Compare commits
2 commits
main
...
test-cloud
Author | SHA1 | Date | |
---|---|---|---|
|
a76519ac01 | ||
|
b295ae9396 |
18 changed files with 144 additions and 65 deletions
14
.github/workflows/ci.yml
vendored
14
.github/workflows/ci.yml
vendored
|
@ -45,17 +45,3 @@ jobs:
|
||||||
lfs: false
|
lfs: false
|
||||||
- name: "Deploy profile"
|
- name: "Deploy profile"
|
||||||
run: "auto-deploy ${{ matrix.profile }}"
|
run: "auto-deploy ${{ matrix.profile }}"
|
||||||
deploy-ci:
|
|
||||||
needs: deploy
|
|
||||||
if: success() && github.ref == 'refs/heads/main'
|
|
||||||
runs-on: nix
|
|
||||||
env:
|
|
||||||
SSH_DEPLOY_KEY: "${{ secrets.SSH_DEPLOY_KEY }}"
|
|
||||||
steps:
|
|
||||||
- name: Initialize CI
|
|
||||||
uses: https://git.qo.is/qo.is/actions-nix-init@main
|
|
||||||
with:
|
|
||||||
token: ${{ secrets.CI_TOKEN }}
|
|
||||||
lfs: false
|
|
||||||
- name: "Deploy profile"
|
|
||||||
run: "auto-deploy system-ci"
|
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
},
|
},
|
||||||
"lindberg-webapps": {
|
"lindberg-webapps": {
|
||||||
"hostName": "lindberg-webapps",
|
"hostName": "lindberg-webapps",
|
||||||
"sshKey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIByESy+XiBT8/PoE8DUB388B5MA6LVcJBgH1ZgYxr9Mg"
|
"sshKey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJT99lj5OI+V1PlZl/T2ikBORwMiXjDfWpHYfq/GvUM5"
|
||||||
},
|
},
|
||||||
"batzberg": {
|
"batzberg": {
|
||||||
"hostName": "batzberg"
|
"hostName": "batzberg"
|
||||||
|
|
61
flake.lock
generated
61
flake.lock
generated
|
@ -23,15 +23,15 @@
|
||||||
"disko": {
|
"disko": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixpkgs"
|
"nixpkgs-nixos-stable"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1751854533,
|
"lastModified": 1749200714,
|
||||||
"narHash": "sha256-U/OQFplExOR1jazZY4KkaQkJqOl59xlh21HP9mI79Vc=",
|
"narHash": "sha256-W8KiJIrVwmf43JOPbbTu5lzq+cmdtRqaNbOsZigjioY=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "disko",
|
"repo": "disko",
|
||||||
"rev": "16b74a1e304197248a1bc663280f2548dbfcae3c",
|
"rev": "17d08c65c241b1d65b3ddf79e3fac1ddc870b0f6",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -81,11 +81,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1750779888,
|
"lastModified": 1747372754,
|
||||||
"narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
|
"narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=",
|
||||||
"owner": "cachix",
|
"owner": "cachix",
|
||||||
"repo": "git-hooks.nix",
|
"repo": "git-hooks.nix",
|
||||||
"rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
|
"rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -131,18 +131,34 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs-nixos-stable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1751741127,
|
"lastModified": 1748995628,
|
||||||
"narHash": "sha256-t75Shs76NgxjZSgvvZZ9qOmz5zuBE8buUaYD28BMTxg=",
|
"narHash": "sha256-bFufQGSAEYQgjtc4wMrobS5HWN0hDP+ZX+zthYcml9U=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "29e290002bfff26af1db6f64d070698019460302",
|
"rev": "8eb3b6a2366a7095939cd22f0dc0e9991313294b",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"ref": "nixos-25.05",
|
"ref": "nixos-24.11",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs_2": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1749143949,
|
||||||
|
"narHash": "sha256-QuUtALJpVrPnPeozlUG/y+oIMSLdptHxb3GK6cpSVhA=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "d3d2d80a2191a73d1e86456a751b83aa13085d7d",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "nixos-unstable",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
@ -154,10 +170,10 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1749920008,
|
"lastModified": 1747599024,
|
||||||
"narHash": "sha256-wn3U2q/+OQYErVyoY9kwZP/fXcDG4ewhJkHX7qHzq8g=",
|
"narHash": "sha256-qc94Cyt6uaQCVY2VlCtNxGb7hs3DbLvxuhEnSLFL8T8=",
|
||||||
"rev": "5f8ba2025848dd30539c42ef1f7e6c6f917e70d9",
|
"rev": "bed7588246ec58aacac3d0ff5b191fa6cc9faa98",
|
||||||
"revCount": 19,
|
"revCount": 17,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "file:./private"
|
"url": "file:./private"
|
||||||
},
|
},
|
||||||
|
@ -172,6 +188,7 @@
|
||||||
"disko": "disko",
|
"disko": "disko",
|
||||||
"git-hooks-nix": "git-hooks-nix",
|
"git-hooks-nix": "git-hooks-nix",
|
||||||
"nixpkgs": "nixpkgs_2",
|
"nixpkgs": "nixpkgs_2",
|
||||||
|
"nixpkgs-nixos-stable": "nixpkgs-nixos-stable",
|
||||||
"private": "private",
|
"private": "private",
|
||||||
"sops-nix": "sops-nix",
|
"sops-nix": "sops-nix",
|
||||||
"treefmt-nix": "treefmt-nix"
|
"treefmt-nix": "treefmt-nix"
|
||||||
|
@ -184,11 +201,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1751606940,
|
"lastModified": 1747603214,
|
||||||
"narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=",
|
"narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d",
|
"rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -219,11 +236,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1750931469,
|
"lastModified": 1749194973,
|
||||||
"narHash": "sha256-0IEdQB1nS+uViQw4k3VGUXntjkDp7aAlqcxdewb/hAc=",
|
"narHash": "sha256-eEy8cuS0mZ2j/r/FE0/LYBSBcIs/MKOIVakwHVuqTfk=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "treefmt-nix",
|
"repo": "treefmt-nix",
|
||||||
"rev": "ac8e6f32e11e9c7f153823abc3ab007f2a65d3e1",
|
"rev": "a05be418a1af1198ca0f63facb13c985db4cb3c5",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -5,7 +5,8 @@
|
||||||
extra-trusted-public-keys = "qois-infrastructure:lh35ymN7Aoxm5Hz0S6JusxE+cYzMU+x9OMKjDVIpfuE=";
|
extra-trusted-public-keys = "qois-infrastructure:lh35ymN7Aoxm5Hz0S6JusxE+cYzMU+x9OMKjDVIpfuE=";
|
||||||
};
|
};
|
||||||
inputs = {
|
inputs = {
|
||||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
|
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||||
|
nixpkgs-nixos-stable.url = "github:NixOS/nixpkgs/nixos-24.11";
|
||||||
|
|
||||||
treefmt-nix = {
|
treefmt-nix = {
|
||||||
url = "github:numtide/treefmt-nix";
|
url = "github:numtide/treefmt-nix";
|
||||||
|
@ -23,7 +24,7 @@
|
||||||
deploy-rs.url = "github:serokell/deploy-rs";
|
deploy-rs.url = "github:serokell/deploy-rs";
|
||||||
disko = {
|
disko = {
|
||||||
url = "github:nix-community/disko";
|
url = "github:nix-community/disko";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs-nixos-stable";
|
||||||
};
|
};
|
||||||
private.url = "git+file:./private";
|
private.url = "git+file:./private";
|
||||||
private.inputs.nixpkgs.follows = "nixpkgs";
|
private.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
@ -58,7 +59,7 @@
|
||||||
inherit (inputs)
|
inherit (inputs)
|
||||||
deploy-rs
|
deploy-rs
|
||||||
disko
|
disko
|
||||||
nixpkgs
|
nixpkgs-nixos-stable
|
||||||
sops-nix
|
sops-nix
|
||||||
private
|
private
|
||||||
git-hooks-nix
|
git-hooks-nix
|
||||||
|
|
|
@ -16,5 +16,5 @@
|
||||||
# this value at the release version of the first install of this system.
|
# this value at the release version of the first install of this system.
|
||||||
# Before changing this value read the documentation for this option
|
# Before changing this value read the documentation for this option
|
||||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
system.stateVersion = "25.05"; # Did you read the comment?
|
system.stateVersion = "24.11"; # Did you read the comment?
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,5 +23,5 @@
|
||||||
# this value at the release version of the first install of this system.
|
# this value at the release version of the first install of this system.
|
||||||
# Before changing this value read the documentation for this option
|
# Before changing this value read the documentation for this option
|
||||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
system.stateVersion = "25.05"; # Did you read the comment?
|
system.stateVersion = "24.11"; # Did you read the comment?
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,12 +1,12 @@
|
||||||
{
|
{
|
||||||
self,
|
self,
|
||||||
pkgs,
|
pkgs,
|
||||||
nixpkgs,
|
nixpkgs-nixos-stable,
|
||||||
...
|
...
|
||||||
}@inputs:
|
}@inputs:
|
||||||
let
|
let
|
||||||
inherit (pkgs.lib) genAttrs;
|
inherit (pkgs.lib) genAttrs;
|
||||||
inherit (nixpkgs.lib) nixosSystem;
|
inherit (nixpkgs-nixos-stable.lib) nixosSystem;
|
||||||
configs = self.lib.foldersWithNix ./.;
|
configs = self.lib.foldersWithNix ./.;
|
||||||
in
|
in
|
||||||
genAttrs configs (
|
genAttrs configs (
|
||||||
|
|
|
@ -19,5 +19,5 @@
|
||||||
# this value at the release version of the first install of this system.
|
# this value at the release version of the first install of this system.
|
||||||
# Before changing this value read the documentation for this option
|
# Before changing this value read the documentation for this option
|
||||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
system.stateVersion = "25.05"; # Did you read the comment?
|
system.stateVersion = "24.11"; # Did you read the comment?
|
||||||
}
|
}
|
||||||
|
|
|
@ -46,5 +46,5 @@
|
||||||
# this value at the release version of the first install of this system.
|
# this value at the release version of the first install of this system.
|
||||||
# Before changing this value read the documentation for this option
|
# Before changing this value read the documentation for this option
|
||||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
system.stateVersion = "25.05"; # Did you read the comment?
|
system.stateVersion = "24.11"; # Did you read the comment?
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,5 +19,5 @@
|
||||||
# this value at the release version of the first install of this system.
|
# this value at the release version of the first install of this system.
|
||||||
# Before changing this value read the documentation for this option
|
# Before changing this value read the documentation for this option
|
||||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
system.stateVersion = "25.05"; # Did you read the comment?
|
system.stateVersion = "24.11"; # Did you read the comment?
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
disko.devices.disk = {
|
disko.devices.disk = {
|
||||||
system = {
|
system = {
|
||||||
type = "disk";
|
type = "disk";
|
||||||
device = "/dev/vdb";
|
device = "/dev/vda";
|
||||||
content = {
|
content = {
|
||||||
type = "gpt";
|
type = "gpt";
|
||||||
partitions = {
|
partitions = {
|
||||||
|
|
|
@ -24,5 +24,5 @@
|
||||||
# this value at the release version of the first install of this system.
|
# this value at the release version of the first install of this system.
|
||||||
# Before changing this value read the documentation for this option
|
# Before changing this value read the documentation for this option
|
||||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
system.stateVersion = "25.05"; # Did you read the comment?
|
system.stateVersion = "24.11"; # Did you read the comment?
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
config,
|
config,
|
||||||
lib,
|
lib,
|
||||||
pkgs,
|
pkgs,
|
||||||
|
options,
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
|
|
||||||
|
@ -30,6 +31,10 @@ with lib;
|
||||||
"nextcloud30"
|
"nextcloud30"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
adminpassFile = options.services.nextcloud.config.adminpassFile // {
|
||||||
|
default = config.sops.secrets."nextcloud/admin".path;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
@ -59,7 +64,7 @@ with lib;
|
||||||
database.createLocally = true;
|
database.createLocally = true;
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
adminpassFile = config.sops.secrets."nextcloud/admin".path;
|
inherit (cfg) adminpassFile;
|
||||||
adminuser = "root";
|
adminuser = "root";
|
||||||
dbtype = "pgsql";
|
dbtype = "pgsql";
|
||||||
};
|
};
|
||||||
|
@ -83,22 +88,16 @@ with lib;
|
||||||
};
|
};
|
||||||
|
|
||||||
phpOptions = {
|
phpOptions = {
|
||||||
"opcache.interned_strings_buffer" = "64";
|
"opcache.interned_strings_buffer" = "23";
|
||||||
"opcache.memory_consumption" = "512";
|
|
||||||
"opcache.save_comments" = "1";
|
|
||||||
"opcache.max_accelerated_files" = "50000";
|
|
||||||
"opcache.fast_shutdown" = "1";
|
|
||||||
"opcache.jit" = "1255";
|
|
||||||
"opcache.jit_buffer_size" = "8M";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
poolSettings = {
|
poolSettings = {
|
||||||
"pm" = "dynamic";
|
"pm" = "dynamic";
|
||||||
"pm.max_children" = "480";
|
"pm.max_children" = "256";
|
||||||
"pm.max_requests" = "2000";
|
"pm.max_requests" = "500";
|
||||||
"pm.max_spare_servers" = "72";
|
"pm.max_spare_servers" = "16";
|
||||||
"pm.min_spare_servers" = "24";
|
"pm.min_spare_servers" = "2";
|
||||||
"pm.start_servers" = "48";
|
"pm.start_servers" = "8";
|
||||||
};
|
};
|
||||||
|
|
||||||
configureRedis = true;
|
configureRedis = true;
|
||||||
|
@ -122,6 +121,12 @@ with lib;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.phpfpm.pools.nextcloud.settings = {
|
||||||
|
"pm.max_children" = lib.mkForce "256";
|
||||||
|
"pm.max_spare_servers" = lib.mkForce "16";
|
||||||
|
"pm.start_servers" = lib.mkForce "8";
|
||||||
|
};
|
||||||
|
|
||||||
users.users.nextcloud.extraGroups = [ "postdrop" ];
|
users.users.nextcloud.extraGroups = [ "postdrop" ];
|
||||||
|
|
||||||
systemd.services.nextcloud-cron = {
|
systemd.services.nextcloud-cron = {
|
||||||
|
|
36
nixos-modules/cloud/test.nix
Normal file
36
nixos-modules/cloud/test.nix
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
{
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
{
|
||||||
|
# Note: This extends the default configuration from ${self}/checks/nixos-modules
|
||||||
|
nodes.webserver =
|
||||||
|
{ pkgs, lib, ... }:
|
||||||
|
let
|
||||||
|
inherit (pkgs) curl gnugrep;
|
||||||
|
inherit (lib) mkForce;
|
||||||
|
cloud-domain = "cloud.example.com";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
qois.cloud = {
|
||||||
|
enable = true;
|
||||||
|
domain = cloud-domain;
|
||||||
|
package = pkgs.nextcloud31;
|
||||||
|
adminpassFile = "${pkgs.writeText "adminpass" "insecure"}"; # Don't try this at home!
|
||||||
|
};
|
||||||
|
|
||||||
|
qois.postgresql.package = pkgs.postgresql;
|
||||||
|
sops.secrets = mkForce { };
|
||||||
|
|
||||||
|
# Disable TLS services
|
||||||
|
services.nginx.virtualHosts."${cloud-domain}" = {
|
||||||
|
forceSSL = mkForce false;
|
||||||
|
enableACME = mkForce false;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Test environment
|
||||||
|
environment.systemPackages = [
|
||||||
|
curl
|
||||||
|
gnugrep
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
34
nixos-modules/cloud/test.py
Normal file
34
nixos-modules/cloud/test.py
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
def test(subtest, webserver):
|
||||||
|
webserver.wait_for_unit("nginx")
|
||||||
|
webserver.wait_for_open_port(80)
|
||||||
|
webserver.wait_for_unit("nextcloud-setup.service")
|
||||||
|
webserver.wait_for_unit("phpfpm-nextcloud.service")
|
||||||
|
|
||||||
|
# Helpers
|
||||||
|
def curl_variable_test(node, variable, expected, url):
|
||||||
|
value = node.succeed(
|
||||||
|
f"curl -s --no-location -o /dev/null -w '%{{{variable}}}' '{url}'"
|
||||||
|
)
|
||||||
|
assert value == expected, (
|
||||||
|
f"expected {variable} to be '{expected}' but got '{value}'"
|
||||||
|
)
|
||||||
|
|
||||||
|
def expect_http_code(node, code, url):
|
||||||
|
curl_variable_test(node, "http_code", code, url)
|
||||||
|
|
||||||
|
def expect_http_content_contains(node, expectedContentSnippet, url):
|
||||||
|
content = node.succeed(f"curl --no-location --silent '{url}'")
|
||||||
|
assert expectedContentSnippet in content, f"""
|
||||||
|
expected in content:
|
||||||
|
{expectedContentSnippet}
|
||||||
|
at {url} but got following content:
|
||||||
|
{content}
|
||||||
|
"""
|
||||||
|
|
||||||
|
# Tests
|
||||||
|
with subtest("website is successfully served on cloud.example.com"):
|
||||||
|
webserver.succeed("grep cloud.example.com /etc/hosts")
|
||||||
|
expect_http_code(webserver, "200", "http://cloud.example.com")
|
||||||
|
expect_http_content_contains(
|
||||||
|
webserver, "Log in to cloud.qoo.is", "http://docs.example.com"
|
||||||
|
)
|
|
@ -1,5 +1,5 @@
|
||||||
# Static Pages
|
# Static Pages
|
||||||
|
|
||||||
This module enables static nginx sites, with data served from "/var/lib/nginx-$domain/root".
|
This module enables static nginx sites, with data served from "/var/lib/nginx/$domain/root".
|
||||||
|
|
||||||
To deploy the site, a user `nginx-$domain` is added, of which a `root` profile in the home folder can be deployed, e.g. with deploy-rs.
|
To deploy the site, a user `nginx-$domain` is added, of which a `root` profile in the home folder can be deployed, e.g. with deploy-rs.
|
||||||
|
|
|
@ -75,7 +75,7 @@ writeText ".sops.yaml" (
|
||||||
|
|
||||||
# Secrets for all hosts
|
# Secrets for all hosts
|
||||||
{
|
{
|
||||||
path_regex = "private/nixos-modules/shared-secrets/default\.sops\.(yaml|json|env|ini)$";
|
path_regex = "private/nixos-configurations/secrets\.sops\.(yaml|json|env|ini)$";
|
||||||
pgp = toCommaList userPgpKeys;
|
pgp = toCommaList userPgpKeys;
|
||||||
age = toCommaList (userAgeKeys ++ builtins.attrValues serverAgeKeys);
|
age = toCommaList (userAgeKeys ++ builtins.attrValues serverAgeKeys);
|
||||||
}
|
}
|
||||||
|
|
2
private
2
private
|
@ -1 +1 @@
|
||||||
Subproject commit 5f8ba2025848dd30539c42ef1f7e6c6f917e70d9
|
Subproject commit bed7588246ec58aacac3d0ff5b191fa6cc9faa98
|
Loading…
Add table
Add a link
Reference in a new issue