Major refactor of fortress config

2025-08-03 18:10:24 -05:00 · 2025-08-03 18:10:24 -05:00 · 72d51d403a
commit 72d51d403a
parent 74929a0aa6
5 changed files with 239 additions and 226 deletions
--- a/systems/fortress/haproxy.nix
+++ b/systems/fortress/haproxy.nix
@ -0,0 +1,40 @@
+{ ... }: {
+  users.groups.haproxy.gid = 99;
+
+  users.users.haproxy = {
+    uid = 99;
+    group = "haproxy";
+  };
+
+  sops.secrets = {
+    "dotspace/pki/lagarde.dev.pem" = {
+      mode = "0660";
+      owner = "haproxy";
+      group = "haproxy";
+    };
+    "dotspace/pki/mlaga97.space.pem" = {
+      mode = "0660";
+      owner = "haproxy";
+      group = "haproxy";
+    };
+    "dotspace/pki/bauble.boutique.pem" = {
+      mode = "0660";
+      owner = "haproxy";
+      group = "haproxy";
+    };
+  };
+
+  virtualisation.oci-containers.containers.haproxy = {
+    image = "haproxy:2.6-alpine";
+    ports = [
+      "80:80"
+      "443:443"
+      "8448:8448"
+      "9980:9980"
+    ];
+    volumes = [
+      "/run/secrets/dotspace/pki:/certs"
+      "/home/lauren_lagarde/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg" # TODO
+    ];
+  };
+}