Periodic/system-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[dm-companion] Sets up auto-deploy and moves it to terakoda.com

Browse Source
This commit is contained in:
Drew Haven
2025-06-15 10:29:39 -07:00
parent 32e10284d0
commit cda32ea550
3 changed files with 71 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
secrets/mcp.yaml
View File

@@ -16,6 +16,7 @@ traefik:
oauth2-plugin-secret: ENC[AES256_GCM,data:sArqwKHAdW35o5kD7DGfXSYCXFUXqvKQdoVnXutsNLw=,iv:qWf597QS3BqkVQkeAb99HbpDB0kUhdD+qKdpUPZEB0o=,tag:vXnb93npaklItWkMZ+/M9Q==,type:str] oauth2-plugin-secret: ENC[AES256_GCM,data:sArqwKHAdW35o5kD7DGfXSYCXFUXqvKQdoVnXutsNLw=,iv:qWf597QS3BqkVQkeAb99HbpDB0kUhdD+qKdpUPZEB0o=,tag:vXnb93npaklItWkMZ+/M9Q==,type:str]
deploy-key: deploy-key:
terakoda.com: ENC[AES256_GCM,data:STOAUPihw2KfndKm/XV5evihrTy/TQrbtVh7EpEyVE6Z1FsJd3UljcjhTmp/Z3nSpq4LCiezmaxISTnQDIP/NzPfou309SLl2QvD7deFhurMsYbeWJw62RP0ClBfteBaVxeqlH/pksoE1cJaZFxv/KxXYYoxzCUzeXC31GQv6Mft+/FnA1rsVp2n0Ay73hMVjMY0ml2csybLOuuKyxEq3nImhLFvtr4jJhVmxnN2L+bs0a+GohjC98HwITJD2OsrJwSpW4cv2v1GqeJCr2om5SgplwvjkiHJrg/WLO8N6BuVDOy0yx9Vbf1cAwkzPd3gBeKd5po+baJwRFAXpB03KvG/w6Yz/4ewo4X78IhwtLvTl876e/i/7K17ILvc5JJrKe9lmEuNUaItRPWYypEHrkge/PXSAvPIqRnAEi3jfOfVXWygZPerS3hs7bBE/Lem1U7/MUcK+pfXnZDgbWVsRuFhZhxasFGa7cG+gBUZsHWbyXi2e/koFUqUTR0HU0q0zF1xw/8jthPPGoIJ/0tP,iv:99AI3rnNjt9XqXJHnQ3DAEFm90h465ymjNWEpsWvRnM=,tag:96dnIojTXXONozgYDFwcBA==,type:str] terakoda.com: ENC[AES256_GCM,data:STOAUPihw2KfndKm/XV5evihrTy/TQrbtVh7EpEyVE6Z1FsJd3UljcjhTmp/Z3nSpq4LCiezmaxISTnQDIP/NzPfou309SLl2QvD7deFhurMsYbeWJw62RP0ClBfteBaVxeqlH/pksoE1cJaZFxv/KxXYYoxzCUzeXC31GQv6Mft+/FnA1rsVp2n0Ay73hMVjMY0ml2csybLOuuKyxEq3nImhLFvtr4jJhVmxnN2L+bs0a+GohjC98HwITJD2OsrJwSpW4cv2v1GqeJCr2om5SgplwvjkiHJrg/WLO8N6BuVDOy0yx9Vbf1cAwkzPd3gBeKd5po+baJwRFAXpB03KvG/w6Yz/4ewo4X78IhwtLvTl876e/i/7K17ILvc5JJrKe9lmEuNUaItRPWYypEHrkge/PXSAvPIqRnAEi3jfOfVXWygZPerS3hs7bBE/Lem1U7/MUcK+pfXnZDgbWVsRuFhZhxasFGa7cG+gBUZsHWbyXi2e/koFUqUTR0HU0q0zF1xw/8jthPPGoIJ/0tP,iv:99AI3rnNjt9XqXJHnQ3DAEFm90h465ymjNWEpsWvRnM=,tag:96dnIojTXXONozgYDFwcBA==,type:str]
dm.terakoda.com: ENC[AES256_GCM,data:WvRoASLJZF3IqFTJvZbn/+l9Jm16+K2kf7MefMpElmIZhpROaWxyPO5DyJaCqGsUZOaf9+ulOhhy+harmyE2VtKYAA6XDkMh1aBFMuBxwYYY4D6UW182RhSfqTYCFD8KulgSpBYFHhbhmc8U9Yfp1248ex35abwX5+Ck0jD7v57TsWv37o7KzECyPkx3hzMbDeUe3ivqq/t5VUzrwws4Ds6eI3ytk/FX4VsjdoBDkHoDMyaloI6ErpEQX48KIP+ljYaOte4rTIXiX4ftbW3NVZtf7EVUJ8qa0sWhfSfYhSk+C1SMw+2jeYnG2pDBW7g46wj3uyq5l6+Wg3o1per/3YCdaiQ86taShpLVzbTdpLer7TwCZwxGlLgPO+75d2i2hKLBQdj/YpRAOAiz4sBYpHFc2cR20E8NnIWNxPg1CPrTnfsiOQ+qhbvvmjHShz3sRmT4I0QXP8Yr2fm6bkDQj6dWdyf2UmiNOqhVeqvABxlZIAM/Yhb+83eOQWY77G+loXxeo3e5vLBHeXvdYRkk,iv:ysnpaSDWG+YuqV2QOt3W6CfU8C5cThd1MzDwqzadCbQ=,tag:X9fjM4LhZe2XwG0OxnyoSA==,type:str]
sops: sops:
age: age:
- recipient: age1yvdzvuvu5wqztcx6ll2xk6x547uuyqy735tjjdd7zftkz53jsf9qf5ahue - recipient: age1yvdzvuvu5wqztcx6ll2xk6x547uuyqy735tjjdd7zftkz53jsf9qf5ahue
@@ -36,7 +37,7 @@ sops:
by9aNFY4dXNxaWxnTXFTQS9reHhuQWMKh5rZ93nFtBV9EpFVRp+E+GXZ6xzVy2Jw by9aNFY4dXNxaWxnTXFTQS9reHhuQWMKh5rZ93nFtBV9EpFVRp+E+GXZ6xzVy2Jw
vFh4deGcAb60q4odSaeWfk1Dr7L9Ua69oK9omjbCNUt+P7Kwlfca7Q== vFh4deGcAb60q4odSaeWfk1Dr7L9Ua69oK9omjbCNUt+P7Kwlfca7Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-06-04T22:56:20Z" lastmodified: "2025-06-15T03:39:30Z"
mac: ENC[AES256_GCM,data:EOPjNLAQRvi2FgmYwHST1eZDj1lMT4+Nwi5YS8yJI7w2Y8pkBiKx1JqMzNW7DSmwIf8J7TCmK+7bmJPF+WyLPous8B920zbn9Rt8ttLpSRBOHCReH9k3FwYAtAkYYCMB2oeDkpWjTnU2xeUh/FqOkRInw98sy3EO0HPEtXdPrng=,iv:17nuB8ders0PI92BrWX3mwuxqDafckM9Reu+wiRo5/0=,tag:mirzSqpscIrDp7vZwX0+NQ==,type:str] mac: ENC[AES256_GCM,data:NM96EJZf1MauW3RPd9G3GiI3sA4K05VnfS9yakBaToecTMrWpAPZ278faqvU8VocRb4GvMVHvTONGJ2G8d3GHboq+E3MGMopZBkbbDTTuc5KSaL4yOJz9iHrC6BOwWbovFOBKFt708Qq1Y9Gep0feGfy9zYiIqd0Ltnc5X2QXXY=,iv:1qlIilZ4PmnYNXV5G8xifCL1ym4rJgfgjMADnN/cOEw=,tag:onA5AW9VdL5n1aUiHVHN9A==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.10.2

13
system/hosts/mcp/containers/dm-companion.nix
View File

@@ -1,6 +1,6 @@
{ config, ... }: { config, ... }:
let let
inherit (import ./lib.nix config) mkContainer localHostRule havenisms; inherit (import ./lib.nix config) mkContainer localHostRule terakoda;
in in
{ {
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {
@@ -14,22 +14,27 @@ in
port = 8080; port = 8080;
volumes = [ volumes = [
"dm-companion:/pb/pb_data" "dm-companion:/pb/pb_data"
"/tank/web/dm.terakoda.com/pb_migrations:/pb/pb_migrations:ro"
]; ];
environment = { }; environment = { };
extraLabels = { extraLabels = {
"traefik.http.routers.${hostName}-api.rule" = "traefik.http.routers.${hostName}-api.rule" =
"PathPrefix(`/api`) && ${localHostRule "dm" havenisms}"; "PathPrefix(`/api`) && ${localHostRule "dm" terakoda}";
"traefik.http.routers.${hostName}-api.service" = "${hostName}"; "traefik.http.routers.${hostName}-api.service" = "${hostName}";
}; };
}; };
dm-companion = mkContainer { dm-companion = mkContainer {
image = "nginx:alpine";
hostName = "dm"; hostName = "dm";
image = "docker.havenisms.com/lazy-dm/app"; domain = terakoda;
port = 80; port = 80;
dependsOn = [ dependsOn = [
"dm-companion-pocketbase" "dm-companion-pocketbase"
]; ];
volumes = [ ]; volumes = [
"/tank/web/dm.terakoda.com/dist:/usr/share/nginx/html:ro"
];
}; };
}; };
} }

45
system/hosts/mcp/static-site-hooks.nix
View File

@@ -6,7 +6,7 @@ let
testHook = testHook =
with pkgs; with pkgs;
writeShellApplication { writeShellApplication {
name = "deploy-astro-app"; name = "build-npm-app";
runtimeInputs = [ runtimeInputs = [
openssh openssh
gitFull gitFull
@@ -43,21 +43,14 @@ in
restartUnits = [ "webhook.service" ]; restartUnits = [ "webhook.service" ];
owner = config.users.users.webhook.name; owner = config.users.users.webhook.name;
}; };
"deploy-key/dm.terakoda.com" = {
restartUnits = [ "webhook.service" ];
owner = config.users.users.webhook.name;
};
}; };
services.webhook = { services.webhook =
enable = true; let
verbose = true;
port = 9000;
openFirewall = true;
hooks = {
"deploy-terakoda-com" = {
id = "deploy-terakoda-com";
http-methods = [ "POST" ];
command-working-directory = "/tank/web/terakoda.com";
include-command-output-in-response-on-error = true;
execute-command = "${testHook}/bin/deploy-astro-app";
trigger-rule-mismatch-http-response-code = 400;
trigger-rule = { trigger-rule = {
or = [ or = [
# There were some issues getting the payload signature validation to work. # There were some issues getting the payload signature validation to work.
@@ -86,6 +79,30 @@ in
} }
]; ];
}; };
in
{
enable = true;
verbose = true;
port = 9000;
openFirewall = true;
hooks = {
"deploy-terakoda-com" = {
id = "deploy-terakoda-com";
http-methods = [ "POST" ];
command-working-directory = "/tank/web/terakoda.com";
include-command-output-in-response-on-error = true;
execute-command = "${testHook}/bin/build-npm-app";
trigger-rule-mismatch-http-response-code = 400;
inherit trigger-rule;
};
"deploy-dm-terakoda-com" = {
id = "deploy-dm-terakoda-com";
http-methods = [ "POST" ];
command-working-directory = "/tank/web/dm.terakoda.com";
include-command-output-in-response-on-error = true;
execute-command = "${testHook}/bin/build-npm-app";
trigger-rule-mismatch-http-response-code = 400;
inherit trigger-rule;
}; };
}; };
}; };