From f689018302d9a56a73dd11cb748d25d308e5f490 Mon Sep 17 00:00:00 2001 From: Paul-Henri Froidmont Date: Tue, 28 Feb 2023 22:18:26 +0100 Subject: [PATCH] Remove test services --- flake.lock | 17 ------ flake.nix | 13 +---- modules/elefan.nix | 121 ----------------------------------------- modules/postgresql.nix | 11 ---- profiles/backend.nix | 25 --------- profiles/storage.nix | 1 - secrets.enc.yml | 7 +-- terraform/dns.tf | 16 ------ 8 files changed, 3 insertions(+), 208 deletions(-) delete mode 100644 modules/elefan.nix diff --git a/flake.lock b/flake.lock index f38c26b..9e6bcbe 100644 --- a/flake.lock +++ b/flake.lock @@ -83,22 +83,6 @@ "type": "indirect" } }, - "nixpkgs-old": { - "locked": { - "lastModified": 1672580127, - "narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "0874168639713f547c05947c76124f78441ea46c", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-22.05", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs-stable": { "locked": { "lastModified": 1673740915, @@ -166,7 +150,6 @@ "inputs": { "deploy-rs": "deploy-rs", "nixpkgs": "nixpkgs_2", - "nixpkgs-old": "nixpkgs-old", "nixpkgs-unstable": "nixpkgs-unstable", "simple-nixos-mailserver": "simple-nixos-mailserver", "sops-nix": "sops-nix" diff --git a/flake.nix b/flake.nix index fbaea0b..272683b 100644 --- a/flake.nix +++ b/flake.nix @@ -1,7 +1,6 @@ { inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-22.11"; - nixpkgs-old.url = "github:nixos/nixpkgs/nixos-22.05"; # Keep it until php74 is no longer needed for elefan nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; sops-nix.url = "github:Mic92/sops-nix"; sops-nix.inputs.nixpkgs.follows = "nixpkgs"; @@ -9,10 +8,9 @@ simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-22.11"; }; - outputs = { self, nixpkgs, nixpkgs-old, nixpkgs-unstable, deploy-rs, sops-nix, simple-nixos-mailserver }: + outputs = { self, nixpkgs, nixpkgs-unstable, deploy-rs, sops-nix, simple-nixos-mailserver }: let pkgs = nixpkgs.legacyPackages.x86_64-linux; - pkgs-old = nixpkgs-old.legacyPackages.x86_64-linux; pkgs-unstable = nixpkgs-unstable.legacyPackages.x86_64-linux; defaultModuleArgs = { pkgs, ... }: { _module.args.pkgs-unstable = import nixpkgs-unstable { @@ -95,15 +93,6 @@ networking.domain = "banditlair.com"; nix.registry.nixpkgs.flake = nixpkgs; - nixpkgs = - { - config = { - packageOverrides = pkgs: { - php74 = pkgs-old.php74; - }; - }; - }; - system.stateVersion = "21.05"; } ) diff --git a/modules/elefan.nix b/modules/elefan.nix deleted file mode 100644 index c062f88..0000000 --- a/modules/elefan.nix +++ /dev/null @@ -1,121 +0,0 @@ -{ config, lib, pkgs, ... }: -let - composer = pkgs.php81Packages.composer.overrideDerivation (old: { - version = "2.2.18"; - src = pkgs.fetchurl { - url = "https://getcomposer.org/download/2.2.18/composer.phar"; - sha256 = "sha256-KKjZdA1hUTeowB0yrvkYTbFvVD/KNtsDhQGilNjpWyQ="; - }; - }); -in -{ - - containers.elefan-test = { - ephemeral = false; - autoStart = true; - - privateNetwork = true; - hostAddress = "192.168.101.1"; - localAddress = "192.168.101.2"; - - - config = { - time.timeZone = "Europe/Amsterdam"; - - environment.systemPackages = with pkgs; [ php74 git composer tmux vim ]; - - networking.firewall.allowedTCPPorts = [ 80 ]; - - users.groups.php = { }; - users.users.php = { - isNormalUser = true; - group = config.containers.elefan-test.config.users.groups.php.name; - }; - - services.mysql = { - enable = true; - package = pkgs.mariadb_108; - initialDatabases = [{ - name = "symfony"; - }]; - ensureUsers = [ - { - name = "symfony"; - ensurePermissions = { - "symfony.*" = "ALL PRIVILEGES"; - }; - } - { - name = "root"; - ensurePermissions = { - "*.*" = "ALL PRIVILEGES"; - }; - } - ]; - }; - - services.nginx = { - enable = true; - virtualHosts."elefan-test.froidmont.org" = { - default = true; - - root = "/var/www/elefan-test/web"; - - locations."/" = { - extraConfig = '' - try_files $uri /app.php$is_args$args; - ''; - }; - - locations."~ ^/app\\.php(/|$)" = { - extraConfig = '' - fastcgi_pass unix:${config.containers.elefan-test.config.services.phpfpm.pools.elefan-test.socket}; - fastcgi_intercept_errors on; - fastcgi_split_path_info ^(.+\.php)(/.*)$; - include ${config.services.nginx.package}/conf/fastcgi.conf; - fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; - fastcgi_param DOCUMENT_ROOT $realpath_root; - internal; - ''; - }; - - locations."~* ^/sw/(.*)/(qr|br)\\.png$" = { - extraConfig = '' - rewrite ^/sw/(.*)/(qr|br)\.png$ /app.php/sw/$1/$2.png last; - ''; - }; - - extraConfig = '' - location ~ \.php$ { - return 404; - } - ''; - }; - }; - - services.phpfpm.pools.elefan-test = { - user = "nginx"; - settings = { - pm = "dynamic"; - "listen.owner" = config.containers.elefan-test.config.services.nginx.user; - "pm.max_children" = 5; - "pm.start_servers" = 2; - "pm.min_spare_servers" = 1; - "pm.max_spare_servers" = 3; - "pm.max_requests" = 500; - }; - }; - - system.stateVersion = "22.05"; - }; - }; - - services.nginx.virtualHosts."elefan-test.froidmont.org" = { - forceSSL = true; - enableACME = true; - - locations."/" = { - proxyPass = "http://192.168.101.2"; - }; - }; -} diff --git a/modules/postgresql.nix b/modules/postgresql.nix index 9d8c1cd..1a066f4 100644 --- a/modules/postgresql.nix +++ b/modules/postgresql.nix @@ -10,7 +10,6 @@ root_as_others root synapse root_as_others root nextcloud root_as_others root roundcube - root_as_others root wikijs-test root_as_others root mastodon ''; authentication = '' @@ -36,11 +35,6 @@ key = "roundcube/db_password"; restartUnits = [ "postgresql-setup.service" ]; }; - wikiJsTestDbPassword = { - owner = config.services.postgresql.superUser; - key = "wikijs-test/db_password"; - restartUnits = [ "postgresql-setup.service" ]; - }; mastodonDbPassword = { owner = config.services.postgresql.superUser; key = "mastodon/db_password"; @@ -66,19 +60,16 @@ PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'synapse'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "synapse"' PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'nextcloud'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "nextcloud"' PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'roundcube'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "roundcube"' - PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'wikijs-test'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "wikijs-test"' PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'mastodon'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "mastodon"' PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'synapse'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "synapse" OWNER "synapse" TEMPLATE template0 LC_COLLATE = "C" LC_CTYPE = "C"' PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'nextcloud'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "nextcloud" OWNER "nextcloud"' PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'roundcube'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "roundcube" OWNER "roundcube"' - PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'wikijs-test'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "wikijs-test" OWNER "wikijs-test"' PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'mastodon'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "mastodon" OWNER "mastodon"' PSQL -tAc "ALTER ROLE synapse LOGIN" PSQL -tAc "ALTER ROLE nextcloud LOGIN" PSQL -tAc "ALTER ROLE roundcube LOGIN" - PSQL -tAc "ALTER ROLE \"wikijs-test\" LOGIN" PSQL -tAc "ALTER ROLE mastodon LOGIN" synapse_password="$(<'${config.sops.secrets.synapseDbPassword.path}')" @@ -87,8 +78,6 @@ PSQL -tAc "ALTER ROLE nextcloud WITH PASSWORD '$nextcloud_password'" roundcube_password="$(<'${config.sops.secrets.roundcubeDbPassword.path}')" PSQL -tAc "ALTER ROLE roundcube WITH PASSWORD '$roundcube_password'" - wikijstest_password="$(<'${config.sops.secrets.wikiJsTestDbPassword.path}')" - PSQL -tAc "ALTER ROLE \"wikijs-test\" WITH PASSWORD '$wikijstest_password'" mastodon_password="$(<'${config.sops.secrets.mastodonDbPassword.path}')" PSQL -tAc "ALTER ROLE mastodon WITH PASSWORD '$mastodon_password'" ''; diff --git a/profiles/backend.nix b/profiles/backend.nix index 30415e5..b71c19c 100644 --- a/profiles/backend.nix +++ b/profiles/backend.nix @@ -18,10 +18,6 @@ owner = config.services.borgbackup.jobs.data.user; key = "borg/client_keys/backend1/private"; }; - wikiJsEnvFile = { - key = "wikijs-test/service_env_file"; - restartUnits = [ "wiki-js.service" ]; - }; }; custom = { @@ -76,27 +72,6 @@ services.mastodon.enable = true; }; - services.wiki-js = { - enable = true; - settings = { - db.type = "postgres"; - db.host = "10.0.1.11"; - db.db = "wikijs-test"; - db.user = "wikijs-test"; - db.pass = "$(DB_PASS)"; - }; - environmentFile = config.sops.secrets.wikiJsEnvFile.path; - }; - - services.nginx.virtualHosts."wikijs-test.froidmont.org" = { - forceSSL = true; - enableACME = true; - - locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.wiki-js.settings.port}"; - }; - }; - services.uptime-kuma = { enable = true; settings = { diff --git a/profiles/storage.nix b/profiles/storage.nix index c561bd9..7499041 100644 --- a/profiles/storage.nix +++ b/profiles/storage.nix @@ -15,7 +15,6 @@ ../modules/binary-cache.nix ../modules/grafana.nix ../modules/monitoring-exporters.nix - ../modules/elefan.nix ]; sops.secrets = { diff --git a/secrets.enc.yml b/secrets.enc.yml index ca74e71..1b5a927 100644 --- a/secrets.enc.yml +++ b/secrets.enc.yml @@ -21,9 +21,6 @@ mastodon: roundcube: db_password: ENC[AES256_GCM,data:t2/gRhkkwd7eXKvRowNnBfOiJS4nWZlZpjtmmw+XcARbcYyf4Z3+jG6anzqxYjHHGzza23qcpfiSB4t7,iv:H7vdeBgVY3aSsMCyBBbCb0qqbDHTA/S3fwK1lDBebDI=,tag:LbeMqj3xdWz8e6XSEV+jtw==,type:str] pg_pass_file: ENC[AES256_GCM,data:pXWi2lC3Na8K/P+F0nUW00mq2vApw/pf5stJvlfuwEdan1GKBa9jSqJE17mq7weaMkhI1vBwDdfu/P1y7hEBzRNU3CA=,iv:3bC2mKUt8jI+Avm8UQq6b15JA2F7/usfDEh6XYJ9OZA=,tag:0pYQyWDh3w00XRQe13IrCw==,type:str] -wikijs-test: - db_password: ENC[AES256_GCM,data:lhVNTxKokGqlIssD6YMoso6KKdwxqRETg1M9DYwyGBRdq+/R4gnfUoeTiycpvyqQ9Auc8qKv00NdrhDv,iv:XyT5/0hihwEQRpDwc9OwtdrkiVQ1HlWMZgf+stHOdDs=,tag:dc76QhT//EkQw8+N8Hgmdw==,type:str] - service_env_file: ENC[AES256_GCM,data:W2SvBQFvPHIXvGQ9YY06IZDisstfTk31C71fPSsuOe3PNs0wt27079WwU4dQRcoaGvQBJs9nvI7k7OhClq/OZL2cwDU=,iv:z4sISj2G6WMenRn6/7SVKKmtmU+OweMT4MSNxaWT4+c=,tag:kngFN+KZ/M9qMJjmfgGbjA==,type:str] murmur.env: ENC[AES256_GCM,data:bErJrzpPRrBhUeW113qt9xbJWsrxiI8YIibZ3l0=,iv:2dIlmdLKB+nktQ4/O1W3xtfcCRowW9MkxncDiDpZyck=,tag:3UkSGVKV00385iZ66rHOpw==,type:str] transmission: rpc_config.json: ENC[AES256_GCM,data:2dXn4De3RilQpOOtqjZQILJ7+/t8ipQHLiNuYdbQQRZC4fya0l9MLyGRuqfqeBu1B07VYSDMImV/5BZ+5ygCLk2JjhLn8NzbM3IRWg==,iv:SWqUCobb1+MzISjOTF9BySeAGXHMEbX/27MxIl5tPIE=,tag:4tat0yvkE/4njWYyr/IRfA==,type:str] @@ -70,8 +67,8 @@ sops: azure_kv: [] hc_vault: [] age: [] - lastmodified: "2023-02-07T22:18:44Z" - mac: ENC[AES256_GCM,data:rmoEZq8DCkEsw7OOY/a8c9z4JCWEe0cdgVOY2IArDEYEXj8e2s38d8djMHUwvv/7T/FjCafp8LDvlke3pYXNFOVDFMl2HJgIsLeRyVM/V38BaXbOFImid7RKv/s0QiqqucOV6ajqCUmG6SbwyB64Ju9ZWkB2NKyhiI4NxeV4Qd8=,iv:U4IwXdWSxs8Dv6mzM42G3dDyv8fWE6wahmvkwRwynmg=,tag:GMqn4GXbCvqfeTWM1POLZw==,type:str] + lastmodified: "2023-02-28T21:13:24Z" + mac: ENC[AES256_GCM,data:ov7yXSHYFFBZl3Jg6tzle5jSrqyKhVG/grU84/VBea+6J7atePYi6D4F8Sg58Sd+wsKAna9Tiz+m/mKwVtqzGipOTfvLVj+uUfEbkjHsGFgdWfoE2VCdfgfQAveFPAjS6FLR7pU6JWgARkitb7jlqvC9CrkonSK8p7fgROedkXo=,iv:j9wbjHt7i00k4azGQZL1UlEAV/bW+ye17z++FapjqIk=,tag:cA0kg/YlXbdE0o1IYAUtxw==,type:str] pgp: - created_at: "2021-11-29T00:57:34Z" enc: | diff --git a/terraform/dns.tf b/terraform/dns.tf index 9880742..f7d7e23 100644 --- a/terraform/dns.tf +++ b/terraform/dns.tf @@ -112,22 +112,6 @@ resource "hetznerdns_record" "uptime_a" { ttl = 600 } -resource "hetznerdns_record" "elefan-test_a" { - zone_id = data.hetznerdns_zone.froidmont_zone.id - name = "elefan-test" - value = local.storage1_ip - type = "A" - ttl = 600 -} - -resource "hetznerdns_record" "wikijs-test_a" { - zone_id = data.hetznerdns_zone.froidmont_zone.id - name = "wikijs-test" - value = hcloud_server.backend1.ipv4_address - type = "A" - ttl = 600 -} - resource "hetznerdns_record" "transmission_a" { zone_id = data.hetznerdns_zone.banditlair_zone.id name = "transmission"