feat(tazjin/nixos): deploy monica on koptevo

Change-Id: Iaa74d995f3b2556673095a32ec2b718dcb2d82a4 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8849 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2023-06-22 18:55:28 +03:00 · 2023-06-22 18:55:28 +03:00 · d356f94ef1
commit d356f94ef1
parent ab83864407
5 changed files with 41 additions and 0 deletions
--- a/users/tazjin/nixos/default.nix
+++ b/users/tazjin/nixos/default.nix
@ -6,5 +6,6 @@ in depot.nix.readTree.drvTargets {
  frogSystem = systemFor depot.users.tazjin.nixos.frog;
  tverskoySystem = systemFor depot.users.tazjin.nixos.tverskoy;
  zamalekSystem = systemFor depot.users.tazjin.nixos.zamalek;
+  koptevoRaw = depot.ops.nixos.nixosFor depot.users.tazjin.nixos.koptevo;
  koptevoSystem = systemFor depot.users.tazjin.nixos.koptevo;
 }
--- a/users/tazjin/nixos/koptevo/default.nix
+++ b/users/tazjin/nixos/koptevo/default.nix
@ -12,6 +12,7 @@ in
    (mod "quassel.nix")
    (mod "www/base.nix")
    (mod "www/tazj.in.nix")
+    (usermod "monica.nix")
    (usermod "predlozhnik.nix")
    (usermod "tgsa.nix")
    (depot.third_party.agenix.src + "/modules/age.nix")
--- a/users/tazjin/nixos/modules/monica.nix
+++ b/users/tazjin/nixos/modules/monica.nix
@ -0,0 +1,26 @@
+# Host the Monica personal CRM software.
+{ depot, config, ... }:
+
+{
+  imports = [
+    (depot.third_party.agenix.src + "/modules/age.nix")
+  ];
+
+  age.secrets.monica-appkey = {
+    group = config.services.monica.group;
+    file = depot.users.tazjin.secrets."monica-appkey.age";
+    mode = "0440";
+  };
+
+  services.monica = {
+    enable = true;
+    hostname = "monica.tazj.in";
+    appKeyFile = "/run/agenix/monica-appkey";
+    database.createLocally = true;
+
+    nginx = {
+      enableACME = true;
+      forceSSL = true;
+    };
+  };
+}
--- a/users/tazjin/secrets/monica-appkey.age
+++ b/users/tazjin/secrets/monica-appkey.age
@ -0,0 +1,12 @@
+age-encryption.org/v1
+-> ssh-ed25519 dcsaLw YpW0HEN2i+xqWzJNgex2uGeHqMspQZAdAMgIf8nOBlg
+ot20y/5FlP76ec6zapE4NIlAotT0m37oh1kQTfnCLdk
+-> ssh-ed25519 zcCuhA SvQxLh0QerqZqkD17hsEoAVVoQtK6cOrVl0VdrvYfTo
+YpVvFUH9YKHu4RJ/jqxwL1MvQAOTD5t+f0qZ1XMpmy8
+-> ssh-ed25519 At5Mag Tf7xk0a16cvZdvwiUvwa34n+6U8QWUtHNzDDZ32fan8
+tsZ42RdDaRG4oBQwHcb4HbAaNAT9sGw8krY5A7hA6PQ
+-> /-grease c0+~w )QpN[Rj !0
+ilVbEBr3oQ
+--- IBiBsuTMQaM+qCwPTP/lacDgo//6QmlWeJ5dN2CGx2g
+Ën€q.
+ 
¹ø	8{þ:a0#”(Ñ³O`yß"S¤2Î-®“!âœ¿ø
Ä¹‰X.HÒÖkðu–ÜâóˆÌ[b7X+K=ô'4*
--- a/users/tazjin/secrets/secrets.nix
+++ b/users/tazjin/secrets/secrets.nix
@ -10,4 +10,5 @@ let
 in
 {
  "tgsa-yandex.age".publicKeys = allKeys;
+  "monica-appkey.age".publicKeys = allKeys;
 }