Torjus Håkestad
7fb8df69a4
Update all flake URLs to use the new Forgejo instance. This includes auto-upgrade, nixos-rebuild-test, homelab-deploy listener, nixos-exporter, nix-cache02 builder, and the bootstrap script. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
38 lines
1.0 KiB
Nix
38 lines
1.0 KiB
Nix
{ config, lib, ... }:
|
|
|
|
let
|
|
hostCfg = config.homelab.host;
|
|
in
|
|
{
|
|
config = lib.mkIf config.homelab.deploy.enable {
|
|
# Fetch listener NKey from Vault
|
|
vault.secrets.homelab-deploy-nkey = {
|
|
secretPath = "shared/homelab-deploy/listener-nkey";
|
|
extractKey = "nkey";
|
|
};
|
|
|
|
# Enable homelab-deploy listener
|
|
services.homelab-deploy.listener = {
|
|
enable = true;
|
|
tier = hostCfg.tier;
|
|
role = hostCfg.role;
|
|
natsUrl = "nats://nats1.home.2rjus.net:4222";
|
|
nkeyFile = "/run/secrets/homelab-deploy-nkey";
|
|
flakeUrl = "git+https://code.t-juice.club/torjus/nixos-servers.git";
|
|
metrics.enable = true;
|
|
};
|
|
|
|
# Expose metrics for Prometheus scraping
|
|
homelab.monitoring.scrapeTargets = [{
|
|
job_name = "homelab-deploy";
|
|
port = 9972;
|
|
}];
|
|
|
|
# Ensure listener starts after vault secret is available
|
|
systemd.services.homelab-deploy-listener = {
|
|
after = [ "vault-secret-homelab-deploy-nkey.service" ];
|
|
requires = [ "vault-secret-homelab-deploy-nkey.service" ];
|
|
};
|
|
};
|
|
}
|