feat: add digitalocean noisebell host
This commit is contained in:
parent
adb929227b
commit
b57927a395
16 changed files with 318 additions and 92 deletions
|
|
@ -29,7 +29,7 @@ nix build .#noisebell-zulip
|
|||
|
||||
## NixOS deployment
|
||||
|
||||
The flake exports a NixOS module for the hosted remote machine. It imports `agenix`, declares the Noisebell secrets from `secrets/*.age`, and wires the cache and Discord services together with sensible defaults. Each service runs as a hardened systemd unit behind Caddy.
|
||||
The flake exports a NixOS module for hosted remote machines and a complete `nixosConfigurations.noisebell-do` host for the small DigitalOcean droplet. The module imports `agenix`, declares the Noisebell secrets from `secrets/*.age`, and wires the cache and Discord services together with sensible defaults. Each service runs as a hardened systemd unit behind Caddy.
|
||||
|
||||
```nix
|
||||
{
|
||||
|
|
@ -62,6 +62,24 @@ The flake exports a NixOS module for the hosted remote machine. It imports `agen
|
|||
}
|
||||
```
|
||||
|
||||
The production DigitalOcean host in this repo enables the cache, Discord, and RSS services on the existing public domains:
|
||||
|
||||
- `noisebell.extremist.software`
|
||||
- `discord.noisebell.extremist.software`
|
||||
- `rss.noisebell.extremist.software`
|
||||
|
||||
After installation, authenticate Tailscale interactively on the host with:
|
||||
|
||||
```sh
|
||||
sudo tailscale up --hostname=noisebell-do
|
||||
```
|
||||
|
||||
Redeploy later with:
|
||||
|
||||
```sh
|
||||
scripts/deploy-do jet@noisebell-do
|
||||
```
|
||||
|
||||
`nixosModules.default` handles these secrets automatically:
|
||||
|
||||
| Secret file | Deployed on | Used for |
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue