phfroidmont/self-hosting
1
0
Fork 0
mirror of https://github.com/phfroidmont/self-hosting.git synced 2025-12-25 05:36:59 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Move murmur to hcloud

Browse source
This commit is contained in:
Paul-Henri Froidmont 2021-07-15 14:57:57 +02:00
parent c76ade9c29
commit 380361eeeb
Signed by: phfroidmont
GPG key ID: BE948AFD7E7873BE
4 changed files with 19 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

12
backend1.nix
View file

@ -18,7 +18,8 @@ in {
networking.hostName = "backend1"; networking.hostName = "backend1";
networking.domain = "banditlair.com"; networking.domain = "banditlair.com";
networking.firewall.allowPing = true; networking.firewall.allowPing = true;
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 64738 ];
networking.firewall.allowedUDPPorts = [ 64738 ];
services.openssh.enable = true; services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keyFiles = [ users.users.root.openssh.authorizedKeys.keyFiles = [
@ -112,4 +113,13 @@ in {
extraConfigFiles = [ "/var/keys/synapse-extra-config.yaml" ]; extraConfigFiles = [ "/var/keys/synapse-extra-config.yaml" ];
}; };
users.users.matrix-synapse.extraGroups = [ "keys" ]; users.users.matrix-synapse.extraGroups = [ "keys" ];
services.murmur = {
enable = true;
bandwidth = 128000;
password = "$MURMURD_PASSWORD";
environmentFile = "/var/keys/murmur.env";
};
users.users.murmur.extraGroups = [ "keys" ];
} }

3
instances.tf
View file

@ -110,5 +110,8 @@ module "deploy_nixos_backend1" {
password: "${data.sops_file.secrets.data["synapse.db_password"]}" password: "${data.sops_file.secrets.data["synapse.db_password"]}"
macaroon_secret_key: "${data.sops_file.secrets.data["synapse.macaroon_secret_key"]}" macaroon_secret_key: "${data.sops_file.secrets.data["synapse.macaroon_secret_key"]}"
EOT EOT
"murmur.env" = <<EOT
MURMURD_PASSWORD=${data.sops_file.secrets.data["murmur.password"]}
EOT
} }
} }

4
playbook.yml
View file

@ -18,8 +18,8 @@
tags: [ 'docker' ] tags: [ 'docker' ]
- role: traefik-proxy-docker - role: traefik-proxy-docker
tags: [ 'traefik' ] tags: [ 'traefik' ]
- role: murmur-docker # - role: murmur-docker
tags: [ 'murmur' ] # tags: [ 'murmur' ]
- role: searx-docker - role: searx-docker
tags: [ 'searx' ] tags: [ 'searx' ]
- role: wiki-docker - role: wiki-docker

5
secrets.enc.yml
View file

@ -1,14 +1,15 @@
synapse: synapse:
db_password: ENC[AES256_GCM,data:hy2BgTsRaZDQZULTW/csmnRy5ZjDEuPqxyuINv0ov5pFzDkozJVL1wut3HgBXjYZ8bqNjS5pCPQtkznw,iv:i41zKGwvPGIEZP0ZjhRaY4UMeOXBovQmLr1e1ewZhV4=,tag:3kKKYouH+lOrNxPJE5ul/Q==,type:str] db_password: ENC[AES256_GCM,data:hy2BgTsRaZDQZULTW/csmnRy5ZjDEuPqxyuINv0ov5pFzDkozJVL1wut3HgBXjYZ8bqNjS5pCPQtkznw,iv:i41zKGwvPGIEZP0ZjhRaY4UMeOXBovQmLr1e1ewZhV4=,tag:3kKKYouH+lOrNxPJE5ul/Q==,type:str]
macaroon_secret_key: ENC[AES256_GCM,data:6n1gCit2MC8l4VR9DSUR87BB+hY5Oza33423sbV8sNIXmZsPzhyvxaBalK/0TVjLH6Q=,iv:OgHxNG96ZW4+LPZhLAtOD01Wibad6vSX6s4BrPE67YE=,tag:OGIz/ufUwt8/pUMLvoaXtg==,type:str] macaroon_secret_key: ENC[AES256_GCM,data:6n1gCit2MC8l4VR9DSUR87BB+hY5Oza33423sbV8sNIXmZsPzhyvxaBalK/0TVjLH6Q=,iv:OgHxNG96ZW4+LPZhLAtOD01Wibad6vSX6s4BrPE67YE=,tag:OGIz/ufUwt8/pUMLvoaXtg==,type:str]
murmur.password: ENC[AES256_GCM,data:5Yu67/hMwdaIiDlU,iv:dAX6NCQTJtw3DZSzl3+zGTRAxCa93NxB0sAq0HegQbw=,tag:ibgGwH/fFMRuedv2zjsgnA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: [] age: []
lastmodified: "2021-07-14T18:42:34Z" lastmodified: "2021-07-15T12:50:49Z"
mac: ENC[AES256_GCM,data:Zjwgb3DudxssTIT0BdQbm/FEJmPsNz6412djBGBKC+KpHU/65Cw6WhjX/cR48zO/4OK3nkfJ/MKq9Vv47QLUlcyJwGgRmdBsowjpcqvrG1UMGKd+sg+rQRtDi8AVicSMJ+cnhMtIAsvGzktl+5Xep3tuFZ7stKwdvkIR9LJr2PI=,iv:1mWlZU++GgkeiCI9JUnbUvMxGR+jmWU1Lle6w2ZVJe8=,tag:AE8l0W7x68BM7OpPJmmV0Q==,type:str] mac: ENC[AES256_GCM,data:aNqs163uvOYBUWerAjGEzgAM97Y4zn4Pxv+3QYzhFYzPsdFhAHbpqSFZFa8ks78+nB2i9jnsnr7/kOJ1ZwQmYTnaIuZnNgjyBRSCyhvLQtba+gnIjam7RT3kP+m6FlBFy3rn20b9FjE7VdJz/ebzqz0QKKi1wZ5SuM4jJvXCeV0=,iv:yi4sm5uDEo37xHqRg4O+6ODf9ZVT0j81RLVyDjeaH4Q=,tag:JvnT+lzfM2hF3O0hJuI96w==,type:str]
pgp: pgp:
- created_at: "2021-07-14T18:02:07Z" - created_at: "2021-07-14T18:02:07Z"
enc: | enc: |