/mcp.yaml +++ b/secrets/mcp.yaml @@ -21,6 +21,8 @@ matrix: db-password: ENC[AES256_GCM,data:N/IO0k/2BZpmaDTbKZmSgZNzmdk=,iv:p0jGjJ9mTCh5FPM/Oe1vxusYvlyg14UeggE5ynpDVL8=,tag:tZbddwxJf6wSH6L1QRUQVg==,type:str] secret: ENC[AES256_GCM,data:KZjYxjUxGgkY1I5jGF7XMEhkHK+khDaQzxugoKxpLsROmVs722tFfbUAxhp71llam55gy9+eUWGxIPlmvOySlw==,iv:OoThGcT08Z11kpnAMQ7w59wj5JheNFGEk1jfFENsmy0=,tag:8EeKT7dh2/a52Amf6LsL1w==,type:str] blazestar-registration-token: ENC[AES256_GCM,data:TB3bR+E4H4c2l9pRcEOAZr35+vBVaJUcuCs9K0Pjd0aW+M35x5LgZ8+F99Y=,iv:e28sie6LSI5UX41BPb+yN+3n+Yw9Ssfsqe4zppwbPkU=,tag:cQPgZcRFbYSiZnmPVtZxHg==,type:str] +tandoor: + secret_key: ENC[AES256_GCM,data:nl7S2fS1wENrT5k2iZfLEAGc99lCUktgwR5L5KklF69BNVKQkW1rUgb3aIv50VpXZa+3OxV/vdPmG9NhKMy96I5+Dno=,iv:FFyGQBARz0B5zrONZELzUMsOIn8TWrDNTKGsAHPlS7w=,tag:/c4MnDfLXQpBZDqVxZ0DTg==,type:str] sops: age: - recipient: age1yvdzvuvu5wqztcx6ll2xk6x547uuyqy735tjjdd7zftkz53jsf9qf5ahue @@ -41,7 +43,7 @@ sops: by9aNFY4dXNxaWxnTXFTQS9reHhuQWMKh5rZ93nFtBV9EpFVRp+E+GXZ6xzVy2Jw vFh4deGcAb60q4odSaeWfk1Dr7L9Ua69oK9omjbCNUt+P7Kwlfca7Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-25T19:04:18Z" - mac: ENC[AES256_GCM,data:86YT/B9fCgrEoalBQnanYXb0CYipDQoa/ZmIrMpbJr5SS7xyOAYXN4d7mA7dPhV2mjYbMtE2KRdVKCzvzdWLEysz9EZEuTR+Ea/2euxn/oRi7emjGTUgGZa9QMrkONgn/3/oJY4vMRqBPeh29b2akVlrvP/b2ai7dZpDnTICNqI=,iv:22tlDd3VzMrgKsZiZE9mPMS/nuYUd/nzyDkNd6r7CMc=,tag:Ej3joMSm9uDFFY7TK0DyOA==,type:str] + lastmodified: "2025-08-07T19:03:58Z" + mac: ENC[AES256_GCM,data:Rjb4uTow01fHFOcjKFBCvqpow+yAeSY0RymCoSFUNhavsE4HBqhw2acWsNkXqTQA1FxczJP5mtesYNzg7tQR2fN+a/T5jG7q5sC+RYQkDZPy5ECVxEv3J+BtXmMuKJS3YadiIy0iQTXiiwmYBo8cnKIDxQ75AQLoGCGxSr42NU8=,iv:aSevCC9kbYnTy9KuXcxjaeFmERa+qCn9E3ANCJ2CqoU=,tag:RC0H+lRWfBfOGX2VJoAfyg==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2 diff --git a/system/hosts/mcp/containers/havenisms.com/default.nix b/system/hosts/mcp/containers/havenisms.com/default.nix index 3ed6eab..9c820ff 100644 --- a/system/hosts/mcp/containers/havenisms.com/default.nix +++ b/system/hosts/mcp/containers/havenisms.com/default.nix @@ -3,5 +3,6 @@ imports = [ ./chat.nix ./storyden.nix + ./tandoor.nix ]; } diff --git a/system/hosts/mcp/containers/havenisms.com/tandoor.nix b/system/hosts/mcp/containers/havenisms.com/tandoor.nix new file mode 100644 index 0000000..4879ee2 --- /dev/null +++ b/system/hosts/mcp/containers/havenisms.com/tandoor.nix @@ -0,0 +1,30 @@ +{ config, ... }: +let + inherit (import ../lib.nix config) havenisms; +in +{ + sops.secrets = { + "tandoor/secret_key" = { + restartUnits = [ "${config.local.container-backend}-tandoor.service" ]; + }; + }; + + sops.templates."tandoor.env".content = '' + SECRET_KEY="${config.sops.placeholder."tandoor/secret_key"}" + DB_ENGINE=django.db.backends.sqlite3 + ''; + + virtualisation.web-containers.containers.tandoor = { + image = "vabene1111/recipes"; + hostname = "recipes"; + domain = havenisms; + port = 80; + volumes = [ + "/tank/tandoor-recipes/mediafiles:/opt/recipes/mediafiles" + "/tank/tandoor-recipes/staticfiles:/opt/recipes/staticfiles" + ]; + environmentFiles = [ + config.sops.templates."tandoor.env".path + ]; + }; +}