extern/nixos-wiki-infra
1
0
Fork 1
mirror of https://github.com/Mic92/nixos-wiki-infra.git synced 2025-08-17 10:31:37 +02:00
Code Issues Packages Projects Releases Wiki Activity

deploy wiki on wiki.staging.julienmalka.me

Browse Source
This commit is contained in:
Julien Malka
2024-02-12 11:53:09 +01:00
parent 78b323d439
commit 9b8c8996f8
5 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
targets/nixos-wiki.nixos.org/apply.sh Executable file
View File

@ -0,0 +1,7 @@
#!/usr/bin/env bash
set -euo pipefail
rm -f .terraform.lock.hcl
tofu init -backend-config="password=$GITLAB_TOKEN" -backend-config="username=$GITLAB_USER"
tofu apply

30
targets/nixos-wiki.nixos.org/configuration.nix Normal file
View File

@ -0,0 +1,30 @@
{ self, lib, config, ... }:
let
nixosVars = builtins.fromJSON (builtins.readFile ./nixos-vars.json);
in
{
imports = [
self.nixosModules.nixos-wiki
self.nixosModules.nixos-wiki-backup
self.nixosModules.hcloud
];
users.users.root.openssh.authorizedKeys.keys = nixosVars.ssh_keys;
system.stateVersion = "23.11";
security.acme.defaults.email = "joerg.letsencrypt@thalheim.io";
sops.secrets.nixos-wiki.owner = config.services.phpfpm.pools.mediawiki.user;
sops.secrets.nixos-wiki-github-client-secret.owner = config.services.phpfpm.pools.mediawiki.user;
services.nixos-wiki = {
hostname = "wiki.staging.julienmalka.me";
adminPasswordFile = config.sops.secrets.nixos-wiki.path;
githubClientId = "Iv1.95ed182c83df1d22";
githubClientSecretFile = config.sops.secrets.nixos-wiki-github-client-secret.path;
emergencyContact = "nixos-wiki@thalheim.io";
passwordSender = "nixos-wiki@thalheim.io";
noReplyAddress = "nixos-wiki-no-reply@thalheim.io";
};
sops.defaultSopsFile = ./secrets.yaml;
boot.loader.grub.devices = lib.mkForce [ "/dev/sda" ];
}

1
targets/nixos-wiki.nixos.org/nixos-vars.json Normal file
View File

@ -0,0 +1 @@
{"ipv6_address":"2a01:4f9:c012:8178::1","ssh_keys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE joerg@turingmachine","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMBW7rTtfZL9wtrpCVgariKdpN60/VeAzXkh9w3MwbO julien@enigma"]}

50
targets/nixos-wiki.nixos.org/secrets.yaml Normal file
View File

@ -0,0 +1,50 @@
nixos-wiki: ENC[AES256_GCM,data:PDVoovlVdCYr/rI6a8igNp8D7B6Ni+yY,iv:x/+Yro8tbSnEY+ELYx+UJKRzveidrpqHp7iC7e3ymc4=,tag:pgLVTxGqmOOQ6FMUgTLaYQ==,type:str]
nixos-wiki-github-client-secret: ENC[AES256_GCM,data:ggkzMlolTHxo4Jh4fBN4Ot5RJgESovrRjZ6FmQkVuLAgQfX22KjE4w==,iv:plmxJQoRcaFZ1hmFHgOnUofp2pHrNITdL/a1d3tFtag=,tag:28MHko3esZKKXJps4GlTSQ==,type:str]
age-key: ENC[AES256_GCM,data:ldlaCHNf99r6zaihQHXPZ0QyY6/KGZR3oRMKo7xiKH7EVjgmKzS8knjDDqwq29D25L1jbVPAmScPEHppbM58xU7nOx4lIpl3qKE=,iv:EHKnKwdHqlKwGrBNbCaoaB8m6xgYSJecUBJgtdZn8kU=,tag:xVs3HfQ8Qip65CIGti9k0w==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5bTM3cDN5clprd0JENXpB
RmJHYm8zak8xa21LYVhTS2VTVTg5akRyb3lnCnpPU05KTHhtVG9hMlYyMDhIbzd1
NkpOck5SUTNJZkdNUFVyb2x3RGdYQkUKLS0tIGRORUVXWHNDZXF0bmtHaDlqZHU4
UWJ2Z2VLSDBXQXBmaW4zeWU2NUt1Q1UKbb0V/aQ0gukeN/F+nDVzAQI79X7bNZtQ
Cy8JZh8+NCXx9IYDQHbsvVsq//M69UO1WJjqiAIOa/LUOtytcJ3FOw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1eq0e6uhjj2tja8v338tkdz8ema2aw5anpuyaq2uru7rt4lq7msyqqut6m2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3NXdnRUtWQWFWWGJuUzZS
ZGdPRGw5Qms3Mjh5N05aREFNWFloOWF4QTBrCnBIY2RDaTd0TE5ydTMyQzU5bitn
eWI3OHZLTWhRWThJVjVGcElLN3lWS2sKLS0tIFVPSWVrTXBib3M0OThhV2x0eXJF
TFgyV01iWk5RQXQzLzlna1NEd1MwWncKiZHoBrCZq2qfZIm+jbsv14QTvD5owODz
bLnTzQ7O3TIEsyuNXlpIeNjTZXEcSmRj981WScxTYvEwy9vcJq/6+w==
-----END AGE ENCRYPTED FILE-----
- recipient: age109qksyjgdnf7elnk98dh4vtxt0epju7xjemlqng0j0x75st5zg9qm9h3hy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQdUVSNGdTcDQycEpvMkVz
VlJlZkZ2M043azhMa3o4U1hxOGcvbUxEejN3CnAvN0ZuUDJtRzVGMHNteDVaY0Jr
UTJyVjlKNFFETlFWbU80R0YxREF1Y2MKLS0tIFVwUFo0RHU1TEJuQ1RNY2pXZnUz
VjlCN2NnQnIzcHpvU0IwQmgwWFprYTgKaWBhrnch+ufylR4a0Lhc+fB8D2Q/NJ6p
bpxZK0wwlOgv7ZB0l9x4sJUq9gRpLYTinx0Rr2C/SlkOOIEzx0TbJA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1p3dl7q5ahjdhl3g72mqk9pxy3gcptw9dqmg6syq9f9s03ppqp4rsqm93n2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwcFFiMklwQW9nQlpqUjNW
cDc3Z2tVUVBzWTNlcFJ4YkZzcmw4NzZDU1JZClRmQmdGaElCWTRuSCtsZVpjTUk0
SFNRY0FGeEx6NkxlWHNtTWxQUzlKajQKLS0tIExCUXFXMWZTVk1CTHVxUzBhYmM0
NzdoVWR3TlBrZHYzYzBKelc0UTRvbUkK6O1Lpi6hcMHyFA3E8yJO+1LkXR/10xnW
ViKILGcsw4AdsRGNL5fHxQECR11WsEARetpX5GlixC0lvS/Til8YWA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-24T15:17:00Z"
mac: ENC[AES256_GCM,data:jPInsdN9mTROhh+fyYb4JSy937fuSGr6lhRIZhDc8alOO7TYnF9GSbum3KPPHYLm8LPKLQK19umyik7a5P/c983sfRHhaOibAugtPQT3fzw0/jAjwUJ9F4t9zhrZ6k7KfU9eO/34vFM0uKYhq+wUV9ztgDLJbARmtO0Dka1ks7w=,iv:NudkNhomCsFlqkU/QjQcrsqoTdAJC7HzJDpRuqHCx7s=,tag:K20RqA4EcDmm5V27ZGPGpg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

30
targets/nixos-wiki.nixos.org/terraform.tf Normal file
View File

@ -0,0 +1,30 @@
terraform {
backend "http" {
address = "https://gitlab.com/api/v4/projects/54760013/terraform/state/nixos-wiki2.thalheim.io"
lock_address = "https://gitlab.com/api/v4/projects/54760013/terraform/state/nixos-wiki2.thalheim.io/lock"
unlock_address = "https://gitlab.com/api/v4/projects/54760013/terraform/state/nixos-wiki2.thalheim.io/lock"
lock_method = "POST"
unlock_method = "DELETE"
retry_wait_min = "5"
}
}
module "wiki" {
source = "../../terraform/nixos-wiki"
domain = "nixos-wiki2.thalheim.io"
nixos_flake_attr = "nixos-wiki-nixos-org"
nixos_vars_file = "${path.module}/nixos-vars.json"
sops_file = abspath("${path.module}/secrets.yaml")
tags = {
Terraform = "true"
Target = "wiki.nixos.org"
}
}
output "ipv4_address" {
value = module.wiki.ipv4_address
}
output "ipv6_address" {
value = module.wiki.ipv6_address
}