feat: add VW on fly (#116)

2024-04-23 14:49:41 +10:00 · 2024-04-23 14:49:41 +10:00 · f036f6b386
commit f036f6b386
parent 2f1fbd6193
4 changed files with 85 additions and 2 deletions
--- a/.github/renovate.json5
+++ b/.github/renovate.json5
@ -22,7 +22,7 @@

    "regexManagers": [
    {
-      fileMatch: ["^.*\\.nix$"],
+      fileMatch: ["^.*\\.nix$", "^.*\\.toml$"],
      matchStrings: [
        'image *= *"(?<depName>.*?):(?<currentValue>.*?)(@(?<currentDigest>sha256:[a-f0-9]+))?";',
      ],
--- a/README.md
+++ b/README.md
@ -83,7 +83,7 @@ nix eval .#nixosConfigurations.rickenbacker.config.security.sudo.WheelNeedsPassw
 nix eval .#nixosConfigurations.rickenbacker.config.mySystem.security.wheelNeedsPassword
 ```

-And browsing whats at a certain level in options.
+And browsing whats at a certain level in options - or just use [nix-inspect](https://github.com/bluskript/nix-inspect) TUI 

 ```bash
 nix eval .#nixosConfigurations.rickenbacker.config.home-manager.users.truxnell --apply builtins.attrNames --json
--- a/flyio/vaultwarden/flake.nix
+++ b/flyio/vaultwarden/flake.nix
@ -0,0 +1,30 @@
+{
+  description = "My nixos homelab";
+
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
+};
+outputs ={
+    self
+    , nixpkgs
+    , sops-nix
+    , home-manager
+    , nix-vscode-extensions
+, ...
+} @ inputs:
+
+let
+    inherit (self) outputs;
+    forAllSystems = nixpkgs.lib.genAttrs [
+    "aarch64-linux"
+    "x86_64-linux"
+    ];
+
+in
+{
+devShells.default = pkgs.mkShell {
+        packages = [
+        pkgs.flyctl
+        ];
+    };
+};
--- a/flyio/vaultwarden/fly.toml
+++ b/flyio/vaultwarden/fly.toml
@ -0,0 +1,53 @@
+app = "voltaicforge-vaultwarden"
+primary_region = "syd"
+kill_signal = "SIGINT"
+kill_timeout = "5s"
+
+[experimental]
+  auto_rollback = true
+
+[build]
+  image = "vaultwarden/server:1.28.1@sha256:04691aaf1d8531ccb796de620841c030ecfd45613388a2e6a6a9434dc5d14d9d"
+
+[env]
+  DATABASE_URL = "data/db.sqlite3"
+  PASSWORD_ITERATIONS = "2000000"
+  PRIMARY_REGION = "syd"
+  SIGNUPS_ALLOWED = "false"
+  INVITATIONS_ALLOWED = "true"
+  SMTP_FROM_NAME = "Vault"
+  SMTP_SECURITY = "off"
+  SMTP_SSL = "true"
+  TZ = "Australia/Melbourne"
+  WEB_VAULT_ENABLED = "true"
+  WEB_VAULT_FOLDER = "web-vault"
+  DATA_FOLDER = "data"
+
+[[mounts]]
+  source = "vw_data_machines"
+  destination = "/data"
+  processes = ["app"]
+
+[[services]]
+  protocol = "tcp"
+  internal_port = 80
+  processes = ["app"]
+
+  [[services.ports]]
+    port = 80
+    handlers = ["http"]
+    force_https = true
+
+  [[services.ports]]
+    port = 443
+    handlers = ["tls", "http"]
+  [services.concurrency]
+    type = "connections"
+    hard_limit = 25
+    soft_limit = 20
+
+  [[services.tcp_checks]]
+    interval = "15s"
+    timeout = "2s"
+    grace_period = "1s"
+    restart_limit = 0