Noratrieb/vps
1
0
Fork 0
mirror of https://github.com/Noratrieb/vps.git synced 2026-01-16 01:25:09 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

forgejo 2

Browse source
This commit is contained in:
nora 2025-03-21 21:45:24 +01:00
parent a25b5fc2b7
commit d02f3fb4b0
3 changed files with 91 additions and 78 deletions
Download patch file Download diff file Expand all files Collapse all files

7
newinfra/nix/apps/forgejo/default.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, name, ... }: { { config, ... }: {
age.secrets.forgejo_s3_key_secret.file = ../../secrets/forgejo_s3_key_secret.age; age.secrets.forgejo_s3_key_secret.file = ../../secrets/forgejo_s3_key_secret.age;
@ -42,4 +42,9 @@
}; };
}; };
}; };
services.custom-backup.jobs = [{
app = "forgejo";
file = "/var/lib/forgejo/data/forgejo.db";
}];
} }

156
newinfra/nix/hive.nix
View file

@ -1,93 +1,97 @@
{ {
meta = { meta =
# Override to pin the Nixpkgs version (recommended). This option let nixpkgs-path = (fetchTarball "https://github.com/NixOS/nixpkgs/archive/7105ae3957700a9646cc4b766f5815b23ed0c682.tar.gz"); in
# accepts one of the following: {
# - A path to a Nixpkgs checkout # Override to pin the Nixpkgs version (recommended). This option
# - The Nixpkgs lambda (e.g., import <nixpkgs>) # accepts one of the following:
# - An initialized Nixpkgs attribute set # - A path to a Nixpkgs checkout
nixpkgs = import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/7105ae3957700a9646cc4b766f5815b23ed0c682.tar.gz"); # nixos-24.11 2025-03-21 # - The Nixpkgs lambda (e.g., import <nixpkgs>)
# - An initialized Nixpkgs attribute set
nixpkgs = import nixpkgs-path; # nixos-24.11 2025-03-21
specialArgs = { specialArgs = {
website = import (fetchTarball "https://github.com/Noratrieb/website/archive/1e1f0be7acf6931832a53447771ed2224b1ae43d.tar.gz"); website = import (fetchTarball "https://github.com/Noratrieb/website/archive/1e1f0be7acf6931832a53447771ed2224b1ae43d.tar.gz");
blog = fetchTarball "https://github.com/Noratrieb/blog/archive/d370bf2b2e1dbec871dc1c82db8db9328976e0df.tar.gz"; blog = fetchTarball "https://github.com/Noratrieb/blog/archive/d370bf2b2e1dbec871dc1c82db8db9328976e0df.tar.gz";
slides = fetchTarball "https://github.com/Noratrieb/slides/archive/0401f35c22b124b69447655f0c537badae9e223c.tar.gz"; slides = fetchTarball "https://github.com/Noratrieb/slides/archive/0401f35c22b124b69447655f0c537badae9e223c.tar.gz";
pretense = import (fetchTarball "https://github.com/Noratrieb/pretense/archive/270b01fc1118dfd713c1c41530d1a7d98f04527d.tar.gz"); pretense = import (fetchTarball "https://github.com/Noratrieb/pretense/archive/270b01fc1118dfd713c1c41530d1a7d98f04527d.tar.gz");
quotdd = import (fetchTarball "https://github.com/Noratrieb/quotdd/archive/9c37b3e2093020771ee7c9da6200f95d4269b4e4.tar.gz"); quotdd = import (fetchTarball "https://github.com/Noratrieb/quotdd/archive/9c37b3e2093020771ee7c9da6200f95d4269b4e4.tar.gz");
does-it-build = import (fetchTarball "https://github.com/Noratrieb/does-it-build/archive/cc4d90e7481d25c31362072484fb23f6a9473ef3.tar.gz"); does-it-build = import (fetchTarball "https://github.com/Noratrieb/does-it-build/archive/cc4d90e7481d25c31362072484fb23f6a9473ef3.tar.gz");
networkingConfig = { inherit nixpkgs-path;
dns1 = {
publicIPv4 = "154.38.163.74"; networkingConfig = {
publicIPv6 = null; dns1 = {
wg = { publicIPv4 = "154.38.163.74";
privateIP = "10.0.1.1"; publicIPv6 = null;
publicKey = "7jy2q93xYBHG5yKqLmNuMWSuFMnUGWXVuKQ1yMmxoV4="; wg = {
peers = [ "vps3" ]; privateIP = "10.0.1.1";
publicKey = "7jy2q93xYBHG5yKqLmNuMWSuFMnUGWXVuKQ1yMmxoV4=";
peers = [ "vps3" ];
};
}; };
}; dns2 = {
dns2 = { publicIPv4 = "128.140.3.7";
publicIPv4 = "128.140.3.7"; # somehow this doesnt quite work yet, keep it out of DNS records
# somehow this doesnt quite work yet, keep it out of DNS records #publicIPv6 = "2a01:4f8:c2c:d616::";
#publicIPv6 = "2a01:4f8:c2c:d616::"; publicIPv6 = null;
publicIPv6 = null; wg = {
wg = { privateIP = "10.0.1.2";
privateIP = "10.0.1.2"; publicKey = "yfOc/q5M+2DWPoZ4ZgwrTYYkviQxGxRWpcBCDcauDnc=";
publicKey = "yfOc/q5M+2DWPoZ4ZgwrTYYkviQxGxRWpcBCDcauDnc="; peers = [ "vps3" ];
peers = [ "vps3" ]; };
}; };
}; vps1 = {
vps1 = { publicIPv4 = "161.97.165.1";
publicIPv4 = "161.97.165.1"; publicIPv6 = null;
publicIPv6 = null; wg = {
wg = { privateIP = "10.0.0.1";
privateIP = "10.0.0.1"; publicKey = "5tg3w/TiCuCeKIBJCd6lHUeNjGEA76abT1OXnhNVyFQ=";
publicKey = "5tg3w/TiCuCeKIBJCd6lHUeNjGEA76abT1OXnhNVyFQ="; peers = [ "vps3" "vps4" "vps5" ];
peers = [ "vps3" "vps4" "vps5" ]; };
}; };
}; vps3 = {
vps3 = { publicIPv4 = "134.255.181.139";
publicIPv4 = "134.255.181.139"; publicIPv6 = null;
publicIPv6 = null; wg = {
wg = { privateIP = "10.0.0.3";
privateIP = "10.0.0.3"; publicKey = "pdUxG1vhmYraKzIIEFxTRAMhGwGztBL/Ly5icJUV3g0=";
publicKey = "pdUxG1vhmYraKzIIEFxTRAMhGwGztBL/Ly5icJUV3g0="; peers = [ "vps1" "vps4" "vps5" "dns1" "dns2" ];
peers = [ "vps1" "vps4" "vps5" "dns1" "dns2" ]; };
}; };
}; vps4 = {
vps4 = { publicIPv4 = "195.201.147.17";
publicIPv4 = "195.201.147.17"; # somehow this doesnt quite work yet, keep it out of DNS records
# somehow this doesnt quite work yet, keep it out of DNS records #publicIPv6 = "2a01:4f8:1c1c:cb18::1";
#publicIPv6 = "2a01:4f8:1c1c:cb18::1"; publicIPv6 = null;
publicIPv6 = null; wg = {
wg = { privateIP = "10.0.0.4";
privateIP = "10.0.0.4"; publicKey = "+n2XKKaSFdCanEGRd41cvnuwJ0URY0HsnpBl6ZrSBRs=";
publicKey = "+n2XKKaSFdCanEGRd41cvnuwJ0URY0HsnpBl6ZrSBRs="; peers = [ "vps1" "vps3" "vps5" ];
peers = [ "vps1" "vps3" "vps5" ]; };
}; };
}; vps5 = {
vps5 = { publicIPv4 = "45.94.209.30";
publicIPv4 = "45.94.209.30"; publicIPv6 = null;
publicIPv6 = null; wg = {
wg = { privateIP = "10.0.0.5";
privateIP = "10.0.0.5"; publicKey = "r1cwt63fcOR+FTqMTUpZdK4/MxpalkDYRHXyy7osWUk=";
publicKey = "r1cwt63fcOR+FTqMTUpZdK4/MxpalkDYRHXyy7osWUk="; peers = [ "vps1" "vps3" "vps4" ];
peers = [ "vps1" "vps3" "vps4" ]; };
}; };
}; };
}; };
};
# If your Colmena host has nix configured to allow for remote builds # If your Colmena host has nix configured to allow for remote builds
# (for nix-daemon, your user being included in trusted-users) # (for nix-daemon, your user being included in trusted-users)
# you can set a machines file that will be passed to the underlying # you can set a machines file that will be passed to the underlying
# nix-store command during derivation realization as a builders option. # nix-store command during derivation realization as a builders option.
# For example, if you support multiple orginizations each with their own # For example, if you support multiple orginizations each with their own
# build machine(s) you can ensure that builds only take place on your # build machine(s) you can ensure that builds only take place on your
# local machine and/or the machines specified in this file. # local machine and/or the machines specified in this file.
# machinesFile = ./machines.client-a; # machinesFile = ./machines.client-a;
}; };
defaults = { pkgs, config, lib, ... }: { defaults = { pkgs, config, lib, ... }: {
# This module will be imported by all hosts # This module will be imported by all hosts

6
newinfra/nix/modules/default/default.nix
View file

@ -1,10 +1,14 @@
{ pkgs, lib, config, name, pretense, quotdd, ... }: { { pkgs, lib, config, name, pretense, quotdd, nixpkgs-path, ... }: {
deployment.targetHost = "${config.networking.hostName}.infra.noratrieb.dev"; deployment.targetHost = "${config.networking.hostName}.infra.noratrieb.dev";
imports = [ imports = [
"${builtins.fetchTarball "https://github.com/ryantm/agenix/archive/de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6.tar.gz"}/modules/age.nix" # main 2024-07-26 "${builtins.fetchTarball "https://github.com/ryantm/agenix/archive/de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6.tar.gz"}/modules/age.nix" # main 2024-07-26
]; ];
nix = {
nixPath = [ "nixpkgs=${nixpkgs-path}" ];
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
vim vim
wget wget