[wow.blazestar.net] Adds static site

secrets/mcp.yaml

@@ -21,6 +21,8 @@ matrix:
         db-password: ENC[AES256_GCM,data:N/IO0k/2BZpmaDTbKZmSgZNzmdk=,iv:p0jGjJ9mTCh5FPM/Oe1vxusYvlyg14UeggE5ynpDVL8=,tag:tZbddwxJf6wSH6L1QRUQVg==,type:str]
         secret: ENC[AES256_GCM,data:KZjYxjUxGgkY1I5jGF7XMEhkHK+khDaQzxugoKxpLsROmVs722tFfbUAxhp71llam55gy9+eUWGxIPlmvOySlw==,iv:OoThGcT08Z11kpnAMQ7w59wj5JheNFGEk1jfFENsmy0=,tag:8EeKT7dh2/a52Amf6LsL1w==,type:str]
     blazestar-registration-token: ENC[AES256_GCM,data:TB3bR+E4H4c2l9pRcEOAZr35+vBVaJUcuCs9K0Pjd0aW+M35x5LgZ8+F99Y=,iv:e28sie6LSI5UX41BPb+yN+3n+Yw9Ssfsqe4zppwbPkU=,tag:cQPgZcRFbYSiZnmPVtZxHg==,type:str]
+tandoor:
+    secret_key: ENC[AES256_GCM,data:nl7S2fS1wENrT5k2iZfLEAGc99lCUktgwR5L5KklF69BNVKQkW1rUgb3aIv50VpXZa+3OxV/vdPmG9NhKMy96I5+Dno=,iv:FFyGQBARz0B5zrONZELzUMsOIn8TWrDNTKGsAHPlS7w=,tag:/c4MnDfLXQpBZDqVxZ0DTg==,type:str]
 sops:
     age:
         - recipient: age1yvdzvuvu5wqztcx6ll2xk6x547uuyqy735tjjdd7zftkz53jsf9qf5ahue
@@ -41,7 +43,7 @@ sops:
             by9aNFY4dXNxaWxnTXFTQS9reHhuQWMKh5rZ93nFtBV9EpFVRp+E+GXZ6xzVy2Jw
             vFh4deGcAb60q4odSaeWfk1Dr7L9Ua69oK9omjbCNUt+P7Kwlfca7Q==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-07-25T19:04:18Z"
+    lastmodified: "2025-08-07T19:03:58Z"
-    mac: ENC[AES256_GCM,data:86YT/B9fCgrEoalBQnanYXb0CYipDQoa/ZmIrMpbJr5SS7xyOAYXN4d7mA7dPhV2mjYbMtE2KRdVKCzvzdWLEysz9EZEuTR+Ea/2euxn/oRi7emjGTUgGZa9QMrkONgn/3/oJY4vMRqBPeh29b2akVlrvP/b2ai7dZpDnTICNqI=,iv:22tlDd3VzMrgKsZiZE9mPMS/nuYUd/nzyDkNd6r7CMc=,tag:Ej3joMSm9uDFFY7TK0DyOA==,type:str]
+    mac: ENC[AES256_GCM,data:Rjb4uTow01fHFOcjKFBCvqpow+yAeSY0RymCoSFUNhavsE4HBqhw2acWsNkXqTQA1FxczJP5mtesYNzg7tQR2fN+a/T5jG7q5sC+RYQkDZPy5ECVxEv3J+BtXmMuKJS3YadiIy0iQTXiiwmYBo8cnKIDxQ75AQLoGCGxSr42NU8=,iv:aSevCC9kbYnTy9KuXcxjaeFmERa+qCn9E3ANCJ2CqoU=,tag:RC0H+lRWfBfOGX2VJoAfyg==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.10.2

system/hosts/mcp/containers/havenisms.com/default.nix

@@ -3,5 +3,6 @@
   imports = [
     ./chat.nix
     ./storyden.nix
+    ./tandoor.nix
   ];
 }

system/hosts/mcp/containers/havenisms.com/tandoor.nix

@@ -0,0 +1,30 @@
+{ config, ... }:
+let
+  inherit (import ../lib.nix config) havenisms;
+in
+{
+  sops.secrets = {
+    "tandoor/secret_key" = {
+      restartUnits = [ "${config.local.container-backend}-tandoor.service" ];
+    };
+  };
+
+  sops.templates."tandoor.env".content = ''
+    SECRET_KEY="${config.sops.placeholder."tandoor/secret_key"}"
+    DB_ENGINE=django.db.backends.sqlite3
+  '';
+
+  virtualisation.web-containers.containers.tandoor = {
+    image = "vabene1111/recipes";
+    hostname = "recipes";
+    domain = havenisms;
+    port = 80;
+    volumes = [
+      "/tank/tandoor-recipes/mediafiles:/opt/recipes/mediafiles"
+      "/tank/tandoor-recipes/staticfiles:/opt/recipes/staticfiles"
+    ];
+    environmentFiles = [
+      config.sops.templates."tandoor.env".path
+    ];
+  };
+}

system/hosts/mcp/containers/nextcloud.nix

@@ -4,7 +4,7 @@ let
 in
 {
   virtualisation.oci-containers.containers.nextcloud = {
-    image = "docker.io/library/nextcloud:latest";
+    image = "docker.io/library/nextcloud:31";
     extraOptions = [
       "-l=traefik.enable=true"
       "-l=traefik.http.routers.nextcloud.rule=${hostRule "cloud" havenisms}"
@@ -20,13 +20,5 @@ in
     volumes = [
       "/tank/nextcloud:/var/www/html"
     ];
-    environment = {
-      POSTGRES_HOST = "db";
-      POSTGRES_DB = "nextcloud";
-      POSTGRES_USER = "nextcloud";
-      # TODO: Secrets
-      POSTGRES_PASSWORD = "nextcloud123";
-    };
   };
 }
-

system/hosts/mcp/containers/public-homepage.nix

@@ -10,9 +10,22 @@ let
     {
       host,
       dir ? "public",
+      redirectWww ? true,
     }:
     let
       cleanHost = lib.strings.stringAsChars (c: if c == "." then "-" else c) host;
+      wwwLabels =
+        if redirectWww then
+          {
+            "traefik.http.routers.${cleanHost}.middlewares" = "${cleanHost}-add-www@docker";
+            "traefik.http.middlewares.${cleanHost}-add-www.redirectregex.regex" = "^https://${host}/(.*)";
+            "traefik.http.middlewares.${cleanHost}-add-www.redirectregex.replacement" =
+              "https://www.${host}/\${1}";
+            "traefik.http.middlewares.${cleanHost}-add-www.redirectregex.permanent" = "true";
+
+          }
+        else
+          { };
     in
     {
       "${cleanHost}-static" = {
@@ -24,13 +37,8 @@ let
         labels = {
           "traefik.enable" = "true";
           "traefik.http.routers.${cleanHost}.rule" = "Host(`${host}`) || Host(`www.${host}`)";
-          "traefik.http.routers.${cleanHost}.middlewares" = "${cleanHost}-add-www@docker";
           "traefik.http.services.${cleanHost}.loadbalancer.server.port" = "80";
-          "traefik.http.middlewares.${cleanHost}-add-www.redirectregex.regex" = "^https://${host}/(.*)";
+        } // wwwLabels;
-          "traefik.http.middlewares.${cleanHost}-add-www.redirectregex.replacement" =
-            "https://www.${host}/\${1}";
-          "traefik.http.middlewares.${cleanHost}-add-www.redirectregex.permanent" = "true";
-        };
       };
     };
 in
@@ -44,6 +52,11 @@ in
       host = blazestar;
       dir = "deployed";
     }
+    // mkStaticSite {
+      host = "wow.${blazestar}";
+      dir = "deployed";
+      redirectWww = false;
+    }
     // mkStaticSite {
       host = havenisms;
       dir = "public";

system/hosts/mcp/static-site-hooks.nix

@@ -129,6 +129,15 @@ in
           trigger-rule-mismatch-http-response-code = 400;
           inherit trigger-rule;
         };
+        "deploy-wow-blazestar-net" = {
+          id = "deploy-wow-blazestar-net";
+          http-methods = [ "POST" ];
+          command-working-directory = "/tank/web/wow.blazestar.net";
+          include-command-output-in-response-on-error = true;
+          execute-command = "${deployNpmApp}/bin/build-npm-app";
+          trigger-rule-mismatch-http-response-code = 400;
+          inherit trigger-rule;
+        };
       };
     };
 }