diff --git a/configs/tegola.toml b/configs/tegola.toml index 04b48cd..250738d 100644 --- a/configs/tegola.toml +++ b/configs/tegola.toml @@ -47,7 +47,7 @@ srid = 4326 # The default srid for this provider. If not provided it name = "nidus" # provider name is referenced from map layers type = "mvt_postgis" # the type of data provider. currently only supports postgis #uri = "postgres://tegola:supersecret@localhost:5432/tegola?sslmode=prefer" # PostGIS connection string (required) -uri = "postgres://tegola:@localhost:/nidus-dev-sync?host=/var/run/postgresql&sslmode=disable" # PostGIS connection string (required) +uri = "postgres://tegola:@localhost:/nidus-sync?host=/var/run/postgresql&sslmode=disable" # PostGIS connection string (required) srid = 4326 # The default srid for this provider. If not provided it will be WebMercator (3857) [[providers.layers]] diff --git a/flake.lock b/flake.lock index aeca905..b306b7b 100644 --- a/flake.lock +++ b/flake.lock @@ -126,11 +126,11 @@ ] }, "locked": { - "lastModified": 1765495779, - "narHash": "sha256-MhA7wmo/7uogLxiewwRRmIax70g6q1U/YemqTGoFHlM=", + "lastModified": 1765835352, + "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "5635c32d666a59ec9a55cab87e898889869f7b71", + "rev": "a34fae9c08a15ad73f295041fec82323541400a9", "type": "github" }, "original": { @@ -221,16 +221,16 @@ ] }, "locked": { - "lastModified": 1763992789, - "narHash": "sha256-WHkdBlw6oyxXIra/vQPYLtqY+3G8dUVZM8bEXk0t8x4=", + "lastModified": 1767619900, + "narHash": "sha256-KpoCBPvwHz3gAQtIUkohE2InRBFK3r0/FM6z5SPWfvM=", "owner": "nix-community", "repo": "home-manager", - "rev": "44831a7eaba4360fb81f2acc5ea6de5fde90aaa3", + "rev": "6bd04da47cfb48dfd15eabf08364b78ad894f5b2", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-25.05", + "ref": "release-25.11", "repo": "home-manager", "type": "github" } @@ -295,17 +295,17 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1765814387, - "narHash": "sha256-2ki7oxXNHMeRuYEkOTTeS9aFKhejS63nzpT2EW6I04Y=", + "lastModified": 1767750810, + "narHash": "sha256-8A92B60E9pbKi04AZmZ6NthtMIoOJXaVtsU8OQMfwzA=", "owner": "Gleipnir-Technology", "repo": "nidus-sync", - "rev": "b31ca6c83ed96dbb1d15c94bcf57cfdb07a11b5a", + "rev": "50a0844ebb71dbd3ddeb454a3256e570f3dc5229", "type": "github" }, "original": { "owner": "Gleipnir-Technology", "repo": "nidus-sync", - "rev": "b31ca6c83ed96dbb1d15c94bcf57cfdb07a11b5a", + "rev": "50a0844ebb71dbd3ddeb454a3256e570f3dc5229", "type": "github" } }, @@ -373,32 +373,32 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1761999846, - "narHash": "sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo=", + "lastModified": 1767480499, + "narHash": "sha256-8IQQUorUGiSmFaPnLSo2+T+rjHtiNWc+OAzeHck7N48=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3de8f8d73e35724bf9abef41f1bdbedda1e14a31", + "rev": "30a3c519afcf3f99e2c6df3b359aec5692054d92", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-25.05", + "ref": "nixos-25.11", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_4": { "locked": { - "lastModified": 1765687488, - "narHash": "sha256-7YAJ6xgBAQ/Nr+7MI13Tui1ULflgAdKh63m1tfYV7+M=", + "lastModified": 1767634882, + "narHash": "sha256-2GffSfQxe3sedHzK+sTKlYo/NTIAGzbFCIsNMUPAAnk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d02bcc33948ca19b0aaa0213fe987ceec1f4ebe1", + "rev": "3c9db02515ef1d9b6b709fc60ba9a540957f661c", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-25.05", + "ref": "nixos-25.11", "repo": "nixpkgs", "type": "github" } @@ -443,16 +443,16 @@ "systems": "systems_5" }, "locked": { - "lastModified": 1765643213, - "narHash": "sha256-1JU2vcsRXwjrQoDpNc8+E13vLEu8MwLaVfBQ3ktWFUw=", + "lastModified": 1767448089, + "narHash": "sha256-U1fHsZBnFrUil731NHD9Sg5HoiG+eSHau8OFuClhwW0=", "owner": "nix-community", "repo": "nixvim", - "rev": "0e8b4ccf0a4e4e90f9ca39295e807628a6e575e6", + "rev": "983751b66f255bbea1adc185364e9e7b73f82358", "type": "github" }, "original": { "owner": "nix-community", - "ref": "nixos-25.05", + "ref": "nixos-25.11", "repo": "nixvim", "type": "github" } diff --git a/flake.nix b/flake.nix index 1cf39e9..b699227 100644 --- a/flake.nix +++ b/flake.nix @@ -16,19 +16,19 @@ rev = "e250e0abbb35f6d64851305d3b59c4ed1d968bc8"; }; home-manager = { - url = "github:nix-community/home-manager/release-25.05"; + url = "github:nix-community/home-manager/release-25.11"; inputs.nixpkgs.follows = "nixpkgs"; }; nidus-sync = { type = "github"; owner = "Gleipnir-Technology"; repo = "nidus-sync"; - rev = "b31ca6c83ed96dbb1d15c94bcf57cfdb07a11b5a"; + rev = "50a0844ebb71dbd3ddeb454a3256e570f3dc5229"; }; nixos-facter-modules.url = "github:numtide/nixos-facter-modules"; - nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; nixvim = { - url = "github:nix-community/nixvim/nixos-25.05"; + url = "github:nix-community/nixvim/nixos-25.11"; inputs.nixpkgs.follows = "nixpkgs"; }; sops-nix.url = "github:Mic92/sops-nix"; diff --git a/roles/nidus-sync.nix b/roles/nidus-sync.nix index fb32a47..07fb742 100644 --- a/roles/nidus-sync.nix +++ b/roles/nidus-sync.nix @@ -8,62 +8,22 @@ let subdomain = "deltamvcd"; inherit lib pkgs; }; - nidus-name-dev = "nidus-dev-sync"; in { environment = pkgs.lib.mkMerge [ fss-deltamvcd.environment ]; services = pkgs.lib.mkMerge [ fss-deltamvcd.services - - { - caddy.virtualHosts."dev-sync.nidus.cloud".extraConfig = '' - reverse_proxy http://127.0.0.1:9002 - ''; - postgresql = { - enable = true; - ensureDatabases = [nidus-name-dev]; - ensureUsers = [{ - ensureClauses.login = true; - ensureDBOwnership = true; - name = nidus-name-dev; - } { - ensureClauses.login = true; - ensureDBOwnership = true; - name = nidus-name-dev; - }]; - }; - } - ]; sops = pkgs.lib.mkMerge [ fss-deltamvcd.sops - { - secrets."nidus-dev-sync-env" = { - format = "dotenv"; - group = nidus-name-dev; - mode = "0440"; - owner = nidus-name-dev; - restartUnits = []; - sopsFile = ../secrets/${nidus-name-dev}.env; - }; - } ]; systemd = pkgs.lib.mkMerge [ fss-deltamvcd.systemd ]; users = pkgs.lib.mkMerge [ fss-deltamvcd.users - - { - groups."${nidus-name-dev}" = {}; - users."${nidus-name-dev}" = { - group = nidus-name-dev; - isSystemUser = true; - }; - } - ]; - myModules.asterisk.enable = true; + myModules.asterisk.enable = false; myModules.caddy.enable = true; - myModules.qgis.enable = true; + myModules.qgis.enable = false; myModules.nidus-sync.enable = true; myModules.tegola.enable = true; } diff --git a/roles/sovr.nix b/roles/sovr.nix index 22b652c..97e3a49 100644 --- a/roles/sovr.nix +++ b/roles/sovr.nix @@ -7,6 +7,8 @@ "carddav.theribbles.org" "chores.theribbles.org" "collabora.theribbles.org" + "dev-sync.nidus.cloud" + "dev-tegola.nidus.cloud" "docs.theribbles.org" "files.theribbles.org" "home-assistant.theribbles.org" diff --git a/secrets/nidus-sync.env b/secrets/nidus-sync.env index 7dbbf03..ffaf03c 100644 --- a/secrets/nidus-sync.env +++ b/secrets/nidus-sync.env @@ -6,6 +6,7 @@ ENVIRONMENT=ENC[AES256_GCM,data:QoFl3JZFMFsEHg==,iv:b8NZkUS17mksajxOhxfSpmhzBuUn FIELDSEEKER_SCHEMA_DIRECTORY=ENC[AES256_GCM,data:CoVEdF5GqwQVFQeYEoDGaAY5cv8c9k89aa/jrkRtP6yLpJaNJGd292jv,iv:2LAwe5PwehFkU41Camjxft6OpuBR/HwXtaVdsaNO0Rs=,tag:S5NA0XqcEhiwwMVIMyzgPw==,type:str] MAPBOX_TOKEN=ENC[AES256_GCM,data:4DUd+znj0b7O3G54vcNcyBtcSlcGuD5ujqF2WLfvZ56EPFKPbbTscfMnFusCuL4dUepcqgeJfKbcUnLmAhydTkSlOZbAUikm+/r/74OHkZslHMgHJb7FlFFPMwo=,iv:K8EXVn4SaUGtc3TYsSFwUZ5ibtS4ib6PxJCinVET3p8=,tag:MNSvAPlBQQz6eJqTvd6DhQ==,type:str] POSTGRES_DSN=ENC[AES256_GCM,data:mtzoql/9SaStmvmXDmhwjFgvXAEUX8PAe47zSgOS1JHQFPxKsM9lLp8soZk+OWqadtnTqOWL9pPzBg==,iv:f20ZMK3cxCqVYRGXtNcG7lMse/2rEjOadsgVDQa1DGw=,tag:UmDfoWu8NW6m0a7lF8rSYA==,type:str] +USER_FILES_DIRECTORY=ENC[AES256_GCM,data:eVlkZYpBGJu0SgrzeRmLTPIPYYGatLa2t7YJMHRLe8Rh+Q==,iv:xSg9qIh97Gqc1ontzwVil2ru1fbNYYTtYE6UaFFCkDA=,tag:cCEExxyEsBRHVRgwY0r86g==,type:str] sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuTEduUVFxcVlGeVNCYTlO\nd3ZFdWN3dEliZjdwRG9NWDNyQnFUMjNUc2dVClpkN3hRdjAwSDdjcEhiWTJJMjhw\ndWErV1BSMGg5S0ZKTmQ3aW9tbFlKc0EKLS0tIG9WWDhaUWE2U2FnWXI4TGE1cUwy\nRlNiK2FKbEZaN1I5SGQvc2NXY3Bqak0K4rCNbw15rgl+7A2fUYOZzIp9sYy75gvz\n2HTCl5BqCKvPVJFNBIXgl2m7vq05MF+Kp6pUrKWCAkGLlUFjRx9Gkw==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_0__map_recipient=age1fnkhk9rv7r8gh84vxnhvndk4fgh20qcj4hvnfhdpumcydl6m6vrse50lrz sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHZ1lBK20veDRTZTJkdWRW\nSkRsODNNSXFLKzRWOVhRM3djNjdoeEFDT0dBCi9KeHNWSFFYS1RNTkVyMyttMVlO\naElhb3JKVytlRmF2dUpJaXlFenpJNkUKLS0tIHZ3OXlxamhDRVZSVE5jeG5RSytk\ncWZ3cjlLeWNDQW5KWXVHQk5zang1bmcKgoeQBfzjQcpIyLnB64T9Uc4weUTvVt/d\nYJpc9hqKWLoP/aTm2CIqqBMnsrXt0DeoSdiZfxH9GTcPVVE21UpB5w==\n-----END AGE ENCRYPTED FILE-----\n @@ -22,7 +23,7 @@ sops_age__list_6__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb2 sops_age__list_6__map_recipient=age1t3ryfktuhr3cysf49m9q2n8fkjf9ajjjnhztxw9hz8paxgk4lpcq065jge sops_age__list_7__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwbmE1WWpjSHNNRHRHa1lL\nVTVTVkUyRlhucXVGSDl6VEhsWUlZWWlRQXo0CjRzeUhjUmJGM3pxMTZnRmtrTTFt\nWGZnaGR5ZVo0WjYydE1hV1dZNUQwVDAKLS0tIHdZQ1VwMTRxemE0dGNCbkx4Q2xY\nT0oyV2pSQUJ0VFZMRXd4MDR0KzVZL28KPhZRmNVYg4OMjIEAsoKvu8vp/uHRG63x\nEDf00Wwot+eVFH/k45mYgwPhlUPtyarJWcJ5cZdbaM1GorcwEBNnxQ==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_7__map_recipient=age167q6r28ws6wrpjwxnt4ap2fgs6d9cyvrdhzl2wflr2tnsw5xapxq36n2ec -sops_lastmodified=2025-12-11T14:33:04Z -sops_mac=ENC[AES256_GCM,data:D4geFFyOWdbA73ZTR2WscV+FsHM9M+bUYC3jA1Pl20kYgSM5z9XDELb/9KrG5Lrk8Ws0+f6mKFm3h1vljVUSkln2UaHbl71OsnRj4IuuqNaOil6BzEHtzSO3b4cpoKMI2ef3t0/DchtqERv/e888EzJEQ8BUcrSYeTHkUvG8vBI=,iv:adTR5APM9vZDtnUuKR2pc6dpRgcKInUnrFPrn9DPv6s=,tag:dAhyl0Dr1AQoALwPC7wb0A==,type:str] +sops_lastmodified=2026-01-07T03:17:38Z +sops_mac=ENC[AES256_GCM,data:5etnCs4ejODEzuj6rnC3jDcesfTf4i+DR6+FjapabL7vj34C1OcTgsywyZ5UXvBMvCTa2zTFPDMCe8LywXpVSym/1hOhk5F+grkR5TaPSqM0be5m2M1kDYHkRKGXj5fhNy0jvrhuLwCiqNuHLZiVV9XO0Cm8r+jr1KY2AIXQFGY=,iv:a0042FyT3GJpwyIf0TuMQl/IaQOUHrxCpCfO9+dlAYs=,tag:UAiVRwGi1uiX27Fgl0gRMQ==,type:str] sops_unencrypted_suffix=_unencrypted -sops_version=3.10.2 +sops_version=3.11.0