ops/nixos: add tumblrandom

2023-04-18 20:05:51 +00:00 · 2023-04-18 20:05:51 +00:00 · 7fe7452e2f
commit 7fe7452e2f
parent a6974aebcc
4 changed files with 40 additions and 1 deletions
--- a/ops/nixos/etheroute-lon01/default.nix
+++ b/ops/nixos/etheroute-lon01/default.nix
@ -327,6 +327,7 @@ in {
        (service "totoro.int.as205479.net:9090" "prometheus.int.lukegb.com" {})
        (service "totoro.int.as205479.net:9093" "alertmanager.int.lukegb.com" {})
        (service "totoro.int.as205479.net:3000" "grafana.int.lukegb.com" {})
+        (service "totoro.int.as205479.net:10908" "tumblrandom.int.lukegb.com" {})
        (secureService "swann.int.as205479.net:8443" "unifi.int.lukegb.com" {
          tls_skip_verify = true;
          allow_websockets = true;
--- a/ops/nixos/lib/tumblrandom.nix
+++ b/ops/nixos/lib/tumblrandom.nix
@ -0,0 +1,36 @@
+# SPDX-FileCopyrightText: 2023 Luke Granger-Brown <depot@lukegb.com>
+#
+# SPDX-License-Identifier: Apache-2.0
+
+{ config, depot, lib, ... }:
+{
+  users.users.tumblrandom = {
+    isSystemUser = true;
+    group = "tumblrandom";
+  };
+  users.groups.tumblrandom = {};
+
+  systemd.services.tumblrandom = {
+    description = "Tumblrandom";
+    wants = ["network-online.target"];
+    wantedBy = ["multi-user.target"];
+    serviceConfig = {
+      StateDirectory = "tumblrandom";
+      ExecStart = "${depot.go.tumblrandom}/bin/tumblrandom -addr=${config.my.ip.tailscale}:10908,[${config.my.ip.tailscale6}]:10908 -base_url=https://tumblrandom.int.lukegb.com";
+      StateDirectoryMode = "0700";
+      User = "tumblrandom";
+      Restart = "always";
+      EnvironmentFile = config.my.vault.secrets.tumblrandom-environment.path;
+    };
+  };
+  my.vault.secrets.tumblrandom-environment = {
+    reloadOrRestartUnits = ["tumblrandom.service"];
+    group = "tumblrandom";
+    template = ''
+      {{ with secret "kv/apps/tumblrandom" }}
+      OAUTH_CLIENT_ID={{ .Data.data.oauth_client_id }}
+      OAUTH_CLIENT_SECRET={{ .Data.data.oauth_client_secret }}
+      {{ end }}
+    '';
+  };
+}
--- a/ops/nixos/totoro/default.nix
+++ b/ops/nixos/totoro/default.nix
@ -16,6 +16,7 @@ in {
    ../lib/baserow.nix
    ../lib/deluge.nix
    ../lib/plex.nix
+    ../lib/tumblrandom.nix
    ./home-assistant.nix
    ./authentik.nix
    ./adsb.nix
--- a/ops/vault/cfg/config.nix
+++ b/ops/vault/cfg/config.nix
@ -70,11 +70,12 @@
  my.apps.plex-pass = {};
  my.apps.ads-b = {};
  my.apps.nixbuild = {};
+  my.apps.tumblrandom = {};

  my.servers.etheroute-lon01.apps = [ "pomerium" ];
  my.servers.howl.apps = [ "nixbuild" ];
  my.servers.porcorosso.apps = [ "quotesdb" "nixbuild" ];
-  my.servers.totoro.apps = [ "sslrenew-raritan" "deluge" "quotesdb" "authentik" "ads-b" "nixbuild" ];
+  my.servers.totoro.apps = [ "sslrenew-raritan" "deluge" "quotesdb" "authentik" "ads-b" "nixbuild" "tumblrandom" ];
  my.servers.clouvider-fra01.apps = [ "deluge" ];
  my.servers.clouvider-lon01.apps = [ "quotesdb" "gitlab-runner" ];
  my.servers.cofractal-ams01.apps = [ "deluge" "gitlab-runner" "nixbuild" ];