Merge pull request #48 from tgstation-operations/LolLimewire

Move GitHub Webhook PR Announcer to lime

systems/edge-nodes/modules/caddy.nix

@@ -66,6 +66,7 @@
     certs = {
       "tgstation13.org" = {};
       "forums.tgstation13.org" = {};
+      "github-webhooks.tgstation13.org" = {};
     };
   };
 
@@ -177,6 +178,16 @@
           }
         '';
       };
+      "github-webhooks.tgstation13.org" = {
+        useACMEHost = "github-webhooks.tgstation13.org";
+        extraConfig = ''
+          encode gzip zstd
+          reverse_proxy localhost:5004 {
+            health_uri /health
+            health_port 5004
+          }
+        '';
+      };
     };
   };
   # Server Info Fetcher

systems/game-servers/systems/tgsatan/tgstation-pr-announcer/tgstation_pr_announcer_config.json → systems/edge-nodes/modules/tgstation-pr-announcer/appsettings.Production.json

@@ -10,21 +10,21 @@
         ]
       },
       {
-        "Address": "localhost",
+        "Address": "tgsatan.tg.lan",
         "Port": 1337,
         "InterestedRepoSlugs": [
           "tgstation/tgstation"
         ]
       },
       {
-        "Address": "localhost",
+        "Address": "tgsatan.tg.lan",
         "Port": 1447,
         "InterestedRepoSlugs": [
           "tgstation/tgstation"
         ]
       },
       {
-        "Address": "localhost",
+        "Address": "tgsatan.tg.lan",
         "Port": 5337,
         "InterestedRepoSlugs": [
           "tgstation/TerraGov-Marine-Corps"

systems/edge-nodes/modules/tgstation-pr-announcer/default.nix

@@ -0,0 +1,20 @@
+{
+  config,
+  self,
+  ...
+}:
+{
+  imports = [
+    self.inputs.tgstation-pr-announcer.nixosModules.default
+  ];
+  age.secrets.tgstation-pr-announcer = {
+    file = ../../secrets/tgstation-pr-announcer.age;
+    owner = "${config.services.tgstation-pr-announcer.username}";
+    group = "${config.services.tgstation-pr-announcer.groupname}";
+  };
+  services.tgstation-pr-announcer = {
+    enable = true;
+    production-appsettings = ./appsettings.Production.json;
+    environmentFile = config.age.secrets.tgstation-pr-announcer.path;
+  };
+}

systems/edge-nodes/secrets/secrets.nix

@@ -16,6 +16,10 @@ let
   frontend_systems = [lime];
 in {
   "cloudflare_api.age".publicKeys = users ++ frontend_systems;
+  # TGS PR Announcer
+  # The same value is used in game-servers/secrets/tg13-comms.age
+  # TODO: Move to a shared secret (somehow)
+  "tgstation-pr-announcer.age".publicKeys = users ++ frontend_systems;
   "tailscaleAuthKey.age".publicKeys = users ++ systems;
   "phpbb_db.age".publicKeys = users ++ frontend_systems;
 }

systems/edge-nodes/systems/us-lime.nix

@@ -3,6 +3,7 @@
     ../base.nix
     ../disko-ovh.nix
     ../modules/caddy.nix
+    ../modules/tgstation-pr-announcer/default.nix
   ];
   ## LIME - Vint Hill, VA. Owned by orangesnz
   networking.hostName = "lime";

systems/game-servers/systems/tgsatan/default.nix

@@ -11,7 +11,6 @@
     (import hw.common-gpu-nvidia)
     (import hw.common-cpu-amd)
     self.inputs.tgstation-server.nixosModules.default
-    self.inputs.tgstation-pr-announcer.nixosModules.default
   ];
   localModules = [
     ../../../../modules/fail2ban.nix
@@ -116,17 +115,6 @@ in {
     wants = ["mysql.service"];
   };
 
-  age.secrets.tgstation-pr-announcer = {
-    file = ./secrets/tgstation-pr-announcer.age;
-    owner = "${config.services.tgstation-pr-announcer.username}";
-    group = "${config.services.tgstation-pr-announcer.groupname}";
-  };
-  services.tgstation-pr-announcer = {
-    enable = true;
-    production-appsettings = ./tgstation-pr-announcer/tgstation_pr_announcer_config.json;
-    environmentFile = config.age.secrets.tgstation-pr-announcer.path;
-  };
-
   services.grafana = {
     enable = true;
     settings = {

systems/game-servers/systems/tgsatan/modules/caddy/default.nix

@@ -62,7 +62,6 @@
         environmentFile = ./aws.env;
       };
       "attic.tgstation13.org" = {};
-      "github-webhooks.tgstation13.org" = {};
     };
   };
   services.caddy = {
@@ -87,16 +86,6 @@
           }
         '';
       };
-      "github-webhooks.tgstation13.org" = {
-        useACMEHost = "github-webhooks.tgstation13.org";
-        extraConfig = ''
-          encode gzip zstd
-          reverse_proxy localhost:5004 {
-            health_uri /health
-            health_port 5004
-          }
-        '';
-      };
       "s3.tgstation13.org" = {
         useACMEHost = "s3.tgstation13.org";
         extraConfig = ''

systems/game-servers/systems/tgsatan/modules/monitoring/prometheus.nix

@@ -82,7 +82,7 @@ in {
         static_configs = [
           {
             targets = [
-              "tgsatan.tg.lan:${prAnnouncerPort}"
+              "lime.tg.lan:${prAnnouncerPort}"
             ];
           }
         ];

systems/game-servers/systems/tgsatan/secrets/secrets.nix

@@ -17,10 +17,6 @@ in {
   "cloudflared-pem.age".publicKeys = users ++ systems;
   # Tgstation website api key
   "tgstation-web-apikey.age".publicKeys = users ++ systems;
-  # TGS PR Announcer
-  # The same value is used in game-servers/secrets/tg13-comms.age
-  # TODO: Move to a shared secret (somehow)
-  "tgstation-pr-announcer.age".publicKeys = users ++ systems;
   # AWS Route 53 DNS-01
   "aws_credentials.age".publicKeys = users ++ systems;
   # Atticd