Noratrieb/vps
1
0
Fork 0
mirror of https://github.com/Noratrieb/vps.git synced 2026-01-14 08:45:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

forgejo 2

Browse source
This commit is contained in:
nora 2025-03-21 21:45:24 +01:00
parent a25b5fc2b7
commit d02f3fb4b0
3 changed files with 91 additions and 78 deletions
Download patch file Download diff file Expand all files Collapse all files

7
newinfra/nix/apps/forgejo/default.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, name, ... }: {
{ config, ... }: {
age.secrets.forgejo_s3_key_secret.file = ../../secrets/forgejo_s3_key_secret.age;
@ -42,4 +42,9 @@
};
};
};
services.custom-backup.jobs = [{
app = "forgejo";
file = "/var/lib/forgejo/data/forgejo.db";
}];
}

156
newinfra/nix/hive.nix
View file

@ -1,93 +1,97 @@
{
meta = {
# Override to pin the Nixpkgs version (recommended). This option
# accepts one of the following:
# - A path to a Nixpkgs checkout
# - The Nixpkgs lambda (e.g., import <nixpkgs>)
# - An initialized Nixpkgs attribute set
nixpkgs = import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/7105ae3957700a9646cc4b766f5815b23ed0c682.tar.gz"); # nixos-24.11 2025-03-21
meta =
let nixpkgs-path = (fetchTarball "https://github.com/NixOS/nixpkgs/archive/7105ae3957700a9646cc4b766f5815b23ed0c682.tar.gz"); in
{
# Override to pin the Nixpkgs version (recommended). This option
# accepts one of the following:
# - A path to a Nixpkgs checkout
# - The Nixpkgs lambda (e.g., import <nixpkgs>)
# - An initialized Nixpkgs attribute set
nixpkgs = import nixpkgs-path; # nixos-24.11 2025-03-21
specialArgs = {
website = import (fetchTarball "https://github.com/Noratrieb/website/archive/1e1f0be7acf6931832a53447771ed2224b1ae43d.tar.gz");
blog = fetchTarball "https://github.com/Noratrieb/blog/archive/d370bf2b2e1dbec871dc1c82db8db9328976e0df.tar.gz";
slides = fetchTarball "https://github.com/Noratrieb/slides/archive/0401f35c22b124b69447655f0c537badae9e223c.tar.gz";
specialArgs = {
website = import (fetchTarball "https://github.com/Noratrieb/website/archive/1e1f0be7acf6931832a53447771ed2224b1ae43d.tar.gz");
blog = fetchTarball "https://github.com/Noratrieb/blog/archive/d370bf2b2e1dbec871dc1c82db8db9328976e0df.tar.gz";
slides = fetchTarball "https://github.com/Noratrieb/slides/archive/0401f35c22b124b69447655f0c537badae9e223c.tar.gz";
pretense = import (fetchTarball "https://github.com/Noratrieb/pretense/archive/270b01fc1118dfd713c1c41530d1a7d98f04527d.tar.gz");
quotdd = import (fetchTarball "https://github.com/Noratrieb/quotdd/archive/9c37b3e2093020771ee7c9da6200f95d4269b4e4.tar.gz");
pretense = import (fetchTarball "https://github.com/Noratrieb/pretense/archive/270b01fc1118dfd713c1c41530d1a7d98f04527d.tar.gz");
quotdd = import (fetchTarball "https://github.com/Noratrieb/quotdd/archive/9c37b3e2093020771ee7c9da6200f95d4269b4e4.tar.gz");
does-it-build = import (fetchTarball "https://github.com/Noratrieb/does-it-build/archive/cc4d90e7481d25c31362072484fb23f6a9473ef3.tar.gz");
does-it-build = import (fetchTarball "https://github.com/Noratrieb/does-it-build/archive/cc4d90e7481d25c31362072484fb23f6a9473ef3.tar.gz");
networkingConfig = {
dns1 = {
publicIPv4 = "154.38.163.74";
publicIPv6 = null;
wg = {
privateIP = "10.0.1.1";
publicKey = "7jy2q93xYBHG5yKqLmNuMWSuFMnUGWXVuKQ1yMmxoV4=";
peers = [ "vps3" ];
inherit nixpkgs-path;
networkingConfig = {
dns1 = {
publicIPv4 = "154.38.163.74";
publicIPv6 = null;
wg = {
privateIP = "10.0.1.1";
publicKey = "7jy2q93xYBHG5yKqLmNuMWSuFMnUGWXVuKQ1yMmxoV4=";
peers = [ "vps3" ];
};
};
};
dns2 = {
publicIPv4 = "128.140.3.7";
# somehow this doesnt quite work yet, keep it out of DNS records
#publicIPv6 = "2a01:4f8:c2c:d616::";
publicIPv6 = null;
wg = {
privateIP = "10.0.1.2";
publicKey = "yfOc/q5M+2DWPoZ4ZgwrTYYkviQxGxRWpcBCDcauDnc=";
peers = [ "vps3" ];
dns2 = {
publicIPv4 = "128.140.3.7";
# somehow this doesnt quite work yet, keep it out of DNS records
#publicIPv6 = "2a01:4f8:c2c:d616::";
publicIPv6 = null;
wg = {
privateIP = "10.0.1.2";
publicKey = "yfOc/q5M+2DWPoZ4ZgwrTYYkviQxGxRWpcBCDcauDnc=";
peers = [ "vps3" ];
};
};
};
vps1 = {
publicIPv4 = "161.97.165.1";
publicIPv6 = null;
wg = {
privateIP = "10.0.0.1";
publicKey = "5tg3w/TiCuCeKIBJCd6lHUeNjGEA76abT1OXnhNVyFQ=";
peers = [ "vps3" "vps4" "vps5" ];
vps1 = {
publicIPv4 = "161.97.165.1";
publicIPv6 = null;
wg = {
privateIP = "10.0.0.1";
publicKey = "5tg3w/TiCuCeKIBJCd6lHUeNjGEA76abT1OXnhNVyFQ=";
peers = [ "vps3" "vps4" "vps5" ];
};
};
};
vps3 = {
publicIPv4 = "134.255.181.139";
publicIPv6 = null;
wg = {
privateIP = "10.0.0.3";
publicKey = "pdUxG1vhmYraKzIIEFxTRAMhGwGztBL/Ly5icJUV3g0=";
peers = [ "vps1" "vps4" "vps5" "dns1" "dns2" ];
vps3 = {
publicIPv4 = "134.255.181.139";
publicIPv6 = null;
wg = {
privateIP = "10.0.0.3";
publicKey = "pdUxG1vhmYraKzIIEFxTRAMhGwGztBL/Ly5icJUV3g0=";
peers = [ "vps1" "vps4" "vps5" "dns1" "dns2" ];
};
};
};
vps4 = {
publicIPv4 = "195.201.147.17";
# somehow this doesnt quite work yet, keep it out of DNS records
#publicIPv6 = "2a01:4f8:1c1c:cb18::1";
publicIPv6 = null;
wg = {
privateIP = "10.0.0.4";
publicKey = "+n2XKKaSFdCanEGRd41cvnuwJ0URY0HsnpBl6ZrSBRs=";
peers = [ "vps1" "vps3" "vps5" ];
vps4 = {
publicIPv4 = "195.201.147.17";
# somehow this doesnt quite work yet, keep it out of DNS records
#publicIPv6 = "2a01:4f8:1c1c:cb18::1";
publicIPv6 = null;
wg = {
privateIP = "10.0.0.4";
publicKey = "+n2XKKaSFdCanEGRd41cvnuwJ0URY0HsnpBl6ZrSBRs=";
peers = [ "vps1" "vps3" "vps5" ];
};
};
};
vps5 = {
publicIPv4 = "45.94.209.30";
publicIPv6 = null;
wg = {
privateIP = "10.0.0.5";
publicKey = "r1cwt63fcOR+FTqMTUpZdK4/MxpalkDYRHXyy7osWUk=";
peers = [ "vps1" "vps3" "vps4" ];
vps5 = {
publicIPv4 = "45.94.209.30";
publicIPv6 = null;
wg = {
privateIP = "10.0.0.5";
publicKey = "r1cwt63fcOR+FTqMTUpZdK4/MxpalkDYRHXyy7osWUk=";
peers = [ "vps1" "vps3" "vps4" ];
};
};
};
};
};
# If your Colmena host has nix configured to allow for remote builds
# (for nix-daemon, your user being included in trusted-users)
# you can set a machines file that will be passed to the underlying
# nix-store command during derivation realization as a builders option.
# For example, if you support multiple orginizations each with their own
# build machine(s) you can ensure that builds only take place on your
# local machine and/or the machines specified in this file.
# machinesFile = ./machines.client-a;
};
# If your Colmena host has nix configured to allow for remote builds
# (for nix-daemon, your user being included in trusted-users)
# you can set a machines file that will be passed to the underlying
# nix-store command during derivation realization as a builders option.
# For example, if you support multiple orginizations each with their own
# build machine(s) you can ensure that builds only take place on your
# local machine and/or the machines specified in this file.
# machinesFile = ./machines.client-a;
};
defaults = { pkgs, config, lib, ... }: {
# This module will be imported by all hosts

6
newinfra/nix/modules/default/default.nix
View file

@ -1,10 +1,14 @@
{ pkgs, lib, config, name, pretense, quotdd, ... }: {
{ pkgs, lib, config, name, pretense, quotdd, nixpkgs-path, ... }: {
deployment.targetHost = "${config.networking.hostName}.infra.noratrieb.dev";
imports = [
"${builtins.fetchTarball "https://github.com/ryantm/agenix/archive/de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6.tar.gz"}/modules/age.nix" # main 2024-07-26
];
nix = {
nixPath = [ "nixpkgs=${nixpkgs-path}" ];
};
environment.systemPackages = with pkgs; [
vim
wget