From f6f50f7a5b2d8b647d54d36d2fc4d400c1c1d606 Mon Sep 17 00:00:00 2001
From: TheWanderingCrow <contact@wanderingcrow.net>
Date: Wed, 22 Jan 2025 11:06:08 -0500
Subject: [PATCH] break out secrets from overseer, setup salt rim

---
 modules/users/overseer/default.nix  |  1 +
 modules/users/overseer/secrets.nix  | 37 ++++++++++++++
 modules/users/overseer/services.nix | 77 ++++++++++++++++++++++-------
 3 files changed, 96 insertions(+), 19 deletions(-)
 create mode 100644 modules/users/overseer/secrets.nix

diff --git a/modules/users/overseer/default.nix b/modules/users/overseer/default.nix
index 6191dd2..e3f7ea5 100644
--- a/modules/users/overseer/default.nix
+++ b/modules/users/overseer/default.nix
@@ -6,5 +6,6 @@
   imports = [
     ./user.nix
     ./services.nix
+    ./secrets.nix
   ];
 }
diff --git a/modules/users/overseer/secrets.nix b/modules/users/overseer/secrets.nix
new file mode 100644
index 0000000..59aabcb
--- /dev/null
+++ b/modules/users/overseer/secrets.nix
@@ -0,0 +1,37 @@
+{
+  lib,
+  inputs,
+  config,
+  pkgs,
+  ...
+}:
+lib.mkIf config.user.overseer.enable {
+  sops = {
+    defaultSopsFile = inputs.nix-secrets.secrets.overseer;
+    age.keyFile = "/var/lib/sops-nix/key.txt";
+    age.generateKey = true;
+  };
+
+  # Restic secrets
+  sops.secrets."restic/url" = {};
+  sops.secrets."restic/key" = {};
+
+  # Homepage.dev secrets
+  sops.secrets."homepage/openmeteo/lat" = {};
+  sops.secrets."homepage/openmeteo/long" = {};
+  sops.templates."homepage-environment".content = ''
+    HOMEPAGE_VAR_LAT = ${config.sops.placeholder."homepage/openmeteo/lat"}
+    HOMEPAGE_VAR_LONG = ${config.sops.placeholder."homepage/openmeteo/long"}
+  '';
+
+  # Meilisearch secrets
+  sops.secrets."meilisearch/masterkey" = {};
+  sops.templates."meilisearch-environment".content = ''
+    MEILI_MASTER_KEY = ${config.sops.placeholder."meilisearch/masterkey"}
+  '';
+
+  # Bar Assistant secrets
+  sops.templates."barassistant-environment".content = ''
+    MEILISEARCH_KEY = ${config.sops.placeholder."meilisearch/masterkey"}
+  '';
+}
diff --git a/modules/users/overseer/services.nix b/modules/users/overseer/services.nix
index 9e1785a..e054670 100644
--- a/modules/users/overseer/services.nix
+++ b/modules/users/overseer/services.nix
@@ -10,20 +10,15 @@ in
   }:
     lib.mkIf config.user.overseer.enable {
       # Some scafolding for secrets
-      sops = {
-        defaultSopsFile = inputs.nix-secrets.secrets.overseer;
-        age.keyFile = "/var/lib/sops-nix/key.txt";
-        age.generateKey = true;
-      };
 
       # Create the dirs we need
       systemd.tmpfiles.rules = [
         "d ${volumePath}"
+
+        "d ${volumePath}/bar-assistant"
+        "d ${volumePath}/meilisearch"
       ];
 
-      # Pull in the restic secrets from sops
-      sops.secrets."restic/url" = {};
-      sops.secrets."restic/key" = {};
       # (Arguably) Most Important Service - backups
       services.restic.backups = {
         homebox = {
@@ -40,10 +35,6 @@ in
         };
       };
 
-      # OCI services
-      virtualisation.podman.enable = true;
-      virtualisation.oci-containers.backend = "podman";
-
       # These ports are needed for NGINX Proxy Manager
       networking.firewall.allowedTCPPorts = [
         443
@@ -70,16 +61,26 @@ in
               proxyWebsockets = true;
             };
           };
+          "bar.wanderingcrow.net" = {
+            extraConfig = ''
+              allow 192.168.0.0/16;
+              deny all;
+            '';
+            locations = {
+              "/bar/" = {
+                proxyPass = "http://localhost:3000";
+              };
+              "/search/" = {
+                proxyPass = "http://localhost:7700";
+              };
+              "/" = {
+                proxyPass = "http://localhost:3001";
+              };
+            };
+          };
         };
       };
 
-      sops.secrets."homepage/openmeteo/lat" = {};
-      sops.secrets."homepage/openmeteo/long" = {};
-      sops.templates."homepage-environment".content = ''
-        HOMEPAGE_VAR_LAT = ${config.sops.placeholder."homepage/openmeteo/lat"}
-        HOMEPAGE_VAR_LONG = ${config.sops.placeholder."homepage/openmeteo/long"}
-      '';
-
       services = {
         homebox = {
           enable = true;
@@ -178,4 +179,42 @@ in
           ];
         };
       };
+
+      virtualisation.oci-containers = {
+        backend = "podman";
+        containers = {
+          "meilisearch" = {
+            image = "getmeili/meilisearch:v1.8";
+            volumes = ["${volumePath}/meilisearch:/meili_data"];
+            ports = ["7700:7700"];
+            environmentFile = [config.sops.templates."meilisearch-environment".path];
+            environment = {
+              MEILI_ENV = "production";
+            };
+          };
+          "bar-assistant" = {
+            image = "barassistant/server:v4";
+            volumes = ["${volumePath}/bar-assistant:/var/www/cocktails/storage/bar-assistant"];
+            ports = ["3000:3000"];
+            dependsOn = ["meilisearch"];
+            environmentFile = [config.sops.templates."barassistant-environment".path];
+            environment = {
+              APP_URL = "bar.wanderingcrow.net/bar";
+              MEILISEARCH_HOST = "http://localhost:7700";
+              CACHE_DRIVER = "file";
+              SESSION_DRIVER = "file";
+              ALLOW_REGISTRATION = "true";
+            };
+          };
+          "salt-rim" = {
+            image = "barassistant/salt-rim:v3";
+            ports = ["3001:8080"];
+            dependsOn = ["bar-assistant"];
+            environment = {
+              API_URL = "bar.wanderingcrow.net/bar";
+              MEILIESEARCH_URL = "bar.wanderingcrow.net/search";
+            };
+          };
+        };
+      };
     }