migrate services from nomad to systemd

Signed-off-by: natto1784 <natto@weirdnatto.in>
2023-07-26 22:42:26 +05:30
parent ff831dc3e0
commit 1fc6e8cd96
7 changed files with 319 additions and 49 deletions
--- a/hosts/marisa/networking.nix
+++ b/hosts/marisa/networking.nix
@@ -6,17 +6,13 @@
      allowedTCPPorts = [
        22 # ssh
        80 # http
-        6060
-        4444
-        5454
-        8080 #????
+      #  5454
        5001 #gitea
-        8800
-        4646
-        8500 #vault nomad consul
-        8888 #simpler-filehost1
-        6666 #concourse
-        202 #gitea-ssh
+        4646 #nomad
+      #  8500 #vault nomad consul
+        8000 #simpler-filehost
+      #  6666 #concourse
+      #  202 #gitea-ssh
      ];
      allowedUDPPorts = [ 17840 ];
      trustedInterfaces = [ "docker0" ];
--- a/hosts/marisa/services/default.nix
+++ b/hosts/marisa/services/default.nix
@@ -2,7 +2,9 @@
 {

  imports = [
-   # ./hashicorp.nix
+    # ./hashicorp.nix
+    ./filehost.nix
+    ./gitea.nix
  ];

  # Add secrets to nomad, consul and vault
@@ -12,12 +14,22 @@
      #     default-cgroupns-mode = "host";
    };
  };
-  systemd.tmpfiles.rules = [ "d /run/vault - vault vault 1h" ];
  services = {
    openssh = {
      enable = true;
-      permitRootLogin = "yes";
+      ports = [22 22001];
    };
+    postgresql = {
+      enable = true;
+      authentication = ''
+        local gitea all ident map=gitea-map
+      '';
+      identMap =
+        ''
+          gitea-map gitea gitea
+        '';
+    };
+
  };
 }

--- a/hosts/marisa/services/filehost.nix
+++ b/hosts/marisa/services/filehost.nix
@@ -0,0 +1,18 @@
+{ config, pkgs, inputs, lib', ... }:
+{
+  systemd.services.filehost = {
+    enable = true;
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      Type = "simple";
+      Environment = [
+        "TITLE=nattofiles"
+        "USER_URL=${lib'.network.addresses.subdomain.natto "f"}"
+        "ROCKET_LIMITS={file=\"512MB\",data-form=\"512MB\"}"
+        "ROCKET_LOG_LEVEL=debug"
+      ];
+      Restart = "on-failure";
+      ExecStart = "${inputs.filehost.packages.${pkgs.system}.simpler-filehost}/bin/simpler-filehost";
+    };
+  };
+}
--- a/hosts/marisa/services/gitea.nix
+++ b/hosts/marisa/services/gitea.nix
@@ -0,0 +1,41 @@
+{ config, pkgs, lib', ... }:
+{
+  services = {
+    gitea = rec {
+      appName = "Natto Tea";
+      enable = true;
+      database = {
+        name = "gitea";
+        user = "gitea";
+        passwordFile = "/var/secrets/giteadb.pass";
+        type = "postgres";
+      };
+      mailerPasswordFile = "/var/secrets/giteamailer.pass";
+      settings =
+        let
+          domain = lib'.network.addresses.domain.natto;
+        in
+        {
+          server = rec {
+            HTTP_PORT = 5001;
+            ROOT_URL = "https://git.${domain}";
+            SSH_DOMAIN = "git.${domain}";
+            SSH_PORT = 22001;
+            SSH_LISTEN_PORT = SSH_PORT;
+          };
+          mailer = rec {
+            ENABLED = true;
+            FROM = "masti@${domain}";
+            TYPE = "smtp";
+            HOST = domain;
+            IS_TLS_ENABLED = true;
+            USER = FROM;
+            REGISTER_MAIL_CONFIRM = true;
+          };
+          oauth2_client.REGISTER_MAIL_CONFIRM = true;
+          actions.ENABLED = false;
+        };
+    };
+  };
+}
+