test docker compose automation with nix

2025-02-26 18:18:50 -05:00 · 2025-02-23 03:16:46 -05:00 · 2025-02-23 03:16:46 -05:00 · 13ed337bec
commit 13ed337bec
parent 6f1153ebc4
6 changed files with 117 additions and 0 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -4,6 +4,13 @@ keys:
  - &win10 age1cz006hex596lmj88kkhrkvq89luqk59hxuq83q4kvhz82ltwpe4ss8gm3t
  - &serverpc age1sn4uu6r6wrylpznx75jcw7ww58r9cut35n40gu4scpt9xy79rgrq2d7wga
 creation_rules:
+  - path_regex: .env
+    key_groups:
+    - age:
+        - *desktop
+        - *laptop
+        - *win10
+        - *serverpc
  - path_regex: secrets/hosts
    key_groups:
      - age:
--- a/common/users/docker/vw/backup.env
+++ b/common/users/docker/vw/backup.env
@ -0,0 +1,28 @@
+RCLONE_REMOTE_NAME=ENC[AES256_GCM,data:nu/kk/4+VIo2k5i2,iv:WokWL5F06k7tT8uDVaGHC2nXKOoCHdHdrXBPMYpToTY=,tag:OEvVHZaqx3DmCyDbkW8lUw==,type:str]
+RCLONE_REMOTE_DIR=ENC[AES256_GCM,data:RTvIJBggI5hc7X6OayVA+XA=,iv:eIMxOhETUgS03wF4aQkYc3vuloR4GS/FnYUXPy20r0g=,tag:eynJRXX+kEfCYnHGGqgcZA==,type:str]
+#ENC[AES256_GCM,data:kjb0A+LOVKu8bwon71Dl6jqGCl2+IUPqyA==,iv:ggHMWgunaYca0cMQVchjx9W4IUo5S1/HcPVPfx8bVSw=,tag:L3FiQobdt3Jh406G7OkXNQ==,type:comment]
+#ENC[AES256_GCM,data:gtJJWMiiBWBo5RhbglDT1pC16Oc=,iv:8APGPi7hN+p0aj2ZcVpId2gPcTlqFym0FHaq87L6/xY=,tag:OWfKIV5LYaHxv40CQaUeNw==,type:comment]
+#ENC[AES256_GCM,data:I1HF29emE3xmfanLr2CtEwpFImXO,iv:TXfrEuRtXM6mZ7gYUDq56jPW2MPo9JXenUdbYRNQo+s=,tag:BuzNBZ3rzi3h83MHacgHrQ==,type:comment]
+#ENC[AES256_GCM,data:9XEjfukDbyXC+v4M1+B/74TUvcss/F61DrYfkkfL753qw0V/fg==,iv:RbqwshN+Fiv159j0MzPBLQXr5A8NS3slS2S39wPGR7A=,tag:1AcbzJi0tgCH21NyeSvfRA==,type:comment]
+#ENC[AES256_GCM,data:3rmZHwKX+Ldb1tWrXLuOMj7r,iv:X6aPm8tnrNXOInxZHCW5DhJ0p7H6aPjnVJo8PI6Md0E=,tag:Sz1WrNgqgbdDLbhpi3PiPw==,type:comment]
+#ENC[AES256_GCM,data:8vpZNHYP6gFbWv1tHypxMhwAT7VspPzL3r4nto2taQ==,iv:x5hLnBeAYfBfYx1SjqTrTXfXIe6foVPUIkxapGe6G2Y=,tag:bb49wfw1Y7uiZ4Lom+B48w==,type:comment]
+#ENC[AES256_GCM,data:3+a533um9QIye5mkWm36JTJqNqRi7g==,iv:zEeAKsf3i6wVWRnpag0l4z5PyCLCDGDFR5U7OD+XfII=,tag:7OkjhyaY8GfWlVZLDj2ZdA==,type:comment]
+#ENC[AES256_GCM,data:5d6WIfDndjLj39loI601,iv:vDK8eEm1HaragglXq3F7tXq1Wx0Ai5z7i8C3OmIJ6no=,tag:lnTBJhlLwR97TnEH3OVotg==,type:comment]
+#ENC[AES256_GCM,data:Ug/FWlDLPn0VAXEsVpte/zyfkA/rn6AHM5WHZA==,iv:Gb2TFp5JIdrkx1g2Ik8BaV6D235GoERXuaiTkpNW8Vw=,tag:tBVxr18ZVCCiChV8PV0p9w==,type:comment]
+#ENC[AES256_GCM,data:BlcLJfzRQ2Xbd1HVg/odlNGWQaJ6OtxFKE4=,iv:rnmH8tlKKNYtHbHtbzUbJ8pHPOWpQ/ftCE+gcSFEu1M=,tag:W1AlqfEZmdhj72k6MaktRw==,type:comment]
+#ENC[AES256_GCM,data:cWeiulPnqudXAXflonY=,iv:ttqMGHClxdWFnZPOT64LxeDQebhWzygWRcwOb/0GOU8=,tag:YhQmNQjEzs0a5T2oHWKb4g==,type:comment]
+#ENC[AES256_GCM,data:JN0uJGFDqliIN4U/7o2X7SCrgrB4ygvSjvbr2g==,iv:Oid1T8vYp+4kRN3uuCxz+AII8ygz4FAaI0HYe/nCJgg=,tag:j+ev/HSJml55Vr0HBQN+rA==,type:comment]
+#ENC[AES256_GCM,data:JnLs3c4fGHNNLg6UZIoBodCqN2asGL/4x/mODg==,iv:3NaPdlX2S1O1LXymRiUg1LgHw1mUmVSNOGs4wZZtGXs=,tag:YV/OPTnaMB/ufW1d8C4PJA==,type:comment]
+#ENC[AES256_GCM,data:Csl5cxYY+Qb0QzoABScs4Io4,iv:06dQVthMSZ6hEgjyHjCp2jR60d6ObXKXL5Hy8J8/Nao=,tag:eptYXJdv+Q4PfA3M/YUXcQ==,type:comment]
+sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjODlCMm9iV25hUkUrZHNO\na08raUFiQXdOM1NYM1dDaUxvQWFOUmFoT0NZCmcrWHQ0cnRCTHRydENUNzVrb3dr\nSnBrYVZRRXpkRW1HMGR2N0Fub1BXN0kKLS0tIHBNQnM1NlRuSi8zZDZRSUR4Nm9T\nT0Q0ZEZhUkZkekY0VDZjK214Z1FYSVUKbXo6PIfXhM/MBMloAiREO3OdW0jJVS2j\n+A0ll7YCN86Fpxh3otLYYOiEA97hEZpP9A3OUD4lK1q0fgHmBkDBVw==\n-----END AGE ENCRYPTED FILE-----\n
+sops_age__list_0__map_recipient=age1xsuyaeehzv4ar4f6xpc6tfp9pttzjf7qdyl3x2tj42vjc8szlqpq834e3d
+sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmWDUyUGR3UGZ3bks5ZzFG\neWRZbzlTVFpDRm1PUUsxQW9yeGFMSFV3ZUZ3ClVrMWlSUDdHOE1sdlZCOXpJNVRo\nUGhwNFVYbUN4ZzVSRXA0VTF4YnRLZFkKLS0tIHNIVjJxRW04ZW9aRUFOTXR1aUxv\nYnkvcjNjNWM4MzBOL1ZoUFNyVFlROW8KBGBZjW/RsraUyNFZAYah6rSgWDqi/StO\n3nd6SmvDuFTAmbcV1ehxGmhm1nAIh3wGQc0t7p/f6wyaXvwssNzWHg==\n-----END AGE ENCRYPTED FILE-----\n
+sops_age__list_1__map_recipient=age1tq8zaaqe8t4u2jgyf7usngtzyql0ymyxq6hntmu04vt5ypwhxensmzynhl
+sops_age__list_2__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCbGFOUmY2c01OYmdmajJl\nQ0NzUTRodzRVL1hvcE9ZN0VvYk8wRkxrR0FJCldxMldEbURjZW4yRyswMmdQbkJJ\nV2o2cEhGTjJkNTNHT1dXT0V1cjZOOE0KLS0tIHZ0V3dycmJMbm85VmlYQWhrZjhF\nNUNqdnA3bW9JSHQrYkYrVXZoZW8wSjgKqJqgkHDAd+oNpmxaWvOwn16biMSizgtL\n+qZ5BwN36gCJaP7YSN9j46gQqPjohIQxB1ffCDQvQ7lQCkG2Ona+LA==\n-----END AGE ENCRYPTED FILE-----\n
+sops_age__list_2__map_recipient=age1cz006hex596lmj88kkhrkvq89luqk59hxuq83q4kvhz82ltwpe4ss8gm3t
+sops_age__list_3__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpOXFrVWhWNHYxZDNYV014\nZmpJNmRrNkVuY2s2eFJvSmVoaVZRSm12Sm4wCjFHVk1ibmIxdm9oNlR0cDRDV1VL\nRUh1dkVla083QmYrT3MyMkt5Sk5KT3cKLS0tIHcyallSZ3hpNno4QTBCYzRWRFNB\nRkFwcitjWE83Slo3b2Z2Z1J2WkpXL2sKXo9nbcqBb2glAX56FMdlb+lo0SIioy4Z\niqkr6gYncTeRuDCMv9liYaNGMZVptKueYzrDn03ypZOkm0QxmJOtMA==\n-----END AGE ENCRYPTED FILE-----\n
+sops_age__list_3__map_recipient=age1sn4uu6r6wrylpznx75jcw7ww58r9cut35n40gu4scpt9xy79rgrq2d7wga
+sops_lastmodified=2025-02-23T08:05:17Z
+sops_mac=ENC[AES256_GCM,data:WVKem9NpgAbF/EN8HTTG9nGs4Jqr6pyN/XpKWmHEeHQSY+HgnICHPVktjGtC+/mwJCpYH6HB89qDgRa4C+/ExPe2TNapGhAXqGxR1HrlXFLRYSQjz/00sDvNbyNWUqONUhDc88Yi11ugDt5/UupoKJauf9HsvqSV9NR/8/yezSY=,iv:LzSbq1YdHRJ+0xp3Hl9oK6Wtg6KWNFoAi0zpN1tsKto=,tag:LAApIZ0XJAtP8Gcn02WnFQ==,type:str]
+sops_unencrypted_suffix=_unencrypted
+sops_version=3.9.4
--- a/common/users/docker/vw/default.nix
+++ b/common/users/docker/vw/default.nix
@ -0,0 +1,28 @@
+{ config, ... }:
+{
+  imports = [
+    ../../homeModules/sops.nix
+  ];
+  home = {
+    file = {
+      vw = {
+        source = ./docker_compose.nix;
+        target = "./src/vw/docker_compose.yml";
+      };
+    };
+  };
+  sops = {
+    secrets = {
+      vw = {
+        format = "env";
+        sopsFile = ./vw.env;
+        path = "/home/${config.home.username}/src/vw/vw.env";
+      };
+      vw_backup = {
+        format = "env";
+        sopsFile = ./backup.env;
+        path = "/home/${config.home.username}/src/vw/backup.env";
+      };
+    };
+  };
+}
--- a/common/users/docker/vw/docker_compose.yml
+++ b/common/users/docker/vw/docker_compose.yml
@ -0,0 +1,36 @@
+version: '3'
+
+services:
+  vaultwarden:
+    image: vaultwarden/server:latest
+    env_file: ./vw.env
+    container_name: vaultwarden
+    restart: always
+    ports:
+      - 3231:80
+    volumes:
+      - vw-data:/data
+
+  backup:
+    image: ttionya/vaultwarden-backup:latest
+    restart: always
+    env_file: ./backup.env
+    volumes:
+      - vw-data:/bitwarden/data/
+      - vw-rc-data:/config/
+    #   - /path/to/env:/.env
+
+volumes:
+  vw-data:
+    # Specify the name of the volume where you save the vaultwarden data,
+    # use vaultwarden-data for new users
+    # and bitwardenrs-data for migrated users
+    name: vw-data
+    # name: bitwardenrs-data
+  vw-rc-data:
+    external: true
+    # Specify the name of the volume where you save the rclone configuration,
+    # use vaultwarden-rclone-data for new users
+    # and bitwardenrs-rclone-data for migrated users
+    name: vw-rc-data
+    # name: bitwardenrs-rclone-data
--- a/common/users/docker/vw/vw.env
+++ b/common/users/docker/vw/vw.env
@ -0,0 +1,16 @@
+#ENC[AES256_GCM,data:vZHOTEnNpS4OssCOiigqr0zDJn2FXvbluw==,iv:vKH5Z+RPyL9jo4AySo3DfHueCbiIh/eEn6+Pe03h5ws=,tag:bApN1Xp/8q0Kr+uBYNjNwQ==,type:comment]
+DOMAIN=ENC[AES256_GCM,data:L0jVIWSoXm/GUJB3fv3b2kFCaSo=,iv:zC72yKbT2F3TTeEXqwoOtWTFqM3kax7PltKQbnl/liM=,tag:nx29tnoLwh5LcqzzNvbw2A==,type:str]
+SIGNUPS_ALLOWED=ENC[AES256_GCM,data:ZygvhcY=,iv:HRpasV2YjwZkL8pzyOndLm1End4yNXUxvIF0+H8zAPU=,tag:Ur9zq2aZBU9WA6exlDScNg==,type:str]
+ADMIN_TOKEN=ENC[AES256_GCM,data:teNN5sDjNFfIXzO/1Os//bw5vqlbxzq1Ak3VNZKNn2unzvBJhuRpFQprQJXAdYQ55mlgpZBKD6TDSKApfA0tsC70t4A6q5gzBQOZ3XgmZTT16JB5ZoCetNAGKz4fNBvEcHdW2MW4RNMuygAwfLwzLdGiEh4MRepjaTYr/iSxYzb9qPdzeuy56rLrpNPe,iv:duFnRhnkYyac7RUCHvKpKppzeue4s3EtZlr4/jfYar0=,tag:rSBmYR1RbBCwrejg3IK0QQ==,type:str]
+sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzTkNSdmpwQm1ZVXVDNXhH\naUc4WHVsa090V2RPdVgxV0RHdll6dnF3TW5JCnlnSFhkaUNyc3FsaHQwQ0lKUGha\nNnM3RG5OUW1LZDdISDdzdytxOEptZkEKLS0tIGc3STg4UmNaNmIwdVowbmVEUHhT\ndlNjS3lLRTR0N2d1TURxTFprbElpMDQKuIISH7d1T8m7rE8ab9lWXrKrOcm5w5/f\ndwxLQVJIxp5h6qLMSyvvhu0mQGr8EUO6lPijUt+hQzelsRDBSrImcA==\n-----END AGE ENCRYPTED FILE-----\n
+sops_age__list_0__map_recipient=age1xsuyaeehzv4ar4f6xpc6tfp9pttzjf7qdyl3x2tj42vjc8szlqpq834e3d
+sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvVnNtMElKclFkVzBzTW9C\nNXRNL3VneEJmdWxYSFRXZjcxaEtQM1N1eTFzCmhGa3Rlc3hpUjdJM2g5dnRmeXd6\nVmoveFZla0ZROENGTzE2Q1dremlUMjgKLS0tIGIyRW4xMjhwL0kxWFVWelFLRzlL\nd2xPODd1S014WHRBTUhCd0NPUHl6OVUK97+xSoH39rjFzGdQiVtKKHw24KqOBM9C\nE8N8XuWX+IZz4QfLY24lzc/PpQrseWnUv9EJMIEfdppZCZyQbt16/g==\n-----END AGE ENCRYPTED FILE-----\n
+sops_age__list_1__map_recipient=age1tq8zaaqe8t4u2jgyf7usngtzyql0ymyxq6hntmu04vt5ypwhxensmzynhl
+sops_age__list_2__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLUjZGK0U4ZFlwdng5dEZH\nTVNzYVNyaFp0QXNwL2ZJcFYyYnNMWER5OVcwClV5TWV6cDlaR004ZjVMY2Z0QjFP\ncWxMR3JDR1pqdWNuWGtydTNtN01uR0UKLS0tIGxNTEtkcnpScWgvTHBvYURZcmRl\nSTRqc1lpZk5Vc1VSYk05VGMwT0trWUUKJH6HT/Y4nkyHGvutynp8RR7c4osfGMzE\n33hW88t+oKbKEq8TPkc92Lb2vVIz2zh82tjuWDs9foQ+zoxtzlgm1Q==\n-----END AGE ENCRYPTED FILE-----\n
+sops_age__list_2__map_recipient=age1cz006hex596lmj88kkhrkvq89luqk59hxuq83q4kvhz82ltwpe4ss8gm3t
+sops_age__list_3__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyQ3pNTWRmKzVrOHU0cFAz\nM2pDNUtjZE9Na01wL1d1TmhKS1BZdE96dkRJCk9IT0VweWFYdmNIWHA5MXRzNXVD\nTXEzMjBCUVNDanNsWGNjYzRLaVdpOTQKLS0tIG00TTdoL20raEJZT0o5Q2xXdW9o\nOExEd3Zub3lHV0hIcklETklCdnBSS3cK3YTSq5thnj39q7pMdoAp0m4aDhEPwQLQ\nvEG/iWKyTtqZ/pPddtSgP6OHiuvz1+Oyx1xROdsOLhInxjtvBVTnQg==\n-----END AGE ENCRYPTED FILE-----\n
+sops_age__list_3__map_recipient=age1sn4uu6r6wrylpznx75jcw7ww58r9cut35n40gu4scpt9xy79rgrq2d7wga
+sops_lastmodified=2025-02-23T08:02:12Z
+sops_mac=ENC[AES256_GCM,data:UPVSw4Ul3kqe8inMHpxrEOeSCdzNlZU3RerVq0SRv7rZnQRWHOIZx03DgN9m0P59+jBuFUxZXNFLEFJmX1Ovd5MpilFSUu52KtGY/aphvs85hNnH6bcBl3h5hQIZbzljtiWLaF+WNYHOCi+NzFeIAElyUtCh6Sp1Wx+mNI4Mqsk=,iv:ojSbBNvPx3emYTdRNzxH8fIDyC+Lz9qhIBb2RVF5PZQ=,tag:Du7a+rA7bYeR6pgbydtTVg==,type:str]
+sops_unencrypted_suffix=_unencrypted
+sops_version=3.9.4
--- a/common/users/meyer-server/home.nix
+++ b/common/users/meyer-server/home.nix
@ -12,6 +12,8 @@
    ../homeModules/sops.nix
    ../homeModules/utils.nix
    ../homeModules/media/cli.nix
+  ] ++ [
+    ../docker/vw
  ];

  # Home Manager needs a bit of information about you and the paths it should