phfroidmont/self-hosting
1
0
Fork 0
mirror of https://github.com/phfroidmont/self-hosting.git synced 2025-12-25 05:36:59 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Remove test services

Browse source
This commit is contained in:
Paul-Henri Froidmont 2023-02-28 22:18:26 +01:00
parent 4be62a69ed
commit f689018302
Signed by: phfroidmont
GPG key ID: BE948AFD7E7873BE
8 changed files with 3 additions and 208 deletions
Download patch file Download diff file Expand all files Collapse all files

17
flake.lock generated
View file

@ -83,22 +83,6 @@
"type": "indirect"
}
},
"nixpkgs-old": {
"locked": {
"lastModified": 1672580127,
"narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "0874168639713f547c05947c76124f78441ea46c",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-22.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1673740915,
@ -166,7 +150,6 @@
"inputs": {
"deploy-rs": "deploy-rs",
"nixpkgs": "nixpkgs_2",
"nixpkgs-old": "nixpkgs-old",
"nixpkgs-unstable": "nixpkgs-unstable",
"simple-nixos-mailserver": "simple-nixos-mailserver",
"sops-nix": "sops-nix"

13
flake.nix
View file

@ -1,7 +1,6 @@
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-22.11";
nixpkgs-old.url = "github:nixos/nixpkgs/nixos-22.05"; # Keep it until php74 is no longer needed for elefan
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
sops-nix.url = "github:Mic92/sops-nix";
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
@ -9,10 +8,9 @@
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-22.11";
};
outputs = { self, nixpkgs, nixpkgs-old, nixpkgs-unstable, deploy-rs, sops-nix, simple-nixos-mailserver }:
outputs = { self, nixpkgs, nixpkgs-unstable, deploy-rs, sops-nix, simple-nixos-mailserver }:
let
pkgs = nixpkgs.legacyPackages.x86_64-linux;
pkgs-old = nixpkgs-old.legacyPackages.x86_64-linux;
pkgs-unstable = nixpkgs-unstable.legacyPackages.x86_64-linux;
defaultModuleArgs = { pkgs, ... }: {
_module.args.pkgs-unstable = import nixpkgs-unstable {
@ -95,15 +93,6 @@
networking.domain = "banditlair.com";
nix.registry.nixpkgs.flake = nixpkgs;
nixpkgs =
{
config = {
packageOverrides = pkgs: {
php74 = pkgs-old.php74;
};
};
};
system.stateVersion = "21.05";
}
)

121
modules/elefan.nix
View file

@ -1,121 +0,0 @@
{ config, lib, pkgs, ... }:
let
composer = pkgs.php81Packages.composer.overrideDerivation (old: {
version = "2.2.18";
src = pkgs.fetchurl {
url = "https://getcomposer.org/download/2.2.18/composer.phar";
sha256 = "sha256-KKjZdA1hUTeowB0yrvkYTbFvVD/KNtsDhQGilNjpWyQ=";
};
});
in
{
containers.elefan-test = {
ephemeral = false;
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.101.1";
localAddress = "192.168.101.2";
config = {
time.timeZone = "Europe/Amsterdam";
environment.systemPackages = with pkgs; [ php74 git composer tmux vim ];
networking.firewall.allowedTCPPorts = [ 80 ];
users.groups.php = { };
users.users.php = {
isNormalUser = true;
group = config.containers.elefan-test.config.users.groups.php.name;
};
services.mysql = {
enable = true;
package = pkgs.mariadb_108;
initialDatabases = [{
name = "symfony";
}];
ensureUsers = [
{
name = "symfony";
ensurePermissions = {
"symfony.*" = "ALL PRIVILEGES";
};
}
{
name = "root";
ensurePermissions = {
"*.*" = "ALL PRIVILEGES";
};
}
];
};
services.nginx = {
enable = true;
virtualHosts."elefan-test.froidmont.org" = {
default = true;
root = "/var/www/elefan-test/web";
locations."/" = {
extraConfig = ''
try_files $uri /app.php$is_args$args;
'';
};
locations."~ ^/app\\.php(/|$)" = {
extraConfig = ''
fastcgi_pass unix:${config.containers.elefan-test.config.services.phpfpm.pools.elefan-test.socket};
fastcgi_intercept_errors on;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include ${config.services.nginx.package}/conf/fastcgi.conf;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
internal;
'';
};
locations."~* ^/sw/(.*)/(qr|br)\\.png$" = {
extraConfig = ''
rewrite ^/sw/(.*)/(qr|br)\.png$ /app.php/sw/$1/$2.png last;
'';
};
extraConfig = ''
location ~ \.php$ {
return 404;
}
'';
};
};
services.phpfpm.pools.elefan-test = {
user = "nginx";
settings = {
pm = "dynamic";
"listen.owner" = config.containers.elefan-test.config.services.nginx.user;
"pm.max_children" = 5;
"pm.start_servers" = 2;
"pm.min_spare_servers" = 1;
"pm.max_spare_servers" = 3;
"pm.max_requests" = 500;
};
};
system.stateVersion = "22.05";
};
};
services.nginx.virtualHosts."elefan-test.froidmont.org" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://192.168.101.2";
};
};
}

11
modules/postgresql.nix
View file

@ -10,7 +10,6 @@
root_as_others root synapse
root_as_others root nextcloud
root_as_others root roundcube
root_as_others root wikijs-test
root_as_others root mastodon
'';
authentication = ''
@ -36,11 +35,6 @@
key = "roundcube/db_password";
restartUnits = [ "postgresql-setup.service" ];
};
wikiJsTestDbPassword = {
owner = config.services.postgresql.superUser;
key = "wikijs-test/db_password";
restartUnits = [ "postgresql-setup.service" ];
};
mastodonDbPassword = {
owner = config.services.postgresql.superUser;
key = "mastodon/db_password";
@ -66,19 +60,16 @@
PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'synapse'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "synapse"'
PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'nextcloud'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "nextcloud"'
PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'roundcube'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "roundcube"'
PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'wikijs-test'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "wikijs-test"'
PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'mastodon'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "mastodon"'
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'synapse'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "synapse" OWNER "synapse" TEMPLATE template0 LC_COLLATE = "C" LC_CTYPE = "C"'
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'nextcloud'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "nextcloud" OWNER "nextcloud"'
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'roundcube'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "roundcube" OWNER "roundcube"'
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'wikijs-test'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "wikijs-test" OWNER "wikijs-test"'
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'mastodon'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "mastodon" OWNER "mastodon"'
PSQL -tAc "ALTER ROLE synapse LOGIN"
PSQL -tAc "ALTER ROLE nextcloud LOGIN"
PSQL -tAc "ALTER ROLE roundcube LOGIN"
PSQL -tAc "ALTER ROLE \"wikijs-test\" LOGIN"
PSQL -tAc "ALTER ROLE mastodon LOGIN"
synapse_password="$(<'${config.sops.secrets.synapseDbPassword.path}')"
@ -87,8 +78,6 @@
PSQL -tAc "ALTER ROLE nextcloud WITH PASSWORD '$nextcloud_password'"
roundcube_password="$(<'${config.sops.secrets.roundcubeDbPassword.path}')"
PSQL -tAc "ALTER ROLE roundcube WITH PASSWORD '$roundcube_password'"
wikijstest_password="$(<'${config.sops.secrets.wikiJsTestDbPassword.path}')"
PSQL -tAc "ALTER ROLE \"wikijs-test\" WITH PASSWORD '$wikijstest_password'"
mastodon_password="$(<'${config.sops.secrets.mastodonDbPassword.path}')"
PSQL -tAc "ALTER ROLE mastodon WITH PASSWORD '$mastodon_password'"
'';

25
profiles/backend.nix
View file

@ -18,10 +18,6 @@
owner = config.services.borgbackup.jobs.data.user;
key = "borg/client_keys/backend1/private";
};
wikiJsEnvFile = {
key = "wikijs-test/service_env_file";
restartUnits = [ "wiki-js.service" ];
};
};
custom = {
@ -76,27 +72,6 @@
services.mastodon.enable = true;
};
services.wiki-js = {
enable = true;
settings = {
db.type = "postgres";
db.host = "10.0.1.11";
db.db = "wikijs-test";
db.user = "wikijs-test";
db.pass = "$(DB_PASS)";
};
environmentFile = config.sops.secrets.wikiJsEnvFile.path;
};
services.nginx.virtualHosts."wikijs-test.froidmont.org" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.wiki-js.settings.port}";
};
};
services.uptime-kuma = {
enable = true;
settings = {

1
profiles/storage.nix
View file

@ -15,7 +15,6 @@
../modules/binary-cache.nix
../modules/grafana.nix
../modules/monitoring-exporters.nix
../modules/elefan.nix
];
sops.secrets = {

7
secrets.enc.yml
View file

@ -21,9 +21,6 @@ mastodon:
roundcube:
db_password: ENC[AES256_GCM,data:t2/gRhkkwd7eXKvRowNnBfOiJS4nWZlZpjtmmw+XcARbcYyf4Z3+jG6anzqxYjHHGzza23qcpfiSB4t7,iv:H7vdeBgVY3aSsMCyBBbCb0qqbDHTA/S3fwK1lDBebDI=,tag:LbeMqj3xdWz8e6XSEV+jtw==,type:str]
pg_pass_file: ENC[AES256_GCM,data:pXWi2lC3Na8K/P+F0nUW00mq2vApw/pf5stJvlfuwEdan1GKBa9jSqJE17mq7weaMkhI1vBwDdfu/P1y7hEBzRNU3CA=,iv:3bC2mKUt8jI+Avm8UQq6b15JA2F7/usfDEh6XYJ9OZA=,tag:0pYQyWDh3w00XRQe13IrCw==,type:str]
wikijs-test:
db_password: ENC[AES256_GCM,data:lhVNTxKokGqlIssD6YMoso6KKdwxqRETg1M9DYwyGBRdq+/R4gnfUoeTiycpvyqQ9Auc8qKv00NdrhDv,iv:XyT5/0hihwEQRpDwc9OwtdrkiVQ1HlWMZgf+stHOdDs=,tag:dc76QhT//EkQw8+N8Hgmdw==,type:str]
service_env_file: ENC[AES256_GCM,data:W2SvBQFvPHIXvGQ9YY06IZDisstfTk31C71fPSsuOe3PNs0wt27079WwU4dQRcoaGvQBJs9nvI7k7OhClq/OZL2cwDU=,iv:z4sISj2G6WMenRn6/7SVKKmtmU+OweMT4MSNxaWT4+c=,tag:kngFN+KZ/M9qMJjmfgGbjA==,type:str]
murmur.env: ENC[AES256_GCM,data:bErJrzpPRrBhUeW113qt9xbJWsrxiI8YIibZ3l0=,iv:2dIlmdLKB+nktQ4/O1W3xtfcCRowW9MkxncDiDpZyck=,tag:3UkSGVKV00385iZ66rHOpw==,type:str]
transmission:
rpc_config.json: ENC[AES256_GCM,data:2dXn4De3RilQpOOtqjZQILJ7+/t8ipQHLiNuYdbQQRZC4fya0l9MLyGRuqfqeBu1B07VYSDMImV/5BZ+5ygCLk2JjhLn8NzbM3IRWg==,iv:SWqUCobb1+MzISjOTF9BySeAGXHMEbX/27MxIl5tPIE=,tag:4tat0yvkE/4njWYyr/IRfA==,type:str]
@ -70,8 +67,8 @@ sops:
azure_kv: []
hc_vault: []
age: []
lastmodified: "2023-02-07T22:18:44Z"
mac: ENC[AES256_GCM,data:rmoEZq8DCkEsw7OOY/a8c9z4JCWEe0cdgVOY2IArDEYEXj8e2s38d8djMHUwvv/7T/FjCafp8LDvlke3pYXNFOVDFMl2HJgIsLeRyVM/V38BaXbOFImid7RKv/s0QiqqucOV6ajqCUmG6SbwyB64Ju9ZWkB2NKyhiI4NxeV4Qd8=,iv:U4IwXdWSxs8Dv6mzM42G3dDyv8fWE6wahmvkwRwynmg=,tag:GMqn4GXbCvqfeTWM1POLZw==,type:str]
lastmodified: "2023-02-28T21:13:24Z"
mac: ENC[AES256_GCM,data:ov7yXSHYFFBZl3Jg6tzle5jSrqyKhVG/grU84/VBea+6J7atePYi6D4F8Sg58Sd+wsKAna9Tiz+m/mKwVtqzGipOTfvLVj+uUfEbkjHsGFgdWfoE2VCdfgfQAveFPAjS6FLR7pU6JWgARkitb7jlqvC9CrkonSK8p7fgROedkXo=,iv:j9wbjHt7i00k4azGQZL1UlEAV/bW+ye17z++FapjqIk=,tag:cA0kg/YlXbdE0o1IYAUtxw==,type:str]
pgp:
- created_at: "2021-11-29T00:57:34Z"
enc: |

16
terraform/dns.tf
View file

@ -112,22 +112,6 @@ resource "hetznerdns_record" "uptime_a" {
ttl = 600
}
resource "hetznerdns_record" "elefan-test_a" {
zone_id = data.hetznerdns_zone.froidmont_zone.id
name = "elefan-test"
value = local.storage1_ip
type = "A"
ttl = 600
}
resource "hetznerdns_record" "wikijs-test_a" {
zone_id = data.hetznerdns_zone.froidmont_zone.id
name = "wikijs-test"
value = hcloud_server.backend1.ipv4_address
type = "A"
ttl = 600
}
resource "hetznerdns_record" "transmission_a" {
zone_id = data.hetznerdns_zone.banditlair_zone.id
name = "transmission"