jet/noisebridge-wiki
jet/noisebridge-wiki
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
noisebridge-wiki/flake.nix

183 lines
4.9 KiB
Nix
Raw Blame History

{
description = "Basic MediaWiki primary + replica deployment";
nixConfig = {
max-jobs = "auto";
cores = 0;
};
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
};
deploy-rs = {
url = "github:serokell/deploy-rs";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
{
self,
nixpkgs,
agenix,
deploy-rs,
...
}:
let
system = "x86_64-linux";
pkgs = nixpkgs.legacyPackages.${system};
lib = nixpkgs.lib;
siteConfig = rec {
wikiName = "Noisebridge";
baseDomain = "noisebridge.net";
replicaSubdomain = "replica";
sshUser = "jet";
adminUsers = {
jet = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE40ISu3ydCqfdpb26JYD5cIN0Fu0id/FDS+xjB5zpqu jetthomaspham@gmail.com"
];
};
};
primaryHostName = "main-wiki";
replicaHostName = "replica-wiki";
database = {
name = "noisebridge_mediawiki";
mediawikiUser = "wiki";
replicationUser = "repl";
};
hosts = {
primary = {
nixosName = primaryHostName;
publicIpv4 = "134.199.221.52";
};
replica = {
nixosName = replicaHostName;
publicIpv4 = "167.99.174.109";
};
};
};
mkPublicDomain =
role:
if role == "primary" then
siteConfig.baseDomain
else
"${siteConfig.replicaSubdomain}.${siteConfig.baseDomain}";
mkHostMeta =
role:
siteConfig.hosts.${role}
// {
inherit role;
publicDomain = mkPublicDomain role;
};
mkDeployHost =
hostModule: hostMeta:
lib.nixosSystem {
inherit system;
specialArgs = {
inherit agenix siteConfig hostMeta;
};
modules = [
agenix.nixosModules.default
hostModule
./modules/common.nix
./modules/admin-users.nix
./modules/deploy-ssh.nix
];
};
primaryMeta = mkHostMeta "primary";
replicaMeta = mkHostMeta "replica";
in
{
nixosConfigurations = {
main-wiki = mkDeployHost ./hosts/main-wiki.nix primaryMeta;
replica-wiki = mkDeployHost ./hosts/replica-wiki.nix replicaMeta;
};
deploy.nodes = {
main-wiki = {
hostname = primaryMeta.publicIpv4;
remoteBuild = true;
sshUser = siteConfig.sshUser;
profiles.system = {
user = "root";
path = deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.main-wiki;
};
};
replica-wiki = {
hostname = replicaMeta.publicIpv4;
remoteBuild = true;
sshUser = siteConfig.sshUser;
profiles.system = {
user = "root";
path = deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.replica-wiki;
};
};
};
checks = builtins.mapAttrs (_: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
apps.${system} = {
deploy = {
type = "app";
program = "${pkgs.writeShellScript "deploy-noisebridge" ''
if [ "$#" -eq 0 ] || [ "''${1#-}" != "$1" ]; then
exec ${deploy-rs.packages.${system}.default}/bin/deploy \
--auto-rollback true \
--magic-rollback true \
path:.# \
"$@"
fi
exec ${deploy-rs.packages.${system}.default}/bin/deploy \
--auto-rollback true \
--magic-rollback true \
"$@"
''}";
meta.description = "Deploy all Noisebridge wiki hosts by default";
};
bootstrap-host = {
type = "app";
program = "${pkgs.writeShellScript "bootstrap-host" (
builtins.replaceStrings
[ "@ADMIN_KEYS@" ]
[
(lib.concatMapStringsSep "\n" (key: " \"${key}\"") (
lib.flatten (
lib.mapAttrsToList (_: userCfg: userCfg.openssh.authorizedKeys.keys or [ ]) siteConfig.adminUsers
)
))
]
(builtins.readFile ./scripts/bootstrap-host.sh)
)}";
meta.description = "Convert one or both Ubuntu DigitalOcean hosts into a minimal NixOS bootstrap config with nixos-infect";
};
};
devShells.${system}.default = pkgs.mkShell {
packages = with pkgs; [
agenix.packages.${system}.default
deploy-rs.packages.${system}.default
mariadb.client
rsync
curl
jq
age
openssl
];
};
};
}
Reference in a new issue View git blame Copy permalink