wip

2025-01-02 15:16:43 +01:00
parent 10613912fc
commit 1834713f98
3 changed files with 69 additions and 0 deletions
--- a/hosts/pinwheel/home.nix
+++ b/hosts/pinwheel/home.nix
@@ -3,6 +3,8 @@
  imports = [ inputs.home-manager.nixosModules.home-manager ];

  config = {
+    hardware.saleae-logic.enable = true;
+
    home-manager = {
      useGlobalPkgs = true;
      useUserPackages = true;
@@ -25,6 +27,7 @@
          pkgs.htop
          pkgs.onlyoffice-bin
          pkgs.wdisplays
+          pkgs.saleae-logic-2
        ];

        home.stateVersion = "23.05";
--- a/hosts/tadpole/modules/certs/default.nix
+++ b/hosts/tadpole/modules/certs/default.nix
@@ -17,6 +17,11 @@
        webroot = "/var/lib/acme/acme-challenge/";
        group = "nginx";
      };
+
+      "whib-api.ppp.pm" = {
+        webroot = "/var/lib/acme/acme-challenge/";
+        group = "nginx";
+      };
    };
  };
 }
--- a/hosts/tadpole/modules/whib/default.nix
+++ b/hosts/tadpole/modules/whib/default.nix
@@ -0,0 +1,61 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+let
+  enabled = config.mod.whib-backend.enable;
+in
+{
+  options = {
+    mod.whib-backend = {
+      enable = lib.mkEnableOption "enable WHIB backend";
+    };
+  };
+
+  config = lib.mkIf enabled {
+    services.whib-backend = {
+      enable = true;
+
+      domain = "whib-api.ppp.pm";
+      useACMEHost = "whib-api.ppp.pm";
+
+      backend = {
+        signingKey = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.whib-signing-key.path})";
+      };
+
+      postgres = {
+        database = "whib";
+        host = "postgres";
+        port = "5432";
+        user = "whib";
+        password = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.whib-postgres-password.path})";
+
+        backup = {
+          interval = "*-*-* 00:00:00 UTC";
+
+          gpgPassphraseFile = config.age.secrets.whib-gpg-key.path;
+
+          backblazeBucket = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.whib-backblaze-bucket.path})";
+          backblazeKeyID = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.whib-backblaze-key-id.path})";
+          backblazeKey = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.whib-backblaze-key.path})";
+        };
+      };
+
+      grafana = {
+        password = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.whib-grafana-password.path})";
+      };
+    };
+
+    age.secrets = {
+      "whib-signing-key".file = ../../../../secrets/tadpole/whib-signing-key.age;
+      "whib-postgres-password".file = ../../../../secrets/tadpole/whib-postgres-password.age;
+      "whib-gpg-key".file = ../../../../secrets/tadpole/whib-gpg-key.age;
+      "whib-backblaze-bucket".file = ../../../../secrets/tadpole/whib-backblaze-bucket.age;
+      "whib-backblaze-key-id".file = ../../../../secrets/tadpole/whib-backblaze-key-id.age;
+      "whib-backblaze-key".file = ../../../../secrets/tadpole/whib-backblaze-key.age;
+      "whib-grafana-password".file = ../../../../secrets/tadpole/whib-grafana-password.age;
+    };
+  };
+}