From 1fc6e8cd96f0bc4d45c8390bba0ac678fb00526a Mon Sep 17 00:00:00 2001 From: natto1784 Date: Wed, 26 Jul 2023 22:42:26 +0530 Subject: [PATCH] migrate services from nomad to systemd Signed-off-by: natto1784 --- flake.lock | 268 +++++++++++++++++++++++++---- flake.nix | 4 + hosts/marisa/networking.nix | 16 +- hosts/marisa/services/default.nix | 18 +- hosts/marisa/services/filehost.nix | 18 ++ hosts/marisa/services/gitea.nix | 41 +++++ lib/network.nix | 3 +- 7 files changed, 319 insertions(+), 49 deletions(-) create mode 100644 hosts/marisa/services/filehost.nix create mode 100644 hosts/marisa/services/gitea.nix diff --git a/flake.lock b/flake.lock index 971230e..3421aa5 100644 --- a/flake.lock +++ b/flake.lock @@ -16,6 +16,27 @@ "type": "gitlab" } }, + "cargo2nix": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_2", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1655189312, + "narHash": "sha256-gpJ57OgIebUpO+7F00VltxSEy6dz2x6HeJ5BcRM8rDA=", + "owner": "cargo2nix", + "repo": "cargo2nix", + "rev": "c149357cc3d17f2849c73eb7a09d07a307cdcfe8", + "type": "github" + }, + "original": { + "owner": "cargo2nix", + "repo": "cargo2nix", + "type": "github" + } + }, "emacs-overlay": { "inputs": { "flake-utils": "flake-utils", @@ -36,7 +57,44 @@ "type": "github" } }, + "filehost": { + "inputs": { + "cargo2nix": "cargo2nix", + "nixpkgs": "nixpkgs_3", + "rust-overlay": "rust-overlay_2", + "utils": "utils" + }, + "locked": { + "lastModified": 1669300127, + "narHash": "sha256-tH2a+Gh6ewJA6BdeEfjH+QjATlWC++nODBDmmQdw/AU=", + "owner": "natto1784", + "repo": "simpler-filehost", + "rev": "b7c4353a0608c80ecdf89affd76594deaf742dd4", + "type": "github" + }, + "original": { + "owner": "natto1784", + "repo": "simpler-filehost", + "type": "github" + } + }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1668681692, @@ -52,7 +110,7 @@ "type": "github" } }, - "flake-compat_2": { + "flake-compat_3": { "flake": false, "locked": { "lastModified": 1673956053, @@ -184,6 +242,36 @@ } }, "flake-utils_2": { + "locked": { + "lastModified": 1653893745, + "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "locked": { + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_4": { "inputs": { "systems": "systems_3" }, @@ -201,7 +289,7 @@ "type": "github" } }, - "flake-utils_3": { + "flake-utils_5": { "inputs": { "systems": "systems_4" }, @@ -239,7 +327,7 @@ "inputs": { "flake-parts": "flake-parts_5", "haskell-flake": "haskell-flake", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1688568579, @@ -300,7 +388,7 @@ "hyprland": { "inputs": { "hyprland-protocols": "hyprland-protocols", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_5", "wlroots": "wlroots", "xdph": "xdph" }, @@ -320,7 +408,7 @@ }, "hyprland-contrib": { "inputs": { - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1690024028, @@ -360,13 +448,13 @@ "mailserver": { "inputs": { "blobs": "blobs", - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "nixpkgs": [ "nixpkgs" ], "nixpkgs-22_11": "nixpkgs-22_11", "nixpkgs-23_05": "nixpkgs-23_05", - "utils": "utils" + "utils": "utils_2" }, "locked": { "lastModified": 1689610936, @@ -387,7 +475,7 @@ "nixpkgs": [ "nixpkgs" ], - "utils": "utils_2" + "utils": "utils_3" }, "locked": { "lastModified": 1689256076, @@ -405,7 +493,7 @@ }, "neovim-flake": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_4", "nixpkgs": [ "nvim-overlay", "nixpkgs" @@ -430,7 +518,7 @@ "nix-gaming": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1690100618, @@ -562,7 +650,71 @@ "type": "github" } }, + "nixpkgs_10": { + "locked": { + "lastModified": 1690026219, + "narHash": "sha256-oOduRk/kzQxOBknZXTLSEYd7tk+GoKvr8wV6Ab+t4AU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f465da166263bc0d4b39dfd4ca28b777c92d4b73", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { + "locked": { + "lastModified": 1654275867, + "narHash": "sha256-pt14ZE4jVPGvfB2NynGsl34pgXfOqum5YJNpDK4+b9E=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "7a20c208aacf4964c19186dcad51f89165dc7ed0", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "release-22.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1685573264, + "narHash": "sha256-Zffu01pONhs/pqH07cjlF10NnMDLok8ix5Uk4rhOnZQ=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "380be19fbd2d9079f677978361792cb25e8a3635", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "release-22.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1665296151, + "narHash": "sha256-uOB0oxqxN9K7XGF1hcnY+PQnlQJ+3bP2vCn/+Ru/bbc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "14ccaaedd95a488dd7ae142757884d8e125b3363", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { "locked": { "lastModified": 1688500189, "narHash": "sha256-djYYiY4lzJOlXOnTHytH6BUugrxHDZjuGxTSrU4gt4M=", @@ -578,7 +730,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_6": { "locked": { "lastModified": 1658161305, "narHash": "sha256-X/nhnMCa1Wx4YapsspyAs6QYz6T/85FofrI6NpdPDHg=", @@ -594,7 +746,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_7": { "locked": { "lastModified": 1688221086, "narHash": "sha256-cdW6qUL71cNWhHCpMPOJjlw0wzSRP0pVlRn2vqX/VVg=", @@ -610,7 +762,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_8": { "locked": { "lastModified": 1690026219, "narHash": "sha256-oOduRk/kzQxOBknZXTLSEYd7tk+GoKvr8wV6Ab+t4AU=", @@ -626,7 +778,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_9": { "locked": { "lastModified": 1688322751, "narHash": "sha256-eW62dC5f33oKZL7VWlomttbUnOTHrAbte9yNUNW8rbk=", @@ -642,29 +794,13 @@ "type": "github" } }, - "nixpkgs_7": { - "locked": { - "lastModified": 1690026219, - "narHash": "sha256-oOduRk/kzQxOBknZXTLSEYd7tk+GoKvr8wV6Ab+t4AU=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "f465da166263bc0d4b39dfd4ca28b777c92d4b73", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nvim-overlay": { "inputs": { - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat_3", "flake-parts": "flake-parts_3", "hercules-ci-effects": "hercules-ci-effects", "neovim-flake": "neovim-flake", - "nixpkgs": "nixpkgs_7" + "nixpkgs": "nixpkgs_10" }, "locked": { "lastModified": 1690070762, @@ -683,6 +819,7 @@ "root": { "inputs": { "emacs-overlay": "emacs-overlay", + "filehost": "filehost", "flake-parts": "flake-parts", "home-manager": "home-manager", "hyprland": "hyprland", @@ -690,15 +827,61 @@ "mailserver": "mailserver", "nbfc": "nbfc", "nix-gaming": "nix-gaming", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_8", "nvim-overlay": "nvim-overlay", - "rust-overlay": "rust-overlay", + "rust-overlay": "rust-overlay_3", "stable": "stable" } }, "rust-overlay": { + "inputs": { + "flake-utils": [ + "filehost", + "cargo2nix", + "flake-utils" + ], + "nixpkgs": [ + "filehost", + "cargo2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1653878966, + "narHash": "sha256-T51Gck/vrJZi1m+uTbhEFTRgZmE59sydVONadADv358=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "8526d618af012a923ca116be9603e818b502a8db", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_2": { "inputs": { "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs_4" + }, + "locked": { + "lastModified": 1667011705, + "narHash": "sha256-ohupiBVlXCkdQpvG79akjCILZEb+7DetDVepljR0pNI=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "34d76c0a001d81a0fac342698ce7926da37b8ea5", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_3": { + "inputs": { + "flake-utils": "flake-utils_5", "nixpkgs": [ "nixpkgs" ] @@ -794,6 +977,21 @@ } }, "utils": { + "locked": { + "lastModified": 1667077288, + "narHash": "sha256-bdC8sFNDpT0HK74u9fUkpbf1MEzVYJ+ka7NXCdgBoaA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "6ee9ebb6b1ee695d2cacc4faa053a7b9baa76817", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_2": { "locked": { "lastModified": 1605370193, "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=", @@ -808,7 +1006,7 @@ "type": "github" } }, - "utils_2": { + "utils_3": { "inputs": { "systems": "systems_2" }, diff --git a/flake.nix b/flake.nix index 3680c53..71a074e 100644 --- a/flake.nix +++ b/flake.nix @@ -17,6 +17,10 @@ url = github:oxalica/rust-overlay; inputs.nixpkgs.follows = "nixpkgs"; }; + filehost = { + url = github:natto1784/simpler-filehost; + # inputs.nixpkgs.follows = "nixpkgs"; + }; nix-gaming.url = github:fufexan/nix-gaming; nbfc = { url = github:nbfc-linux/nbfc-linux; diff --git a/hosts/marisa/networking.nix b/hosts/marisa/networking.nix index ae0eb70..d292e0c 100644 --- a/hosts/marisa/networking.nix +++ b/hosts/marisa/networking.nix @@ -6,17 +6,13 @@ allowedTCPPorts = [ 22 # ssh 80 # http - 6060 - 4444 - 5454 - 8080 #???? + # 5454 5001 #gitea - 8800 - 4646 - 8500 #vault nomad consul - 8888 #simpler-filehost1 - 6666 #concourse - 202 #gitea-ssh + 4646 #nomad + # 8500 #vault nomad consul + 8000 #simpler-filehost + # 6666 #concourse + # 202 #gitea-ssh ]; allowedUDPPorts = [ 17840 ]; trustedInterfaces = [ "docker0" ]; diff --git a/hosts/marisa/services/default.nix b/hosts/marisa/services/default.nix index 4dfee1d..b6a6740 100644 --- a/hosts/marisa/services/default.nix +++ b/hosts/marisa/services/default.nix @@ -2,7 +2,9 @@ { imports = [ - # ./hashicorp.nix + # ./hashicorp.nix + ./filehost.nix + ./gitea.nix ]; # Add secrets to nomad, consul and vault @@ -12,12 +14,22 @@ # default-cgroupns-mode = "host"; }; }; - systemd.tmpfiles.rules = [ "d /run/vault - vault vault 1h" ]; services = { openssh = { enable = true; - permitRootLogin = "yes"; + ports = [22 22001]; }; + postgresql = { + enable = true; + authentication = '' + local gitea all ident map=gitea-map + ''; + identMap = + '' + gitea-map gitea gitea + ''; + }; + }; } diff --git a/hosts/marisa/services/filehost.nix b/hosts/marisa/services/filehost.nix new file mode 100644 index 0000000..579fb37 --- /dev/null +++ b/hosts/marisa/services/filehost.nix @@ -0,0 +1,18 @@ +{ config, pkgs, inputs, lib', ... }: +{ + systemd.services.filehost = { + enable = true; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "simple"; + Environment = [ + "TITLE=nattofiles" + "USER_URL=${lib'.network.addresses.subdomain.natto "f"}" + "ROCKET_LIMITS={file=\"512MB\",data-form=\"512MB\"}" + "ROCKET_LOG_LEVEL=debug" + ]; + Restart = "on-failure"; + ExecStart = "${inputs.filehost.packages.${pkgs.system}.simpler-filehost}/bin/simpler-filehost"; + }; + }; +} diff --git a/hosts/marisa/services/gitea.nix b/hosts/marisa/services/gitea.nix new file mode 100644 index 0000000..9c22d11 --- /dev/null +++ b/hosts/marisa/services/gitea.nix @@ -0,0 +1,41 @@ +{ config, pkgs, lib', ... }: +{ + services = { + gitea = rec { + appName = "Natto Tea"; + enable = true; + database = { + name = "gitea"; + user = "gitea"; + passwordFile = "/var/secrets/giteadb.pass"; + type = "postgres"; + }; + mailerPasswordFile = "/var/secrets/giteamailer.pass"; + settings = + let + domain = lib'.network.addresses.domain.natto; + in + { + server = rec { + HTTP_PORT = 5001; + ROOT_URL = "https://git.${domain}"; + SSH_DOMAIN = "git.${domain}"; + SSH_PORT = 22001; + SSH_LISTEN_PORT = SSH_PORT; + }; + mailer = rec { + ENABLED = true; + FROM = "masti@${domain}"; + TYPE = "smtp"; + HOST = domain; + IS_TLS_ENABLED = true; + USER = FROM; + REGISTER_MAIL_CONFIRM = true; + }; + oauth2_client.REGISTER_MAIL_CONFIRM = true; + actions.ENABLED = false; + }; + }; + }; +} + diff --git a/lib/network.nix b/lib/network.nix index d92889f..fe565f7 100644 --- a/lib/network.nix +++ b/lib/network.nix @@ -1,5 +1,5 @@ { - addresses = { + addresses = rec { wireguard = rec { ipPrefix = "10.55.0"; prefixLength = 24; @@ -13,6 +13,7 @@ domain = { natto = "weirdnatto.in"; }; + subdomain = builtins.mapAttrs(_: domain: (sub: "${sub}.${domain}")) domain; }; commonSSHKeys = [