dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

nixos/shill: Add postgres container

Browse Source
This commit is contained in:
Jack O'Sullivan
2022-06-06 17:52:36 +01:00
parent 3ec00b60f5
commit 646b582984
9 changed files with 121 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
nixos/boxes/colony/vms/shill/containers/colony-psql.nix Normal file
View File

@@ -0,0 +1,69 @@
{ lib, ... }: {
nixos.systems.colony-psql = {
system = "x86_64-linux";
nixpkgs = "mine";
assignments = {
internal = {
name = "colony-psql-ctr";
domain = lib.my.colony.domain;
ipv4.address = "${lib.my.colony.start.ctrs.v4}4";
ipv6 = {
iid = "::4";
address = "${lib.my.colony.start.ctrs.v6}4";
};
};
};
configuration = { lib, pkgs, config, assignments, ... }:
let
inherit (lib) mkMerge mkIf;
inherit (lib.my) networkdAssignment;
in
{
config = mkMerge [
{
my = {
deploy.enable = false;
server.enable = true;
secrets = {
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICkly/tnPmoX05lDjEpQOkllPqYA0PY92pOKqvx8Po02";
};
firewall = {
tcp.allowed = [ 5432 ];
};
};
systemd = {
network.networks."80-container-host0" = networkdAssignment "host0" assignments.internal;
};
services = {
postgresql = {
package = pkgs.postgresql_14;
enable = true;
enableTCPIP = true;
ensureUsers = [
{
name = "root";
ensurePermissions = {
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
};
}
];
};
};
}
(mkIf config.my.build.isDevVM {
virtualisation = {
forwardPorts = [
{ from = "host"; host.port = 55432; guest.port = 5432; }
];
};
})
];
};
};
}

1
nixos/boxes/colony/vms/shill/containers/default.nix
View File

@@ -2,5 +2,6 @@
imports = [ imports = [
./middleman ./middleman
./vaultwarden.nix ./vaultwarden.nix
./colony-psql.nix
]; ];
} }

1
nixos/boxes/colony/vms/shill/default.nix
View File

@@ -101,6 +101,7 @@
}) { }) {
middleman = {}; middleman = {};
vaultwarden = {}; vaultwarden = {};
colony-psql = {};
}; };
}; };
} }

10
nixos/modules/tmproot.nix
View File

@@ -235,6 +235,16 @@ in
} }
]; ];
}) })
(mkIf config.services.postgresql.enable {
my.tmproot.persistence.config.directories = [
{
directory = "/var/lib/postgresql";
mode = "0750";
user = "postgres";
group = "postgres";
}
];
})
(mkIf config.my.build.isDevVM { (mkIf config.my.build.isDevVM {
fileSystems = mkVMOverride { fileSystems = mkVMOverride {
# Hijack the "root" device for persistence in the VM # Hijack the "root" device for persistence in the VM

18
secrets/cloudflare-credentials.conf.age
View File

@@ -1,10 +1,10 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 H162lQ a/oJHGIB43DHpX/EUdal2ZyOlf+zYUbNwztGSP1iuGE -> ssh-ed25519 H162lQ /adzwW9x7USsH5CdsioRijyAty8oWd/+cAMwUjIUlFc
W8bd1I0rgDMEc18zjpP0d4dyp4PGd19/8vJFlVOsGSs wZ37SG3kMPAFv6b7XUsQODXJyf0+2UGYO4W4ZYITIx4
-> X25519 cjqYOE0e9IHvWvcGyOPDNTcNR6Ynv8TdRCoHiBx4UzI -> X25519 hgS0FxBoQ+aE8XPP9C+py9MG6olCCX2MNo8ySfdI3S4
/EzNz/SSzvs9DbCGr28B4/jwZMnpUxoBtDOt9Ombv4Y 0MFoKWao1FSvPSSbvgPvoW/9IhenHbcFfRdF8QCiX6Y
-> x]-grease -> W-r]SXB-grease #sr)tHY s)\!y phJi@.
fRt2HHsTmZbotWaLfgPZ4PT76A i9yJp2IczY7G/4sEX5Lmzyn3KOxca7/pDQ
--- M2/lLzEUiSmSuoPhtO/QAg+CPPvnBBMQhisX66A/aKE --- UAo0KfTO0IzWS7mj5vWRzMLT3wrrgIpr2PYUYKSDSIQ
<EFBFBD>bD<EFBFBD><EFBFBD>l<EFBFBD><0E><EFBFBD><EFBFBD><EFBFBD> <EFBFBD><EFBFBD><EFBFBD>Γ<EFBFBD><EFBFBD> <EFBFBD><EFBFBD>D%I<>5 <0B><>b a<><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>w<EFBFBD>q<EFBFBD><EFBFBD><EFBFBD>S(Vj_]<5D><><13><><EFBFBD>=<3D>D<EFBFBD>󂻱
<EFBFBD>G<EFBFBD><EFBFBD>g<EFBFBD>-<2D>2<EFBFBD><07><>Jb<4A><62><EFBFBD>t<EFBFBD>I<7F>:B<><42>1<>?<3F>V<>ۗ<EFBFBD>z<03><1F><>}<7D>3<EFBFBD>q<EFBFBD>I<EFBFBD><49><EFBFBD><EFBFBD><EFBFBD>><EFBFBD> <EFBFBD>Y2<EFBFBD><EFBFBD>_<EFBFBD> u<>z> <0C>6by<62>w<EFBFBD>a<EFBFBD>O<EFBFBD>B<EFBFBD><42>>f<><66>$<24>X<EFBFBD><58><18><><EFBFBD><EFBFBD><EFBFBD>q%<25>_<EFBFBD><5F>c<13>Ѭ<EFBFBD>V<EFBFBD>e[<17><>0<>pbَn<>o}<7D><>`0|0<>ӌ<EFBFBD><05>k<>ȟ<EFBFBD>

BIN
secrets/dhparams.pem.age
View File

Binary file not shown.

BIN
secrets/pdns-file-records.key.age
View File

Binary file not shown.

36
secrets/user-passwd.txt.age
View File

@@ -1,17 +1,21 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 SKXJUw fW7jrhrKwP6iyzZmVgb7vJ2UcNJF/5WD4yMdIAHkmjY -> ssh-ed25519 SKXJUw CsKtHFHS/9MNiNGT/O+bxx+btotr9riXwJWgHAplcXQ
2oxq2j4imOCs+SS7X8B6l+lfyxS1oc2pP9Yn5xH2TYg W6kL/S4y1aFstYGOIhrwJfXx2uhswH3uSdyJzRCAtHM
-> ssh-ed25519 B9K/XQ k2wmCaqbN607JztgylqS0HnB0VDDirJdTT0A/YcWmDc -> ssh-ed25519 wbGjmA 7em05wqUq9PA9CZ9MlnNSxdeknvN0lrS0yYxUTtGawE
p50mr15TcNSosXhqOp1piJ4zovntXupDN0wKyuQcLOI TyAI9Pu0DJodhdT5sBodIaBxPg3VBmXcq18IIHtFs3I
-> ssh-ed25519 H162lQ gB7vN1QOBBwgGnQm01/Qgi5BOKROqiGUeRhl5o0Fshs -> ssh-ed25519 B9K/XQ ZAVd8XBFPOJ6hC2WunnkGmEifYOHcUhYQIi4gvsLajc
RahbmvQtsVZqWp0Aw+p5nNPiiLy9Bx5CIUlNBDUHqvk 5hPdqVBWi9OtqQPyq4gz4CX6vVpuLGQURufTCnDNYgM
-> ssh-ed25519 b6YMqg GRHZS+hPYYtvmdWjubBWHWRcW6tN1CH8ad/uQIy94UY -> ssh-ed25519 H162lQ wKj8wzesVAOzm5o4VB9NEBSr+xlr0VjR/A48NL+6uls
YoW/7nXuDsFRpHfz0gxHcq86yp28k36jeDeE5rgWbu0 lpmijvrflnMeVT6R2YcUmLFljFxZsTeVziErcQ7GKuk
-> ssh-ed25519 Lqn0Yw QMRSGRz5JwLBxTHP2rcG13IUvQzB+0hlWDqYZFvC1n4 -> ssh-ed25519 b6YMqg ykVDRMnyBsh6+HN/A/5lT3K36wgJZggIcjlsPSc3byM
Nn/4hg59WRT6/89nS7i+gQ8lH/xnPV5U8tVL7jzqrQU HF5qzv2Lf2s87OHi/0++shAjF4+xr5NAHL/9lncMHRU
-> X25519 GStCgfxXuAFeZEZi0REzF57PASJgsUjJKqhbxOWGMG4 -> ssh-ed25519 Lqn0Yw 4+F3gxpsI9QnbCHWpLz29CUj3RAeXSH7PHkuFw3E7T8
P13cOlKyoec4dxraCm/FYNbkSQiG13X2qqLeYJNxb8w yzZAylZ7QAV7ufljd4VEBys8sNd8JodWqN5f0JzRI/g
-> o-grease -> X25519 YMeCBP/yDOGPs04ihx7NkZSpqEotUHKs3yMRkg9JWAI
9eVgGIr20m1qCUJk3smZBflaLXQrMcMM Li1FOGm6NIAPGVQRj3HYiyKiR/ZSk35vnOK/ia59IQU
--- 2Z86MUDSQR+ZsPLWzR8zO74BFfmy9C5HDd6mabW7fuY -> tjxC(g-grease
TH<EFBFBD>ی<EFBFBD><16><EFBFBD><16>;<3B>V<13>jD?<3F><`:ƨ<04>*yA<79>Ӂ<EFBFBD>s<EFBFBD><73>/<2F>Z<EFBFBD>f<EFBFBD><66><EFBFBD>?<3F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;Qh<16>wY<><59> N<>9U<39>/<2F>0wBq.O<><01><><EFBFBD><16><EFBFBD>8<EFBFBD>,<2C> U<>/<2F>7T_<54><05><>N<EFBFBD><4E><EFBFBD><EFBFBD>VzyU<79><55>/<2F><>F:Hu<48>5 817wn107V7X7yjCXvKBMt/55PWcEYdm6ZDOdoZC5A3s+iRFVpLvGmxlkEVxQCqsA
K4WG/Ye5PC/raEjsS8/6AqHs4E+JSfuZjm47fVclbu3kp8Yu3BaLEa9glucxBQbc
X0A
--- C/lfT3RLOrCR2mOv6Q0aDyEVUrq4GzdVpHhj7Ly2ov4
<EFBFBD>&<26>Ǩ<><C7A8><EFBFBD><EFBFBD><EFBFBD>q)<16> Wh<57><68><EFBFBD><EFBFBD><EFBFBD>&3<><33>M}]R<>E<EFBFBD>e%<25>tX<74><58><EFBFBD><08>*X<>l

22
secrets/vaultwarden.env.age
View File

@@ -1,12 +1,12 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 Lqn0Yw ybVbnUjgm3QGOZPv9A/q6zPXjZbuYe4krqe+qjrkziw -> ssh-ed25519 Lqn0Yw 527NE0GoR6SQTwb1hmgpxn4APXMb2oW3/VNjjbwtnx8
SIEEGlziouUT3pzxw+C7p2IO2sDJ3xmaTrHaDGFgLOs 9jWxt9FYx8G4pyPVtU8mp33QuurzQHI4Npt+79ej2qU
-> X25519 bq/2lRh9a3BwhwR6o9TXeuXA5AGdtlrQm8/JOyAzUEU -> X25519 wW5ClCuDyZvFJOA/aeitGr5yr29DOdULnUlPRz1sDk0
I5xRPDb6rUcNBXqOXefFkO2HvlYIJAG+OFkZygywkqg db70JP2sIH3T8NsMHqnTCGNE1tY7PyjGKOKmzNE632Q
-> 0g#WDK-grease .DWBEk* -> zGd-grease * _!K!a] 3C\vn
Vf8DHmVCY3bfTT+CPPm5dELSid+aZJquOxjEccmkZXVKtefHlwLRx6Dh3HT5IZqR sOkK0VjY4v3j6XcG
Pl2j/4SQvVf1MrPjtbkMwBhxh9zPZa7WQIBGeF6oB2kl9vyc65lXpaxRSMs2eVsv --- CHljgmb9kcrECrIM2Ve+Wp5AkGWeIQb0Bhh9sgEtD5U
K=<3D>X<EFBFBD>K9 <09>,<2C>q<EFBFBD><71>j<EFBFBD><6A><EFBFBD>)=G<><47>au{N
--- /eCT0Rqu+we6CXUSP3dpd+blpQxwOG0t5rDiGfffXPs V<EFBFBD><EFBFBD><EFBFBD><EFBFBD>,<2C><>2N$<24>w<><77>
F<EFBFBD><EFBFBD> <EFBFBD>kzO <0B>@<40><><EFBFBD>#<23>F<EFBFBD><EFBFBD>ǝ
<EFBFBD>f<EFBFBD><EFBFBD><EFBFBD><19>~"[<19><>%?<3F>}<7D><>1<EFBFBD>P~<7E><0E>ҋ$<24>Nrnh*y<><5F><C985><EFBFBD>!<21><>*<2A><>h\<5C><><EFBFBD><EFBFBD><EFBFBD>M<EFBFBD><4D><EFBFBD><EFBFBD><EFBFBD>ߑ<EFBFBD>x<EFBFBD>s<EFBFBD><1D><>Fd<46>3<EFBFBD>u/$9<><39> <20><><EFBFBD><EFBFBD><07><1E><> Р<><D0A0>&<26>i<EFBFBD>v <EFBFBD><EFBFBD><EFBFBD><EFBFBD>̻CF<EFBFBD><EFBFBD><EFBFBD>3<><33>PzNG,3Pw]-Vʞo<>Ԟm<D49E>z <0B>