tadpole/test-vm: Update WHIB service

- Update `WHIB` input - Update secrets to reflect changes in input
2025-01-12 12:07:41 +01:00
parent 01cff093fd
commit c478f795f1
15 changed files with 80 additions and 91 deletions
--- a/hosts/test-vm/whib-backend.nix
+++ b/hosts/test-vm/whib-backend.nix
@@ -1,4 +1,5 @@
 {
+  pkgs,
  lib,
  config,
  ...
@@ -14,34 +15,68 @@ in
  };

  config = lib.mkIf enabled {
-    services.whib-backend = {
-      enable = true;
+    services.whib-backend =
+      let
+        backendEnvVars = pkgs.writeText "backend-env-vars" ''
+          SIGNING_KEY=signingkey
+          POSTGRES_DB=whib
+          POSTGRES_USER=whib
+          POSTGRES_PASSWORD=pgpassword
+        '';

-      backend = {
-        signingKey = "super-secret-key";
-        domain = "whib-backend.local";
-      };
+        postgresEnvVars = pkgs.writeText "postgres-env-vars" ''
+          POSTGRES_DB=whib
+          POSTGRES_USER=whib
+          POSTGRES_PASSWORD=pgpassword
+        '';

-      postgres = {
-        password = "postgrespassword";
+        postgresBackupEnvVars = pkgs.writeText "postgres-backup-env-vars" ''
+          PGDATABASE=whib
+          PGUSER=whib
+          PGPASSWORD=pgpassword
+          B2_BUCKET=a
+          B2_APPLICATION_KEY_ID=b
+          B2_APPLICATION_KEY=c
+        '';

-        backup = {
-          interval = "*-*-* *:*:00 UTC"; # Every minute, for testing
+        gpgPassphraseFile = pkgs.writeText "gpg-passphrase" ''
+          foobar
+        '';

-          # Set these for test runs
-          gpgPassphraseFile = "";
+        grafanaEnvVars = pkgs.writeText "grafana-env-vars" ''
+          GF_SECURITY_ADMIN_PASSWORD=grafanapassword
+          GF_USERS_ALLOW_SIGN_UP=false
+        '';

-          backblazeBucket = "";
-          backblazeKeyID = "";
-          backblazeKey = "";
+      in
+      {
+        enable = true;
+
+        backend = {
+          domain = "whib-backend.local";
+
+          environmentFile = backendEnvVars;
+        };
+
+        postgres = {
+          environmentFile = postgresEnvVars;
+
+          backup = {
+            interval = "*-*-* *:*:00 UTC"; # Every minute, for testing
+
+            environmentFile = postgresBackupEnvVars;
+            gpgPassphraseFile = gpgPassphraseFile;
+
+          };
+        };
+
+        grafana = {
+          domain = "grafana.local";
+
+          environmentFile = grafanaEnvVars;
        };
      };

-      grafana = {
-        password = "granfanapassword";
-      };
-    };
-
    virtualisation.vmVariant = {
      virtualisation = {
        sharedDirectories = {