natto1784/dotfiles
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

migrate services from nomad to systemd

Browse Source 
Signed-off-by: natto1784 <natto@weirdnatto.in>
This commit is contained in:
Amneesh Singh
2023-07-26 22:42:26 +05:30
parent ff831dc3e0
commit 1fc6e8cd96
7 changed files with 319 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

268
flake.lock generated
View File

@@ -16,6 +16,27 @@
"type": "gitlab"
}
},
"cargo2nix": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_2",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1655189312,
"narHash": "sha256-gpJ57OgIebUpO+7F00VltxSEy6dz2x6HeJ5BcRM8rDA=",
"owner": "cargo2nix",
"repo": "cargo2nix",
"rev": "c149357cc3d17f2849c73eb7a09d07a307cdcfe8",
"type": "github"
},
"original": {
"owner": "cargo2nix",
"repo": "cargo2nix",
"type": "github"
}
},
"emacs-overlay": {
"inputs": {
"flake-utils": "flake-utils",
@@ -36,7 +57,44 @@
"type": "github"
}
},
"filehost": {
"inputs": {
"cargo2nix": "cargo2nix",
"nixpkgs": "nixpkgs_3",
"rust-overlay": "rust-overlay_2",
"utils": "utils"
},
"locked": {
"lastModified": 1669300127,
"narHash": "sha256-tH2a+Gh6ewJA6BdeEfjH+QjATlWC++nODBDmmQdw/AU=",
"owner": "natto1784",
"repo": "simpler-filehost",
"rev": "b7c4353a0608c80ecdf89affd76594deaf742dd4",
"type": "github"
},
"original": {
"owner": "natto1784",
"repo": "simpler-filehost",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1668681692,
@@ -52,7 +110,7 @@
"type": "github"
}
},
"flake-compat_2": {
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1673956053,
@@ -184,6 +242,36 @@
}
},
"flake-utils_2": {
"locked": {
"lastModified": 1653893745,
"narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"inputs": {
"systems": "systems_3"
},
@@ -201,7 +289,7 @@
"type": "github"
}
},
"flake-utils_3": {
"flake-utils_5": {
"inputs": {
"systems": "systems_4"
},
@@ -239,7 +327,7 @@
"inputs": {
"flake-parts": "flake-parts_5",
"haskell-flake": "haskell-flake",
"nixpkgs": "nixpkgs_6"
"nixpkgs": "nixpkgs_9"
},
"locked": {
"lastModified": 1688568579,
@@ -300,7 +388,7 @@
"hyprland": {
"inputs": {
"hyprland-protocols": "hyprland-protocols",
"nixpkgs": "nixpkgs_2",
"nixpkgs": "nixpkgs_5",
"wlroots": "wlroots",
"xdph": "xdph"
},
@@ -320,7 +408,7 @@
},
"hyprland-contrib": {
"inputs": {
"nixpkgs": "nixpkgs_3"
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1690024028,
@@ -360,13 +448,13 @@
"mailserver": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat",
"flake-compat": "flake-compat_2",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-22_11": "nixpkgs-22_11",
"nixpkgs-23_05": "nixpkgs-23_05",
"utils": "utils"
"utils": "utils_2"
},
"locked": {
"lastModified": 1689610936,
@@ -387,7 +475,7 @@
"nixpkgs": [
"nixpkgs"
],
"utils": "utils_2"
"utils": "utils_3"
},
"locked": {
"lastModified": 1689256076,
@@ -405,7 +493,7 @@
},
"neovim-flake": {
"inputs": {
"flake-utils": "flake-utils_2",
"flake-utils": "flake-utils_4",
"nixpkgs": [
"nvim-overlay",
"nixpkgs"
@@ -430,7 +518,7 @@
"nix-gaming": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_4"
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1690100618,
@@ -562,7 +650,71 @@
"type": "github"
}
},
"nixpkgs_10": {
"locked": {
"lastModified": 1690026219,
"narHash": "sha256-oOduRk/kzQxOBknZXTLSEYd7tk+GoKvr8wV6Ab+t4AU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "f465da166263bc0d4b39dfd4ca28b777c92d4b73",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1654275867,
"narHash": "sha256-pt14ZE4jVPGvfB2NynGsl34pgXfOqum5YJNpDK4+b9E=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "7a20c208aacf4964c19186dcad51f89165dc7ed0",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "release-22.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1685573264,
"narHash": "sha256-Zffu01pONhs/pqH07cjlF10NnMDLok8ix5Uk4rhOnZQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "380be19fbd2d9079f677978361792cb25e8a3635",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "release-22.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1665296151,
"narHash": "sha256-uOB0oxqxN9K7XGF1hcnY+PQnlQJ+3bP2vCn/+Ru/bbc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "14ccaaedd95a488dd7ae142757884d8e125b3363",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1688500189,
"narHash": "sha256-djYYiY4lzJOlXOnTHytH6BUugrxHDZjuGxTSrU4gt4M=",
@@ -578,7 +730,7 @@
"type": "github"
}
},
"nixpkgs_3": {
"nixpkgs_6": {
"locked": {
"lastModified": 1658161305,
"narHash": "sha256-X/nhnMCa1Wx4YapsspyAs6QYz6T/85FofrI6NpdPDHg=",
@@ -594,7 +746,7 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_7": {
"locked": {
"lastModified": 1688221086,
"narHash": "sha256-cdW6qUL71cNWhHCpMPOJjlw0wzSRP0pVlRn2vqX/VVg=",
@@ -610,7 +762,7 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_8": {
"locked": {
"lastModified": 1690026219,
"narHash": "sha256-oOduRk/kzQxOBknZXTLSEYd7tk+GoKvr8wV6Ab+t4AU=",
@@ -626,7 +778,7 @@
"type": "github"
}
},
"nixpkgs_6": {
"nixpkgs_9": {
"locked": {
"lastModified": 1688322751,
"narHash": "sha256-eW62dC5f33oKZL7VWlomttbUnOTHrAbte9yNUNW8rbk=",
@@ -642,29 +794,13 @@
"type": "github"
}
},
"nixpkgs_7": {
"locked": {
"lastModified": 1690026219,
"narHash": "sha256-oOduRk/kzQxOBknZXTLSEYd7tk+GoKvr8wV6Ab+t4AU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "f465da166263bc0d4b39dfd4ca28b777c92d4b73",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nvim-overlay": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-compat": "flake-compat_3",
"flake-parts": "flake-parts_3",
"hercules-ci-effects": "hercules-ci-effects",
"neovim-flake": "neovim-flake",
"nixpkgs": "nixpkgs_7"
"nixpkgs": "nixpkgs_10"
},
"locked": {
"lastModified": 1690070762,
@@ -683,6 +819,7 @@
"root": {
"inputs": {
"emacs-overlay": "emacs-overlay",
"filehost": "filehost",
"flake-parts": "flake-parts",
"home-manager": "home-manager",
"hyprland": "hyprland",
@@ -690,15 +827,61 @@
"mailserver": "mailserver",
"nbfc": "nbfc",
"nix-gaming": "nix-gaming",
"nixpkgs": "nixpkgs_5",
"nixpkgs": "nixpkgs_8",
"nvim-overlay": "nvim-overlay",
"rust-overlay": "rust-overlay",
"rust-overlay": "rust-overlay_3",
"stable": "stable"
}
},
"rust-overlay": {
"inputs": {
"flake-utils": [
"filehost",
"cargo2nix",
"flake-utils"
],
"nixpkgs": [
"filehost",
"cargo2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1653878966,
"narHash": "sha256-T51Gck/vrJZi1m+uTbhEFTRgZmE59sydVONadADv358=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "8526d618af012a923ca116be9603e818b502a8db",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_2": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1667011705,
"narHash": "sha256-ohupiBVlXCkdQpvG79akjCILZEb+7DetDVepljR0pNI=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "34d76c0a001d81a0fac342698ce7926da37b8ea5",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_3": {
"inputs": {
"flake-utils": "flake-utils_5",
"nixpkgs": [
"nixpkgs"
]
@@ -794,6 +977,21 @@
}
},
"utils": {
"locked": {
"lastModified": 1667077288,
"narHash": "sha256-bdC8sFNDpT0HK74u9fUkpbf1MEzVYJ+ka7NXCdgBoaA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "6ee9ebb6b1ee695d2cacc4faa053a7b9baa76817",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"utils_2": {
"locked": {
"lastModified": 1605370193,
"narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
@@ -808,7 +1006,7 @@
"type": "github"
}
},
"utils_2": {
"utils_3": {
"inputs": {
"systems": "systems_2"
},

4
flake.nix
View File

@@ -17,6 +17,10 @@
url = github:oxalica/rust-overlay;
inputs.nixpkgs.follows = "nixpkgs";
};
filehost = {
url = github:natto1784/simpler-filehost;
# inputs.nixpkgs.follows = "nixpkgs";
};
nix-gaming.url = github:fufexan/nix-gaming;
nbfc = {
url = github:nbfc-linux/nbfc-linux;

16
hosts/marisa/networking.nix
View File

@@ -6,17 +6,13 @@
allowedTCPPorts = [
22 # ssh
80 # http
6060
4444
5454
8080 #????
# 5454
5001 #gitea
8800
4646
8500 #vault nomad consul
8888 #simpler-filehost1
6666 #concourse
202 #gitea-ssh
4646 #nomad
# 8500 #vault nomad consul
8000 #simpler-filehost
# 6666 #concourse
# 202 #gitea-ssh
];
allowedUDPPorts = [ 17840 ];
trustedInterfaces = [ "docker0" ];

18
hosts/marisa/services/default.nix
View File

@@ -2,7 +2,9 @@
{
imports = [
# ./hashicorp.nix
# ./hashicorp.nix
./filehost.nix
./gitea.nix
];
# Add secrets to nomad, consul and vault
@@ -12,12 +14,22 @@
# default-cgroupns-mode = "host";
};
};
systemd.tmpfiles.rules = [ "d /run/vault - vault vault 1h" ];
services = {
openssh = {
enable = true;
permitRootLogin = "yes";
ports = [22 22001];
};
postgresql = {
enable = true;
authentication = ''
local gitea all ident map=gitea-map
'';
identMap =
''
gitea-map gitea gitea
'';
};
};
}

18
hosts/marisa/services/filehost.nix Normal file
View File

@@ -0,0 +1,18 @@
{ config, pkgs, inputs, lib', ... }:
{
systemd.services.filehost = {
enable = true;
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
Environment = [
"TITLE=nattofiles"
"USER_URL=${lib'.network.addresses.subdomain.natto "f"}"
"ROCKET_LIMITS={file=\"512MB\",data-form=\"512MB\"}"
"ROCKET_LOG_LEVEL=debug"
];
Restart = "on-failure";
ExecStart = "${inputs.filehost.packages.${pkgs.system}.simpler-filehost}/bin/simpler-filehost";
};
};
}

41
hosts/marisa/services/gitea.nix Normal file
View File

@@ -0,0 +1,41 @@
{ config, pkgs, lib', ... }:
{
services = {
gitea = rec {
appName = "Natto Tea";
enable = true;
database = {
name = "gitea";
user = "gitea";
passwordFile = "/var/secrets/giteadb.pass";
type = "postgres";
};
mailerPasswordFile = "/var/secrets/giteamailer.pass";
settings =
let
domain = lib'.network.addresses.domain.natto;
in
{
server = rec {
HTTP_PORT = 5001;
ROOT_URL = "https://git.${domain}";
SSH_DOMAIN = "git.${domain}";
SSH_PORT = 22001;
SSH_LISTEN_PORT = SSH_PORT;
};
mailer = rec {
ENABLED = true;
FROM = "masti@${domain}";
TYPE = "smtp";
HOST = domain;
IS_TLS_ENABLED = true;
USER = FROM;
REGISTER_MAIL_CONFIRM = true;
};
oauth2_client.REGISTER_MAIL_CONFIRM = true;
actions.ENABLED = false;
};
};
};
}

3
lib/network.nix
View File

@@ -1,5 +1,5 @@
{
addresses = {
addresses = rec {
wireguard = rec {
ipPrefix = "10.55.0";
prefixLength = 24;
@@ -13,6 +13,7 @@
domain = {
natto = "weirdnatto.in";
};
subdomain = builtins.mapAttrs(_: domain: (sub: "${sub}.${domain}")) domain;
};
commonSSHKeys = [