diff --git a/host/nocix/amd-legacy-quadcore/configuration.nix b/host/nocix/amd-legacy-quadcore/configuration.nix index 203486a..3d02674 100644 --- a/host/nocix/amd-legacy-quadcore/configuration.nix +++ b/host/nocix/amd-legacy-quadcore/configuration.nix @@ -28,6 +28,9 @@ domainNameSync = "staging-sync.nidus.cloud"; environment = "staging"; }; + pgadmin = { + domainName = "staging-pgadmin.nidus.cloud"; + }; tegola = { domainName = "staging-tegola.nidus.cloud"; }; diff --git a/modules/system/default.nix b/modules/system/default.nix index a88112b..8658c7b 100644 --- a/modules/system/default.nix +++ b/modules/system/default.nix @@ -19,6 +19,8 @@ ./minio.nix ./nidus-sync.nix ./openssh.nix + ./pi.nix + ./pgadmin.nix ./podman.nix ./qgis.nix ./restic diff --git a/modules/system/pgadmin.nix b/modules/system/pgadmin.nix new file mode 100644 index 0000000..af4cf16 --- /dev/null +++ b/modules/system/pgadmin.nix @@ -0,0 +1,44 @@ +{ config, configFiles, lib, pkgs, ... }: +with lib; + +let + cfg = config.myModules.pgadmin; + group = "root"; + port = 10100; + user = "root"; +in { + options.myModules.pgadmin = { + domainName = mkOption { + example = "staging-pgadmin.nidus.cloud"; + type = types.str; + }; + enable = mkEnableOption "custom pgadmin configuration"; + }; + + config = mkIf config.myModules.pgadmin.enable { + services.caddy.virtualHosts."${cfg.domainName}" = { + extraConfig = '' + reverse_proxy { + to http://127.0.0.1:${toString port} + header_up X-Forwarded-Proto "https" + } + header / Access-Control-Allow-Origin * + ''; + }; + services.pgadmin = { + enable = true; + initialEmail = "eli@gleipnir.technology"; + initialPasswordFile = "/var/run/secrets/pgadmin.yaml"; + port = port; + }; + sops.secrets."pgadmin-initial-password-file" = { + format = "yaml"; + group = "${group}"; + key = "initial-password"; + mode = "0440"; + owner = "${user}"; + #restartUnits = ["${nidusNameWebserver}.service"]; + sopsFile = ../../secrets/pgadmin.yaml; + }; + }; +} diff --git a/roles/nidus-sync.nix b/roles/nidus-sync.nix index c9cbc9d..e271bae 100644 --- a/roles/nidus-sync.nix +++ b/roles/nidus-sync.nix @@ -16,6 +16,7 @@ myModules.asterisk.enable = false; myModules.caddy.enable = true; myModules.qgis.enable = false; + myModules.pgadmin.enable = true; myModules.nidus-sync.enable = true; myModules.restic.role = "nidus"; myModules.tegola.enable = true; diff --git a/secrets/pgadmin.yaml b/secrets/pgadmin.yaml new file mode 100644 index 0000000..d7e1af2 --- /dev/null +++ b/secrets/pgadmin.yaml @@ -0,0 +1,88 @@ +initial-password: ENC[AES256_GCM,data:VbnnnuAb70MzON4J2uHIW64sxd00jaWQupwrnEKcoW+9rij9,iv:VxtJ/k2DJ1R6lG6k7DSUa6oGYeDkeSxN++xk0pdXvaU=,tag:VWGKykv6fpjs0EI/Fxj/UA==,type:str] +sops: + age: + - recipient: age1wxlwx75hfxer4trvfzad7cwdn2hhu4we50p32vpy3qvdct7t656q3pp04x + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvSkduZGMydXREV1lBRlZV + UzBsVmNhcTQ5bWtYY1V4REs4TVRCaDM3NkY4Ci9ua09wKzJVS3o5aEhEMkdNQlZR + OFVSSHd2THRUNW5XNFJQeUg2M3F2U28KLS0tIGFjdnVad0l4Vk5LWUlNSFYvNjlu + cSszVU9LcGVKUFk0YjgxbEh5RUJ1VXcKRl8/O+n4sCm4uu4ylTehtKHxygn5l9C7 + RHpZwpx9YWY3kqK1tkSZ6qJAfsej7IGprau8ocAG02CAoZ+nSdH2+A== + -----END AGE ENCRYPTED FILE----- + - recipient: age1x704pjnueguchkl54ly8w4w26ltys5900v7xnl7w3zlgasus09jszz45t8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4TW1FdUNFMm40dWJKVkcw + R1lWcHVsdnFQdnZLZDVsdmEzc3JObGg0K2xjCms4eWhxRnpCSUgyYmpoSW8xQ0FM + R1dvbndaZ05VUytKSHJULzF5L1FyUzgKLS0tIFpua25IaVFjZEI3aWlOaDVUSzhr + ZXpuQjJITHJMNkFvbjZHVU4rTW9OVVUKWIwUACD113TB2t7f8oWA2kDRzRfyS91a + c5rnV7+oAzA9Yt90NYacBK0KYjLGyXOsYKpy6pAcqBxJ76qb/tOkYQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age15y4k929zaj9fdg3vd40pa40tgvrgv9mn22xfummn5zxfmkcw5d0st6prjx + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlRjQ0b1FRdFBaMGw1VHFD + OEtOcVFSdENDNGcxOEM4Y2FEWjduU0czVW53ClBoSTR2UU5lNG5Kc0JGcXlBQXZB + VzI5KzZORDNtUDdzeU9ZM0ZlV1VxcU0KLS0tIEZNRzVSYlZjaUV0bUZmUTV6ZFFi + RU92MTF6Y0t4ak1WYXhhWjFpdzlINUkKE8ZWn2rtibgbdonwti1dIMglRFvTMwmL + Y5me/Xkec3DpwTWKppc1qce+o+qOxm9bYowwkT8Jz4sKlwwMW+Kjzw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1q5syuyx3n255vllv6elfj72yk5mhxnk9pqawzyy4gzkzmpw3gpjqz9ujx2 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3M0ZvNk9mNXgrV28wbklB + bjl2T0dURGxrblg4MmFEb2FJZ1FUUlg3WlZnCkJDUy9oNlZjM25OSHRkOWs2Q0J6 + U0owRzBpZG93TlRxdlc5dzBKRXk1Yk0KLS0tIEVUeEZXODc3TE9nSVFLSUxpV2x1 + SjhjVzdlRm10SU5oY3dnYjg0eGtoK1UKkW4zZJQeV6PrPd//oMWaV0BIgX594YUA + M2JzpPZ4BDhm0dmUvoZC17dufNz9tc7j/5FVw2OIF9/kV//32IP5Xw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1rqa4qvkk7s26pgj09d269t84vprdrh0jhyl75xq5zyhp9cdssq2qc8hut8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFUDFESVpEMHYwSTVxYTlo + NXdhTnJnWUduOGk1eFVXZ0xWWm5FdzVDcnpvCkc1Y2Rkd3BKWm85RW90SWkvUHRq + V2ZrV3JVejN3QUJ1VDhVa1BrODdFNkUKLS0tIGIyZ3kxQWFXSFZ2NG5pa2NVNWRD + WnlOcFdqZllTQUdTb3RSbE5HbnNCY1UK8YcePBBrRrRq812bqG4e12CMWVvhdg6n + U9UKMOJ0qmYUrmmltWb1A8+OuiYP8Pkg8RY16+oUMsoZvvzP2M+qqg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1yfs6d0vac45rnx3q54u52tjk5vnfsqnghaj95kmkl7fd5du3ee8qgse385 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQL3NDd2RnbVJYbTZKemI1 + d0tHSzJ2Z2pwTGdtVHZqUzcxUG81NTk3cDFNCkN3dkU3Y05tT0hVZEN1UlgyTGgz + SWJtVVE1amJMditzOXg2YVdiY21Wcm8KLS0tIDFad2crcnpyT2h4WG94bGh0dFZm + eFljZXRHY3ZMWlp5UmRvcjk2T0JaS0EKWhTWi+MMs3hA+BPpcAnypGrSNbGACr9C + g/AsGGCXfGhtkaYO/2f4kXr8ca9akjg8FLzj9gk2LIRo1Rz01Ru9Lw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1t3ryfktuhr3cysf49m9q2n8fkjf9ajjjnhztxw9hz8paxgk4lpcq065jge + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIMGZXRnV6cW9BaDBXenpR + UmkwMGkzS1NBZU9KY09kczhKYXFBamFybmlnCnRaZWNtWTZuMzZ4N1U1Rm1KU0c5 + WjUySjAxNG96MU1wWkl1U1pzTjc0TU0KLS0tIFVNMG8yTTZIL0l6TklsNDNvUXYx + LzhOQVdSZlNGb0o3SHZubXVOZ3BWUDgKF22NjSGhr9zeB+1FR8LXpa0jrU2lQmoT + 3mi1Zvo7bzvGnzyg5WXIwA4iUc//w5ohNjcNgi7Zct2dJe5Xe4acXQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age167q6r28ws6wrpjwxnt4ap2fgs6d9cyvrdhzl2wflr2tnsw5xapxq36n2ec + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwR2Ric1dxVnFtcFVodWp0 + ZHQ4QVpRU1JWNnB4cUlOaWhUbkF5L3lFb1NNCkFPcll3S21PU004R1RVZ0s1TnFk + WW02aGp2WXZUQWJIODhiWFdOSm04SDQKLS0tIFBLbmJyK3k5YkVubWpEYXFUMklX + NERpem93RUNaNDN6UHFTSEtjd2dlb1EKtFA/mnbU0sLTnlQiXar+bC1Diwp0P3Ty + 7ISaPkzQLpAO3Nns2CbaoLcWKdiD0dg0Cwgl8QR5ve83Iex0R65zoA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1924evks66k9g6c4zcnn2ghjcxpe0fzw2y9j253xredkwqnw9p5qqjcvjqt + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFRU9oTlllVTAwc0IrMnQ2 + aHd4TW82NlYrc2p3eVJMckswS0xxeUk5WDFzCk1vRmIzWUNrU0N6WGlIQUJuVjhy + ZW9HYTJwaU4zOXlQd25lbnNaQ0VmQXcKLS0tIHBDTEY5UXNKcmlnUHZXaGVqZmVi + bnR2WUpkaDlQRkh0MWRLL3JXeW5YMG8KMHSP57yOPLEfgImHOwOJUmjRMGuLtftq + GjKURBQuH0MB/LEO4AkesTpBthFBDzQVvqzsCwjSsLznjOcSQIprPg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-05-08T01:40:47Z" + mac: ENC[AES256_GCM,data:ruC5rSzz3uFdXlo+rkrSgGsSIMqJ39gs1CGTG4TWE+jyMHtN1gM1HEvNsHwnoUD5CAGQZFZM0sRxc12a/XoCNDhrfUKnX7OEgBnRTdlQsnYjkw1La96zpoSl3Es43NKN9y6g/fncH0Od5KHWqBoUNfwyy0hMqsC0cbg2Zai681A=,iv:Xf5esrwLkIJ3oBY/4Lz57rCoC6LpgWKFRg9SBu8FmZE=,tag:lyPe67k4C81ryCeKZermOA==,type:str] + unencrypted_suffix: _unencrypted + version: 3.12.1