Feature: Add stack.nix for zipline.

2025-01-31 23:15:05 -08:00 · 2025-01-31 23:15:05 -08:00 · f529ef9a07
commit f529ef9a07
parent 4154440f0c
5 changed files with 62 additions and 102 deletions
--- a/homelab/stacks/zipline/.env
+++ b/homelab/stacks/zipline/.env
@ -1 +0,0 @@
-DOCKER_DATA=/mnt/iscsi/barbarian/zipline
--- a/homelab/stacks/zipline/docker-compose.yml
+++ b/homelab/stacks/zipline/docker-compose.yml
@ -20,10 +20,11 @@ services:
      UPLOADER_ADMIN_LIMIT: 25gb
      UPLOADER_USER_LIMIT: 100mb
    env_file:
-      - zipline.secrets
+      - path: /run/secrets/zipline/zipline
+        required: true
    volumes:
-      - $DOCKER_DATA/zipline/uploads:/uploads
-      - $DOCKER_DATA/zipline/public:/public
+      - $APPDATA/zipline/uploads:/uploads
+      - $APPDATA/zipline/public:/public
    labels:
      - traefik.http.routers.zipline.rule=Host(`zipline.jafner.net`)
      - traefik.http.routers.zipline.tls.certresolver=lets-encrypt
@ -42,9 +43,10 @@ services:
      POSTGRES_USER: zipline
      POSTGRES_DATABASE: zipline
    env_file:
-      postgres.secrets
+      - path: /run/secrets/zipline/postgres
+        required: true
    volumes:
-      - $DOCKER_DATA/postgres:/var/lib/postgresql/data
+      - $APPDATA/postgres:/var/lib/postgresql/data
    healthcheck:
      test: ['CMD-SHELL', 'pg_isready -U zipline']
      interval: 10s
--- a/homelab/stacks/zipline/postgres.secrets
+++ b/homelab/stacks/zipline/postgres.secrets
@ -1,58 +1,24 @@
 {
-	"data": "ENC[AES256_GCM,data:LXYXdF9/SKG0/iSwMjSd//C+oyTvsHE6kWhrFpKREkK6TebxBJtO9hLMXlF1ZBMqfFv1Tntz80Ni0w==,iv:ajlci1uiUBtePy/QpFU+DfEvKO4U1GDPtu65lnA8PHA=,tag:i+TpCRzitfr7AkOx/0wz0A==,type:str]",
+	"data": "ENC[AES256_GCM,data:F+E2IT/8XbK/xZ6IUOypfIAqhSgusjp74JvRzDRMvQD/d16yzHSfhaB8EYxSAReYbs+lG60F0G6wjA==,iv:WcgjXMsS5F38fZgUaokUl04f0qnnUWNNQRRT50IIl5E=,tag:kVkAKKS1Yllv5Tvisux0Sg==,type:str]",
 	"sops": {
-		"shamir_threshold": 2,
-		"key_groups": [
-			{
-				"hc_vault": null,
-				"age": [
-					{
-						"recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00",
-						"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBueFp4SFVlVzg1RHorUzBp\nRnM1bXpoeFFuMFpVb2xDc2hWZVVkRFZDTkM0ClBwMTZSYXA2S3lXMzBBekRKelFy\naXNjcGhuaGtBYTRUMlVVQVVTeE9CNnMKLS0tIEJpM21ESjVWZW1aVC9EUnJoVERQ\nLzB3eUt2bXRvdUE2c2dHYWZUNkFSbnMKi57PWC5o9D2bVj3y44VE9mYojyuXMZDs\nfnni3VWclS0M8DgYuNsTx1Hp/zCTbbiENO+etKCQS1ezbMCk3yGsbag=\n-----END AGE ENCRYPTED FILE-----\n"
-					}
-				]
-			},
-			{
-				"hc_vault": null,
-				"age": [
-					{
-						"recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00",
-						"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2eUhURDJ2cXpKaVpZTTNI\nQXFBYy9namZBSzM4Z09tWXV5NzQrM2VlUGxnCkdLT0ZzSnVvb2tyZ3NZeUllZitX\nUHpTSG1jNFVsU1d0MnhHN3EyK05ReGcKLS0tIFNaRENSbGVLaUZWVjh5S0Z1RVBN\nSE5pcVZLeDlaa0c4UmFEZ3pZN0Y2UWMKDpfKj6hDeZsFniIEKaaQ9YUx1JZkqEiC\nIFTdh3KFxPtFShpG1rP5P/aN+z8/Iqx3wrdYSP7T5Lk0uHRSKPk5FDs=\n-----END AGE ENCRYPTED FILE-----\n"
-					}
-				]
-			},
-			{
-				"hc_vault": null,
-				"age": [
-					{
-						"recipient": "age193t908fjxl8ekl77p5xqnpj4xmw3y0khvyzlrw22hdzjduk6l53q05spq3",
-						"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4OC9XVjBVQzVRNGE1M3lB\nQzluWnp1TnZXN3libjVoN05PUDRXa3lQckc0CklhbWlzcnhNVmNXbkU3Q3BzRUtS\nSXJVUzg2Rnhtc3RQdmg0NnExbXJIUk0KLS0tIGdnRXNNb2pTTkxDSGVlejNJcjBo\nTFhiWlB6WlFxWGFKZ2JlSnhGKzFDbnMKCb7Nva0zHg0XAe/EtBE0777qsasrgW44\n8PO3mH/zTpRG3SCBR2bHiUNtkRe5AtPOFR9bY4v1QSAmcbmNYPzeK88=\n-----END AGE ENCRYPTED FILE-----\n"
-					}
-				]
-			},
-			{
-				"hc_vault": null,
-				"age": [
-					{
-						"recipient": "age13prhyye2jy3ysa6ltnjgkrqtxrxgs0035d86jyn4ltgk3wxtqgrqgav855",
-						"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkUDF3R0hJMTg4MldZLzdY\nWHZKdEg3a2QzQXR2R0hMZ29tZGZzTGpGa21rCllPT2NsSy91ZEtkcEMvNDhjcXZY\nV0JvNDVxaVIvUGJDdXQ4dkxhSTNvNkEKLS0tIGdrN2RnVnUvQkkybFREbjhmOUhM\nS2g2RmRIcUtQcDlMbTB3QTVsTi9saVEKbDkCBy0FeICmKDYvdG+thxHZ5+mLntgn\nFpd59oPja2APrT4XYMGf4BaWNAQn5zp0h0SO/ViyX7Xcxa1nudZEALo=\n-----END AGE ENCRYPTED FILE-----\n"
-					},
-					{
-						"recipient": "age1n20krynrj75jqfy2muvhrygvzd4ee8ngamljqavsrk033zwx0ses2tdtfe",
-						"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5Tk9JVEFNNFR0RVdKSlBu\nUnNrTXB1Ym9uMkUzdm1PNFNlelAvTjlpYUFBCjVBd3lhUlJDcWNQSWV0L0lyRXdV\nVHQvUWkzRE1pa1JlU2E3K0lQajV6NzQKLS0tIDVlVzcxN1ZuNEdNL01jaStmVU1E\nUlF1dkFEbEo0M1RIcXkxQWFQYWJVbFEKaocLJxEibp6UnXTefY6tjk4MOfmzHmmL\nWsYrL1OoswELCJzxUgXcet6MNsDfmOtNlexXLeEVyDcGXvfHPP7SAsc=\n-----END AGE ENCRYPTED FILE-----\n"
-					}
-				]
-			}
-		],
 		"kms": null,
 		"gcp_kms": null,
 		"azure_kv": null,
 		"hc_vault": null,
-		"age": null,
-		"lastmodified": "2024-10-08T18:55:02Z",
-		"mac": "ENC[AES256_GCM,data:xYIMbvpVBBXdsHsrkbAjjcrMTftQFwJ0TAF/ALgwHOxTI7ik5Oc0nuMHdT0X9fEwllGrDx7sh3GnRbL5FR7v5gZUjEUK2RKGpDaWq4XFqOeMI6n5oKtcffhffQf4KVSEwXCdNvC6FCZgdvWVpBluMGM09R2XwXXTqDuFhI0jgZU=,iv:tSqqRktw0q6s9y1nf189xI3i7kr9qBzCBjv3LtEnOVk=,tag:hftC5SM8iQummSgbD/+u8Q==,type:str]",
+		"age": [
+			{
+				"recipient": "age1v5wy7epv5mm8ddf3cfv8m0e9w4s693dw7djpuytz9td8ycha5f0sv2se9n",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjSEwyeEhNazZ4RjlHL282\nU09mdW1TR055T3FUTzZVdGlGTXpNR09aSGtnCm1xRDR4cUc5a2tIM3M2eEM5NXFE\nNHNjWWtzMzBONVV6bnFDQUV2MVJHSWMKLS0tIDliT0ZWK2lTak05QlkwUkVoLzB3\nNWlOQzJ5WG1GNDVNYXlaYVhoUnhaME0KR+SOPpVLFOMqGD4k4yHTc6R8rLmHGpDx\nU1CYkVzxytm5CkR5v5CKKmJSRHwXQY8OOVYSiNCZ6IozGZ/8HLBWzA==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBudDhBeUplLysydWdwVWxw\nNXFQNU0rM3laaU51SkQxUDhibE5Rc0JnWjI0CkMwa203emxOaVVYWVF0NXFaMUQw\naWNUMzFmM2g2QWJwaVFTVDliMzdIQ3cKLS0tIFp0Y2l2TTVMZkN1SnVzRkNJdmV0\nb0JoTWF6SlU5Skw4N3FnZEM4TjA2MlUKHGQr3ZjMUW+mXzasIOsq+KaQb7AdrJTU\nhqP3mGDJDo0rDxFKLrGLwv95jeKZNk6s/F9yeK5nt2enzSz4JU6ylA==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2025-02-01T07:12:19Z",
+		"mac": "ENC[AES256_GCM,data:WuWaZHUnh7N8lCoB4bKXsEvwZ21hjuSdrYguo498N3eLLtKjVA6xoVA+ApuWQkuKHh8TsfCJZ2lUCMmCdB7jjHfsRtUr7TtAa/XH+IY7bTZcxKTUpY568qUNVZPKFAx5rNV+z9EFUqo6CHJIvG+Fyb7t1T9v62pZ4L4Cu/tmKMA=,iv:oDcqPk2t5fQrJwb3OtDjyyDWr5ya0BRqA9KRwZE7Rwc=,tag:JnBkYQObbTIuVikW9xQ9Ig==,type:str]",
 		"pgp": null,
 		"unencrypted_suffix": "_unencrypted",
-		"version": "3.9.0"
+		"version": "3.9.2"
 	}
 }
--- a/homelab/stacks/zipline/stack.nix
+++ b/homelab/stacks/zipline/stack.nix
@ -0,0 +1,27 @@
+{ sys, ... }: let stack = "coder"; in {
+  home-manager.users."${sys.username}".home.file = {
+    "${stack}" = {
+      enable = true;
+      recursive = true;
+      source = ./.;
+      target = "stacks/${stack}/";
+    };
+    "${stack}/.env" = {
+      enable = true;
+      text = ''APPDATA=${sys.dataDirs.appdata}'';
+      target = "stacks/${stack}/.env";
+    };
+  };
+  sops.secrets."${stack}/postgres" = { 
+    sopsFile = ./postgres.secrets;
+    key = "";
+    mode = "0440";
+    owner = sys.username;
+  };
+  sops.secrets."${stack}/zipline" = { 
+    sopsFile = ./zipline.secrets;
+    key = "";
+    mode = "0440";
+    owner = sys.username;
+  };
+}
--- a/homelab/stacks/zipline/zipline.secrets
+++ b/homelab/stacks/zipline/zipline.secrets
@ -1,58 +1,24 @@
 {
-	"data": "ENC[AES256_GCM,data:q7JN+gv+NSR+zVi2CO5Sw/fpG4qu+uX1A0X5m2lxmel3TvC+7Mwu/S8PsnpAkY4xThCUVhN5Y8B3CdmwzDtEbGtdJXd3X2yEQhl/Hkba3eNtRihCr0JdlLNnzD/sHe3H0vQFdjLw8ZABIWyjQfYrSY4RvOYw4QRbv2YBu48k55Mf6VCAIKL04Th5p9kB5ouArGsF,iv:A9YPJw+eYO5idzLo3TxqvzBNGmuDq0o6ZSgVZXy3chY=,tag:J2qqX+tNMFillHzrV1IF3g==,type:str]",
+	"data": "ENC[AES256_GCM,data:B8XPhIB+vXdH8m8g/rBaJ7DvZoBNjaiCHZ/21Pl0O1tshQuA1el/ryAwKj7i4iijDLZ6pV7DfG/Hd8X2mqrN85qnqiaI7uK3RL8izwDKpSLmmsJTt1lbvUo70gqkD3ipIpbqj8FeKM5i+dNGD4iYNC0vf69OdsgYzby5ntFFXxzDyaREVn8cAwZUs1I3oUk6nVKv,iv:lhsIdkgX1ZUOP+1hoNjNNxBFZ/ueLcCU3ZIeYHZSYDo=,tag:jbx1Hc9+HFh1wezM6D7qZw==,type:str]",
 	"sops": {
-		"shamir_threshold": 2,
-		"key_groups": [
-			{
-				"hc_vault": null,
-				"age": [
-					{
-						"recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00",
-						"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBibmJIYXpIa3hxRWVWZlJQ\nc3VWd256NTVUQnVrM3JvdUduVWpsZVRJc0JNClI3cFdmUlVxNXhzcjlJUjI2OWxq\nOEhabVpST3FXbUdtVnJ0VVM1OVlBQTAKLS0tIGtXUStXUjhUQ3N1am9iOGVNbnNT\nSGtSQy9VV1YzS2lNTHk4c2l3aUM0bzQKxPz+7xbWDgSozjxAI77iaKGRoZ2GcQ4s\n5b09BAsZzTVYj6tvHZrVYaaa6nfPDGZLKI/n55XPbLpIbqO6bcbeoAM=\n-----END AGE ENCRYPTED FILE-----\n"
-					}
-				]
-			},
-			{
-				"hc_vault": null,
-				"age": [
-					{
-						"recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00",
-						"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBORDZOR1NwZmpxQUdHU05V\nRXNKSCtjQkpGMnZpcWppWmRuc3hmN29lYzBNClQ3ZVlOR1l4b2s3YUFsZVd3dTJT\neEcwUkMwY2JwWmRjZmErTVZyb0lSSlEKLS0tIDF4ckprTEZqOGoxeVkrdk1sbHkv\nSitHWFYvZUdtbVc5YnZRV1UyUW8zUFEKsiMoWXo3L830RSQ33YB1hgM9K+DgrtLD\nQHXcXn56eJ9/ZrXaFxTFXZgYV7w4XFGguFDi3grwGUzCq9O1oEjJFi0=\n-----END AGE ENCRYPTED FILE-----\n"
-					}
-				]
-			},
-			{
-				"hc_vault": null,
-				"age": [
-					{
-						"recipient": "age193t908fjxl8ekl77p5xqnpj4xmw3y0khvyzlrw22hdzjduk6l53q05spq3",
-						"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0dGFVNnE5M0FzMWFST3Ev\nL3VvMm9qR2ZOVVRkWUNtc3pSRDVyUEdhT0RJClRxZ2twYnA0Q01JOE1YOWh5S3h5\na2pTVE4wSzlzZ1lpN3VnR0ljdWpyT0UKLS0tIHRLVVJXU1FEQ0JTZlFQZ0swampn\nVFF0QS9BcitlQVJyYjdVcHN0TU9Ib3cKk+YFPxVQwk6e3MwdIWXkZq+ufA/8SaO5\nMjF5PrDBw3dFYlVC7u4jJ/zPHvcfMKOipNxIHUjjk/Mha+mKTjJgWTA=\n-----END AGE ENCRYPTED FILE-----\n"
-					}
-				]
-			},
-			{
-				"hc_vault": null,
-				"age": [
-					{
-						"recipient": "age13prhyye2jy3ysa6ltnjgkrqtxrxgs0035d86jyn4ltgk3wxtqgrqgav855",
-						"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEaGdpQTZYZlNOVzhzSTZU\ndFY1d00vM1VXMGh1TE1sQ1FlRXpXSDJ3SEFjCmd6WU9YVnZReDYweVlLUmdEQ0NF\naUk4VGtUMkpYdkR3VDEwQ3cvUHYxWVEKLS0tIGp3eHg5ekQrVXJ6Qlh6czJIODZ2\nWkN0MCtXVmZER0toaEJTSHpsRnBXRzAKTmGCezNjZJhyHBj8cbLw8VymJ5t79CcW\npYD3Ckxo+gdgqkFljA8tWxKa0nCn/38xUsBAjAnkoSH/lJim/K4971E=\n-----END AGE ENCRYPTED FILE-----\n"
-					},
-					{
-						"recipient": "age1n20krynrj75jqfy2muvhrygvzd4ee8ngamljqavsrk033zwx0ses2tdtfe",
-						"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKdnFxM1dodGVvN2dxWG4w\nNk5xcDg2dU5tSE1CbnExSDEyNFlpdjRGKzBNCjF2cXZ0NlFMYXA5MHNibG9wdDVx\nNUloU3h3dmJLMk5zcTEvN3dab0o3czgKLS0tIDRyaFI4bVpKY0dIakFZR0lWK0U2\nb3hNZGFkd1pja2NmangvUVJxbnJ4SEUKGhrvAUKUr8+fMZWLWldIEJmkctbv/bZQ\nsrg1OJf8DHyjgknOKbCikkApFbtRPoK8R1+iikiqnnI2na8UwTpCEMw=\n-----END AGE ENCRYPTED FILE-----\n"
-					}
-				]
-			}
-		],
 		"kms": null,
 		"gcp_kms": null,
 		"azure_kv": null,
 		"hc_vault": null,
-		"age": null,
-		"lastmodified": "2024-10-08T18:55:02Z",
-		"mac": "ENC[AES256_GCM,data:txE3pZA/PCJldSaNlQP04FsWhXBEWoww8O3cPJyU6Z+E7geqz6Xh1xBZD54BGXWrsVqbnYwgEf+jD9d+6HaMIgXDwBCFYYyEvGtZnichD5Z94BTn4jGkbf9RvLaBIenx+pesrpX6VloIxhXje6gjnRWebIsxPySowmT+J379o44=,iv:mQpZkNWtIOpwhk0EQAO+oSvIMfZw7NjSvIW+uAwDxlk=,tag:gevA1etCl9Ql7YENRU9HCQ==,type:str]",
+		"age": [
+			{
+				"recipient": "age1v5wy7epv5mm8ddf3cfv8m0e9w4s693dw7djpuytz9td8ycha5f0sv2se9n",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnZ0JaR0x4TzVtNCtsQmxq\na2FBeFVPTzJGVFErbHo4WDJlcTVGai9OeEZvCmYwbUFNK2lVY3BLeWZ6ckg0TDY2\nd054Z2pSOVo5YWNObXJydlo1TEhwUGsKLS0tIG4rbkttK042SWFFOHYraFNwTG1M\nUG9vNUZLQ3k5bGhLM0pzbndHSHgzK0EKJO/hFNxXumAXovxDK8Sb9tvn6VCZ56/t\ne6BaphBIOtO09NVNLvmFWqfGxdH0utCxDPRbmRiRihKirwENfJO9SA==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmY2c0VVY3TVU2UzdSRlJF\ndVJXOWFhQTB0Q2NBOHI2eVpvcjZMS0dFNkNVCmk4cXRqQUpQVGE4VVdLalltZkhY\neERFYk14T1pMckhZcHBMR3FxQVc5d1kKLS0tIFJyYWVZbmRaOEMyY3dTUzA3WnNt\nKythU3Z5aWZreWgva3c0U0ppWnRSVU0Kc29EbM1ITeIuhpceWqF4IcQIjHKYz5Kb\nDu8KWNSqnNRdIqawESkzeUNS5NVkqRtGGuUQDbE/QwRg8acrSds7aQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2025-02-01T07:11:48Z",
+		"mac": "ENC[AES256_GCM,data:eN/lQgjdcePwA4cHgOQ5sieYbvN0H/UHa66ef8bnNfCIxleMag2dxW2BR+JKsN8MIF7BLEnEQ4W/Mg5V5WDdd8CRNRVxj97TSQp4wsIXEn0SXKSQLLdMF1vhvjuAU/BVfy/U9wS0RLi8Eke5v6J0n0fHkbfKGfiMSDQbic6ZsTw=,iv:Muuqvgu3OFdKIj+w4RQ4h0wHElkWPqNNZp+ojDcFZgY=,tag:MxvEJumrpuGi7aoD6WKiCg==,type:str]",
 		"pgp": null,
 		"unencrypted_suffix": "_unencrypted",
-		"version": "3.9.0"
+		"version": "3.9.2"
 	}
 }