From 5f1c2e791c23e740879102febec3fb313cf2a8bf Mon Sep 17 00:00:00 2001 From: Jon Seager Date: Thu, 7 Dec 2023 21:52:07 +0000 Subject: [PATCH] feat: enable libations on thor --- flake.lock | 57 ++++++++++++++++++++++++++- flake.nix | 2 + host/common/services/libations.nix | 57 +++++++++++++++++++++++++++ host/thor/extra.nix | 1 + secrets/kara-borgbase-passphrase.age | 18 ++++----- secrets/kara-borgbase-ssh.age | Bin 790 -> 851 bytes secrets/secrets.nix | 1 + secrets/thor-borgbase-passphrase.age | Bin 535 -> 495 bytes secrets/thor-borgbase-ssh.age | Bin 798 -> 853 bytes secrets/thor-digitalocean.age | 17 ++++---- secrets/thor-libations-tskey.age | 10 +++++ 11 files changed, 144 insertions(+), 19 deletions(-) create mode 100644 host/common/services/libations.nix create mode 100644 secrets/thor-libations-tskey.age diff --git a/flake.lock b/flake.lock index 45099973..b02d1c36 100644 --- a/flake.lock +++ b/flake.lock @@ -186,6 +186,24 @@ "inputs": { "systems": "systems_3" }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "inputs": { + "systems": "systems_4" + }, "locked": { "lastModified": 1681202837, "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", @@ -354,6 +372,27 @@ "type": "github" } }, + "libations": { + "inputs": { + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "unstable" + ] + }, + "locked": { + "lastModified": 1701980797, + "narHash": "sha256-Ho+puc0LAewDIehH5KYrRUoyQr9FYUOedwusYqZKE+8=", + "owner": "jnsgruk", + "repo": "libations", + "rev": "93bc4dc04fa13e89c103bbea41b322ab92186182", + "type": "github" + }, + "original": { + "owner": "jnsgruk", + "repo": "libations", + "type": "github" + } + }, "nix-formatter-pack": { "inputs": { "nixpkgs": [ @@ -639,6 +678,7 @@ "hyprland": "hyprland", "hyprland-contrib": "hyprland-contrib", "lanzaboote": "lanzaboote", + "libations": "libations", "nix-formatter-pack": "nix-formatter-pack_3", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_3", @@ -733,6 +773,21 @@ "type": "github" } }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "unstable": { "locked": { "lastModified": 1701068326, @@ -751,7 +806,7 @@ }, "vscode-server": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "nixpkgs": [ "unstable" ] diff --git a/flake.nix b/flake.nix index ac5b5735..aa7d8d22 100644 --- a/flake.nix +++ b/flake.nix @@ -33,6 +33,8 @@ crafts.inputs.nixpkgs.follows = "unstable"; embr.url = "github:jnsgruk/firecracker-ubuntu"; embr.inputs.nixpkgs.follows = "unstable"; + libations.url = "github:jnsgruk/libations"; + libations.inputs.nixpkgs.follows = "unstable"; }; outputs = diff --git a/host/common/services/libations.nix b/host/common/services/libations.nix new file mode 100644 index 00000000..458c85a0 --- /dev/null +++ b/host/common/services/libations.nix @@ -0,0 +1,57 @@ +{ config, pkgs, ... }: +let + # Fetch the libations recipes from a private repository. Note that there must be a + # valid SSH key either in the agent of the user executing the `nix` command, or in + # `/root/.ssh` or this will fail. + recipes = builtins.fetchGit { + url = "git@github.com:jnsgruk/libations-recipes"; + rev = "9bd7e4ebe23f9421c3ccec5db20b4bdae2344ace"; + }; + + libations = pkgs.buildGoModule { + pname = "libations"; + version = "unstable-2023-12-08"; + src = pkgs.fetchFromGitHub { + rev = "c1d968fdd87e6214ac5c9d50019749d5c05aa939"; + owner = "jnsgruk"; + repo = "libations"; + hash = "sha256-Eu0LLQZ4ZB2fdedmpFjlRbJIzoA7ow1LGQtVdoyP2xM="; + }; + vendorHash = "sha256-Ep3nBl9WZm7skk1cmMS9KI019ZSRSxofbLs2Nrj6HM8="; + nativeBuildInputs = with pkgs; [ hugo ]; + postConfigure = '' + # Patch the recipes that were fetched above into the app before building + cp ${recipes}/recipes.json ./webui/data/drinks.json + # Generate the Hugo site that's embedded in the app + go generate + ''; + }; +in +{ + age.secrets = { + libations-auth-key = { + file = ../../../secrets/thor-libations-tskey.age; + owner = "root"; + group = "root"; + mode = "400"; + }; + }; + + systemd.services.libations = { + description = "Libations cocktail recipe viewer"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + environment = { + "XDG_CONFIG_HOME" = "/var/lib/libations/"; + }; + serviceConfig = { + DynamicUser = true; + ExecStart = "${libations}/bin/libations"; + Restart = "always"; + EnvironmentFile = config.age.secrets.libations-auth-key.path; + StateDirectory = "libations"; + StateDirectoryMode = "0750"; + }; + }; +} + diff --git a/host/thor/extra.nix b/host/thor/extra.nix index 4cfab90a..ce1f307f 100644 --- a/host/thor/extra.nix +++ b/host/thor/extra.nix @@ -2,6 +2,7 @@ imports = [ ../common/services/files.nix ../common/services/homepage.nix + ../common/services/libations.nix ../common/services/servarr.nix ../common/services/traefik ]; diff --git a/secrets/kara-borgbase-passphrase.age b/secrets/kara-borgbase-passphrase.age index 9be25dfa..069423b2 100644 --- a/secrets/kara-borgbase-passphrase.age +++ b/secrets/kara-borgbase-passphrase.age @@ -1,11 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 ASg3Sg CO2tcSK64VFwK1vMOZL+7iOe6FaZWkSaiqF0OqMR4io -WSFzYxoW4ng0QcXAr5/jPBTeLO/Y4k16ubVL+h09nTE --> ssh-ed25519 6up9ZQ 7cIIIsfocgAU8zzUPhp1WCjjY8rasUUrFeH9j/gKExc -7a7sgE8NdKyvWb68RgVNppAfUShrTrsqa/cxvs83g9M --> W~_#-grease e0Jt_% 9c=-ZICy ^A27 _X%DC -ZzXuwWsQTw0mvi1iXdZH0Hd8V8aJT86mqa6ehpbQ6nzsJOMZRPdGe4P9BF18E5mX -ODT59MAJ/W37y/JxXNNY+0QN6erT ---- GztYtmM4sxrUxwzazX/RI3p8OGC7kelqgvnBpHycM/Y -}%pSB)%poz,iϛ5d86D]TjY胲 -Zri Vp+a$]61 \ No newline at end of file +-> ssh-ed25519 ASg3Sg +pewBTfRJ8UR497QKTusEkqhHphK94AQW4tHD30Crwo +4CctckWgtukTL1yrX/9R+fOXz/w+lco8wcbp8d6h2PU +-> ssh-ed25519 6up9ZQ TNDeFCu/3FzVPX9u0GvzhG3Y37z0I0v8BnuQ7RTHTnU +XGbf/hNhHIEZsoGUjVfbc6NmoZr05q5fnI6juN/d52o +-> srSd-grease "U *&"yT JS+MW kl)A +4JBYxJdv6JIxPCZ3NScvhgF7DuCLEVXlQuFNFey3qsPxvcKTNNq9Ag +--- ivkPurGWx/wV+7P1o3lJKu0o+jVvbLNBQ8e4udH6PeM +4Tl.]oDrQ򺛸A`3kVq,/>}u=a)H ZwN>6^A~9 \ No newline at end of file diff --git a/secrets/kara-borgbase-ssh.age b/secrets/kara-borgbase-ssh.age index a0d9c3e371e1d1d4c85a5d385fb4ca873a7d7f34..6ef0592ac8551590acb054b51d43a5f4723fa60f 100644 GIT binary patch delta 820 zcmV-41IzrD2Ga(REPqyWbVE3IS1&hJcS?6^YFKkLG)OpALu)xqcU4+sdPZY#a8FQ2 zYGij)RSHN#IaF6MFl}&JReDHNH%enRIZ#0{Wou-1S2$EgIaf?jPhm`IT2yvrGzu*~ zAaiqQEoEdfH8n9gAU1VyIa*O5GIvQvS~xaXb!b|4Ohi#^Mt?oTkPexN~3R8Mib96COP*rtPMN2_5P<3ZCSTR^HR5WN>R8mtpfUHb_`YL``^RQ&v+qM0ra?cyV?|QgC=}H&at9c0_1La(Pd0 zQ#e>-a8-0~Vp?ZtIcW+_L{e`uVKr@bSyM$zQet5WEiEk|D{e1sO;aypbX9RVYHUVC zL1l1xQF?AzY<6ixVNXU-FHS2kVRtrYNjXglU!j^zpnvRo;-}}5H5}&rPa6EDIf1mz zwUp>O2x>L!>n(I%GfND+R0Ys+!N#ygSHB@AFmmZExr5+XO!BIiytXhWtdA#+Ss%n*SGIgdVl$&_ zoV;&jzkhDFl0K0j^umTxDA&|vL1)o*u`dtTos5+DAwD2?OMXTUz&3-jhR8mkQlvx{sdU?Bh=I zGBBlvF&^!ClLUnc;4eG#GR1K((9G0_bxfjU!7MrX^?9n#C zGb}-f9L$9T|I`eK&cCwPwQ} yw=J~>^U`5ixyC85T(~55H@0H6N|3YYme8idm84Htk(!2=&XW;%gdabvsAd>S@>nzg delta 758 zcmV*N>+J8RXAd5a&k~HcQi9FWG_K8SY|~yFhWyH zMsRFR3N1b$DJ^GmWnpt=ATWMsJ}fCTKp-$UI&Wk}esv%sYIiD7I3^%3dQxmrdK`m8$bT7)qH~i_StyBZQ92%#M??h20Iv_ z#@hC7pQz5gLbm%@HwciZ=ku$@TSf`NPFmG?3o4KiP=BBvshdDR-DR$5I{Y4q8u&jK zLX`a7@zM6L=~c8VR$F;d=4y<@hzMGyz1}>m?_+a8%7me>4SmR{7^k=nYx4XGo?EQUBv7nP+{}C)@ZWrTgqPCV81C_2YM1oi;Bf%}f=kx;XTP`G zAO=d^Xmc@^?>*>I-u%B69s!nV;Ud>bj2nxOl5gnSI;@kdC!`AuNfTa?wcg^-)3dO04tWa4RwH07$cyReufa8N=j8ZPc$=haZ^ZaPGxOwGGr?> zW_egbGzu~?LRM-uN-|neIafnzWl={>cR^TAH)v%qS3*%XD^6H=D`Z+yYE*VcK?*HC zAaiqQEoEdfH8n9gAV^eMYb$3UZcj&MK}dOHL{C~oRCiWZd4EN0Lo!cDK~`p0O=)gx zWk@$_Ml(o7FimSP3M+3~LTfQtdN)HbL^4EVc6w@QL{fP{Wk_LWOhs^JG)Q)AP+3KB zM{F`#3N1b$K{+mGWKmWvXL4m>b7df5BVj>wMqx%EWIb^pB{^tMV?sSX3NLeUaAkQ= zbvY|VQ!h$2Lw{;AYeso5PNJv>}bXW>4EiE8n zQAut}baH4}X)sbzGfZ`8T0?qvSVK%ibxCk+HY;j#PB}MJWil^HNH7Z7NdSI04gmh` zdFY}pz)*Gav|n!KQQ0^82nq3$=6jA8Ob=ueTKKKo%tojMG_q1%N}%`=<>vK*F(qNxF=553jR`-jC Dk&dG3 delta 501 zcmWm7%WKnc007{FFUUl8@aCm3aDy1qy!yDzHR&U5lRomWX=F&2=GC-m9!-8}!4<{( zRxk79P9p5)L4|=R!;1$m-n|S2(Zend6k&+pKk%JhI=H-lXVEexNgeyXjFZzrfalO* z5Zi378A)L=07D^X3woS{tnLCxEDl{m;*|w?@ zRLbNf4R^#+owmK|l!IGgOhr8tbg(9{%gLy?n6=X}s#`vfu?BCFR?wl@uCoKxh-s<> z3O6Bqv^l{v+8Hw>CH+2tklc7b|fZR!Qu*Ga3)$ zvO@VvmveEn3?xA<_0dBxp#4sU(B{`E+%Uie8G=FqfcQ8&vaB)a)YBNE0 zT5oe~dM`G1by`z*3Rp>Scvfa|Vnjzaa!52&O;va}Fg15+YB*FdW=msoSV&1tb68_! zR8n(e3N1b$T~}^8Hz$2REoX9NVRL05azqL_QhHcQIc7vKRZ2)#MORd5SxQ4^L|JT4 zbysg?VM|VTD}QiLV|Q9XWi~}hOLI&`dU`cvS7$OqRclRfbY*FF3QuQ4FhNC7OfqX| zIc9Zra9VO=cUoFeZfJ06V?}UCLNjVmZAoHlaBxLWN(wD4Eg(vEXLUhyYH3DuZZC5} zZEaXWb8U7nV>v}|HB~S(Vp%d*bt`f+R!eVlYYKlQC4ZTJvk<4Xg@2h}!Ez|fMn{Lj zTsTT#fTi($kqjsi5~;~qY_D?!jvFR!Y>YvIeE(L)0bOtm{@tz&IIp&hDn6+M)g-Mk zM=X4rroyMI2Z*q0j#@NxJKQtLq})|<}x>N8f}aomkK`qEoBnx!n<~t#{@@5`cx6zXscyL7mEaa~-jKjSIyV zaengl*fADFyPlOGhoztCTKxq`bOOw>DY!6&0DmEugj~kt(j(J`W6tDqD(^O%YK76n zoexFIZsqv`+JZkEULp{coZ~hp(Myu2+?Oz5r~IqOpn=x7BgT#Y<5+pZ6MeRO>FC`Mk1rJ|Q zTQ9t2uclJ4Bv*TLIYUDQ$rp!pU%4wdOkUYBcs&n;fx^z$JTANzm2pI4m*&&oA_ja` A8~^|S delta 766 zcmVr;JRAp#*cX4b*S3@#LRSGRW zAaiqQEoEdfH8n9gAV^eMYb$3UGizB%YH?yvdND&sSvE#QaDQ4hPGmz*VmNqhbwNi? zM?r2(H!(0VX)rQl3VKjfPcT<7^9bxBh&QbJ^IF=AwHMQaKzEiE8UZcBMjT1I$oI8t?FPFP1| zQb%}DQ8jg0RB=*pa5iajGdD$bayd0ja779&!WO2JU&|PcfzO8Y2TAdm)mFW08xh^> zyCnITlW0MaGHZH}EFeX&Zhtbupx%sG z-eBc`cYm$9CD+XMe>>pM{t5NwQC$ZPvC^4y0rUnjg+n=7>Bnf~08SmcA1*z(sH{K-&aOW}hRO9Q2i8mwA|3vomqdoRDmRS^rG}(sW_iJARz|#N(-fa*3f6N)dH?_b diff --git a/secrets/thor-digitalocean.age b/secrets/thor-digitalocean.age index e5d5e875..acfc8088 100644 --- a/secrets/thor-digitalocean.age +++ b/secrets/thor-digitalocean.age @@ -1,9 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 ASg3Sg GUU7pEN/08zLJEZcZ2KNLXlO3j4V+zH3yvCZKgmuaV0 -scttI3tiRqjqTrQOt95NMD+0CNqj2WSCCyV0hJ9IpgQ --> ssh-ed25519 HTYk+g IpBlhhEL6rIFl5gFMCP7icaOjt5VYjl+2w5icKhOEEM -ofZM6NXDJg1SBmoTkln8E1Zi5wzNjCuO38pXl4ZX5Y8 --> h-grease g8IhTVps 2+>Y@^;2 ,NyPdN Q[.F|9X* -zSwCpOrQ89FL ---- RIurRnXPMXrmFaxQR91pTQbQL6jlPt3bmnxAHCQmSkU -6B 'qP/_(ο3IXL6p_pwg9ހرJA1Kdq#J.JJgwQ; \ No newline at end of file +-> ssh-ed25519 ASg3Sg fdfEEB6h2PjTUtQHeOYDOM9YdwF+Y5FEHHJokfXOjxE +b59xNlXGYPlA3bK1QQfJUPdIlXyOfHgQL9KHqFRCnmM +-> ssh-ed25519 HTYk+g whfs99yVZW4up2KKLxr+5C6X8KCX3EXr1nXtWB3qm1Y +fzm34J5FM3DbZXmi3J9nU/J0jtFODOcL3143bjWmk0M +-> =`X-grease +mLWLA+xSfPIk11wV +--- +qq22jL9+Mbqxvb5jnocqRpXi4nTbvZOay9fe1qVZ7c +BQNݻN*v5Q]Ө63~gKO/EH߱cnfeqK;*RVK44! +I< \ No newline at end of file diff --git a/secrets/thor-libations-tskey.age b/secrets/thor-libations-tskey.age new file mode 100644 index 00000000..be94c0b1 --- /dev/null +++ b/secrets/thor-libations-tskey.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 ASg3Sg bReKHI4P9ExPaNVwFf9bj2J0mibldAVXXxx1XgAYRTg +OXuT3+puMZ86Zetd2oFLbPG01OoXNw49THoaOYz8v/w +-> ssh-ed25519 HTYk+g QHATIVHm5m9b+h1OuwX7T8yrTdl2l4Ql72UqlhXHdSE +b2nhm96JVs1n3aPsGYsbwS2d32ew/l2FTco+1RrhWMY +-> MHcgU7A-grease 9ciM^Qo P !|/ ^u3cjI)s +B4QLsVaiadaDq1BQ3F6F/E8u2Q5pnbzfZI3+TZh4Lb8XLD1eyFXd1gVASas2zcbu +ObCUE6rDuja0Iv/5mSHGeEIT9QRNGRRn8yPh8mQ +--- egNnJzgr/dfEa04oSc+/YvigU8h8GRzD+ZenEhf+CbA +^HYª7^aY~8gRa){ed> lViƻWmXLfst?sp,< P,~gQDЯrY \ No newline at end of file