Jafner/Jafner.net
1
0
Fork 0
Code Issues 16 Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Feature: Init stack.nix for coder.

Browse Source
This commit is contained in:
Joey Hafner 2025-01-31 22:30:41 -08:00
parent 46b7cd3116
commit 328c7ead50
Signed by: Jafner
GPG Key ID: 6D9A24EF2F389E55
3 changed files with 40 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
homelab/stacks/coder/docker-compose.yml
View File

@ -4,7 +4,8 @@ services:
container_name: coder_coder container_name: coder_coder
restart: "no" restart: "no"
env_file: env_file:
- secrets.env - path: /run/secrets/coder
required: true
environment: environment:
- CODER_ACCESS_URL="https://coder.jafner.net" - CODER_ACCESS_URL="https://coder.jafner.net"
- CODER_HTTP_ADDRESS="0.0.0.0:7080" - CODER_HTTP_ADDRESS="0.0.0.0:7080"
@ -13,7 +14,7 @@ services:
- web - web
- coder - coder
volumes: volumes:
- ${DOCKER_DATA}/coder:/home/coder/.config - $APPDATA/coder:/home/coder/.config
- /var/run/docker.sock:/var/run/docker.sock:ro - /var/run/docker.sock:/var/run/docker.sock:ro
labels: labels:
- traefik.http.routers.coder.rule=Host(`coder.jafner.net`) - traefik.http.routers.coder.rule=Host(`coder.jafner.net`)
@ -29,7 +30,8 @@ services:
image: postgres:16 image: postgres:16
container_name: coder_postgres container_name: coder_postgres
env_file: env_file:
- secrets.env - path: /run/secrets/coder
required: true
networks: networks:
- coder - coder
healthcheck: healthcheck:

66
homelab/stacks/coder/secrets.env
View File

@ -1,61 +1,23 @@
{ {
"PGUSERNAME": "ENC[AES256_GCM,data:teLs8XNHOQ9tDlkVhPxeR0t9Rcvq2g==,iv:gqKQdJ2q9MioaVoEo9dJ+PuONyjA1+t3+yp7UiuaHps=,tag:efrINB7Yint9Ng2gCgB05g==,type:str]", "PGUSERNAME": "ENC[AES256_GCM,data:88XjkDLtgZe9czxUNeOA2XCDczywWQ==,iv:GQfm/MUEDacMZrmlCtfubsIkZkXDc1F5KpznGQuBjLg=,tag:o2nNVBwwNr/UGqcuWCAMMw==,type:str]",
"PGPASSWORD": "ENC[AES256_GCM,data:VkHt/5CEQTa01ncvArN4D0gG7fpjWA==,iv:gvSivz9WJQA9CUHXEGtqzGddqYz3iqRfQBUkM3udvYM=,tag:Crv2nK0/YJSAm7X8A/xyWw==,type:str]", "PGPASSWORD": "ENC[AES256_GCM,data:9qCuqkEnRAuE85kdpeJHJIQPImtHCw==,iv:KUGgmKQHWt5eMf1EWkiRDT9jkNGF9ZeabZqvQ+3MlpQ=,tag:91DArPLFPPOJDc7z7wLl1w==,type:str]",
"sops": { "sops": {
"shamir_threshold": 2,
"key_groups": [
{
"hc_vault": null,
"age": [
{
"recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqVWJDN1BEam5yNTJSN3ZO\nTzg5L2xNMDN6d1U4cklyMUtzcFJKR041OVNVCnFLTzN6RkpMWkJQUTdUYmJmckg0\nLzZqTUFJdFdjK3JkOFZ1aUJmamFBNGMKLS0tIHg5YW5WVjBNSGdnQXNIUVpmN3R0\nZFRhZUoxcXpIVlFuclFTQ0cvYmNHY00KhuoxXTREDLx+Tp4sv0cE8N8R63iqKByh\nCRJ1VW1ueVaKxqRvnNqpqI8j0qiDC0RZ8NjoOm7TKiPXHTnDzJX8y+g=\n-----END AGE ENCRYPTED FILE-----\n"
}
]
},
{
"hc_vault": null,
"age": [
{
"recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSTllekhyZDMxQWVtL0VN\nQXVST28zK2diOTAvc0RINi96NjhQblo2M0hnCkR0MDA3MFUvbkt6U0pJQkhHQ3Nm\nS0JNTCtNUWdBRDR1MVVOM2lPOFZPd3cKLS0tIFNLNlNRU0JuWDg2ZDlNTzdWOUs4\nVkVDQmV4TGpySStybmNkR1M4RGJwcUkKWA1FKlTYg2GZyJ/WET9RjfGRbn8XX6zh\nA7XLo6uczkM4NdnrI4peM+ObY4ep3HwfVvogWRpcbl7mfPg6bXKbAF4=\n-----END AGE ENCRYPTED FILE-----\n"
}
]
},
{
"hc_vault": null,
"age": [
{
"recipient": "age193t908fjxl8ekl77p5xqnpj4xmw3y0khvyzlrw22hdzjduk6l53q05spq3",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvcW05SUlYYnVseE1JSXdS\nYUlMYm5WN0puTjFycVNjWS82bGdrYVpKemxnCnAyNG1Vb2t2djlNZWFyMnMyUjh5\nbDVXaVU1NjJzeGk4ZmU1WFd4cXlzcVEKLS0tIFlFb1RyNERFaVplR09SRzEyVFdk\ndGRWQ0R6SzEwVHA5SitUVk9UZVEzdUkKb11m92rd/9yEj6HASJF9hF+v8Kj7mbJd\nEHIvJMnwQUyYITP4ccj+b2JCc7hsIE6W5vsTgYnl+vSfa6PIRW/mJrU=\n-----END AGE ENCRYPTED FILE-----\n"
}
]
},
{
"hc_vault": null,
"age": [
{
"recipient": "age13prhyye2jy3ysa6ltnjgkrqtxrxgs0035d86jyn4ltgk3wxtqgrqgav855",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5ZFdKYzNNaTVzOUhwY09s\nUWlzcVFUcjRKZjF4ZElxOUdJZHczaFBPMFI4Cld2WGIrS1dDd0d2YnBzQjdwWHZq\nMi85UXhpSVlDTmV5V3ZOdUJWY2ZuSWsKLS0tIDFpVnZCelRIdDlTT09JNkJLU1dQ\ndGRWelBVZEF3MUVXbitQbTA0bVo1TVUK9z7k/N8L+ljYuCPGZivH05vFomPG8rBI\nOvezLeyU9/OrfWhFU6Q/erikSxd4LhEoIleOsV5C7t+cm4DhmMueRkg=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1n20krynrj75jqfy2muvhrygvzd4ee8ngamljqavsrk033zwx0ses2tdtfe",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHYW1veXFPUkpiQTFCWitD\nL1djdTNVM2FvaHhuVENvVlFFdXRiVW9tSlFnCkJaMjJ0TE1JSktJb2JUZkI5eWdu\ndjhmUjRia05lbkFTSVF5QlZHUkh3c2sKLS0tIGxBQTJBZEM0cXpWWmxuQ2d5NE1N\nbXBHREpkR2xzYktySHJQcnJ6akpsb0kKS1r19AQetaBNddyUXImToWHN5jOgTX4E\nQ3Wga4ICmtn9oAmTtIi3Te5mnXcd8/7f+V5HrGjAptLJJoW+w77ZF/4=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1m0jpnk4t7hph5tdva3y9ap7scl8vfly9ufazr0h3cuwpcytlsulqjrt58y",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBldk93enZKbDFVWEdBSkZn\nK0RSOHd4VTAwK3ZYYmpoM2c0eGNERkN5QlhZCkpSVENMbk1kWWtCdHhLYUN1V3hP\nRTVtbGlDaUxrU0lFeU5FdTQ5eTlLRWMKLS0tIEdjRE1aeEVESHRZK3JOZ1F0OU1z\nVDNPdnFzOWl4dTlMOGlBdzlrUjhoU0UK8Nh0/KiEzu7mBe/Lxyhx8fJE9F40b6SV\n5hgp+QoH6HYb3CbGL/Biz7rh22cqaMudjGStDZ2iMen9EIw52zdrdS4=\n-----END AGE ENCRYPTED FILE-----\n"
}
]
}
],
"kms": null, "kms": null,
"gcp_kms": null, "gcp_kms": null,
"azure_kv": null, "azure_kv": null,
"hc_vault": null, "hc_vault": null,
"age": null, "age": [
"lastmodified": "2024-12-31T18:50:24Z", {
"mac": "ENC[AES256_GCM,data:0Zspn2fmS1LURX0TJc+t6HwmcabpugYRiTnxfXyFHD/k6R2NBHhY/yADtE01T94JVI0SoWXmmF5MycVkMeP8YhcLYgQBMCoUj+Q8DMB7iPjewTKsTvDDR4wn+fs1+pjDyzv/nG2im/l4dc3KekHoCVKG+4C6gN3kmsjf3PEGsSU=,iv:I6WgovNtkQK93UfyDjH1s+0x8RwBkUVIILf8wTdFPTE=,tag:rd9ejGwxYEUkh1vvYP5xUg==,type:str]", "recipient": "age1v5wy7epv5mm8ddf3cfv8m0e9w4s693dw7djpuytz9td8ycha5f0sv2se9n",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwaWVWMm9NQklsMVFjb0Zm\nTnpzeG81R0t0d015R0JodS9xVGlSdGhSa1ZzCjFKR0pMaDJzOWtMK2JVSm5hRzNZ\nbzJ2bHFYcXBZakNRcWFENWJibDlHc0EKLS0tIEZhSXY2ZW8ySkRnQ3Y3TzBzZEtt\ndWtLbklIWExCWVZYcEpwRnVLbHV3ZWMKVbqau8AGcw6NYuL0lOvrXvGrVOLkajqR\nDgceKFkO0hovSzWGNYCadIgtYnRi4hTJzBP98uN1WJ3e/Y9DJFdm1w==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzMUw5ajN2bFBmSTBHR3pq\na2Zzek1kdkNXODRkbTZ5b2FVZmN3YlBTU2g4Cm5KWE5BQyt2czdkSGs3eE5CdWVS\nSTkzamRnNHpOcW53emZlN2pVMWNTdDQKLS0tIHFJdFl0dmk0TWF1SzkyK0wrRzUw\ncFhMNGplNWlTZlFyNkhwSDl0czVlWUUK+gMy8Qems6finqmDjUd86sCm1Bn/VMoi\nUGHjgn5fCpQ/ATuAtt0fFH9ZLjZFGGg+27YURum9fEm8KM8JlO61Iw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-02-01T06:13:55Z",
"mac": "ENC[AES256_GCM,data:W+OPsII16XKEeAnxwgHpickaCibqqgAiW9e6rDnfrIWScqc2xV6fusEGN0XeqZtN612Gm8WIgad1hdTDmBLIOI4oakp0jz2/Uemk0bKHef/4smOtcmpR7W0aMh/kJl3bQFFIeFPsZOShoOxIw5zAOZ7f8FUWJ8M0NxGs4sNPips=,iv:FJXG9gbPMvsZVVNw1O3DdQwl4N5mn3/yjhVCjgKKp3Y=,tag:sZ/Y1Xp3n2DlkKJsgLrCjA==,type:str]",
"pgp": null, "pgp": null,
"unencrypted_suffix": "_unencrypted", "unencrypted_suffix": "_unencrypted",
"version": "3.9.2" "version": "3.9.2"

21
homelab/stacks/coder/stack.nix Normal file
View File

@ -0,0 +1,21 @@
{ sys, ... }: let stack = "coder"; in {
home-manager.users."${sys.username}".home.file = {
"${stack}" = {
enable = true;
recursive = true;
source = ./.;
target = "stacks/${stack}/";
};
"${stack}/.env" = {
enable = true;
text = ''APPDATA=${sys.dataDirs.appdata}'';
target = "stacks/${stack}/.env";
};
};
sops.secrets."${stack}" = {
sopsFile = ./secrets.env;
key = "";
mode = "0440";
owner = sys.username;
};
}