From a6bff8a4676d9c4bd0be5c18aa8e1106daa7d9d1 Mon Sep 17 00:00:00 2001 From: KoenDR06 Date: Mon, 9 Feb 2026 13:45:20 +0100 Subject: [PATCH] gonna deploy now --- modules/containers/default.nix | 10 ++++- modules/containers/forgejo.nix | 5 ++- modules/containers/nginx.nix | 53 ++++++++++++--------------- modules/containers/vaultwarden.nix | 5 ++- secrets/containers/forgejo-secret.age | 33 ++++++++--------- 5 files changed, 54 insertions(+), 52 deletions(-) diff --git a/modules/containers/default.nix b/modules/containers/default.nix index e3c6178..841dcdb 100644 --- a/modules/containers/default.nix +++ b/modules/containers/default.nix @@ -1,10 +1,18 @@ -{...}: { +{lib, ...}: let + inherit (lib) mkOption types; +in { imports = [ ./nginx.nix ./forgejo.nix ./vaultwarden.nix ]; + options = { + backupDir = mkOption { + type = types.str; + }; + }; + config = { networking.nat = { enable = true; diff --git a/modules/containers/forgejo.nix b/modules/containers/forgejo.nix index 38bfcec..f8e7a8e 100644 --- a/modules/containers/forgejo.nix +++ b/modules/containers/forgejo.nix @@ -10,8 +10,8 @@ cfg = config.horseman.containers.forgejo; username = config.horseman.username; + BACKUP_DIR = config.horseman.containers.backupDir; DATA_DIR = "/home/${username}/backups/volumes/forgejo"; - BACKUP_FILE = "/home/${username}/backups/forgejo.tar"; in { options = { horseman.containers.forgejo = { @@ -46,7 +46,8 @@ in { environment.systemPackages = [pkgs.gnutar]; systemd.services."backup-forgejo" = { script = '' - ${pkgs.gnutar}/bin/tar -cf ${BACKUP_FILE} ${DATA_DIR} + cd ${BACKUP_DIR} + ${pkgs.gnutar}/bin/tar -cf forgejo-$(date +'%Y-%m-%d').tar ${DATA_DIR} ''; serviceConfig = { User = "root"; diff --git a/modules/containers/nginx.nix b/modules/containers/nginx.nix index e101640..4687eb8 100644 --- a/modules/containers/nginx.nix +++ b/modules/containers/nginx.nix @@ -13,12 +13,15 @@ in { options = { horseman.containers.nginx = { enable = mkEnableOption "nginx container"; + + domain = mkOption { + type = types.str; + default = "koendev.nl"; + }; }; }; config = mkIf cfg.enable { - networking.extraHosts = "192.168.100.1 koendevLocal.nl public.koendevLocal.nl git.koendevLocal.nl vault.koendevLocal.nl"; - containers.nginx = { autoStart = true; privateNetwork = true; @@ -27,11 +30,11 @@ in { bindMounts = { "/var/www/portfolio" = { - hostPath = "/home/horseman/Programming/portfolio/_site"; + hostPath = "/var/www/portfolio"; isReadOnly = true; }; "/var/www/public" = { - hostPath = "/home/horseman/Public"; + hostPath = "/var/www/public"; isReadOnly = true; }; }; @@ -46,50 +49,40 @@ in { enable = true; virtualHosts = { - "koendevLocal.nl" = { - # addSSL = false; - # enableACME = false; + "${cfg.domain}" = { + forceSSL = true; + enableACME = true; + root = "/var/www/portfolio"; default = true; extraConfig = '' error_page 404 /404.html; ''; - - addSSL = true; - sslCertificate = "/var/www/portfolio/cert.pem"; - sslCertificateKey = "/var/www/portfolio/key.pem"; }; - "public.koendevLocal.nl" = { + "public.${cfg.domain}" = { + forceSSL = true; + enableACME = true; + root = "/var/www/public"; - - addSSL = true; - sslCertificate = "/var/www/portfolio/cert.pem"; - sslCertificateKey = "/var/www/portfolio/key.pem"; }; - "git.koendevLocal.nl" = { - # addSSL = false; - # enableACME = false; + "git.${cfg.domain}" = { + forceSSL = true; + enableACME = true; + locations."/" = { proxyPass = "http://${osConfig.containers.forgejo.localAddress}:${toString osConfig.horseman.containers.forgejo.port}"; }; - - addSSL = true; - sslCertificate = "/var/www/portfolio/cert.pem"; - sslCertificateKey = "/var/www/portfolio/key.pem"; }; - "vault.koendevLocal.nl" = { - # addSSL = false; - # enableACME = false; + "vault.${cfg.domain}" = { + forceSSL = true; + enableACME = true; + locations."/" = { proxyPass = "http://${osConfig.containers.vaultwarden.localAddress}:${toString osConfig.horseman.containers.vaultwarden.port}"; }; - - forceSSL = true; - sslCertificate = "/var/www/portfolio/cert.pem"; - sslCertificateKey = "/var/www/portfolio/key.pem"; }; }; }; diff --git a/modules/containers/vaultwarden.nix b/modules/containers/vaultwarden.nix index 2d5963b..6d748dc 100644 --- a/modules/containers/vaultwarden.nix +++ b/modules/containers/vaultwarden.nix @@ -10,8 +10,8 @@ cfg = config.horseman.containers.vaultwarden; username = config.horseman.username; + BACKUP_DIR = config.horseman.containers.backupDir; DATA_DIR = "/home/${username}/backups/volumes/vaultwarden"; - BACKUP_FILE = "/home/${username}/backups/vaultwarden.tar"; in { options = { horseman.containers.vaultwarden = { @@ -41,7 +41,8 @@ in { environment.systemPackages = [pkgs.gnutar]; systemd.services."backup-vaultwarden" = { script = '' - ${pkgs.gnutar}/bin/tar -cf ${BACKUP_FILE} ${DATA_DIR} + cd ${BACKUP_DIR} + ${pkgs.gnutar}/bin/tar -cf vaultwarden-$(date +'%Y-%m-%d').tar ${DATA_DIR} ''; serviceConfig = { User = "root"; diff --git a/secrets/containers/forgejo-secret.age b/secrets/containers/forgejo-secret.age index ce8bab1..81b3f0a 100644 --- a/secrets/containers/forgejo-secret.age +++ b/secrets/containers/forgejo-secret.age @@ -1,19 +1,18 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IC9tczZkdyAvNG9K -UEttaC8zNHlPVDJFT1NoOHBBKzduaThIcFR3TkdvZVF3UVFBSFhvClpLZGw0RmVp -cm1JRkNwL2RKN0lKRlEyb25YeUpjSWx0WXorNWZIa2ZHMzgKLT4gc3NoLWVkMjU1 -MTkgZ1BJZFpBIEUyeGlybExFS3dPWXZOdk41TG9GYWQzajFPeVh3MjBlcjQ2b3Bn -NkRiRXcKSzdORWN3NC9IQ2JCRTF3UVRRc1k4eW5uQ2tMZXo0UEczWk1IS3BDbEV4 -UQotPiBzc2gtZWQyNTUxOSBXeUlGekEgR0hhQitRZ2haZExXeVNlV0pBY0JkWTY0 -S05PMnNmdVh5QUUyVmhjK1psNApMVWtDR0ZUNjBHNHdUbDVEdFI3SkU3TnhtbHN4 -L3hiYnlYdmx5L2VmU3NBCi0+IHNzaC1lZDI1NTE5IGRiT2VoQSBpK2h2YlFCTk9a -Z21YZS9tQk9iUDdCQmpYNE9RK0k1SGtCbzhDdG9wVUFrCmlrNjBRQk9lWHVRRHVJ -dnFsSmJsTmNnaFA3MUorYkFGTklkWk94TUk3dHMKLT4gc3NoLWVkMjU1MTkgdHYv -Q3pnIGRUb21iKzlKY3hzcUhqaEZlK2EraEFQTmN0Nm5SZ05jdG1ia0xlN2NoelkK -d0R5Z0sxa0VDMy9aUTFJSS9jRmdDOGk5ZWVVVjIwdzJ4MUI3clR2bVE5SQotPiBi -NlJDOTpCWS1ncmVhc2UKR25PbzYrN2JsTXZwbXV5Z0NuUTZ0b2dTdU11Rlh6cmFL -cDlVOUUxNFd3VWg2V1ltU1N5dXZBWVM5UGI4d3cKLS0tIC9qQ0ZZUnVQRkc5dHRX -L0xpOTFxRk4xdTRCdUEwclU1dzB5RkVZbFRVZlUKhXXapogUWYhZ+Baie7Alcv7Z -hnMTGD+Wti8VhvHOmwS+z66mpbidJdNwcoiGOpeCfIJyKbQehQrzsI0wWbqjyA50 -PKWqT6dq3w== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IC9tczZkdyAvWjRI +VkpQNWpZNHdiZm9jVlZvcTYxS04wUk1hTWtmdWRXL2dydGwxc3pVCklSOWZYNThu +aVBSeDBwRldwTjVzT0VOaG9kNnV5SWJnT2M1YXVRSjUwUFkKLT4gc3NoLWVkMjU1 +MTkgZ1BJZFpBIExmTUxudEFaR21CQzg5ejlUaXRoQW5ORmVqcUlRd1o2L0pZbTd5 +UVBIeWcKZWVSV3k4bHZqV3pDaDMxYzBnZW9FL085TG14bkl0UlZoQ25CbW9iVENv +RQotPiBzc2gtZWQyNTUxOSBXeUlGekEgY2Zkd0VaZmxRaVV4cXBlRnNHeDMyUFFV +YVVzZlF2SXFjak5LREZINFRTMAp6dmFKOTd5eUMrczZ0WUU2T3hER3lkSHlTTGZj +U1k4ZVV1THJMK0RSd21zCi0+IHNzaC1lZDI1NTE5IGRiT2VoQSB0WkJpSkZHZ1BM +QitLdG9SdDdjckxVa0dxQ2dmQlNGekVITlllN2R3OWxZCmt2Zk5VSjNTdnB4Z2ln +TnExNytuZ2FtVE83NWZWcm1Fd25MS1NEL3JsbzgKLT4gc3NoLWVkMjU1MTkgdHYv +Q3pnIFVDMU9Kbld0aHFia3FmTEs2aGF2THdaSk1Ec2h2WWlMVjZvUkNHTFpCR1EK +NkR6R2JaZkZtbitBMmk1UjRFS3FFZ293bFhDUWxmR2M0ZHFoSVRGV2E1ZwotPiAn +eCFtQ3htLWdyZWFzZQp4VFZWeTlDNWlsNDI5WWlPTzNGbQotLS0gRmZIdXk3UUVw +ZEJjOGdnVVdlWWN5Y0VxaUJORG0ycTBQdVFGVGw1RVpZdwqD8VD14PUaG2u0/h9o +6VeX+m3nJkJgsXUkGPskTHHEc+1NaZ9MQM5dXzrmjfVHBT7N27bDcYlGG2RIfehC +Xz5jRZwSTG58wzt9 -----END AGE ENCRYPTED FILE-----