uku/flake
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore(etna): split stuff into different files

Browse source
This commit is contained in:
uku 2024-04-13 14:34:10 +02:00
parent da553350c6
commit 629130fed7
Signed by: uku
SSH key fingerprint: SHA256:4P0aN6M8ajKukNi6aPOaX0LacanGYtlfjmN+m/sHY/o
4 changed files with 48 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
systems/etna/default.nix
View file

@ -10,7 +10,7 @@
mkSecrets = builtins.mapAttrs (name: value: value // {file = "${secretsPath}/${name}.age";}); mkSecrets = builtins.mapAttrs (name: value: value // {file = "${secretsPath}/${name}.age";});
mkSecret = name: other: mkSecrets {${name} = other;}; mkSecret = name: other: mkSecrets {${name} = other;};
fudgeMyShitIn = builtins.map (file: import file (args // {inherit mkSecret;})); fudgeMyShitIn = builtins.map (file: import file (args // {inherit mkSecret mkSecrets;}));
in { in {
imports = imports =
[ [
@ -21,12 +21,12 @@ in {
./attic.nix ./attic.nix
./dendrite.nix ./dendrite.nix
./nextcloud.nix ./nextcloud.nix
./reposilite.nix
./uku.nix
./vaultwarden.nix
]; ];
age.secrets = mkSecrets { age.secrets = mkSecrets {
apiRsEnv = {};
ukubotRsEnv = {};
tunnelCreds = { tunnelCreds = {
owner = "cloudflared"; owner = "cloudflared";
group = "cloudflared"; group = "cloudflared";
@ -36,42 +36,12 @@ in {
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
services = { services = {
api-rs = {
enable = true;
environmentFile = config.age.secrets.apiRsEnv.path;
};
ukubot-rs = {
enable = true;
environmentFile = config.age.secrets.ukubotRsEnv.path;
};
reposilite.enable = true;
tailscale.extraUpFlags = ["--advertise-exit-node"]; tailscale.extraUpFlags = ["--advertise-exit-node"];
vaultwarden = {
enable = true;
config = {
DOMAIN = "https://bw.uku3lig.net";
SIGNUPS_ALLOWED = false;
ROCKET_ADDRESS = "::1";
ROCKET_PORT = 8222;
};
};
cloudflared = { cloudflared = {
enable = true; enable = true;
tunnels.${tunnelId} = { tunnels.${tunnelId} = {
credentialsFile = config.age.secrets.tunnelCreds.path; credentialsFile = config.age.secrets.tunnelCreds.path;
ingress = {
"api.uku3lig.net" = "http://localhost:5000";
"bw.uku3lig.net" = "http://localhost:8222";
"maven.uku3lig.net" = "http://localhost:8080";
};
default = "http_status:404"; default = "http_status:404";
}; };
}; };

6
systems/etna/reposilite.nix Normal file
View file

@ -0,0 +1,6 @@
{...}: {
cfTunnels."maven.uku3lig.net" = "http://localhost:8080";
# see exprs/reposilite/module.nix
services.reposilite.enable = true;
}

24
systems/etna/uku.nix Normal file
View file

@ -0,0 +1,24 @@
{
config,
mkSecrets,
...
}: {
age.secrets = mkSecrets {
apiRsEnv = {};
ukubotRsEnv = {};
};
cfTunnels."api.uku3lig.net" = "http://localhost:5000";
services = {
api-rs = {
enable = true;
environmentFile = config.age.secrets.apiRsEnv.path;
};
ukubot-rs = {
enable = true;
environmentFile = config.age.secrets.ukubotRsEnv.path;
};
};
}

14
systems/etna/vaultwarden.nix Normal file
View file

@ -0,0 +1,14 @@
{...}: {
cfTunnels."bw.uku3lig.net" = "http://localhost:8222";
services.vaultwarden = {
enable = true;
config = {
DOMAIN = "https://bw.uku3lig.net";
SIGNUPS_ALLOWED = false;
ROCKET_ADDRESS = "::1";
ROCKET_PORT = 8222;
};
};
}