Noratrieb/vps
1
0
Fork 0
mirror of https://github.com/Noratrieb/vps.git synced 2026-01-14 16:55:00 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

forgejo

Browse source
This commit is contained in:
nora 2025-03-21 21:14:29 +01:00
parent ac5540fc22
commit a25b5fc2b7
28 changed files with 88 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

45
newinfra/nix/apps/forgejo/default.nix Normal file
View file

@ -0,0 +1,45 @@
{ config, pkgs, name, ... }: {
age.secrets.forgejo_s3_key_secret.file = ../../secrets/forgejo_s3_key_secret.age;
services.forgejo = {
enable = true;
database = {
type = "sqlite3";
};
lfs.enable = false;
settings = {
DEFAULT = {
APP_NAME = "this forge meows";
APP_SLOGAN = "this forge meows";
};
server = rec {
DOMAIN = "git.noratrieb.dev";
ROOT_URL = "https://${DOMAIN}/";
HTTP_PORT = 5015;
};
service = {
DISABLE_REGISTRATION = true;
};
storage = {
STORAGE_TYPE = "minio";
MINIO_ENDPOINT = "127.0.0.1:3900";
MINIO_ACCESS_KEY_ID = "GKc8bfd905eb7f85980ffe84c9";
MINIO_BUCKET = "forgejo";
MINIO_BUCKET_LOOKUP = "auto";
MINIO_LOCATION = "garage";
MINIO_USE_SSL = false;
};
};
secrets = {
storage = {
MINIO_SECRET_ACCESS_KEY = config.age.secrets.forgejo_s3_key_secret.path;
};
};
};
}

1
newinfra/nix/hive.nix
View file

@ -173,6 +173,7 @@
./apps/uptime ./apps/uptime
./apps/cargo-bisect-rustc-service ./apps/cargo-bisect-rustc-service
./apps/killua ./apps/killua
./apps/forgejo
]; ];
deployment.tags = [ "caddy" "eu" "apps" "website" ]; deployment.tags = [ "caddy" "eu" "apps" "website" ];

6
newinfra/nix/modules/caddy/vps1.Caddyfile
View file

@ -59,6 +59,12 @@ docker.noratrieb.dev {
reverse_proxy * localhost:5000 reverse_proxy * localhost:5000
} }
git.noratrieb.dev {
log
encode zstd gzip
reverse_proxy * localhost:5015
}
################################################################ ################################################################
# redirects # redirects

1
newinfra/nix/modules/dns/noratrieb.dev.nix
View file

@ -69,6 +69,7 @@ let
}; };
uptime = vps1; uptime = vps1;
does-it-build = vps4; does-it-build = vps4;
git = vps1;
# --- fun shit # --- fun shit
localhost.A = [ (a "127.0.0.1") ]; localhost.A = [ (a "127.0.0.1") ];

3
newinfra/nix/modules/garage/README.md
View file

@ -23,6 +23,8 @@
- key `loki` RW - key `loki` RW
- `backups` - `backups`
- key `backups` RW - key `backups` RW
- `forgejo`
- key `forgejo` RW
## keys ## keys
@ -30,6 +32,7 @@
- `docker-registry`: `GK48011ee5b5ccbaf4233c0e40` - `docker-registry`: `GK48011ee5b5ccbaf4233c0e40`
- `loki`: `GK84ffae2a0728abff0f96667b` - `loki`: `GK84ffae2a0728abff0f96667b`
- `backups`: `GK8cb8454a6f650326562bff2f` - `backups`: `GK8cb8454a6f650326562bff2f`
- `forgejo`: `GKc8bfd905eb7f85980ffe84c9`
- `admin`: `GKaead6cf5340e54a4a19d9490` - `admin`: `GKaead6cf5340e54a4a19d9490`
- RW permissions on ~every bucket - RW permissions on ~every bucket

BIN
newinfra/nix/secrets/backup_s3_secret.age
View file

Binary file not shown.

BIN
newinfra/nix/secrets/caddy_s3_key_secret.age
View file

Binary file not shown.

BIN
newinfra/nix/secrets/docker_registry_password.age
View file

Binary file not shown.

BIN
newinfra/nix/secrets/forgejo_s3_key_secret.age Normal file
View file

Binary file not shown.

BIN
newinfra/nix/secrets/garage_secrets.age
View file

Binary file not shown.

BIN
newinfra/nix/secrets/grafana_admin_password.age
View file

Binary file not shown.

9
newinfra/nix/secrets/hugochat_db_password.age
View file

@ -1,5 +1,6 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 qM6TYg 6eQ/q3Fj5+L+xROvG9gNysRDWJ6haDVVJHmlDSeAxS0 -> ssh-ed25519 qM6TYg H4CAhH2tiZgtdBLnIT2NQpwbuuJIhX2fku6ukjFHonA
H4nDYw2w4iWujEE8GllQAh8rOdE+CDrKuMagurs7LbI jqQ4SKoyG+lIN6nFtBkUPsPLbQtQG1McRrH5BSjMmbk
--- +yoBU3zYLaP0gJ6iUPSe9I46F2xKWWFUZNSW5M/yOLo --- Gxbst2zgWl8yZrCCami4TA7/bXRE84sI6FBjnzpPsiI
þÄ ²åfP:sšÐ?`Þ)±ñÄ7¨UõG©«©åñÎHEŽù~…¾{$Kåéu˜M< A7bTàPIÂŽqÅjoóFB<46>(LeìǨ<0F>ò(—Π•õ X<E280B9>˜ž“Nb'àb¶äòôD!jÑnÎ1‡U5à'¶«¶&m4peüŽzN“Þ±+.!Õ,c)›ªÀÃà°É-¦<>kHrÓUKÑ È…€rçÕí
T6„ôŠÒ[k¯Ž¯sºñ‰iÄþ\'¡~Kšÿ <0A>ÎýIÀƒ““%€|«h´¸Æ†¹ú%<25>NÕSúªt òYÒŽÂÅÎv­üSÒÄæ­å©þÓ`‡*3€ƒ_éžÐ;fÉ°/¾*!º¹q-^óCkA7˜ÍR° ù<6„4­h*vjYøVæ²S÷22Ê®R†³<E280A0>­Ï

BIN
newinfra/nix/secrets/killua_env.age
View file

Binary file not shown.

BIN
newinfra/nix/secrets/loki_env.age
View file

Binary file not shown.

BIN
newinfra/nix/secrets/minio_env_file.age
View file

Binary file not shown.

BIN
newinfra/nix/secrets/registry_htpasswd.age
View file

Binary file not shown.

BIN
newinfra/nix/secrets/registry_s3_key_secret.age
View file

Binary file not shown.

BIN
newinfra/nix/secrets/s3_mc_admin_client.age
View file

Binary file not shown.

1
newinfra/nix/secrets/secrets.nix
View file

@ -21,6 +21,7 @@ in
"backup_s3_secret.age".publicKeys = [ vps1 vps3 vps4 vps5 ]; "backup_s3_secret.age".publicKeys = [ vps1 vps3 vps4 vps5 ];
"s3_mc_admin_client.age".publicKeys = [ vps1 vps3 vps4 vps5 ]; "s3_mc_admin_client.age".publicKeys = [ vps1 vps3 vps4 vps5 ];
"killua_env.age".publicKeys = [ vps1 ]; "killua_env.age".publicKeys = [ vps1 ];
"forgejo_s3_key_secret.age".publicKeys = [ vps1 ];
"wg_private_dns1.age".publicKeys = [ dns1 ]; "wg_private_dns1.age".publicKeys = [ dns1 ];
"wg_private_dns2.age".publicKeys = [ dns2 ]; "wg_private_dns2.age".publicKeys = [ dns2 ];
"wg_private_vps1.age".publicKeys = [ vps1 ]; "wg_private_vps1.age".publicKeys = [ vps1 ];

9
newinfra/nix/secrets/wg_private_dns1.age
View file

@ -1,5 +1,6 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 LZU5Eg U3dxvEDcEOtW8FXZjVFJLauY4iGqz0ZEaXFpQ/wtRRo -> ssh-ed25519 LZU5Eg C/Xxl6xmqJU17rLrtktvdLeRY5/bF3bjftHo4mbl1iI
pYTB+l/4k7j5CjIe2UpDG/UD26zAwfXBQ5ChgOf6UTI dLiactDlpelKogeTFl2fD6YjAK1dfFd7jnvrgc7m4O8
--- gjyHv0JR14A+KGrSqfGY+XDdEK5O96RY1vz3QRagN+Y --- LARr+mBHSH1Hn7gLprVSZdL5/MK5zEmwWnkAYH0Q4T0
ŕW]`O-Mł¦ÄĘ<><C498>ŚôŇw«@^ŇżTt˛ŰI8Z ŢÔvô` dí:e[MŇ;Đ˸nŮpKłHíwµPϲŔ9 2+÷V(źűs
 P>ßÜazZŃ>y˝>•rř‰Jç¸!>ł—ôKňEA¸Řap ¶Ąyđ~Ş č‰¸<E280B0>¨źS×C“W-&ćŃ

8
newinfra/nix/secrets/wg_private_dns2.age
View file

@ -1,5 +1,5 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 5bWSnQ EtJ6xvnAKqBQAcMkg8ZvqlKLds+fAurbMDwa2y59WzY -> ssh-ed25519 5bWSnQ LZJ3IeeU2FcoStl7FVMbL0zttZEWy1t+E25GEqXdznk
1K7hYZsklt50rzd3m3s+eJz4QRnLffCTJkNdg5XgXko hMIVGygEe++AfccTi15wj6rWaqtwsOabUugtiuR5GWI
--- rwXlwZH92YleL48/WiC7+sjUSPRcIak5S4UIkhoSD10 --- /YFZvkG8jK+vVp+edwEpbkDiAe0yPvwzml6d1HOynI4
ўµ.µ“ВТSњWущб<-э8YДЭ?и)T&«ҐьЄГЉќ N¦БЮ2ЫZJ¦„;в&СТВ39dъФ{ё8љлЭ:yЬ^ЯKл™І*‰ ¡áìöLÀÐOÿ_Ù'cÔÝ<C394>¹ç•Š=ä]äQÚ—[’Æø?Ù­o3MNÁ6dVþÒ?<3F>•RA<>Üë ºõà<C3B5>x5³ðùkc¿

8
newinfra/nix/secrets/wg_private_vps1.age
View file

@ -1,5 +1,5 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 qM6TYg 5ufMbqsCyIvHt0C8w+t5SWHGSeoO/zJidZI42EIJvxU -> ssh-ed25519 qM6TYg wMMdxXZc1yZiD9oS6ne/7Ne29uz+Q97kYYjZtyhR9Qs
Zwm8H68YWqjAe0Gq/itCwtEj1cu1VOACtfriPuPdbGs hNwS16RMdvb7hNfjRdUow/sYtUcta4YPoe4qh0jAEOE
--- ZomF2aQQywN2ZToZB5oqJT/+H+UEvC0j/fQiR67szec --- 30m6ILfUyjxm/nindgNcujh4bGOUvMbrcArSLEd2NuI
?lÁ­/yuç@ì«èÄ\¼fh Q1 [_”Mˆ<4D>Ó<EFBFBD>Å¡7éÎùíÞZÞ5?évÅ"ïâ6º°”lýÂlPÀ+Èä8u×"R¹E Ì¢×î0ÍÃÉfÌÜÍ-1TØà_s>?f·I[L•À…•ÇÏ<C387>mL4¯á«#ÛÑ,qwÔÂåPY-[‰n$áò<C3A1>Á¦ ­µ4

8
newinfra/nix/secrets/wg_private_vps3.age
View file

@ -1,5 +1,5 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 XzACZQ zCt7Biavy5amayc4xU57K6vv+4/MgKZRhNwvA6xdJQE -> ssh-ed25519 XzACZQ k5WVMoS1WD1Jb+RfV0OOW5umLFfEdfIqDodBViQFvzc
z/TWt8WbdZcXsbZSmiJ/Yp1ormoVk88HlXxY+8lmF60 kypBLkD32beBsTtEoCyH0b9L4GAxorTFhqH3nhkO72w
--- x5fpB686RpY4KxbKu940m29V4E+wdzd417YaUxzT4V4 --- aUbimoG2VppL5CPG3tES+zp/cINt6ZjNnthvCcpt0ww
Ť®a[…GěŢg”牢¶ÎŰ<C38E>Yß'¶<>ą*|ÂŰWmPBR­ţb\ůĘłÇHAO$„űkĂÇť .8{ô'nŻş4«#Ľ' kð…éÈ~iÃ"ÃßB˜÷V¸MDEù´QöBŠu<C5A0>òK P§ñâàuä×h¦GCÞ±épT‰±íØé)t¤l€Ç

8
newinfra/nix/secrets/wg_private_vps4.age
View file

@ -1,5 +1,5 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 51bcvA 05bVKsZ8ztuvA34HH9Tr/AwtgENlfE5IL+fab8lvGic -> ssh-ed25519 51bcvA A5RlnDQ8XJQK5KqxwrvVsrfJKVzb22/c/J/EPvfhtRA
+Ib+H+pnPsmrQtQCejyZHP+Moab17YORhVkkAqVjtbs ByXVkK+QIuGV9bCgcqYOAj54k/O6SrYBLrJIQMec0nA
--- d0nYesYevgnhdN5t6XN8zuyJzxifu2BW5KNqG3wAIR8 --- S+1ZbskI6F3pIT8Pm9qjoHpHu0BmihvC1c9D77sghVY
$?äP†ä3Å3‘Ö*Oy/r½î»ç=tË<74>q-/„BA\3@æVA#¸'cÅı{¶†íğÆEaB´R>Äťȱ³¹.V„ö<C383>C²Ó ·Ë{ŤX‡ă¶w°ő˙<ńpäśřé“ĘZ¶SŻ><3E>G*KD_r;Ĺć9«ÄşO"s<áÓ™Cb6ú#lűQ“Éa¸<<3C>j)ťĎu

BIN
newinfra/nix/secrets/wg_private_vps5.age
View file

Binary file not shown.

9
newinfra/nix/secrets/widetom_bot_token.age
View file

@ -1,5 +1,6 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 qM6TYg 8PHArngZr845Vyzvr06Syrn4w3mV1vbeMKnSzd7PtUc -> ssh-ed25519 qM6TYg +hQBAuU1CjDiXyZyufXz6MsGhvYTN0HjmReqbVW8WGQ
GoI7ssVbQzlQAZPopxMpyKdhv1BixF+eac5nQA0Q+i4 DDq5KdAiBei16CiU+CYOdRbhqZKyaUEfPdCee3T6K88
--- c/MJSct6IxWiitSeEGez2c55nQ94A22OuM4NliuHpOk --- Gl21s/ER3GfHeVm9lFbqfyBth5Ac56g0ceoogfzmzXg
ÿw*­_P‡fÁYÓ×-‡š¡©ylAtˆÙ½U!ÀAЇUì³1÷5fcFùÀ/ðžœcÉŠZ%)NÁ¯÷ÁhƒâTtdþÅÈÚ?²›7>ë:UÅkü <EFBFBD>>t˜—lÕ¹ôûë<1C>6[UAÓ"yf-ÊAã¡»ÌíÊÜj¾ ìtž rÁxàRÚd95ýŽ7¢jqàICLÅåvéÈioOM$…­
ÜuÙRZ!ä©·—¯qâ

BIN
newinfra/nix/secrets/widetom_config_toml.age
View file

Binary file not shown.

BIN
newinfra/secrets-git-crypt/forgejo_s3_key_secret Normal file
View file

Binary file not shown.