blueberry: tailscale
This commit is contained in:
parent
1e32f79bbf
commit
882ec71640
3 changed files with 9 additions and 42 deletions
8
Justfile
8
Justfile
|
|
@ -53,12 +53,20 @@ update:
|
||||||
gc generations="5d":
|
gc generations="5d":
|
||||||
sudo nix-env --delete-generations {{generations}}
|
sudo nix-env --delete-generations {{generations}}
|
||||||
sudo nix-store --gc
|
sudo nix-store --gc
|
||||||
|
sudo nix-collect-garbage -d
|
||||||
|
nix-collect-garbage
|
||||||
|
|
||||||
# Add a machine's age key for SOPS
|
# Add a machine's age key for SOPS
|
||||||
sops-add machine_name target:
|
sops-add machine_name target:
|
||||||
bun tools/onboard-machine.js {{machine_name}} {{target}}
|
bun tools/onboard-machine.js {{machine_name}} {{target}}
|
||||||
sops updatekeys -y secrets/default.yaml
|
sops updatekeys -y secrets/default.yaml
|
||||||
|
|
||||||
|
# Generate a SOPS keys file
|
||||||
sops-generate-keys:
|
sops-generate-keys:
|
||||||
sudo cat /etc/ssh/ssh_host_ed25519_key | ssh-to-age --private-key > .sops.keys
|
sudo cat /etc/ssh/ssh_host_ed25519_key | ssh-to-age --private-key > .sops.keys
|
||||||
cat ~/.ssh/id_ed25519 | ssh-to-age --private-key >> .sops.keys
|
cat ~/.ssh/id_ed25519 | ssh-to-age --private-key >> .sops.keys
|
||||||
|
|
||||||
|
deploy target_host target_override="":
|
||||||
|
TARGET=
|
||||||
|
if [ "{{target_override}}" == "" ]; then TARGET=$(cat nixos/hosts/{{target_host}}/.target); else TARGET="{{target_override}}"; fi
|
||||||
|
@echo "TARGET=$TARGET"
|
||||||
|
|
|
||||||
|
|
@ -5,51 +5,10 @@
|
||||||
../../server.nix
|
../../server.nix
|
||||||
../../features/systemd-boot.nix
|
../../features/systemd-boot.nix
|
||||||
../../features/podman.nix
|
../../features/podman.nix
|
||||||
|
../../tailscale.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.hostName = "blueberry";
|
networking.hostName = "blueberry";
|
||||||
system.stateVersion = "23.05";
|
system.stateVersion = "23.05";
|
||||||
services.qemuGuest.enable = true;
|
services.qemuGuest.enable = true;
|
||||||
|
|
||||||
sops.secrets."saerro/database/url" = {
|
|
||||||
sopsFile = ../../../secrets/blueberry/default.yaml;
|
|
||||||
};
|
|
||||||
|
|
||||||
sops.secrets."saerro/database/password" = {
|
|
||||||
sopsFile = ../../../secrets/blueberry/default.yaml;
|
|
||||||
};
|
|
||||||
|
|
||||||
sops.secrets."saerro/ws_addr" = {
|
|
||||||
sopsFile = ../../../secrets/blueberry/default.yaml;
|
|
||||||
};
|
|
||||||
|
|
||||||
pods.enable = true;
|
|
||||||
pods.pods.saerro = {
|
|
||||||
routes = let
|
|
||||||
route = { port = "8003"; };
|
|
||||||
in {
|
|
||||||
"saerro.ps2.live" = route;
|
|
||||||
"saerro-new.ps2.live" = route;
|
|
||||||
};
|
|
||||||
|
|
||||||
exportPorts = [
|
|
||||||
"0.0.0.0:8003:8003"
|
|
||||||
];
|
|
||||||
|
|
||||||
containers = {
|
|
||||||
api = {
|
|
||||||
image = "ghcr.io/genudine/saerro/api:latest";
|
|
||||||
environment = {
|
|
||||||
PORT = "8003";
|
|
||||||
WEBSOCKET_HEALTHCHECK = "http://127.0.0.1:8004/healthz";
|
|
||||||
};
|
|
||||||
secrets = {
|
|
||||||
DATABASE_ADDR = config.sops.secrets."saerro/database/url".path;
|
|
||||||
};
|
|
||||||
ports = [
|
|
||||||
"8003:8003";
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
0
tools/deploy.ssh
Normal file
0
tools/deploy.ssh
Normal file
Loading…
Add table
Reference in a new issue