diff --git a/hosts/common/optional/nixos-containers/baseddata-worker.nix b/hosts/common/optional/nixos-containers/baseddata-worker.nix index 5851976..9480d61 100644 --- a/hosts/common/optional/nixos-containers/baseddata-worker.nix +++ b/hosts/common/optional/nixos-containers/baseddata-worker.nix @@ -9,8 +9,6 @@ pubKeys = lib.filesystem.listFilesRecursive ../../users/keys; containerName = "bd-worker"; containerIp = configVars.networking.addresses.bd-worker.ip; - mongodbIp = configVars.networking.addresses.mongodb.ip; - mongodbPort = toString configVars.networking.addresses.mongodb.port; gatewayIp = configVars.networking.addresses.gateway.ip; postgresIp = configVars.networking.addresses.postgres.ip; postgresPort = toString configVars.networking.addresses.postgres.port; @@ -22,9 +20,6 @@ notifybotUsername = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."comms/xmpp/notifybot/username".path; notifybotPwd = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."comms/xmpp/notifybot/password".path; recipientUsername = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."comms/xmpp/mrsu/username".path; - mongoclientAuth = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/mongodb/baseddata/auth".path; - mongoclientUser = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/mongodb/baseddata/username".path; - mongoclientPassword = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/mongodb/baseddata/password".path; postgresUser = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/postgres/baseddata/user_username".path; postgresPassword = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/postgres/baseddata/user_password".path; bitcoindRPCUsername = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/username".path; @@ -36,9 +31,6 @@ in { "comms/xmpp/notifybot/username" = {}; "comms/xmpp/notifybot/password" = {}; "comms/xmpp/mrsu/username" = {}; - "software/mongodb/baseddata/auth" = {}; - "software/mongodb/baseddata/username" = {}; - "software/mongodb/baseddata/password" = {}; "software/postgres/baseddata/user_password" = {}; "software/postgres/baseddata/user_username" = {}; "software/bitcoind/username" = {}; @@ -78,18 +70,6 @@ in { hostPath = "${recipientUsername}"; isReadOnly = true; }; - "/run/secrets/mongoclientAuth" = { - hostPath = "${mongoclientAuth}"; - isReadOnly = true; - }; - "/run/secrets/mongoclientUser" = { - hostPath = "${mongoclientUser}"; - isReadOnly = true; - }; - "/run/secrets/mongoclientPassword" = { - hostPath = "${mongoclientPassword}"; - isReadOnly = true; - }; "/run/secrets/postgresPassword" = { hostPath = "${postgresPassword}"; isReadOnly = true; @@ -220,10 +200,6 @@ in { .venv/bin/prefect variable set "xmpp_jid" $(cat /run/secrets/notifybotUsername) --overwrite .venv/bin/prefect variable set "xmpp_password" $(cat /run/secrets/notifybotPassword) --overwrite .venv/bin/prefect variable set "xmpp_recipient" $(cat /run/secrets/recipientUsername) --overwrite - .venv/bin/prefect variable set "mongoclient_auth" $(cat /run/secrets/mongoclientAuth) --overwrite - .venv/bin/prefect variable set "mongoclient_host" "${mongodbIp}:${mongodbPort}" --overwrite - .venv/bin/prefect variable set "mongoclient_user" $(cat /run/secrets/mongoclientUser) --overwrite - .venv/bin/prefect variable set "mongoclient_pwd" $(cat /run/secrets/mongoclientPassword) --overwrite .venv/bin/prefect variable set "postgres_host" ${postgresIp} --overwrite .venv/bin/prefect variable set "postgres_port" ${postgresPort} --overwrite .venv/bin/prefect variable set "postgres_user" $(cat /run/secrets/postgresUser) --overwrite @@ -235,7 +211,6 @@ in { .venv/bin/prefect variable set "osm_dir" "/media/baseddata-data/osm" --overwrite .venv/bin/prefect variable set "wdpa_dir" "/media/baseddata-data/wdpa" --overwrite - .venv/bin/prefect variable set "mongo_db_name" "baseddata" --overwrite .venv/bin/prefect variable set "postgres_dbname" "baseddata" --overwrite .venv/bin/prefect variable set "postgres_schema" "models_final" --overwrite .venv/bin/prefect variable set "unique_key" "row_uuid" --overwrite diff --git a/hosts/common/optional/nixos-containers/mongodb.nix b/hosts/common/optional/nixos-containers/mongodb.nix deleted file mode 100644 index 3f7497c..0000000 --- a/hosts/common/optional/nixos-containers/mongodb.nix +++ /dev/null @@ -1,98 +0,0 @@ -{ - inputs, - lib, - config, - configVars, - pkgs, - ... -}: let - mongodbPasswordPath = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/mongodb/baseddata/password".path; - pubKeys = lib.filesystem.listFilesRecursive ../../users/keys; - containerName = "mongodb"; - containerIp = configVars.networking.addresses.mongodb.ip; - gatewayIp = configVars.networking.addresses.gateway.ip; -in { - sops.secrets = { - "software/postgres/postgres/password" = { - }; - }; - - environment.persistence."/persist" = { - hideMounts = true; - directories = [ - "/var/lib/nixos-containers/${containerName}" - ]; - }; - - networking.nat.enable = true; - networking.nat.internalInterfaces = ["ve-+"]; - networking.nat.externalInterface = "br0"; - - containers.${containerName} = { - autoStart = true; - privateNetwork = true; - hostBridge = "br0"; - nixpkgs = pkgs.path; - bindMounts = { - # "/var/db/mongodb" = { - # hostPath = "/media/main-ssd/mongodb"; - # isReadOnly = false; - # }; - }; - - config = { - pkgs, - lib, - ... - }: { - networking = { - defaultGateway = "${gatewayIp}"; - interfaces.eth0.ipv4.addresses = [ - { - "address" = "${containerIp}"; - "prefixLength" = 24; - } - ]; - firewall = { - enable = true; - allowedTCPPorts = [ - 27017 - ]; - }; - useHostResolvConf = lib.mkForce false; - }; - - services.resolved.enable = true; - - environment.systemPackages = with pkgs; [ - mongosh - ]; - - # allow unfree packages - nixpkgs.config.allowUnfreePredicate = let - whitelist = map lib.getName [ - pkgs.mongodb - ]; - in - pkg: builtins.elem (lib.getName pkg) whitelist; - - services.mongodb = { - enable = true; - # enableAuth = true; - # initialRootPassword = mongodbPasswordPath; - bind_ip = "0.0.0.0"; - }; - - services.openssh = { - enable = true; - settings.PasswordAuthentication = false; - }; - - users.users.root = { - openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key); - }; - - system.stateVersion = "24.05"; - }; - }; -}