Compare commits
8 Commits
main
...
19a0c3d97d
| Author | SHA1 | Date | |
|---|---|---|---|
|
19a0c3d97d | ||
|
|
189cd4fe35 | ||
|
|
b19d28c442 | ||
|
|
105aed70b4 | ||
|
|
506f0574de | ||
|
|
943db9b011 | ||
|
|
045bfd269b | ||
|
|
b922b286b4 |
10
README.md
10
README.md
@@ -25,3 +25,13 @@ EDITOR=vim agenix -d "some-secret.age" -i ~/.ssh/alex.pinwheel
|
||||
|
||||
Or use some other SSH key that is has been used to key the secret.
|
||||
|
||||
# Test VM
|
||||
Build the test VM with the command:
|
||||
```
|
||||
cm --build-test-vm
|
||||
```
|
||||
|
||||
and test it with:
|
||||
```
|
||||
cm --run-test-vm
|
||||
```
|
||||
|
||||
20
flake.lock
generated
20
flake.lock
generated
@@ -241,7 +241,8 @@
|
||||
"nix-gc-env": "nix-gc-env",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"pppdotpm-site": "pppdotpm-site"
|
||||
"pppdotpm-site": "pppdotpm-site",
|
||||
"whib-backend": "whib-backend"
|
||||
}
|
||||
},
|
||||
"systems": {
|
||||
@@ -258,6 +259,23 @@
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"whib-backend": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1733056232,
|
||||
"narHash": "sha256-TlGxaIEzV+4dithjWT4xtl/yOgayHIqZqj7okKufF8E=",
|
||||
"path": "/home/alex/code/own/whib",
|
||||
"type": "path"
|
||||
},
|
||||
"original": {
|
||||
"path": "/home/alex/code/own/whib",
|
||||
"type": "path"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
|
||||
17
flake.nix
17
flake.nix
@@ -37,6 +37,12 @@
|
||||
url = "git+ssh://gitea@git.ppp.pm:1122/alex/ppp.pm-site.git?ref=main";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
whib-backend = {
|
||||
# url = "git+ssh://gitea@git.ppp.pm:1122/alex/whib.git?ref=nix-flake";
|
||||
url = "path:/home/alex/code/own/whib";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
};
|
||||
|
||||
outputs =
|
||||
@@ -77,12 +83,19 @@
|
||||
];
|
||||
};
|
||||
|
||||
test-vm = inputs.nixpkgs.lib.nixosSystem {
|
||||
test-vm =
|
||||
let
|
||||
system = "x86_64-linux";
|
||||
in
|
||||
inputs.nixpkgs.lib.nixosSystem {
|
||||
inherit system;
|
||||
specialArgs = {
|
||||
inherit inputs;
|
||||
};
|
||||
modules = [ ./hosts/test-vm/configuration.nix ];
|
||||
modules = [
|
||||
./hosts/test-vm/configuration.nix
|
||||
inputs.whib-backend.nixosModules.${system}.default
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
@@ -14,6 +14,8 @@
|
||||
home.homeDirectory = "/home/alex";
|
||||
|
||||
home.packages = [
|
||||
inputs.whib-backend.packages.${pkgs.system}.whib-import
|
||||
pkgs.beekeeper-studio
|
||||
pkgs.bitwarden-desktop
|
||||
pkgs.gimp
|
||||
pkgs.zip
|
||||
|
||||
@@ -2,6 +2,7 @@
|
||||
{
|
||||
imports = [
|
||||
./ppp.pm-site.nix
|
||||
./whib-backend.nix
|
||||
];
|
||||
|
||||
config = {
|
||||
@@ -10,7 +11,8 @@
|
||||
networking.hostName = "test-vm";
|
||||
|
||||
mod = {
|
||||
pppdotpm-site.enable = true;
|
||||
pppdotpm-site.enable = false;
|
||||
whib-backend.enable = true;
|
||||
};
|
||||
|
||||
users.users.a = {
|
||||
@@ -18,16 +20,30 @@
|
||||
extraGroups = [ "wheel" ];
|
||||
password = "a";
|
||||
};
|
||||
services.getty.autologinUser = "a";
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
|
||||
virtualisation.vmVariant = {
|
||||
# following configuration is added only when building VM with build-vm
|
||||
virtualisation = {
|
||||
diskSize = 4096;
|
||||
memorySize = 2048;
|
||||
cores = 3;
|
||||
graphics = false;
|
||||
};
|
||||
};
|
||||
|
||||
# Resize terminal to host terminal size
|
||||
environment.loginShellInit = ''
|
||||
${pkgs.xterm}/bin/resize
|
||||
|
||||
echo alias 'sd' can be used to shutdown the VM
|
||||
'';
|
||||
|
||||
environment.interactiveShellInit = ''
|
||||
alias sd='sudo shutdown now'
|
||||
'';
|
||||
|
||||
environment.systemPackages = [ ];
|
||||
|
||||
system.stateVersion = "24.05";
|
||||
|
||||
89
hosts/test-vm/whib-backend.nix
Normal file
89
hosts/test-vm/whib-backend.nix
Normal file
@@ -0,0 +1,89 @@
|
||||
{
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}:
|
||||
let
|
||||
enabled = config.mod.whib-backend.enable;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
mod.whib-backend = {
|
||||
enable = lib.mkEnableOption "enable WHIB backend";
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf enabled {
|
||||
environment.systemPackages = [ pkgs.gnupg ];
|
||||
|
||||
services.whib-backend = {
|
||||
enable = true;
|
||||
domain = "whib-backend.local";
|
||||
|
||||
backend = {
|
||||
signingKey = "super-secret-key";
|
||||
};
|
||||
|
||||
postgres = {
|
||||
password = "postgrespassword";
|
||||
|
||||
backup = {
|
||||
gpgPassphraseFile = ./whib-gpgPassfile;
|
||||
|
||||
backblazeBucket = "whib-postgres-backups";
|
||||
backblazeKeyID = "003867c33cd1a9b0000000003";
|
||||
backblazeKey = "K003+GUNG0lwTOMS5EheKC9YzgxFzuU";
|
||||
};
|
||||
};
|
||||
|
||||
grafana = {
|
||||
password = "granfanapassword";
|
||||
};
|
||||
};
|
||||
|
||||
virtualisation.vmVariant = {
|
||||
virtualisation = {
|
||||
sharedDirectories = {
|
||||
my-shared = {
|
||||
source = "/home/alex/whib-backup";
|
||||
target = "/mnt/shared";
|
||||
};
|
||||
};
|
||||
|
||||
forwardPorts = [
|
||||
{
|
||||
# Service API
|
||||
from = "host";
|
||||
host.port = 8080;
|
||||
guest.port = 8080;
|
||||
}
|
||||
{
|
||||
# Service Metrics
|
||||
from = "host";
|
||||
host.port = 8181;
|
||||
guest.port = 8181;
|
||||
}
|
||||
{
|
||||
# Postgres
|
||||
from = "host";
|
||||
host.port = 5432;
|
||||
guest.port = 5432;
|
||||
}
|
||||
{
|
||||
# Grafana
|
||||
from = "host";
|
||||
host.port = 3000;
|
||||
guest.port = 3000;
|
||||
}
|
||||
{
|
||||
# Prometheus
|
||||
from = "host";
|
||||
host.port = 9090;
|
||||
guest.port = 9090;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
1
hosts/test-vm/whib-gpgPassfile
Normal file
1
hosts/test-vm/whib-gpgPassfile
Normal file
@@ -0,0 +1 @@
|
||||
abc123
|
||||
Reference in New Issue
Block a user