From f036f6b386904b87491200df701a4f0ab9ee1baf Mon Sep 17 00:00:00 2001 From: Truxnell <19149206+truxnell@users.noreply.github.com> Date: Tue, 23 Apr 2024 14:49:41 +1000 Subject: [PATCH] feat: add VW on fly (#116) --- .github/renovate.json5 | 2 +- README.md | 2 +- flyio/vaultwarden/flake.nix | 30 +++++++++++++++++++++ flyio/vaultwarden/fly.toml | 53 +++++++++++++++++++++++++++++++++++++ 4 files changed, 85 insertions(+), 2 deletions(-) create mode 100644 flyio/vaultwarden/flake.nix create mode 100644 flyio/vaultwarden/fly.toml diff --git a/.github/renovate.json5 b/.github/renovate.json5 index c361831..3f31d86 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -22,7 +22,7 @@ "regexManagers": [ { - fileMatch: ["^.*\\.nix$"], + fileMatch: ["^.*\\.nix$", "^.*\\.toml$"], matchStrings: [ 'image *= *"(?.*?):(?.*?)(@(?sha256:[a-f0-9]+))?";', ], diff --git a/README.md b/README.md index 2f001dd..efdd9fe 100644 --- a/README.md +++ b/README.md @@ -83,7 +83,7 @@ nix eval .#nixosConfigurations.rickenbacker.config.security.sudo.WheelNeedsPassw nix eval .#nixosConfigurations.rickenbacker.config.mySystem.security.wheelNeedsPassword ``` -And browsing whats at a certain level in options. +And browsing whats at a certain level in options - or just use [nix-inspect](https://github.com/bluskript/nix-inspect) TUI ```bash nix eval .#nixosConfigurations.rickenbacker.config.home-manager.users.truxnell --apply builtins.attrNames --json diff --git a/flyio/vaultwarden/flake.nix b/flyio/vaultwarden/flake.nix new file mode 100644 index 0000000..cf2aee8 --- /dev/null +++ b/flyio/vaultwarden/flake.nix @@ -0,0 +1,30 @@ +{ + description = "My nixos homelab"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; +}; +outputs ={ + self + , nixpkgs + , sops-nix + , home-manager + , nix-vscode-extensions +, ... +} @ inputs: + +let + inherit (self) outputs; + forAllSystems = nixpkgs.lib.genAttrs [ + "aarch64-linux" + "x86_64-linux" + ]; + +in +{ +devShells.default = pkgs.mkShell { + packages = [ + pkgs.flyctl + ]; + }; +}; \ No newline at end of file diff --git a/flyio/vaultwarden/fly.toml b/flyio/vaultwarden/fly.toml new file mode 100644 index 0000000..f740fbb --- /dev/null +++ b/flyio/vaultwarden/fly.toml @@ -0,0 +1,53 @@ +app = "voltaicforge-vaultwarden" +primary_region = "syd" +kill_signal = "SIGINT" +kill_timeout = "5s" + +[experimental] + auto_rollback = true + +[build] + image = "vaultwarden/server:1.28.1@sha256:04691aaf1d8531ccb796de620841c030ecfd45613388a2e6a6a9434dc5d14d9d" + +[env] + DATABASE_URL = "data/db.sqlite3" + PASSWORD_ITERATIONS = "2000000" + PRIMARY_REGION = "syd" + SIGNUPS_ALLOWED = "false" + INVITATIONS_ALLOWED = "true" + SMTP_FROM_NAME = "Vault" + SMTP_SECURITY = "off" + SMTP_SSL = "true" + TZ = "Australia/Melbourne" + WEB_VAULT_ENABLED = "true" + WEB_VAULT_FOLDER = "web-vault" + DATA_FOLDER = "data" + +[[mounts]] + source = "vw_data_machines" + destination = "/data" + processes = ["app"] + +[[services]] + protocol = "tcp" + internal_port = 80 + processes = ["app"] + + [[services.ports]] + port = 80 + handlers = ["http"] + force_https = true + + [[services.ports]] + port = 443 + handlers = ["tls", "http"] + [services.concurrency] + type = "connections" + hard_limit = 25 + soft_limit = 20 + + [[services.tcp_checks]] + interval = "15s" + timeout = "2s" + grace_period = "1s" + restart_limit = 0 \ No newline at end of file