Periodic/system-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Periodic:554b2863f3243e809ef6eb0ebfc093c40e57bbfc
Branches Tags
Periodic:main
..
compare: Periodic:ee3b7c2c534f25760d30eca95e027f3cefc1e57f
Branches Tags
Periodic:main

4 Commits
554b2863f3 ... ee3b7c2c53

Author SHA1 Message Date
Drew Haven
ee3b7c2c53 [wow.blazestar.net] Adds static site 2025-09-15 17:08:03 -07:00
Drew Haven
746e31dca2 [nextcloud] Move back to a stable version after some bugs 2025-09-15 17:08:03 -07:00
Drew Haven
9a59e60044 [nextcloud] Remove unused env vars 2025-09-15 17:08:03 -07:00
Drew Haven
646221721e [Tandoor] Adds tandoor service 2025-09-15 17:08:03 -07:00
6 changed files with 64 additions and 17 deletions
Expand all files Collapse all files

6
secrets/mcp.yaml
View File

@@ -21,6 +21,8 @@ matrix:
db-password: ENC[AES256_GCM,data:N/IO0k/2BZpmaDTbKZmSgZNzmdk=,iv:p0jGjJ9mTCh5FPM/Oe1vxusYvlyg14UeggE5ynpDVL8=,tag:tZbddwxJf6wSH6L1QRUQVg==,type:str]
secret: ENC[AES256_GCM,data:KZjYxjUxGgkY1I5jGF7XMEhkHK+khDaQzxugoKxpLsROmVs722tFfbUAxhp71llam55gy9+eUWGxIPlmvOySlw==,iv:OoThGcT08Z11kpnAMQ7w59wj5JheNFGEk1jfFENsmy0=,tag:8EeKT7dh2/a52Amf6LsL1w==,type:str]
blazestar-registration-token: ENC[AES256_GCM,data:TB3bR+E4H4c2l9pRcEOAZr35+vBVaJUcuCs9K0Pjd0aW+M35x5LgZ8+F99Y=,iv:e28sie6LSI5UX41BPb+yN+3n+Yw9Ssfsqe4zppwbPkU=,tag:cQPgZcRFbYSiZnmPVtZxHg==,type:str]
tandoor:
secret_key: ENC[AES256_GCM,data:nl7S2fS1wENrT5k2iZfLEAGc99lCUktgwR5L5KklF69BNVKQkW1rUgb3aIv50VpXZa+3OxV/vdPmG9NhKMy96I5+Dno=,iv:FFyGQBARz0B5zrONZELzUMsOIn8TWrDNTKGsAHPlS7w=,tag:/c4MnDfLXQpBZDqVxZ0DTg==,type:str]
sops:
age:
- recipient: age1yvdzvuvu5wqztcx6ll2xk6x547uuyqy735tjjdd7zftkz53jsf9qf5ahue
@@ -41,7 +43,7 @@ sops:
by9aNFY4dXNxaWxnTXFTQS9reHhuQWMKh5rZ93nFtBV9EpFVRp+E+GXZ6xzVy2Jw
vFh4deGcAb60q4odSaeWfk1Dr7L9Ua69oK9omjbCNUt+P7Kwlfca7Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-25T19:04:18Z"
mac: ENC[AES256_GCM,data:86YT/B9fCgrEoalBQnanYXb0CYipDQoa/ZmIrMpbJr5SS7xyOAYXN4d7mA7dPhV2mjYbMtE2KRdVKCzvzdWLEysz9EZEuTR+Ea/2euxn/oRi7emjGTUgGZa9QMrkONgn/3/oJY4vMRqBPeh29b2akVlrvP/b2ai7dZpDnTICNqI=,iv:22tlDd3VzMrgKsZiZE9mPMS/nuYUd/nzyDkNd6r7CMc=,tag:Ej3joMSm9uDFFY7TK0DyOA==,type:str]
lastmodified: "2025-08-07T19:03:58Z"
mac: ENC[AES256_GCM,data:Rjb4uTow01fHFOcjKFBCvqpow+yAeSY0RymCoSFUNhavsE4HBqhw2acWsNkXqTQA1FxczJP5mtesYNzg7tQR2fN+a/T5jG7q5sC+RYQkDZPy5ECVxEv3J+BtXmMuKJS3YadiIy0iQTXiiwmYBo8cnKIDxQ75AQLoGCGxSr42NU8=,iv:aSevCC9kbYnTy9KuXcxjaeFmERa+qCn9E3ANCJ2CqoU=,tag:RC0H+lRWfBfOGX2VJoAfyg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

1
system/hosts/mcp/containers/havenisms.com/default.nix
View File

@@ -3,5 +3,6 @@
imports = [
./chat.nix
./storyden.nix
./tandoor.nix
];
}

30
system/hosts/mcp/containers/havenisms.com/tandoor.nix Normal file
View File

@@ -0,0 +1,30 @@
{ config, ... }:
let
inherit (import ../lib.nix config) havenisms;
in
{
sops.secrets = {
"tandoor/secret_key" = {
restartUnits = [ "${config.local.container-backend}-tandoor.service" ];
};
};
sops.templates."tandoor.env".content = ''
SECRET_KEY="${config.sops.placeholder."tandoor/secret_key"}"
DB_ENGINE=django.db.backends.sqlite3
'';
virtualisation.web-containers.containers.tandoor = {
image = "vabene1111/recipes";
hostname = "recipes";
domain = havenisms;
port = 80;
volumes = [
"/tank/tandoor-recipes/mediafiles:/opt/recipes/mediafiles"
"/tank/tandoor-recipes/staticfiles:/opt/recipes/staticfiles"
];
environmentFiles = [
config.sops.templates."tandoor.env".path
];
};
}

10
system/hosts/mcp/containers/nextcloud.nix
View File

@@ -4,7 +4,7 @@ let
in
{
virtualisation.oci-containers.containers.nextcloud = {
image = "docker.io/library/nextcloud:latest";
image = "docker.io/library/nextcloud:31";
extraOptions = [
"-l=traefik.enable=true"
"-l=traefik.http.routers.nextcloud.rule=${hostRule "cloud" havenisms}"
@@ -20,13 +20,5 @@ in
volumes = [
"/tank/nextcloud:/var/www/html"
];
environment = {
POSTGRES_HOST = "db";
POSTGRES_DB = "nextcloud";
POSTGRES_USER = "nextcloud";
# TODO: Secrets
POSTGRES_PASSWORD = "nextcloud123";
};
};
}

25
system/hosts/mcp/containers/public-homepage.nix
View File

@@ -10,9 +10,22 @@ let
{
host,
dir ? "public",
redirectWww ? true,
}:
let
cleanHost = lib.strings.stringAsChars (c: if c == "." then "-" else c) host;
wwwLabels =
if redirectWww then
{
"traefik.http.routers.${cleanHost}.middlewares" = "${cleanHost}-add-www@docker";
"traefik.http.middlewares.${cleanHost}-add-www.redirectregex.regex" = "^https://${host}/(.*)";
"traefik.http.middlewares.${cleanHost}-add-www.redirectregex.replacement" =
"https://www.${host}/\${1}";
"traefik.http.middlewares.${cleanHost}-add-www.redirectregex.permanent" = "true";
}
else
{ };
in
{
"${cleanHost}-static" = {
@@ -24,13 +37,8 @@ let
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${cleanHost}.rule" = "Host(`${host}`) || Host(`www.${host}`)";
"traefik.http.routers.${cleanHost}.middlewares" = "${cleanHost}-add-www@docker";
"traefik.http.services.${cleanHost}.loadbalancer.server.port" = "80";
"traefik.http.middlewares.${cleanHost}-add-www.redirectregex.regex" = "^https://${host}/(.*)";
"traefik.http.middlewares.${cleanHost}-add-www.redirectregex.replacement" =
"https://www.${host}/\${1}";
"traefik.http.middlewares.${cleanHost}-add-www.redirectregex.permanent" = "true";
};
} // wwwLabels;
};
};
in
@@ -44,6 +52,11 @@ in
host = blazestar;
dir = "deployed";
}
// mkStaticSite {
host = "wow.${blazestar}";
dir = "deployed";
redirectWww = false;
}
// mkStaticSite {
host = havenisms;
dir = "public";

9
system/hosts/mcp/static-site-hooks.nix
View File

@@ -129,6 +129,15 @@ in
trigger-rule-mismatch-http-response-code = 400;
inherit trigger-rule;
};
"deploy-wow-blazestar-net" = {
id = "deploy-wow-blazestar-net";
http-methods = [ "POST" ];
command-working-directory = "/tank/web/wow.blazestar.net";
include-command-output-in-response-on-error = true;
execute-command = "${deployNpmApp}/bin/build-npm-app";
trigger-rule-mismatch-http-response-code = 400;
inherit trigger-rule;
};
};
};
}