cy/nixos-config
cy/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

take ghost to titan

Browse source
This commit is contained in:
cy 2024-12-28 22:46:25 -05:00
parent b6a16534ea
commit bfb5a13e34
5 changed files with 108 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.sops.yaml
View file

@ -2,6 +2,7 @@ keys:
- &chunk age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn - &chunk age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn
- &yt age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8 - &yt age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8
- &cy age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn - &cy age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn
- &titan age12w2xgh4nxhrrggrtcnu75wgukqnayzhfd2azkhukl6u8xqxsqvtsa4lmhl
creation_rules: creation_rules:
- path_regex: secrets/de3911/yt.yaml - path_regex: secrets/de3911/yt.yaml
key_groups: key_groups:
@ -49,6 +50,7 @@ creation_rules:
- age: - age:
- *chunk - *chunk
- *cy - *cy
- *titan
- path_regex: secrets/services/hedgedoc.yaml - path_regex: secrets/services/hedgedoc.yaml
key_groups: key_groups:
- age: - age:

15
hosts/chunk/Caddyfile
View file

@ -46,21 +46,6 @@ ntfy.cything.io {
reverse_proxy localhost:8083 reverse_proxy localhost:8083
} }
cything.io {
import common
uri strip_prefix /blog
reverse_proxy /_matrix/* localhost:8448
reverse_proxy localhost:8084
respond /.well-known/matrix/server {"m.server":"chat.cything.io:443"}
respond /.well-known/matrix/client {"m.server":{"base_url":"https://chat.cything.io"},"m.homeserver":{"base_url":"https://chat.cything.io"},"org.matrix.msc3575.proxy":{"url":"https://chat.cything.io"}}
}
www.cything.io {
import common
redir https://cything.io{uri} permanent
}
pad.cything.io { pad.cything.io {
import common import common
reverse_proxy localhost:8085 reverse_proxy localhost:8085

25
hosts/titan/Caddyfile Normal file
View file

@ -0,0 +1,25 @@
{
acme_ca https://acme.zerossl.com/v2/DV90
acme_eab {
key_id {$EAB_KEY_ID}
mac_key {$EAB_MAC_KEY}
}
}
(common) {
encode zstd gzip
header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
}
cything.io {
import common
reverse_proxy localhost:8084
respond /.well-known/matrix/server {"m.server":"chat.cything.io:443"}
respond /.well-known/matrix/client {"m.server":{"base_url":"https://chat.cything.io"},"m.homeserver":{"base_url":"https://chat.cything.io"},"org.matrix.msc3575.proxy":{"url":"https://chat.cything.io"}}
}
www.cything.io {
import common
redir https://cything.io{uri} permanent
}

30
hosts/titan/default.nix
View file

@ -1,4 +1,4 @@
{ modulesPath, lib, pkgs, ...}: { modulesPath, config, lib, pkgs, ...}:
{ {
imports = [ imports = [
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
@ -8,6 +8,13 @@
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
sops.age.keyFile = "/root/.config/sops/age/keys.txt";
sops.secrets = {
"caddy/env" = {
sopsFile = ../../secrets/services/caddy.yaml;
};
};
boot = { boot = {
loader = { loader = {
systemd-boot.enable = true; systemd-boot.enable = true;
@ -62,4 +69,25 @@
443 443
]; ];
}; };
# container stuff
virtualisation.containers.enable = true;
virtualisation.podman = {
enable = true;
# create 'docker' alias for podman, to use as
# drop-in replacement
dockerCompat = true;
defaultNetwork.settings = {
dns_enabled = true;
ipv6_enabled = true;
};
};
virtualisation.oci-containers.backend = "podman";
services.caddy = {
enable = true;
configFile = ./Caddyfile;
environmentFile = config.sops.secrets."caddy/env".path;
logFormat = lib.mkForce "level INFO";
};
} }

52
hosts/titan/ghost.nix Normal file
View file

@ -0,0 +1,52 @@
{
pkgs,
config,
...
}:
{
virtualisation.oci-containers.containers.ghost = {
image = "ghost:5-alpine";
autoStart = true;
ports = [ "127.0.0.1:8084:2368" ];
pull = "newer";
environment = {
database__client = "mysql";
database__connection__host = "ghost-db";
database__connection__user = "root";
database__connection__password = "example";
database__connection__databse = "ghost";
url = "https://cything.io";
NODE_ENV = "production";
};
volumes = [
"/opt/ghost/data:/var/lib/ghost/content"
];
networks = [ "ghost-net" ];
dependsOn = [ "ghost-db" ];
};
virtualisation.oci-containers.containers.ghost-db = {
image = "mysql:8.0";
autoStart = true;
pull = "newer";
environment = {
MYSQL_ROOT_PASSWORD = "example";
};
volumes = [
"/opt/ghost/db:/var/lib/mysql"
];
networks = [ "ghost-net" ];
};
systemd.services.create-ghost-net = {
serviceConfig.Type = "oneshot";
wantedBy = with config.virtualisation.oci-containers; [
"${backend}-ghost.service"
"${backend}-ghost-db.service"
];
script = ''
${pkgs.podman}/bin/podman network exists ghost-net || \
${pkgs.podman}/bin/podman network create ghost-net
'';
};
}