update matrix setup and add git hosting setup
This commit is contained in:
parent
04c1d91502
commit
7acda11428
1
.gitignore
vendored
1
.gitignore
vendored
@ -1,2 +1,3 @@
|
|||||||
.envrc
|
.envrc
|
||||||
.terraform
|
.terraform
|
||||||
|
matrix_reg_key
|
||||||
|
43
nixos_configs/git.nix
Normal file
43
nixos_configs/git.nix
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
{ modulesPath, config, lib, pkgs, ... }:
|
||||||
|
let
|
||||||
|
storage-device = "/dev/disk/by-id/scsi-0DO_Volume_git-storage-1";
|
||||||
|
storage-dir = "/srv";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
"${toString modulesPath}/virtualisation/digital-ocean-image.nix"
|
||||||
|
];
|
||||||
|
|
||||||
|
fileSystems."${storage-dir}" = {
|
||||||
|
device = storage-device;
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs;
|
||||||
|
[ jq git gitolite lighttpd cgit ];
|
||||||
|
services.openssh.enable = true;
|
||||||
|
networking.firewall.allowedTCPPorts = [ 22 80 443 ];
|
||||||
|
|
||||||
|
users.users.root.openssh.authorizedKeys.keys = [
|
||||||
|
(builtins.readFile "/home/mike/.ssh/id_mops.pub")
|
||||||
|
];
|
||||||
|
|
||||||
|
services.gitolite = {
|
||||||
|
enable = true;
|
||||||
|
adminPubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC2PjlhL4sPfuV10BeHGZysX5M9i5mIHwZ4EKi9ArauJ7z1FhGJiqlRoDgRA8RwdENfv+CayoJf6Z3Nu/U/diozqvMaQ6mXQbb3HysZ/w2ntw0d9PFYSfFIIMVUPqcECspgbolAIZHoJDLPG7dlqkJvVfAcA/uQeeLeJr3z6zp3BYs9mGZ6RYmwxo7069QimCfMb5nicLaiUnC1lXNSbK3ioPUgC5ezcgLDylXZ+zsPpZaYcl405SbAVVPYxMmQ8Yn5B+v5NN/MQSiKe3JsElWjTUlzcSKPTNZXeSN2wEILUI6UPNBkZkcycgpuJFbWJkTkNo4oUN9OsdSn7hZMlA1Q0o+JmNQJB2MdwLXb6ELRi8jkvmKeje/QFrwg/p5wBZQATRq8R9NgW7SbdmMZ5/ImD0X8afb8M43P5+5BqOYF4jjBN1MrR5vAB2FGDibgMCXwYo1cvk+VeFzc/c5YVThHArDiNsoDClhEfLaWc70NdF1LkGKhc9fZEsf2mY/1Tw7n8jBbO15nzcG4PKqp7d7d+9IwtLrk7mZ2UP+y6tl40nXCUkd8XXx70TLQZiXlM8jhWQUqLT0yBQAPXB6VUlpN4yCCi2T7Co83fG1ZLjPRxWM9k1IqxjXWVdoy5XVhEyh+eSDpgd3XFeys9gSX2wQlzodTVkMvXw7VKxoPtl8HHw== mike@betamike.com";
|
||||||
|
# need an intermediate data directory with permissions for the gitolite user
|
||||||
|
# otherwise this won't work between instances of the droplet
|
||||||
|
dataDir = "${storage-dir}/data/gitolite";
|
||||||
|
};
|
||||||
|
|
||||||
|
users.users.lighttpd.extraGroups = [ "gitolite" ];
|
||||||
|
|
||||||
|
services.lighttpd.enable = true;
|
||||||
|
services.lighttpd.cgit = {
|
||||||
|
enable = true;
|
||||||
|
configText = ''
|
||||||
|
source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
|
||||||
|
project-list=/srv/data/gitolite/projects.list
|
||||||
|
scan-path=/srv/data/gitolite/repositories
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
@ -1,8 +1,10 @@
|
|||||||
# adapted from https://nixos.org/manual/nixos/stable/index.html#module-services-matrix
|
# adapted from https://nixos.org/manual/nixos/stable/index.html#module-services-matrix
|
||||||
{ modulesPath, config, lib, pkgs, ... }:
|
{ modulesPath, config, lib, pkgs, ... }:
|
||||||
let
|
let
|
||||||
|
matrix-registration = import ../../matrix-registration/default.nix;
|
||||||
storage-device = "/dev/disk/by-id/scsi-0DO_Volume_matrix-storage";
|
storage-device = "/dev/disk/by-id/scsi-0DO_Volume_matrix-storage";
|
||||||
storage-dir = "/opt/matrix-data";
|
storage-dir = "/opt/matrix-data";
|
||||||
|
matrix-reg-dir = "${storage-dir}/matrix-registration";
|
||||||
matrix-reg-key = (builtins.readFile ./matrix_reg_key);
|
matrix-reg-key = (builtins.readFile ./matrix_reg_key);
|
||||||
fqdn =
|
fqdn =
|
||||||
let
|
let
|
||||||
@ -13,7 +15,7 @@ in {
|
|||||||
"${toString modulesPath}/virtualisation/digital-ocean-image.nix"
|
"${toString modulesPath}/virtualisation/digital-ocean-image.nix"
|
||||||
];
|
];
|
||||||
|
|
||||||
environment.systemPackages = [ pkgs.jq ];
|
environment.systemPackages = [ pkgs.jq matrix-registration ];
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
networking.firewall.allowedTCPPorts = [ 22 80 443 ];
|
networking.firewall.allowedTCPPorts = [ 22 80 443 ];
|
||||||
|
|
||||||
@ -80,8 +82,11 @@ in {
|
|||||||
return 200 '${builtins.toJSON client}';
|
return 200 '${builtins.toJSON client}';
|
||||||
'';
|
'';
|
||||||
locations."/".extraConfig = ''
|
locations."/".extraConfig = ''
|
||||||
return 301 https://chat.waffle.farm;
|
return 301 https://waffle.farm/register;
|
||||||
'';
|
'';
|
||||||
|
locations."~ ^/(static|register)" = {
|
||||||
|
proxyPass = "http://localhost:5000";
|
||||||
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
# Reverse proxy for Matrix client-server and server-server communication
|
# Reverse proxy for Matrix client-server and server-server communication
|
||||||
@ -122,6 +127,10 @@ in {
|
|||||||
enable = true;
|
enable = true;
|
||||||
server_name = config.networking.domain;
|
server_name = config.networking.domain;
|
||||||
registration_shared_secret = matrix-reg-key;
|
registration_shared_secret = matrix-reg-key;
|
||||||
|
extraConfig = ''
|
||||||
|
auto_join_rooms:
|
||||||
|
- "#cryptic-chat:waffle.farm"
|
||||||
|
'';
|
||||||
|
|
||||||
listeners = [
|
listeners = [
|
||||||
{
|
{
|
||||||
@ -145,4 +154,54 @@ in {
|
|||||||
"${config.networking.domain}".email = "mike@betamike.com";
|
"${config.networking.domain}".email = "mike@betamike.com";
|
||||||
"chat.${config.networking.domain}".email = "mike@betamike.com";
|
"chat.${config.networking.domain}".email = "mike@betamike.com";
|
||||||
};
|
};
|
||||||
|
users.users.matrix-registration = {
|
||||||
|
home = matrix-reg-dir;
|
||||||
|
createHome = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.matrix-registration = let
|
||||||
|
configFile = pkgs.writeText "matrix-reg-config.yaml" ''
|
||||||
|
server_location: 'https://matrix.waffle.farm:443'
|
||||||
|
server_name: 'waffle.farm'
|
||||||
|
shared_secret: '${matrix-reg-key}'
|
||||||
|
riot_instance: 'chat.waffle.farm'
|
||||||
|
db: 'sqlite:///${matrix-reg-dir}/db.sqlite3'
|
||||||
|
host: 'localhost'
|
||||||
|
port: 5000
|
||||||
|
rate_limit: ["100 per day", "10 per minute"]
|
||||||
|
allow_cors: false
|
||||||
|
logging:
|
||||||
|
disable_existing_loggers: False
|
||||||
|
version: 1
|
||||||
|
root:
|
||||||
|
level: DEBUG
|
||||||
|
handlers: [console]
|
||||||
|
formatters:
|
||||||
|
brief:
|
||||||
|
format: '%(name)s - %(levelname)s - %(message)s'
|
||||||
|
precise:
|
||||||
|
format: '%(asctime)s - %(name)s - %(levelname)s - %(message)s'
|
||||||
|
handlers:
|
||||||
|
console:
|
||||||
|
class: logging.StreamHandler
|
||||||
|
level: INFO
|
||||||
|
formatter: brief
|
||||||
|
stream: ext://sys.stdout
|
||||||
|
password:
|
||||||
|
min_length: 8
|
||||||
|
'';
|
||||||
|
in {
|
||||||
|
enable = true;
|
||||||
|
after = [ "matrix-synapse.service" ];
|
||||||
|
bindsTo = [ "matrix-synapse.service" ];
|
||||||
|
description = "Matrix-registration daemon";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "simple";
|
||||||
|
WorkingDirectory = matrix-registration;
|
||||||
|
ExecStart = "${matrix-registration}/bin/matrix-registration --config-path ${configFile} serve";
|
||||||
|
User = "matrix-registration";
|
||||||
|
Restart = "always";
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
35
terraform/git.tf
Normal file
35
terraform/git.tf
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
resource "digitalocean_volume" "git" {
|
||||||
|
region = "nyc3"
|
||||||
|
name = "git-storage-1"
|
||||||
|
size = 1
|
||||||
|
initial_filesystem_type = "ext4"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "digitalocean_droplet" "git-1" {
|
||||||
|
name = "git-1"
|
||||||
|
|
||||||
|
image = data.digitalocean_image.nixos_base.id
|
||||||
|
region = "nyc3"
|
||||||
|
size = "s-1vcpu-1gb"
|
||||||
|
|
||||||
|
ssh_keys = [data.digitalocean_ssh_key.mops.id]
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "digitalocean_volume_attachment" "git" {
|
||||||
|
droplet_id = digitalocean_droplet.git-1.id
|
||||||
|
volume_id = digitalocean_volume.git.id
|
||||||
|
}
|
||||||
|
|
||||||
|
module "deploy_nixos_git" {
|
||||||
|
source = "github.com/tweag/terraform-nixos//deploy_nixos?ref=d055d2180da230e47ba9082fc53a8b7d1fadbc43"
|
||||||
|
|
||||||
|
nixos_config = "../nixos_configs/git.nix"
|
||||||
|
|
||||||
|
target_user = "root"
|
||||||
|
target_host = digitalocean_droplet.git-1.ipv4_address
|
||||||
|
|
||||||
|
triggers = {
|
||||||
|
// Also re-deploy whenever the VM is re-created
|
||||||
|
instance_id = digitalocean_droplet.git-1.id
|
||||||
|
}
|
||||||
|
}
|
@ -14,7 +14,7 @@ resource "digitalocean_droplet" "matrix-0" {
|
|||||||
|
|
||||||
image = data.digitalocean_image.nixos_base.id
|
image = data.digitalocean_image.nixos_base.id
|
||||||
region = "nyc3"
|
region = "nyc3"
|
||||||
size = "s-1vcpu-1gb"
|
size = "s-2vcpu-2gb"
|
||||||
|
|
||||||
ssh_keys = [data.digitalocean_ssh_key.mops.id]
|
ssh_keys = [data.digitalocean_ssh_key.mops.id]
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user