Noratrieb/vps
1
0
Fork 0
mirror of https://github.com/Noratrieb/vps.git synced 2026-01-14 16:55:00 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

registry

Browse source
This commit is contained in:
nora 2024-08-06 23:39:36 +02:00
parent 5b2ca88597
commit 0d39279ac9
23 changed files with 94 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

2
apps/registry/config.yml
View file

@ -14,7 +14,7 @@ storage:
enabled: true enabled: true
http: http:
addr: 0.0.0.0:5000 addr: 0.0.0.0:5000
host: https://docker.noratrieb.dev host: https://old-docker.noratrieb.dev
draintimeout: 60s draintimeout: 60s
headers: headers:
X-Content-Type-Options: [nosniff] X-Content-Type-Options: [nosniff]

48
newinfra/nix/apps/registry/default.nix Normal file
View file

@ -0,0 +1,48 @@
{ config, lib, ... }: {
age.secrets = {
registry_htpasswd = {
file = ../../secrets/registry_htpasswd.age;
owner = config.users.users.docker-registry.name;
};
registry_s3_key_secret = {
file = ../../secrets/registry_s3_key_secret.age;
owner = config.users.users.docker-registry.name;
};
};
systemd.services.docker-registry.serviceConfig.EnvironmentFile = config.age.secrets.registry_s3_key_secret.path;
services.dockerRegistry = {
enable = true;
storagePath = null;
port = 5000;
extraConfig = {
log = {
accesslog.disabled = false;
level = "info";
formatter = "text";
fields.service = "registry";
};
redis = lib.mkForce null;
storage = {
s3 = {
regionendpoint = "http://127.0.0.1:3900";
region = "garage";
bucket = "docker-registry";
# accesskey = ""; ENV REGISTRY_STORAGE_S3_ACCESSKEY
# secretkey = ""; ENV REGISTRY_STORAGE_S3_SECRETKEY
secure = false;
};
redirect.disable = true;
};
http = {
host = "https://docker.noratrieb.dev";
draintimeout = "60s";
};
auth.htpasswd = {
# TODO: ugh :(
realm = "nilstrieb-registry";
path = config.age.secrets.registry_htpasswd.path;
};
};
};
}

1
newinfra/nix/hive.nix
View file

@ -150,6 +150,7 @@
./apps/hugo-chat ./apps/hugo-chat
./apps/uptime ./apps/uptime
./apps/cargo-bisect-rustc-service ./apps/cargo-bisect-rustc-service
./apps/registry
]; ];
deployment.tags = [ "ingress" "eu" "apps" "wg" ]; deployment.tags = [ "ingress" "eu" "apps" "wg" ];

3
newinfra/nix/modules/dns/noratrieb.dev.nix
View file

@ -43,10 +43,11 @@ let
# --- legacy crap # --- legacy crap
vps2 = vps2; # TODO REMOVE vps2 = vps2; # TODO REMOVE
docker = vps2; old-docker = vps2;
# --- apps # --- apps
bisect-rustc = vps1; bisect-rustc = vps1;
docker = vps1;
hugo-chat = vps1 // { hugo-chat = vps1 // {
subdomains.api = vps1; subdomains.api = vps1;
}; };

2
newinfra/nix/modules/garage/README.md
View file

@ -16,6 +16,8 @@
## buckets ## buckets
- `caddy-store`: Store for Caddy webservers - `caddy-store`: Store for Caddy webservers
- key `caddy`
- `docker-registry`
## keys ## keys

8
newinfra/nix/modules/ingress/Caddyfile
View file

@ -49,6 +49,10 @@ bisect-rustc.noratrieb.dev {
reverse_proxy * localhost:5005 reverse_proxy * localhost:5005
} }
docker.noratrieb.dev {
reverse_proxy * localhost:5000
}
################################################################ ################################################################
# deadname redirects # deadname redirects
nilstrieb.dev { nilstrieb.dev {
@ -67,6 +71,10 @@ bisect-rustc.nilstrieb.dev {
redir https://bisect-rustc.dev/blog{uri} permanent redir https://bisect-rustc.dev/blog{uri} permanent
} }
docker.nilstrieb.dev {
redir https://docker.noratrieb.dev{uri} permanent
}
hugo-chat.nilstrieb.dev { hugo-chat.nilstrieb.dev {
redir https://hugo-chat.noratrieb.dev{uri} permanent redir https://hugo-chat.noratrieb.dev{uri} permanent
} }

BIN
newinfra/nix/secrets/caddy_s3_key_secret.age
View file

Binary file not shown.

BIN
newinfra/nix/secrets/docker_registry_password.age
View file

Binary file not shown.

BIN
newinfra/nix/secrets/garage_secrets.age
View file

Binary file not shown.

BIN
newinfra/nix/secrets/hugochat_db_password.age
View file

Binary file not shown.

14
newinfra/nix/secrets/minio_env_file.age
View file

@ -1,7 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 qM6TYg Jtt9cLPGha9Qs5gEuKSwU3E1bNMhrjlHtnj/I3dKqW0 -> ssh-ed25519 qM6TYg EI4ZJijnotHTHevfFPYRvpl7ccKd1GX4v4TnIeg9OEk
0iDfPorED8lq0Rc5LVDNWID7l2F+AnmeEr7Yik/OC44 12IpJojvydgvYEKeH5czeHqxMYiczVoVOkhDsXnLBI0
-> ssh-ed25519 XzACZQ Q9WpNGn/k35J0/LzGAlcf1ktN2/VG3nZdpfMbJXAnWw -> ssh-ed25519 XzACZQ x9w42tznOiNImwa1SHDF8VgC2yMDUnmsuy2Abs8OAWE
bl2Pasbxmb6LNbWiZrEVBQ99gYYC5Md6kdvIt4VAf7k BurhfH8j8eupgIB6+r/VRCbTB+wCtyHZqxFLedFIdBM
--- +B0f8ilJGkB7Qj+BdzeKfW6HRl9yzMd+iT4sOAmJI5Y --- QIt5U0Kjpaw7cKhuUZoJMA3l+P0th172NK+LxWw/JZU
<EFBFBD>\ÒÖñÈ<C3B1>'ËZtbJ7úAL££²â£&Á•ØC+LM¹nhІŠ]Rº·; Ô†JHK»O¯7å B»¤“¡ß\(ÓQåËU>r³4"Šà¥èXh¹ó…Ð<C390>ãIñd§cE6G_oN© \zSó©Àä¦3¦þÇe0賡O÷Ô”°×§í'}7«
èušÑM€•'­á§jÌ<6A>ÍÝVá(×»€AÍÁ{Ï[§êÚ3¡QýàLH@Ö÷>2q¢Ö<C2A2>Ãy7¯+<2B>žáÅÕ
è&ôéÖ.§T

5
newinfra/nix/secrets/registry_htpasswd.age Normal file
View file

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 qM6TYg suD780CXmj5jE1zjQ8yFPBx/mJpc+qtrSnx21GNPREs
woldNF3/BqEJFZebSL+h8Trd4ULoCXEPGITJ+M6miY0
--- /TVDLF4l3t96nTkcA6kPTggtto1f7FbTtMNXG+7u4HE
e¢MM†êåkÖw€¢¹=XŽçE=@,3k*|'b ²ˆhlß\û^Ò{6°Òo ´ás?XëíªÐ¼Ô”€<E2809D>Çãã=‰ ó<1F>˜®¾1êñõ@ÉÛ<>wZT©ÙC€Â´,"*Ê

BIN
newinfra/nix/secrets/registry_s3_key_secret.age Normal file
View file

Binary file not shown.

2
newinfra/nix/secrets/secrets.nix
View file

@ -12,6 +12,8 @@ in
"minio_env_file.age".publicKeys = [ vps1 vps3 ]; "minio_env_file.age".publicKeys = [ vps1 vps3 ];
"garage_secrets.age".publicKeys = [ vps1 vps3 vps4 vps5 ]; "garage_secrets.age".publicKeys = [ vps1 vps3 vps4 vps5 ];
"caddy_s3_key_secret.age".publicKeys = [ vps1 vps3 vps4 vps5 ]; "caddy_s3_key_secret.age".publicKeys = [ vps1 vps3 vps4 vps5 ];
"registry_htpasswd.age".publicKeys = [ vps1 ];
"registry_s3_key_secret.age".publicKeys = [ vps1 ];
"wg_private_vps1.age".publicKeys = [ vps1 ]; "wg_private_vps1.age".publicKeys = [ vps1 ];
"wg_private_vps3.age".publicKeys = [ vps3 ]; "wg_private_vps3.age".publicKeys = [ vps3 ];
"wg_private_vps4.age".publicKeys = [ vps4 ]; "wg_private_vps4.age".publicKeys = [ vps4 ];

8
newinfra/nix/secrets/wg_private_vps1.age
View file

@ -1,5 +1,5 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 qM6TYg xCaglRQkcl1+kGIVjPEn+NlnrBUvcWLSH7MMPLXK9kU -> ssh-ed25519 qM6TYg O7IcxaeSOGfOmQJudTMomwnl/bsPhAUKCPeidwbThXs
78t/Z81+NaXQMW30EQH8WMhed6Lm77+atPTkBQbDMd0 e4Llj1rpB0QtY08AOQYSr9450fdLd7Io8MpXzCAma5c
--- AsnraeejCWHj1iRI/1btRXI6tqdnBW4S+twfx35eNEI --- DnobWf9zRcr2T9fV32wFhZDmHoXdrLGoEbiOMg+ixyE
³6Â1ŒŽKqH\vé<17>lW¢IX{éåK;€#ÞS—â&ãg^.ÍÊK8”a7V˜œ:<3A><>e)9åïÐŒ!ëÞèO ÓZŸeÆúNKÚh,Ÿðû $Æ! Ϲ¶ÿ<>bÿz/Û:—qŸ^¹u1®ŒÌÉõ qEíÇÿF-ƒ<E280B9>«F=7‰¤C%ІÚ¥q®

8
newinfra/nix/secrets/wg_private_vps3.age
View file

@ -1,5 +1,5 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 XzACZQ PAqPA1RpuXwjKCsn838qwsuRmuh8ES7BPiyCIFdhMmA -> ssh-ed25519 XzACZQ 8C7hL4eGkNUafD4z3KDlduzt1gLrEMZbHGD1ax8D9hQ
QIAC+dfBMSZwzHwcQpO1IyDPKwTvr/iG35PkrFOyzwE IR3sdzbh5ho0switjmknCu4VoPXrBl4uu8wGOjxqpaw
--- zNejM9ypNWH1Bg1J1V4UCqMIyVP+gIV/mmgBaCfFCKk --- UCQLDGKp7Q8pB2MVuT/0/lff559GE/pSzpLj5WXHrvs
y<EFBFBD><1F><>2y<>v0<>W<EFBFBD><19>}q<><71>Ymh<6D><68><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Z<EFBFBD>{B|<7C>t7,@<40>6B_<42>V8<56>0i<30><69>a<EFBFBD>z9<11><><EFBFBD>@<40><><EFBFBD>j<EFBFBD><0F>)<29><> Y6ÙÞØ0Ïuh<1B>¿ñ¥ÿš<°bÁêŒ^¹Y¯¢¥dÈ[dâäà|êpó}"áÙ)´áF†3( Z.Ž¢<C5BD>¬GLoeêûÓ´\ÞCt74

9
newinfra/nix/secrets/wg_private_vps4.age
View file

@ -1,6 +1,5 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 51bcvA mJYJJnaKusYBpSL5qAokXISlrXkBZ0QPKZVPkiyKSnk -> ssh-ed25519 51bcvA CjxIs41xJfD5FLvhNePVx4Z+oxLNGs18rIqA1oePZUA
IAsX5+UPxhap7ehB9za8Q9aEfeA0Ypd4Tw7XiU4f2eM vbbgC5XDSpheko+opZcGdGOLRTkpy9oOKUDqJB5mHrA
--- VBlmFpr+g83UfZ4rftOkNzKL/ZxSxAi7/tBl4TMaln4 --- zIA/cJR2IvTe9PrxvsqYUtx3CVDMadur9Zab5yklQHk
mäľA†W˙Ďýť§ĺŁc€NWň·Ý-ü—ÚŘäF6Ȇy…T=~<7E>ť·kަg%€˛Uš ;D­Ý˛Ëiľ‰ŻĐ&[jÂ+®_ 9öÖÞ_n5Ù~¡â\ÊÅC'qŠ±]Ù+~jwº&âO4¸Ÿ vï<E2809A>Uo$ÔÊ<C394>¤béÕØùˆEÍ…Gì¥kmkÞ\ú
Ç

8
newinfra/nix/secrets/wg_private_vps5.age
View file

@ -1,5 +1,5 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 vT7ExA mzVnSgeDMMYUVe1J50PKFxwcpW9/XrweIyrOP8YtEF0 -> ssh-ed25519 vT7ExA hiEMWjjGY/Elfd8oc9gB7p1bcV0G4u+NpvcChl06Kko
N5vIpmomADBhQ0OXXw5uDcPeAeomaL/uyeAqCGewVMA TANojl91jyH5dIjj0e7FlyvWfblRWd1psLerI3AxKe4
--- QBH8lw1hB2qVKXbd6AfQ9M5JlyPRCgzcHrVNjyGDfiI --- EZL4OcGAkc70DMOiFaiZab64IX+Cv952bGXgF/5XZNc
šÕ7­ÓYÕÓ Béï¿ÃŠþž²…1¨^™ô§VÕKxŒ`z¿}9µÑ ŒWaȧk W[ À+"õó_ªo%råàlR˜ {KŸ¶´Nnþ0§oí½íšjM£½r§ÕTOqÈ3ÂðMa‰p­&;D qûASãótr<1E>©YÏ@åùúƒ m4ñ©r®Om

BIN
newinfra/nix/secrets/widetom_bot_token.age
View file

Binary file not shown.

BIN
newinfra/nix/secrets/widetom_config_toml.age
View file

Binary file not shown.

BIN
newinfra/secrets-git-crypt/registry_htpasswd Normal file
View file

Binary file not shown.

BIN
newinfra/secrets-git-crypt/registry_s3_key_secret Normal file
View file

Binary file not shown.

5
vps2/Caddyfile
View file

@ -33,10 +33,7 @@ vps2.nilstrieb.dev {
file_server file_server
} }
docker.nilstrieb.dev { old-docker.noratrieb.dev {
reverse_proxy * localhost:5000
}
docker.noratrieb.dev {
reverse_proxy * localhost:5000 reverse_proxy * localhost:5000
} }