Compare commits
15 commits
dd4a80e034
...
671f7b5117
| Author | SHA1 | Date | |
|---|---|---|---|
| 671f7b5117 | |||
| 0a820b8e66 | |||
| 772c6c59a8 | |||
|
|
b443162f0c | ||
|
|
42a8b4a1cc | ||
|
|
3687011061 | ||
| d383b9abc3 | |||
|
|
f0209fbdc8 | ||
|
|
047c4b2207 | ||
|
|
3fea6dddd7 | ||
| 5a14d56cd2 | |||
| 07573489df | |||
| 0776104f40 | |||
| f59200a349 | |||
| bbdd562af3 |
7 changed files with 58 additions and 8 deletions
32
bump-coldairnetworks.sh
Executable file
32
bump-coldairnetworks.sh
Executable file
|
|
@ -0,0 +1,32 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
LINUX=/root/petersweb-infra/nixos/linux.nix
|
||||||
|
|
||||||
|
usage() {
|
||||||
|
echo "Usage: $0 <sha256-digest>"
|
||||||
|
echo " e.g. $0 sha256:2e2d92abae0ba68be780fff581523480ac05444690dbf38bf4330f1dda099e2a"
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
[[ $# -eq 1 ]] || usage
|
||||||
|
|
||||||
|
NEW_DIGEST="${1#sha256:}" # strip leading "sha256:" if provided
|
||||||
|
|
||||||
|
# Validate: hex string of the right length
|
||||||
|
if ! [[ "$NEW_DIGEST" =~ ^[0-9a-f]{64}$ ]]; then
|
||||||
|
echo "Error: digest must be a 64-character lowercase hex string (got: $NEW_DIGEST)" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
OLD_LINE=$(grep -n 'coldairnetworks-com@sha256:' "$LINUX")
|
||||||
|
echo "Current: $OLD_LINE"
|
||||||
|
|
||||||
|
sed -i -E "s|(coldairnetworks-com@sha256:)[0-9a-f]{64}|\1${NEW_DIGEST}|" "$LINUX"
|
||||||
|
|
||||||
|
NEW_LINE=$(grep -n 'coldairnetworks-com@sha256:' "$LINUX")
|
||||||
|
echo "Updated: $NEW_LINE"
|
||||||
|
|
||||||
|
echo "Applying NixOS configuration..."
|
||||||
|
nixos-rebuild switch --flake /root/petersweb-infra/nixos#mainframe
|
||||||
|
echo "Done. Tail logs with: podman logs -f coldairnetworks"
|
||||||
|
|
@ -7,7 +7,7 @@
|
||||||
services = {
|
services = {
|
||||||
app = {
|
app = {
|
||||||
service = {
|
service = {
|
||||||
image = "forge.quinefoundation.com/ironmagma/riverside@sha256:6ad578b0668ac91f37fc3677ce12960b5eeb23c3ba7238e1ba137d35e60fea58";
|
image = "forge.quinefoundation.com/ironmagma/riverside@sha256:567483665861b5a895d4330caa03635191b6554a68f6e471c81c9ff4dbdacfa7";
|
||||||
container_name = "riverside";
|
container_name = "riverside";
|
||||||
restart = "unless-stopped";
|
restart = "unless-stopped";
|
||||||
networks = [ "riverside" ];
|
networks = [ "riverside" ];
|
||||||
|
|
|
||||||
|
|
@ -83,6 +83,11 @@ in {
|
||||||
file = ./secrets/paperless.age;
|
file = ./secrets/paperless.age;
|
||||||
owner = "root";
|
owner = "root";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
coldairnetworks = {
|
||||||
|
file = ./secrets/coldairnetworks.age;
|
||||||
|
owner = "root";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
|
|
@ -380,13 +385,15 @@ in {
|
||||||
|
|
||||||
"coldairnetworks" = {
|
"coldairnetworks" = {
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
image = "quineglobal/coldairnetworks-com:latest";
|
image = "quineglobal/coldairnetworks-com@sha256:36f16006502171d82a107b1bd67517b9d602b54de31630a4861fba1e78250857";
|
||||||
volumes = [];
|
volumes = [];
|
||||||
environment = {
|
environment = {
|
||||||
POSTMARK_SERVER_TOKEN = "e718a146-c590-4550-a750-a3b925056e29";
|
POSTMARK_SERVER_TOKEN = "e718a146-c590-4550-a750-a3b925056e29";
|
||||||
|
BETTER_AUTH_URL = "https://coldairnetworks.com";
|
||||||
|
NODE_TLS_REJECT_UNAUTHORIZED = "0";
|
||||||
};
|
};
|
||||||
environmentFiles = [ config.age.secrets.postmark.path ];
|
environmentFiles = [ config.age.secrets.postmark.path config.age.secrets.coldairnetworks.path ];
|
||||||
ports = ["3012:8081"];
|
ports = ["3012:3000"];
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -121,10 +121,10 @@
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://127.0.0.1:8000/";
|
proxyPass = "http://127.0.0.1:8000/";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
proxy_set_header Host $host;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header Connection "upgrade";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_read_timeout 86400;
|
||||||
client_max_body_size 100M;
|
client_max_body_size 100M;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
|
||||||
7
nixos/secrets/coldairnetworks.age
Normal file
7
nixos/secrets/coldairnetworks.age
Normal file
|
|
@ -0,0 +1,7 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 NFD/vg 5yGAA19rlzC2wSX7buivwDVu6AkSz0joS9oT7gcomGk
|
||||||
|
YnrxzrNQ7rT6joa38uyz3JBs5NkZhqPOwCOyaTRHD5A
|
||||||
|
--- jeqx+rAgrPkbdKhzNsiYjGhzq3nVTBfXfl4wKbkski8
|
||||||
|
¯/ß‹P#¬!âŽ<C3A2>&Ïó`›àF¾rf9|œö~"~ð§m?+Õenw±D£KUXkS¢=;.“Ç£›m^!ÀÊ÷L6ßBä\˾†»„1S
|
||||||
|
<@Óp˜Ag¿ç˜Þ™–°°ÁwLãX…ŒÏHô¿ðôãA(%6‰/ñ©ïýt{ñªLO_‘˜üs<C3BC>!8Æ+œ“žaêX·/{fÜ›úÛ/¾çÜeNè&
|
||||||
|
rbøÉ¡Ë ~2f’G$6HÈB•Æì•â<E280A2>µ‹B`ƒs+EžË4aGǺ5370-T£æJ°„‚#m÷òe‘=˜÷
|
||||||
|
|
@ -30,4 +30,8 @@ in {
|
||||||
# PAPERLESS_ADMIN_PASSWORD=<password>
|
# PAPERLESS_ADMIN_PASSWORD=<password>
|
||||||
# PAPERLESS_ADMIN_EMAIL=peterson@sent.com
|
# PAPERLESS_ADMIN_EMAIL=peterson@sent.com
|
||||||
"./paperless.age".publicKeys = [mainframePublicKey];
|
"./paperless.age".publicKeys = [mainframePublicKey];
|
||||||
|
|
||||||
|
# DATABASE_URL=<supabase postgres dsn>
|
||||||
|
# BETTER_AUTH_SECRET=<secret>
|
||||||
|
"./coldairnetworks.age".publicKeys = [mainframePublicKey];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
BIN
nixos/secrets/paperless.age
Normal file
BIN
nixos/secrets/paperless.age
Normal file
Binary file not shown.
Loading…
Reference in a new issue