tadpole: Add secrets for whib service

test-vm: Add WHIB backend
2024-12-22 15:38:37 +01:00 · 2024-12-22 15:38:37 +01:00
10 changed files with 169 additions and 8 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -241,7 +241,8 @@
        "nix-gc-env": "nix-gc-env",
        "nixos-hardware": "nixos-hardware",
        "nixpkgs": "nixpkgs",
-        "pppdotpm-site": "pppdotpm-site"
+        "pppdotpm-site": "pppdotpm-site",
        "whib-backend": "whib-backend"
      }
    },
    "systems": {
@@ -258,6 +259,27 @@
        "repo": "default",
        "type": "github"
      }
    },
    "whib-backend": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1734875198,
        "narHash": "sha256-nTrmbQjVANsbTJ+uzL95MXZq8nTbJ/Ar4qfeHMfVtlE=",
        "ref": "master",
        "rev": "18225f1644a3fba957ed27d7ec92d03a3eea5579",
        "revCount": 362,
        "type": "git",
        "url": "ssh://gitea@git.ppp.pm:1122/alex/whib.git"
      },
      "original": {
        "ref": "master",
        "type": "git",
        "url": "ssh://gitea@git.ppp.pm:1122/alex/whib.git"
      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@@ -37,6 +37,11 @@
      url = "git+ssh://gitea@git.ppp.pm:1122/alex/ppp.pm-site.git?ref=main";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    whib-backend = {
      url = "git+ssh://gitea@git.ppp.pm:1122/alex/whib.git?ref=master";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };
  outputs =
@@ -77,13 +82,20 @@
          ];
        };
-        test-vm = inputs.nixpkgs.lib.nixosSystem {
+        test-vm =
-          system = "x86_64-linux";
+          let
-          specialArgs = {
+            system = "x86_64-linux";
-            inherit inputs;
+          in
          inputs.nixpkgs.lib.nixosSystem {
            inherit system;
            specialArgs = {
              inherit inputs;
            };
            modules = [
              ./hosts/test-vm/configuration.nix
              inputs.whib-backend.nixosModules.${system}.default
            ];
          };
          modules = [ ./hosts/test-vm/configuration.nix ];
        };
      };
      devShells =
--- a/hosts/pinwheel/home.nix
+++ b/hosts/pinwheel/home.nix
@@ -14,6 +14,8 @@
        home.homeDirectory = "/home/alex";
        home.packages = [
          inputs.whib-backend.packages.${pkgs.system}.whib-import
          pkgs.beekeeper-studio
          pkgs.bitwarden-desktop
          pkgs.gimp
          pkgs.zip
--- a/hosts/test-vm/configuration.nix
+++ b/hosts/test-vm/configuration.nix
@@ -2,6 +2,7 @@
 {
  imports = [
    ./ppp.pm-site.nix
    ./whib-backend.nix
  ];
  config = {
@@ -10,7 +11,8 @@
    networking.hostName = "test-vm";
    mod = {
-      pppdotpm-site.enable = true;
+      pppdotpm-site.enable = false;
      whib-backend.enable = true;
    };
    users.users.a = {
--- a/hosts/test-vm/whib-backend.nix
+++ b/hosts/test-vm/whib-backend.nix
@@ -0,0 +1,89 @@
 {
  lib,
  config,
  ...
 }:
 let
  enabled = config.mod.whib-backend.enable;
 in
 {
  options = {
    mod.whib-backend = {
      enable = lib.mkEnableOption "enable WHIB backend";
    };
  };
  config = lib.mkIf enabled {
    services.whib-backend = {
      enable = true;
      domain = "whib-backend.local";
      backend = {
        signingKey = "super-secret-key";
      };
      postgres = {
        password = "postgrespassword";
        backup = {
          interval = "*-*-* *:*:00 UTC"; # Every minute, for testing
          # Set these for test runs
          gpgPassphraseFile = "";
          backblazeBucket = "";
          backblazeKeyID = "";
          backblazeKey = "";
        };
      };
      grafana = {
        password = "granfanapassword";
      };
    };
    virtualisation.vmVariant = {
      virtualisation = {
        sharedDirectories = {
          my-shared = {
            source = "/home/alex/whib-backup";
            target = "/mnt/shared";
          };
        };
        forwardPorts = [
          {
            # Service API
            from = "host";
            host.port = 8080;
            guest.port = 8080;
          }
          {
            # Service Metrics
            from = "host";
            host.port = 8181;
            guest.port = 8181;
          }
          {
            # Postgres
            from = "host";
            host.port = 5432;
            guest.port = 5432;
          }
          {
            # Grafana
            from = "host";
            host.port = 3000;
            guest.port = 3000;
          }
          {
            # Prometheus
            from = "host";
            host.port = 9090;
            guest.port = 9090;
          }
        ];
      };
    };
  };
 }
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -47,4 +47,9 @@ in {
  "tadpole/alex.tadpole-git.ppp.pm.age".publicKeys = [ tadpole alex ];
  "tadpole/alex.tadpole-git.ppp.pm.pub.age".publicKeys = [ tadpole alex ];
  "tadpole/gitea-dbpassword.age".publicKeys = [ tadpole alex ];
  "tadpole/whib-gpg-key.age".publicKeys = [ tadpole alex ];
  "tadpole/whib-backblaze-bucket.age".publicKeys = [ tadpole alex ];
  "tadpole/whib-backblaze-key-id.age".publicKeys = [ tadpole alex ];
  "tadpole/whib-backblaze-key.age".publicKeys = [ tadpole alex ];
 }
--- a/secrets/tadpole/whib-backblaze-bucket.age
+++ b/secrets/tadpole/whib-backblaze-bucket.age
@@ -0,0 +1,7 @@
 age-encryption.org/v1
 -> ssh-ed25519 5R7G9A V2ngjouYa4wi42HngK3TQfGRNqZ+gW4iQ01HxdnfNxo
 vvK7WyZkdH/vmeBrC8cs3neLpaZ8RryvYg61sBzf12A
 -> ssh-ed25519 +oNaHQ 1pK15FPOkaejA0GfotISM2ATOcE8tsUgZOpL0PONC08
 dDjq/2ZH/FHgLCQHgRaYba/3JtOvHl4k9GgzxyQw+L4
 --- yyW+//7KvwvcTHs76bPxtG9TUrFgJzp7KtqaqjP/0GY
 <EFBFBD><EFBFBD>~<7E><>}"[<5B>~nIm<49><6D><EFBFBD>2<EFBFBD><32>t<EFBFBD><74><EFBFBD>T<EFBFBD><54>xw<78>T<EFBFBD><54><EFBFBD>5,5^<5E><>w<EFBFBD><77>6l<36><6C>T<EFBFBD><54>(<28>
--- a/secrets/tadpole/whib-backblaze-key-id.age
+++ b/secrets/tadpole/whib-backblaze-key-id.age
@@ -0,0 +1,8 @@
 age-encryption.org/v1
 -> ssh-ed25519 5R7G9A YRCagpPHZ/4X9VyWgxWbugjSdYTzSUD2ncgWunzYVFs
 7SKYPayWt4XGG5YVB3yKt+dpGKOBtJW3E/LZq3eJmGI
 -> ssh-ed25519 +oNaHQ EHjg/EH4AbcqEHp27hhJqOLwa9P7sz2iavqIvkBkFQA
 T/2Po7X5FFb575QSxvvE1LqwZpFoDX/gnKLopBw/NMU
 --- 2cWhyrmkeeeiYNTyhJri/UHVhLqU0fJ3Py34rzhmr7c
 clN<>2<EFBFBD>ʍ<EFBFBD><CA8D>y~<7E>,lsX<73><58><EFBFBD><EFBFBD>s.<2E><>4<EFBFBD>*!<21><><EFBFBD>j<EFBFBD>c
 ]u<>Ʒ<EFBFBD>z<EFBFBD>g<EFBFBD><67><06><>;F
--- a/secrets/tadpole/whib-backblaze-key.age
+++ b/secrets/tadpole/whib-backblaze-key.age
@@ -0,0 +1,7 @@
 age-encryption.org/v1
 -> ssh-ed25519 5R7G9A /exiuF2v+lsAUID7eT53DooUgVnQHsE0lJOPgdbLuzU
 KPZKG2vYo7hczQ9iRTubb8mBUM9F3E19+1T6GExhsJM
 -> ssh-ed25519 +oNaHQ 6/BOd1ahNHbKPH6V4DwiSWQ2MFPztTAqBHTc8V1HJFw
 IF8V4HtNQqYzK58WdxYg1e2bfh9T7keV67VR/VzCUz0
 --- WuqN3ez4lofmNyDaaKKXA23lFtnd+2VwuG7wT28u0xU
 СQ<EFBFBD><EFBFBD>Vd<EFBFBD><EFBFBD><08><>>\<5C><11><15>
--- a/secrets/tadpole/whib-gpg-key.age
+++ b/secrets/tadpole/whib-gpg-key.age
@@ -0,0 +1,7 @@
 age-encryption.org/v1
 -> ssh-ed25519 5R7G9A ORTl5WSeg4vSKUAwzCp9ABRL02SvjFZrBHuWLMbSmxI
 obXt5wHXbfkdOAXwPySZeFelSFwJnCoH1EExtXNmBio
 -> ssh-ed25519 +oNaHQ vxTHufUlEwbuztnIsCcprfXonpNUlv1ZcHQpEQjGtz8
 uFym0SgmM6LZRqJrSPMLHI6DLZ5t/WLvKP0dMvM8bUc
 --- 7UQLcCs/G20iP2YlwjCEmpFcXgqJfQacqSVGBBPmAbY
 y<>ӆ<EFBFBD><D386>'<27>_K<07><>f<EFBFBD>3<EFBFBD>;<EFBFBD>X<EFBFBD><58><EFBFBD><EFBFBD>_<EFBFBD>tu[<5B>\<10><><EFBFBD><1F>)uK<75><4B>,ƫ<>zq񐏭<71>|<7C>1!X<>YY<59>g<EFBFBD>7<><37>Eڛ<>^<5E><>
Author	SHA1	Message	Date
Alexander Heldt	10613912fc	tadpole: Add secrets for `whib` service	2024-12-22 15:38:37 +01:00
Alexander Heldt	5b9a15f7cf	test-vm: Add `WHIB backend`	2024-12-22 15:38:37 +01:00