meili: init
This commit is contained in:
parent
f5723fb0ce
commit
3b85c2866b
5 changed files with 165 additions and 1 deletions
|
@ -7,6 +7,7 @@ keys:
|
||||||
- &gitea age1mh39yv2j3ltl50tjnqqgjctxth3nxa74ggwn29dpvcv08qd0psnssajsmd
|
- &gitea age1mh39yv2j3ltl50tjnqqgjctxth3nxa74ggwn29dpvcv08qd0psnssajsmd
|
||||||
- &gitea-runner age19jrte20w4e5u83m5s8m8c2ca6sha6e2l2k66g28jz4mpkfs0f3jq26rdp2
|
- &gitea-runner age19jrte20w4e5u83m5s8m8c2ca6sha6e2l2k66g28jz4mpkfs0f3jq26rdp2
|
||||||
- &heimdall age1z94c897pvq4tx0xwsj6wr8emnlpmk6u0xks75rydga6r33dlapjqyqqacc
|
- &heimdall age1z94c897pvq4tx0xwsj6wr8emnlpmk6u0xks75rydga6r33dlapjqyqqacc
|
||||||
|
- &meili age1thyemgvua2at9mha5hxuqezxcrxvljh9tpwwmdylu0mrspppvamsunpeh2
|
||||||
- &mimir age192a3nepaclecjjkxssszueak6rxar49prceplvvxc5m4f3ww7g5qpfgdqj
|
- &mimir age192a3nepaclecjjkxssszueak6rxar49prceplvvxc5m4f3ww7g5qpfgdqj
|
||||||
- &minio age1cjxe2e7zemvs0jacjawug6k2qnmcpvnka3e04mfzp939h7hppydqrlp6l5
|
- &minio age1cjxe2e7zemvs0jacjawug6k2qnmcpvnka3e04mfzp939h7hppydqrlp6l5
|
||||||
- &neo age1s95yw988he30l6wegfwquh4nh03jst2tvyu4ykng4g88h7s3a3rs5zh5fp
|
- &neo age1s95yw988he30l6wegfwquh4nh03jst2tvyu4ykng4g88h7s3a3rs5zh5fp
|
||||||
|
@ -57,6 +58,12 @@ creation_rules:
|
||||||
- *erwin
|
- *erwin
|
||||||
- *erwin_horus
|
- *erwin_horus
|
||||||
- *mimir
|
- *mimir
|
||||||
|
- path_regex: machines/meili/[^/]+\.yaml$
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *erwin
|
||||||
|
- *erwin_horus
|
||||||
|
- *meili
|
||||||
- path_regex: machines/minio/[^/]+\.yaml$
|
- path_regex: machines/minio/[^/]+\.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
|
|
|
@ -49,7 +49,6 @@ inputs: {
|
||||||
k3s-test = {
|
k3s-test = {
|
||||||
config = import ./k3s-test/configuration.nix inputs;
|
config = import ./k3s-test/configuration.nix inputs;
|
||||||
deploy = {
|
deploy = {
|
||||||
# host = "10.0.0.167";
|
|
||||||
# host = "10.0.0.208";
|
# host = "10.0.0.208";
|
||||||
host = "k3s-test.barn-beaver.ts.net";
|
host = "k3s-test.barn-beaver.ts.net";
|
||||||
targetUser = "erwin";
|
targetUser = "erwin";
|
||||||
|
@ -59,6 +58,15 @@ inputs: {
|
||||||
loki = {
|
loki = {
|
||||||
config = import ./loki/configuration.nix inputs;
|
config = import ./loki/configuration.nix inputs;
|
||||||
};
|
};
|
||||||
|
meili = {
|
||||||
|
config = import ./meili/configuration.nix inputs;
|
||||||
|
deploy = {
|
||||||
|
# host = "10.0.0.214";
|
||||||
|
host = "meili.barn-beaver.ts.net";
|
||||||
|
targetUser = "erwin";
|
||||||
|
tags = [ "container" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
mimir = {
|
mimir = {
|
||||||
config = import ./mimir/configuration.nix inputs;
|
config = import ./mimir/configuration.nix inputs;
|
||||||
};
|
};
|
||||||
|
|
90
machines/meili/configuration.nix
Normal file
90
machines/meili/configuration.nix
Normal file
|
@ -0,0 +1,90 @@
|
||||||
|
{ self, caddy-with-plugins, ... }:
|
||||||
|
{ pkgs, modulesPath, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
(modulesPath + "/virtualisation/lxc-container.nix")
|
||||||
|
|
||||||
|
../../users/root
|
||||||
|
../../users/erwin
|
||||||
|
|
||||||
|
./geoserver
|
||||||
|
];
|
||||||
|
|
||||||
|
eboskma = {
|
||||||
|
users.erwin = {
|
||||||
|
enable = true;
|
||||||
|
server = true;
|
||||||
|
};
|
||||||
|
nix-common = {
|
||||||
|
enable = true;
|
||||||
|
remote-builders = true;
|
||||||
|
};
|
||||||
|
caddy-proxy = {
|
||||||
|
enable = true;
|
||||||
|
package = caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare;
|
||||||
|
proxyHosts = [
|
||||||
|
{
|
||||||
|
externalHostname = "meili.datarift.nl";
|
||||||
|
proxyAddress = "localhost:8080";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
tailscale.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
boot.isContainer = true;
|
||||||
|
|
||||||
|
time.timeZone = "Europe/Amsterdam";
|
||||||
|
|
||||||
|
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
hostName = "meili";
|
||||||
|
useDHCP = false;
|
||||||
|
useHostResolvConf = false;
|
||||||
|
networkmanager.enable = false;
|
||||||
|
useNetworkd = true;
|
||||||
|
nftables.enable = false;
|
||||||
|
|
||||||
|
firewall = {
|
||||||
|
trustedInterfaces = [ "tailscale0" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.network = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
wait-online.anyInterface = true;
|
||||||
|
|
||||||
|
networks = {
|
||||||
|
"40-eth0" = {
|
||||||
|
matchConfig = {
|
||||||
|
Name = "eth0";
|
||||||
|
};
|
||||||
|
|
||||||
|
networkConfig = {
|
||||||
|
Address = "10.0.0.214/24";
|
||||||
|
Gateway = "10.0.0.1";
|
||||||
|
DNS = "10.0.0.206";
|
||||||
|
DHCP = "no";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
security = {
|
||||||
|
sudo-rs = {
|
||||||
|
enable = true;
|
||||||
|
execWheelOnly = true;
|
||||||
|
wheelNeedsPassword = false;
|
||||||
|
};
|
||||||
|
sudo.enable = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
sops.defaultSopsFile = ./secrets.yaml;
|
||||||
|
sops.secrets = {
|
||||||
|
caddy-env = { };
|
||||||
|
};
|
||||||
|
|
||||||
|
system.stateVersion = "24.11";
|
||||||
|
}
|
20
machines/meili/geoserver/default.nix
Normal file
20
machines/meili/geoserver/default.nix
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
let
|
||||||
|
geoserver-war = pkgs.fetchzip {
|
||||||
|
url = "https://downloads.sourceforge.net/sourceforge/geoserver/GeoServer/2.25.1/geoserver-2.25.1-war.zip";
|
||||||
|
sha256 = "O9XDjx3csW9HZzSYROPUCyl3sYlrKLMpHztUKYIEabs=";
|
||||||
|
stripRoot = false;
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
services.tomcat = {
|
||||||
|
enable = true;
|
||||||
|
virtualHosts = [
|
||||||
|
{
|
||||||
|
name = "meili.datarift.nl";
|
||||||
|
webapps = [ "${geoserver-war}/geoserver.war" ];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
purifyOnStart = true;
|
||||||
|
};
|
||||||
|
}
|
39
machines/meili/secrets.yaml
Normal file
39
machines/meili/secrets.yaml
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
caddy-env: ENC[AES256_GCM,data:KFoPLa9L43IbhXTft5VNB/4MetDxJsFX7phSsx1bDbr5e3wJynI2mLbTNkQexb+MUtWqK5JB,iv:vAoBGavDDlYT5UlVFgd/FYmU0w00mla8/fVatGEIjPg=,tag:L1YTfvWTkdhBLVBL4YL0iw==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1h7ddyj66gcqt5vnzphjfn6y5tul79q0glcdl0et9w44z2evl999qe02wht
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzQ0dvR2x3R0VQc3NBY2pk
|
||||||
|
TExQOXlOU1FDNzFrVWJHcnlmZ2EvS1NpOVFNClBhVzhsOEdhc2FDZnRPN2RkcUZO
|
||||||
|
QU1sQ09scVdlY2NDcGg1SGJ1aG1rTmsKLS0tIGYvNW9EMEpKajE1Q2ZoYXd1QlAy
|
||||||
|
SGZGOXcvZUZhMkRjVDVtaG1aVjlvdTQKUJEntauITelHgLUIUXC7+LI6fias7GRM
|
||||||
|
avdmHwn7X/ReE/DivsLDNxvakSO3QJAQtrV2O0RPO+FPj6JFOu8CUQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1435gxhlpu55pp86r8pullhc6wg43nv6qm5l3g2vl5000xhn8apdqtlf8cg
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDMWJMMU9qK2tNN1p2cnJw
|
||||||
|
OVBRVDY1TWdyMkE0KzhIRGkwa2pyQU9wWFVvClp2M0NPRjBQS3pab1FSekpYYUpa
|
||||||
|
SU9NejRFeG9sV2YrUXhJRGhWenUrZHMKLS0tIFMwTUNzYSt2SDc2N2F1SXhkdnBR
|
||||||
|
c2Zjb1NlQ1dOV1NWVEpBaWJkcVZnWk0KfvUBb7bpml7jBw15gA+TK/9dok8KFvt0
|
||||||
|
ouiiTExF41nYCKjfeBf99bKpUCykZxPSz8sReapyO6tZ8dDycXb2UA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1thyemgvua2at9mha5hxuqezxcrxvljh9tpwwmdylu0mrspppvamsunpeh2
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArdkh5a281aFBnWWhpUVNS
|
||||||
|
bElPZXBuOWV1YWZFMVZzdmRkMWtsNFUrM1F3ClI1SEpsMWRnRFlXVEhnRjQ0T3VJ
|
||||||
|
WjIyMzVFbXlaeHNLbkVOZGlGbVk4dmsKLS0tIFIxOWY2clVjZ3BJb3dqQThTSExI
|
||||||
|
TW1rUEFLNVFYUFo2VFEwd3JxSXFsYzQKbxzHXaU2KVBVWbU4kgpjaETw2wm/6cx+
|
||||||
|
LL+d17IAkAv85Qh9ZoWwXluufrwwN1+12xsqQMSpwpWMyQgbNPCwRQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-06-04T07:47:43Z"
|
||||||
|
mac: ENC[AES256_GCM,data:tkvtSOGCMsAV48p/PGp/R+M7rME21TbEdIVTzTp7hv2bdHxgq0T8tdYAsdqdzkPvqjqvf61w7AzV8JsD8+T41lb2Wt16SHAsJVHGo+cePFztC1d2xf0EmimO41Py4m/ZxWnpPFnDyTXMw2mAspZeLBAjgB7+tjX4IFjCOk3HmkU=,iv:QnqXcAooViz7QH/6sM+IkyOASxMpe9yQ+WvGUB1lxdo=,tag:Ulph5M86R+N4hXxjm4c0BQ==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
Loading…
Reference in a new issue