lukegb/depot
1
0
Fork 0
Code Issues 1 Pull requests Projects Packages Activity Actions

ops/nixos: add tumblrandom

Browse source
This commit is contained in:
Luke Granger-Brown 2023-04-18 20:05:51 +00:00
parent a6974aebcc
commit 7fe7452e2f
4 changed files with 40 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
ops/nixos/etheroute-lon01/default.nix
View file

@ -327,6 +327,7 @@ in {
(service "totoro.int.as205479.net:9090" "prometheus.int.lukegb.com" {}) (service "totoro.int.as205479.net:9090" "prometheus.int.lukegb.com" {})
(service "totoro.int.as205479.net:9093" "alertmanager.int.lukegb.com" {}) (service "totoro.int.as205479.net:9093" "alertmanager.int.lukegb.com" {})
(service "totoro.int.as205479.net:3000" "grafana.int.lukegb.com" {}) (service "totoro.int.as205479.net:3000" "grafana.int.lukegb.com" {})
(service "totoro.int.as205479.net:10908" "tumblrandom.int.lukegb.com" {})
(secureService "swann.int.as205479.net:8443" "unifi.int.lukegb.com" { (secureService "swann.int.as205479.net:8443" "unifi.int.lukegb.com" {
tls_skip_verify = true; tls_skip_verify = true;
allow_websockets = true; allow_websockets = true;

36
ops/nixos/lib/tumblrandom.nix Normal file
View file

@ -0,0 +1,36 @@
# SPDX-FileCopyrightText: 2023 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0
{ config, depot, lib, ... }:
{
users.users.tumblrandom = {
isSystemUser = true;
group = "tumblrandom";
};
users.groups.tumblrandom = {};
systemd.services.tumblrandom = {
description = "Tumblrandom";
wants = ["network-online.target"];
wantedBy = ["multi-user.target"];
serviceConfig = {
StateDirectory = "tumblrandom";
ExecStart = "${depot.go.tumblrandom}/bin/tumblrandom -addr=${config.my.ip.tailscale}:10908,[${config.my.ip.tailscale6}]:10908 -base_url=https://tumblrandom.int.lukegb.com";
StateDirectoryMode = "0700";
User = "tumblrandom";
Restart = "always";
EnvironmentFile = config.my.vault.secrets.tumblrandom-environment.path;
};
};
my.vault.secrets.tumblrandom-environment = {
reloadOrRestartUnits = ["tumblrandom.service"];
group = "tumblrandom";
template = ''
{{ with secret "kv/apps/tumblrandom" }}
OAUTH_CLIENT_ID={{ .Data.data.oauth_client_id }}
OAUTH_CLIENT_SECRET={{ .Data.data.oauth_client_secret }}
{{ end }}
'';
};
}

1
ops/nixos/totoro/default.nix
View file

@ -16,6 +16,7 @@ in {
../lib/baserow.nix ../lib/baserow.nix
../lib/deluge.nix ../lib/deluge.nix
../lib/plex.nix ../lib/plex.nix
../lib/tumblrandom.nix
./home-assistant.nix ./home-assistant.nix
./authentik.nix ./authentik.nix
./adsb.nix ./adsb.nix

3
ops/vault/cfg/config.nix
View file

@ -70,11 +70,12 @@
my.apps.plex-pass = {}; my.apps.plex-pass = {};
my.apps.ads-b = {}; my.apps.ads-b = {};
my.apps.nixbuild = {}; my.apps.nixbuild = {};
my.apps.tumblrandom = {};
my.servers.etheroute-lon01.apps = [ "pomerium" ]; my.servers.etheroute-lon01.apps = [ "pomerium" ];
my.servers.howl.apps = [ "nixbuild" ]; my.servers.howl.apps = [ "nixbuild" ];
my.servers.porcorosso.apps = [ "quotesdb" "nixbuild" ]; my.servers.porcorosso.apps = [ "quotesdb" "nixbuild" ];
my.servers.totoro.apps = [ "sslrenew-raritan" "deluge" "quotesdb" "authentik" "ads-b" "nixbuild" ]; my.servers.totoro.apps = [ "sslrenew-raritan" "deluge" "quotesdb" "authentik" "ads-b" "nixbuild" "tumblrandom" ];
my.servers.clouvider-fra01.apps = [ "deluge" ]; my.servers.clouvider-fra01.apps = [ "deluge" ];
my.servers.clouvider-lon01.apps = [ "quotesdb" "gitlab-runner" ]; my.servers.clouvider-lon01.apps = [ "quotesdb" "gitlab-runner" ];
my.servers.cofractal-ams01.apps = [ "deluge" "gitlab-runner" "nixbuild" ]; my.servers.cofractal-ams01.apps = [ "deluge" "gitlab-runner" "nixbuild" ];