Compare commits
15 commits
dd4a80e034
...
671f7b5117
| Author | SHA1 | Date | |
|---|---|---|---|
| 671f7b5117 | |||
| 0a820b8e66 | |||
| 772c6c59a8 | |||
|
|
b443162f0c | ||
|
|
42a8b4a1cc | ||
|
|
3687011061 | ||
| d383b9abc3 | |||
|
|
f0209fbdc8 | ||
|
|
047c4b2207 | ||
|
|
3fea6dddd7 | ||
| 5a14d56cd2 | |||
| 07573489df | |||
| 0776104f40 | |||
| f59200a349 | |||
| bbdd562af3 |
7 changed files with 58 additions and 8 deletions
32
bump-coldairnetworks.sh
Executable file
32
bump-coldairnetworks.sh
Executable file
|
|
@ -0,0 +1,32 @@
|
|||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
LINUX=/root/petersweb-infra/nixos/linux.nix
|
||||
|
||||
usage() {
|
||||
echo "Usage: $0 <sha256-digest>"
|
||||
echo " e.g. $0 sha256:2e2d92abae0ba68be780fff581523480ac05444690dbf38bf4330f1dda099e2a"
|
||||
exit 1
|
||||
}
|
||||
|
||||
[[ $# -eq 1 ]] || usage
|
||||
|
||||
NEW_DIGEST="${1#sha256:}" # strip leading "sha256:" if provided
|
||||
|
||||
# Validate: hex string of the right length
|
||||
if ! [[ "$NEW_DIGEST" =~ ^[0-9a-f]{64}$ ]]; then
|
||||
echo "Error: digest must be a 64-character lowercase hex string (got: $NEW_DIGEST)" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
OLD_LINE=$(grep -n 'coldairnetworks-com@sha256:' "$LINUX")
|
||||
echo "Current: $OLD_LINE"
|
||||
|
||||
sed -i -E "s|(coldairnetworks-com@sha256:)[0-9a-f]{64}|\1${NEW_DIGEST}|" "$LINUX"
|
||||
|
||||
NEW_LINE=$(grep -n 'coldairnetworks-com@sha256:' "$LINUX")
|
||||
echo "Updated: $NEW_LINE"
|
||||
|
||||
echo "Applying NixOS configuration..."
|
||||
nixos-rebuild switch --flake /root/petersweb-infra/nixos#mainframe
|
||||
echo "Done. Tail logs with: podman logs -f coldairnetworks"
|
||||
|
|
@ -7,7 +7,7 @@
|
|||
services = {
|
||||
app = {
|
||||
service = {
|
||||
image = "forge.quinefoundation.com/ironmagma/riverside@sha256:6ad578b0668ac91f37fc3677ce12960b5eeb23c3ba7238e1ba137d35e60fea58";
|
||||
image = "forge.quinefoundation.com/ironmagma/riverside@sha256:567483665861b5a895d4330caa03635191b6554a68f6e471c81c9ff4dbdacfa7";
|
||||
container_name = "riverside";
|
||||
restart = "unless-stopped";
|
||||
networks = [ "riverside" ];
|
||||
|
|
|
|||
|
|
@ -83,6 +83,11 @@ in {
|
|||
file = ./secrets/paperless.age;
|
||||
owner = "root";
|
||||
};
|
||||
|
||||
coldairnetworks = {
|
||||
file = ./secrets/coldairnetworks.age;
|
||||
owner = "root";
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = [
|
||||
|
|
@ -380,13 +385,15 @@ in {
|
|||
|
||||
"coldairnetworks" = {
|
||||
autoStart = true;
|
||||
image = "quineglobal/coldairnetworks-com:latest";
|
||||
image = "quineglobal/coldairnetworks-com@sha256:36f16006502171d82a107b1bd67517b9d602b54de31630a4861fba1e78250857";
|
||||
volumes = [];
|
||||
environment = {
|
||||
POSTMARK_SERVER_TOKEN = "e718a146-c590-4550-a750-a3b925056e29";
|
||||
BETTER_AUTH_URL = "https://coldairnetworks.com";
|
||||
NODE_TLS_REJECT_UNAUTHORIZED = "0";
|
||||
};
|
||||
environmentFiles = [ config.age.secrets.postmark.path ];
|
||||
ports = ["3012:8081"];
|
||||
environmentFiles = [ config.age.secrets.postmark.path config.age.secrets.coldairnetworks.path ];
|
||||
ports = ["3012:3000"];
|
||||
};
|
||||
|
||||
};
|
||||
|
|
|
|||
|
|
@ -121,10 +121,10 @@
|
|||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:8000/";
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_read_timeout 86400;
|
||||
client_max_body_size 100M;
|
||||
'';
|
||||
};
|
||||
|
|
|
|||
7
nixos/secrets/coldairnetworks.age
Normal file
7
nixos/secrets/coldairnetworks.age
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 NFD/vg 5yGAA19rlzC2wSX7buivwDVu6AkSz0joS9oT7gcomGk
|
||||
YnrxzrNQ7rT6joa38uyz3JBs5NkZhqPOwCOyaTRHD5A
|
||||
--- jeqx+rAgrPkbdKhzNsiYjGhzq3nVTBfXfl4wKbkski8
|
||||
¯/ß‹P#¬!âŽ<C3A2>&Ïó`›àF¾rf9|œö~"~ð§m?+Õenw±D£KUXkS¢=;.“Ç£›m^!ÀÊ÷L6ßBä\˾†»„1S
|
||||
<@Óp˜Ag¿ç˜Þ™–°°ÁwLãX…ŒÏHô¿ðôãA(%6‰/ñ©ïýt{ñªLO_‘˜üs<C3BC>!8Æ+œ“žaêX·/{fÜ›úÛ/¾çÜeNè&
|
||||
rbøÉ¡Ë ~2f’G$6HÈB•Æì•â<E280A2>µ‹B`ƒs+EžË4aGǺ5370-T£æJ°„‚#m÷òe‘=˜÷
|
||||
|
|
@ -30,4 +30,8 @@ in {
|
|||
# PAPERLESS_ADMIN_PASSWORD=<password>
|
||||
# PAPERLESS_ADMIN_EMAIL=peterson@sent.com
|
||||
"./paperless.age".publicKeys = [mainframePublicKey];
|
||||
|
||||
# DATABASE_URL=<supabase postgres dsn>
|
||||
# BETTER_AUTH_SECRET=<secret>
|
||||
"./coldairnetworks.age".publicKeys = [mainframePublicKey];
|
||||
}
|
||||
|
|
|
|||
BIN
nixos/secrets/paperless.age
Normal file
BIN
nixos/secrets/paperless.age
Normal file
Binary file not shown.
Loading…
Reference in a new issue