From 7fe7452e2f13369864cf405603878df90172abce Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Tue, 18 Apr 2023 20:05:51 +0000 Subject: [PATCH] ops/nixos: add tumblrandom --- ops/nixos/etheroute-lon01/default.nix | 1 + ops/nixos/lib/tumblrandom.nix | 36 +++++++++++++++++++++++++++ ops/nixos/totoro/default.nix | 1 + ops/vault/cfg/config.nix | 3 ++- 4 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 ops/nixos/lib/tumblrandom.nix diff --git a/ops/nixos/etheroute-lon01/default.nix b/ops/nixos/etheroute-lon01/default.nix index f0025179b6..ef81354cf6 100644 --- a/ops/nixos/etheroute-lon01/default.nix +++ b/ops/nixos/etheroute-lon01/default.nix @@ -327,6 +327,7 @@ in { (service "totoro.int.as205479.net:9090" "prometheus.int.lukegb.com" {}) (service "totoro.int.as205479.net:9093" "alertmanager.int.lukegb.com" {}) (service "totoro.int.as205479.net:3000" "grafana.int.lukegb.com" {}) + (service "totoro.int.as205479.net:10908" "tumblrandom.int.lukegb.com" {}) (secureService "swann.int.as205479.net:8443" "unifi.int.lukegb.com" { tls_skip_verify = true; allow_websockets = true; diff --git a/ops/nixos/lib/tumblrandom.nix b/ops/nixos/lib/tumblrandom.nix new file mode 100644 index 0000000000..fd4b9d7f15 --- /dev/null +++ b/ops/nixos/lib/tumblrandom.nix @@ -0,0 +1,36 @@ +# SPDX-FileCopyrightText: 2023 Luke Granger-Brown +# +# SPDX-License-Identifier: Apache-2.0 + +{ config, depot, lib, ... }: +{ + users.users.tumblrandom = { + isSystemUser = true; + group = "tumblrandom"; + }; + users.groups.tumblrandom = {}; + + systemd.services.tumblrandom = { + description = "Tumblrandom"; + wants = ["network-online.target"]; + wantedBy = ["multi-user.target"]; + serviceConfig = { + StateDirectory = "tumblrandom"; + ExecStart = "${depot.go.tumblrandom}/bin/tumblrandom -addr=${config.my.ip.tailscale}:10908,[${config.my.ip.tailscale6}]:10908 -base_url=https://tumblrandom.int.lukegb.com"; + StateDirectoryMode = "0700"; + User = "tumblrandom"; + Restart = "always"; + EnvironmentFile = config.my.vault.secrets.tumblrandom-environment.path; + }; + }; + my.vault.secrets.tumblrandom-environment = { + reloadOrRestartUnits = ["tumblrandom.service"]; + group = "tumblrandom"; + template = '' + {{ with secret "kv/apps/tumblrandom" }} + OAUTH_CLIENT_ID={{ .Data.data.oauth_client_id }} + OAUTH_CLIENT_SECRET={{ .Data.data.oauth_client_secret }} + {{ end }} + ''; + }; +} diff --git a/ops/nixos/totoro/default.nix b/ops/nixos/totoro/default.nix index da645353a9..1d3c9d355c 100644 --- a/ops/nixos/totoro/default.nix +++ b/ops/nixos/totoro/default.nix @@ -16,6 +16,7 @@ in { ../lib/baserow.nix ../lib/deluge.nix ../lib/plex.nix + ../lib/tumblrandom.nix ./home-assistant.nix ./authentik.nix ./adsb.nix diff --git a/ops/vault/cfg/config.nix b/ops/vault/cfg/config.nix index d745506600..c0c29a052d 100644 --- a/ops/vault/cfg/config.nix +++ b/ops/vault/cfg/config.nix @@ -70,11 +70,12 @@ my.apps.plex-pass = {}; my.apps.ads-b = {}; my.apps.nixbuild = {}; + my.apps.tumblrandom = {}; my.servers.etheroute-lon01.apps = [ "pomerium" ]; my.servers.howl.apps = [ "nixbuild" ]; my.servers.porcorosso.apps = [ "quotesdb" "nixbuild" ]; - my.servers.totoro.apps = [ "sslrenew-raritan" "deluge" "quotesdb" "authentik" "ads-b" "nixbuild" ]; + my.servers.totoro.apps = [ "sslrenew-raritan" "deluge" "quotesdb" "authentik" "ads-b" "nixbuild" "tumblrandom" ]; my.servers.clouvider-fra01.apps = [ "deluge" ]; my.servers.clouvider-lon01.apps = [ "quotesdb" "gitlab-runner" ]; my.servers.cofractal-ams01.apps = [ "deluge" "gitlab-runner" "nixbuild" ];