deploy binary cache
This commit is contained in:
parent
84dbe47895
commit
ba3af50dd5
|
@ -1,6 +1,11 @@
|
||||||
{
|
{
|
||||||
description = "Dependencies to deploy a clan";
|
description = "Dependencies to deploy a clan";
|
||||||
|
|
||||||
|
nixConfig = {
|
||||||
|
extra-substituters = [ "https://cache.clan.lol" ];
|
||||||
|
extra-trusted-public-keys = [ "cache.clan.lol-1:j83TYLUVsrSXZvQdMoY+Ms81Xd/nO8GNuQQHqphzRSg=" ];
|
||||||
|
};
|
||||||
|
|
||||||
inputs = {
|
inputs = {
|
||||||
# https://github.com/NixOS/nixpkgs/pull/241526
|
# https://github.com/NixOS/nixpkgs/pull/241526
|
||||||
nixpkgs.url = "github:Mic92/nixpkgs/cloud-init";
|
nixpkgs.url = "github:Mic92/nixpkgs/cloud-init";
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
./homepage.nix
|
./homepage.nix
|
||||||
./gitea
|
./gitea
|
||||||
./postfix.nix
|
./postfix.nix
|
||||||
|
./harmonia.nix
|
||||||
../zerotier
|
../zerotier
|
||||||
../zerotier/ctrl.nix
|
../zerotier/ctrl.nix
|
||||||
];
|
];
|
||||||
|
|
24
modules/web01/harmonia.nix
Normal file
24
modules/web01/harmonia.nix
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
{ config, ... }: {
|
||||||
|
services.harmonia.enable = true;
|
||||||
|
# $ nix-store --generate-binary-cache-key cache.yourdomain.tld-1 harmonia.secret harmonia.pub
|
||||||
|
services.harmonia.signKeyPath = config.sops.secrets.harmonia-key.path;
|
||||||
|
sops.secrets.harmonia-key = { };
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."cache.clan.lol" = {
|
||||||
|
useACMEHost = "thalheim.io";
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/".extraConfig = ''
|
||||||
|
proxy_pass http://127.0.0.1:5000;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_redirect http:// https://;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection $connection_upgrade;
|
||||||
|
|
||||||
|
zstd on;
|
||||||
|
zstd_types application/x-nix-archive;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
|
@ -7,6 +7,7 @@ in
|
||||||
self.nixosModules.web01
|
self.nixosModules.web01
|
||||||
self.nixosModules.hcloud
|
self.nixosModules.hcloud
|
||||||
];
|
];
|
||||||
|
sops.defaultSopsFile = ./secrets.yaml;
|
||||||
users.users.root.openssh.authorizedKeys.keys = nixosVars.ssh_keys;
|
users.users.root.openssh.authorizedKeys.keys = nixosVars.ssh_keys;
|
||||||
system.stateVersion = "23.05";
|
system.stateVersion = "23.05";
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
ssh_host_ed25519_key: ENC[AES256_GCM,data:68nXUeyy7xh/KKdd4ajdrkuzc54ZpnXhMpPjaDYtwMLlHja/O/t7g4IlVgLTKWwgMbr5/lAj04cEI99dAuoARaE+p4ldQeQNzPb7ZOPyRmSnBgO/qgtZoKNLaIX7q+Mwl+vsa2d2ZSHG8Fu7hzNIELWHQoaIFi782U+yKt2LHhahdVyY/FUPcymi0EtrwCqBHKSlEu+SXiwDXT4f+PCBtyaCJT4T4Mo2+TbERur9r9YOnKG2GEg46lDwTrr6FMya5K2WBks7AQwQ+rpoHCEy05tTg3GTJd8DypLhemrHMD7HeYzRf+HnVCyTngxmoquCD5/g9OM+fu63GIsnbGItWxREfjfzvODKuPaVCOat4mWQr1pLch1lcIkxQhU4EXg4LgHUMXFnQFrR8rvRT++YK1nRLB3w/lyvU4PAoocYlNR3G9JEClRnu4GH615ILEjXhyUZyAHIGx1+W7M6j4aGFhm3NOJWCTctaFd5r6uUeTqDpV757UzgHIR5lhtlfjeL41r3mmN09os/HpKt9EZ0,iv:+T4xz2xvyerO/ffW/YAKUkf5B/UVL8cUOl/ifWKIIx4=,tag:NTJklV5yqMT7uq0TvclhIA==,type:str]
|
ssh_host_ed25519_key: ENC[AES256_GCM,data:68nXUeyy7xh/KKdd4ajdrkuzc54ZpnXhMpPjaDYtwMLlHja/O/t7g4IlVgLTKWwgMbr5/lAj04cEI99dAuoARaE+p4ldQeQNzPb7ZOPyRmSnBgO/qgtZoKNLaIX7q+Mwl+vsa2d2ZSHG8Fu7hzNIELWHQoaIFi782U+yKt2LHhahdVyY/FUPcymi0EtrwCqBHKSlEu+SXiwDXT4f+PCBtyaCJT4T4Mo2+TbERur9r9YOnKG2GEg46lDwTrr6FMya5K2WBks7AQwQ+rpoHCEy05tTg3GTJd8DypLhemrHMD7HeYzRf+HnVCyTngxmoquCD5/g9OM+fu63GIsnbGItWxREfjfzvODKuPaVCOat4mWQr1pLch1lcIkxQhU4EXg4LgHUMXFnQFrR8rvRT++YK1nRLB3w/lyvU4PAoocYlNR3G9JEClRnu4GH615ILEjXhyUZyAHIGx1+W7M6j4aGFhm3NOJWCTctaFd5r6uUeTqDpV757UzgHIR5lhtlfjeL41r3mmN09os/HpKt9EZ0,iv:+T4xz2xvyerO/ffW/YAKUkf5B/UVL8cUOl/ifWKIIx4=,tag:NTJklV5yqMT7uq0TvclhIA==,type:str]
|
||||||
|
harmonia-key: ENC[AES256_GCM,data:pZObqfbLogp0DYs47Tg2STKT9HptPSiP4sgcf31FD68PKSWhkgJbdY3gO/pfa0zsnvZTrAiljR8Ugh/x9z70T/XhjgZ/dIKqtcrGw0or9WPDmVzD4UHYm6iWR30MZLa9EBK0GFInlcSa/g==,iv:9HRnOaqP1iKMyyRX7evl6woZgfw9h4t7mBD98v/iBng=,tag:MQDio//aEOAOTVWlgADYDQ==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -32,8 +33,8 @@ sops:
|
||||||
Q2J3VHNZZm13RlFwekJ6MHpPTmpZek0KiOqGozDqC5QQop5y+Scq+QHhVSXX43Ix
|
Q2J3VHNZZm13RlFwekJ6MHpPTmpZek0KiOqGozDqC5QQop5y+Scq+QHhVSXX43Ix
|
||||||
KS496VWzRCdXYdgMk9gleA0AjaOGdAZOzdxsMQrWo+XfHrCy/1fU/w==
|
KS496VWzRCdXYdgMk9gleA0AjaOGdAZOzdxsMQrWo+XfHrCy/1fU/w==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-07-05T15:15:11Z"
|
lastmodified: "2023-07-05T15:22:34Z"
|
||||||
mac: ENC[AES256_GCM,data:oLM6L2SAPSypW2sbGnaE0hmRW8BoFxIT6RfGUAr2I8Q+K0wN4dUW1Cq+q8Ecfa4IJ8eI2iCw/7x8ZwlWiUFnreeaEGXIS2SEMMitwOUzfzB0QCXYIuQUxgH1KCpNwNKm/3cEg0GrWFim0SSSZztVsHQh5++Qa7WDXKYFQJLG+Fc=,iv:P9DUDlL9g5Q7fJyi7OvVDMyPQKbX1OzYKgQ19f+wrfI=,tag:An0m7oXeUACxWDVackxXAQ==,type:str]
|
mac: ENC[AES256_GCM,data:sSrzzvy97ok92DNRP9rDruu+lPlG2NZEKTL7E7lCLCtSkbRh1ciVAEuavRhnGFBB4jCYNwT43oyLNOq9oVY3G7d2sehalMxG0DNpOkyeSkVcYv5DKQzSwd08rq0sl6MGMcEdJ4wx7lYGtHiN4NoPhzpqi9SyesSCsHcYzJ2uNfM=,iv:6jUTtEDY2zzn/7ZsmymY7gqafBmQ1791iWw6La9VD9A=,tag:46mE6aDPnkdzqcwzyouhXg==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.7.3
|
version: 3.7.3
|
||||||
|
|
File diff suppressed because one or more lines are too long
|
@ -59,6 +59,20 @@ resource "netlify_dns_record" "mail_aaaa" {
|
||||||
value = hcloud_server.server.ipv6_address
|
value = hcloud_server.server.ipv6_address
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "netlify_dns_record" "cache_a" {
|
||||||
|
zone_id = netlify_dns_zone.server.id
|
||||||
|
hostname = "cache.${var.domain}"
|
||||||
|
type = "A"
|
||||||
|
value = hcloud_server.server.ipv4_address
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "netlify_dns_record" "cache_aaaa" {
|
||||||
|
zone_id = netlify_dns_zone.server.id
|
||||||
|
hostname = "cache.${var.domain}"
|
||||||
|
type = "AAAA"
|
||||||
|
value = hcloud_server.server.ipv6_address
|
||||||
|
}
|
||||||
|
|
||||||
# for sending emails
|
# for sending emails
|
||||||
resource "netlify_dns_record" "spf" {
|
resource "netlify_dns_record" "spf" {
|
||||||
zone_id = netlify_dns_zone.server.id
|
zone_id = netlify_dns_zone.server.id
|
||||||
|
@ -89,6 +103,7 @@ resource "netlify_dns_record" "dmarc" {
|
||||||
value = "v=DMARC1; p=none; adkim=r; aspf=r; rua=mailto:joerc.dmarc@thalheim.io; ruf=mailto:joerg.dmarc@thalheim.io; pct=100"
|
value = "v=DMARC1; p=none; adkim=r; aspf=r; rua=mailto:joerc.dmarc@thalheim.io; ruf=mailto:joerg.dmarc@thalheim.io; pct=100"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
resource "hcloud_rdns" "master_a" {
|
resource "hcloud_rdns" "master_a" {
|
||||||
server_id = hcloud_server.server.id
|
server_id = hcloud_server.server.id
|
||||||
ip_address = hcloud_server.server.ipv4_address
|
ip_address = hcloud_server.server.ipv4_address
|
||||||
|
|
Loading…
Reference in New Issue
Block a user