Compare commits
3 commits
33c0c52454
...
44fc1c6095
Author | SHA1 | Date | |
---|---|---|---|
44fc1c6095 | |||
aed54daa2b | |||
c0e392ae2a |
14 changed files with 146 additions and 95 deletions
|
@ -18,6 +18,10 @@
|
||||||
file = ./adguardhome-sync/environment.age;
|
file = ./adguardhome-sync/environment.age;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
forgejo-actions-token = {
|
||||||
|
file = ./forgejo-actions/token.age;
|
||||||
|
};
|
||||||
|
|
||||||
weewx-proxy-environment = {
|
weewx-proxy-environment = {
|
||||||
file = ./weewx-proxy/environment.age;
|
file = ./weewx-proxy/environment.age;
|
||||||
};
|
};
|
||||||
|
|
BIN
agenix/hosts/argon/forgejo-actions/token.age
Normal file
BIN
agenix/hosts/argon/forgejo-actions/token.age
Normal file
Binary file not shown.
|
@ -1,9 +1,10 @@
|
||||||
age-encryption.org/v1
|
age-encryption.org/v1
|
||||||
-> ssh-ed25519 MtGp6g j3LJbMvC+F+WI80vay1mUtT4AU/iPrVlJspYtDwL5WI
|
-> ssh-ed25519 MtGp6g jM+++wGqvWlj9wKwKdrS3d8xpwfLp1ks4GCh3sm/6zM
|
||||||
JllJKpMrJtNEF2Wjlt+FQZjt0HYg1jcM5Z23Nyr0JDQ
|
QkBPJf0lBF617AFcko4KA/Aq6mi6eMWp/ye2Abf2fKk
|
||||||
-> ssh-ed25519 iO8/4g M2tItsaOdbUwDrIR6CniYnQtmdgLBL31D/xdYI27DR4
|
-> ssh-ed25519 iO8/4g IGCdvdMB6PdiqxA9yamSUMCfH4Bk0JmtOuZt4WZrFGM
|
||||||
hdQhMFbQ88Qd0b9/yUqSCp0jmWBVTamHRHxvfzMKQd0
|
cz19imzpQAkWv+iCoUzBfMRC5D0yusCMQkROrjBhoJ0
|
||||||
-> a88u-grease %<;6}T6g dP%)[l 5M?k?Ff
|
-> PT|e-grease cJG6UW4o
|
||||||
66xUudBfSs81QpoQPElEtQ9W5IUdTpeO613+2nVdnOVb
|
4G+Rp2jt1sZbGLxuKl7DgX1wl1kaOhhEjkloCeaHg0lt6P7bmjcg++jh6hWs7MhO
|
||||||
--- +iZj/5A8YtvHw9xzvg95+S7aYwRvA87KYF8fsZyuORk
|
dMp8SKY9
|
||||||
ÿ§Zh§è#ÊÖÆ&BÕÓ÷îÈKe¡Z`×òŠýD$;TH,ß¡Àì³ÏÿÓL´×%à•ŒƒÈX©Høh$8‚€Ù³„)ÊŒ÷HàX<qã
|
--- VdFRpEBs74LJOqJNYwiGeb/wy/e7Wm+aFQnw3AI1pFw
|
||||||
|
r‹åkòBúx–µvŠ™aob""éh&éÅîb{ñÌH´òã,’×q¢·Ã RSm½¤ûÃTûo ¾hB•gdµ
÷?GÒ¼n0©î
|
42
flake.lock
42
flake.lock
|
@ -13,11 +13,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1690228878,
|
"lastModified": 1694734964,
|
||||||
"narHash": "sha256-9Xe7JV0krp4RJC9W9W9WutZVlw6BlHTFMiUP/k48LQY=",
|
"narHash": "sha256-FvBMAbl6EMFVODzgaEwQ9z7tfGMQvDeyc0YZ5ArPYPE=",
|
||||||
"owner": "ryantm",
|
"owner": "ryantm",
|
||||||
"repo": "agenix",
|
"repo": "agenix",
|
||||||
"rev": "d8c973fd228949736dedf61b7f8cc1ece3236792",
|
"rev": "20deb735cc405831ba04a0088fecb3887aa255c0",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -109,11 +109,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1694511957,
|
"lastModified": 1694763556,
|
||||||
"narHash": "sha256-teCLY68npc0nuyOHYJURLuJSOME0yotJI29WXcpF1E4=",
|
"narHash": "sha256-csMoysn8NrVAaPuhAB64nRd4CeH+yXEdFcYf04vFfw0=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "disko",
|
"repo": "disko",
|
||||||
"rev": "be98cffef02e5ebf438ea80b34b86e669c48eff1",
|
"rev": "8aa6ec5ff220f1d9749d636dbeb46ec929f112dc",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -300,11 +300,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1694585439,
|
"lastModified": 1694643239,
|
||||||
"narHash": "sha256-70BlfEsdURx5f8sioj8JuM+R4/SZFyE8UYrULMknxlI=",
|
"narHash": "sha256-pv2k/5FvyirDE8g4TNehzwZ0T4UOMMmqWSQnM/luRtE=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "a0ddf43b6268f1717afcda54133dea30435eb178",
|
"rev": "d9b88b43524db1591fb3d9410a21428198d75d49",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -323,11 +323,11 @@
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"dir": "contrib",
|
"dir": "contrib",
|
||||||
"lastModified": 1694591514,
|
"lastModified": 1694764612,
|
||||||
"narHash": "sha256-IFWKN1v8f+Nq16YKI7/Bn68s+7xD3Sl5VgWEEjVKwLo=",
|
"narHash": "sha256-ESl/NMxS8ld9IU0prayYTATEqxBdj4D3BrXwUiTY2IY=",
|
||||||
"owner": "neovim",
|
"owner": "neovim",
|
||||||
"repo": "neovim",
|
"repo": "neovim",
|
||||||
"rev": "4607807f9fcb83d4e183f6f67e705ffd7f451077",
|
"rev": "a6e4793bafa0edda2ef5e948cd071dc9626688d8",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -346,11 +346,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1694593224,
|
"lastModified": 1694766001,
|
||||||
"narHash": "sha256-Ik4E8fER3sbpkbFJUErN63PNkKUMNcmsQIg2a2OkRkw=",
|
"narHash": "sha256-vzleD8ZNZ6juhR8Uivadh4V47Iqd0qDVNNTXArCeIwQ=",
|
||||||
"owner": "nifoc",
|
"owner": "nifoc",
|
||||||
"repo": "nix-overlay",
|
"repo": "nix-overlay",
|
||||||
"rev": "4e541b5cbce5a26ac02c4dda5683204f8d5cf525",
|
"rev": "e568419bda1ed080c30d6f91f68ea24edb3fb300",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -381,11 +381,11 @@
|
||||||
},
|
},
|
||||||
"nixos-hardware": {
|
"nixos-hardware": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1694591211,
|
"lastModified": 1694710316,
|
||||||
"narHash": "sha256-NPP7XGZH+Q5ey7nE2zGLrBrzKmLYPhj8YgsTSdhH0D4=",
|
"narHash": "sha256-uRh46iIC86D8BD1wCDA5gRrt+hslUXiD0kx/UjnjBcs=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixos-hardware",
|
"repo": "nixos-hardware",
|
||||||
"rev": "3ccd87fcdae4732fe33773cefa4375c641a057e7",
|
"rev": "570256327eb6ca6f7bebe8d93af49459092a0c43",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -397,11 +397,11 @@
|
||||||
},
|
},
|
||||||
"nixos-unstable": {
|
"nixos-unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1694422566,
|
"lastModified": 1694669921,
|
||||||
"narHash": "sha256-lHJ+A9esOz9vln/3CJG23FV6Wd2OoOFbDeEs4cMGMqc=",
|
"narHash": "sha256-6ESpJ6FsftHV96JO/zn6je07tyV2dlLR7SdLsmkegTY=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "3a2786eea085f040a66ecde1bc3ddc7099f6dbeb",
|
"rev": "f2ea252d23ebc9a5336bf6a61e0644921f64e67c",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -30,23 +30,23 @@ in
|
||||||
};
|
};
|
||||||
nvim-web-devicons = buildVimPluginFrom2Nix {
|
nvim-web-devicons = buildVimPluginFrom2Nix {
|
||||||
pname = "nvim-web-devicons";
|
pname = "nvim-web-devicons";
|
||||||
version = "2023-09-11";
|
version = "2023-09-15";
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "kyazdani42";
|
owner = "kyazdani42";
|
||||||
repo = "nvim-web-devicons";
|
repo = "nvim-web-devicons";
|
||||||
rev = "925e2aa30dc9fe9332060199c19f132ec0f3d493";
|
rev = "973ab742f143a796a779af4d786ec409116a0d87";
|
||||||
sha256 = "0i2ixmmapld2j681z606g00ws17vwzmpb0cxvbzsx9bqhap3qgzr";
|
sha256 = "1fmvym6ryxmff5559s6aw6nv4h5cgz2lnkjnhzbwws4iryvc90zl";
|
||||||
fetchSubmodules = false;
|
fetchSubmodules = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
wezterm-nvim = buildVimPluginFrom2Nix {
|
wezterm-nvim = buildVimPluginFrom2Nix {
|
||||||
pname = "wezterm.nvim";
|
pname = "wezterm.nvim";
|
||||||
version = "2023-09-13";
|
version = "2023-09-14";
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "willothy";
|
owner = "willothy";
|
||||||
repo = "wezterm.nvim";
|
repo = "wezterm.nvim";
|
||||||
rev = "4d626e4d868a8c53b8a787f50d2fd533673e864f";
|
rev = "cdce700a688735c594a4978a4ea31801f4354fcb";
|
||||||
sha256 = "0i061n9sr3lb3gsymz9a7amv667vq1kqczvwmx8i4711k272raz7";
|
sha256 = "044g9pvwbs88s02f131nvzd69v4c9lw4vavjp37h267y292msbyp";
|
||||||
fetchSubmodules = false;
|
fetchSubmodules = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -118,12 +118,12 @@ in
|
||||||
};
|
};
|
||||||
nvim-treesitter = buildVimPluginFrom2Nix {
|
nvim-treesitter = buildVimPluginFrom2Nix {
|
||||||
pname = "nvim-treesitter";
|
pname = "nvim-treesitter";
|
||||||
version = "2023-09-13";
|
version = "2023-09-15";
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "nvim-treesitter";
|
owner = "nvim-treesitter";
|
||||||
repo = "nvim-treesitter";
|
repo = "nvim-treesitter";
|
||||||
rev = "9ab4e9cc8989e3811b14897cd0eb21ae35e5541e";
|
rev = "48b237fd3f482aef2f5896b8b7a6ece71c19ad99";
|
||||||
sha256 = "1jd3wylb9ibd0pylpmpzhir9290qmmx5gradqxd5vvarr5wvpzak";
|
sha256 = "1vwrz7w2bwd9m0mj2w9w1gpxjqx6z0rg5zs2ciglghfqjgnwvdhg";
|
||||||
fetchSubmodules = false;
|
fetchSubmodules = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -162,12 +162,12 @@ in
|
||||||
};
|
};
|
||||||
telescope-nvim = buildVimPluginFrom2Nix {
|
telescope-nvim = buildVimPluginFrom2Nix {
|
||||||
pname = "telescope.nvim";
|
pname = "telescope.nvim";
|
||||||
version = "2023-09-10";
|
version = "2023-09-14";
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "nvim-telescope";
|
owner = "nvim-telescope";
|
||||||
repo = "telescope.nvim";
|
repo = "telescope.nvim";
|
||||||
rev = "a19770625aed49ad2a9f591a5e3946707f7359f6";
|
rev = "59812c26d826e8c717e29406267ea1260f71e103";
|
||||||
sha256 = "13r2bbmylh9n5yqmc8mff669w6c4wx0j20xiy4sx2cdmfj089a9k";
|
sha256 = "1c5gs74pajsmdq99g6qfzk7vbp1pl6milxy33zrj2mi3d5hqqwwa";
|
||||||
fetchSubmodules = false;
|
fetchSubmodules = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -242,23 +242,23 @@ in
|
||||||
};
|
};
|
||||||
nvim-lspconfig = buildVimPluginFrom2Nix {
|
nvim-lspconfig = buildVimPluginFrom2Nix {
|
||||||
pname = "nvim-lspconfig";
|
pname = "nvim-lspconfig";
|
||||||
version = "2023-09-12";
|
version = "2023-09-15";
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "neovim";
|
owner = "neovim";
|
||||||
repo = "nvim-lspconfig";
|
repo = "nvim-lspconfig";
|
||||||
rev = "360a895125ac4f39df6aa8f763635eff07e69fff";
|
rev = "cc388d3f6b9c7c943ae2b2dcd46ad470fd257f91";
|
||||||
sha256 = "0sy9w8bl46i9krikxkbnsryrnnccji2hrw29k3ccihnn8nrxwvsl";
|
sha256 = "0xw1xya93qks2azp0rg2k7fyg2ak31c3z897af9d3lx0nrhy31xs";
|
||||||
fetchSubmodules = false;
|
fetchSubmodules = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
nvim-jdtls = buildVimPluginFrom2Nix {
|
nvim-jdtls = buildVimPluginFrom2Nix {
|
||||||
pname = "nvim-jdtls";
|
pname = "nvim-jdtls";
|
||||||
version = "2023-08-01";
|
version = "2023-09-14";
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "mfussenegger";
|
owner = "mfussenegger";
|
||||||
repo = "nvim-jdtls";
|
repo = "nvim-jdtls";
|
||||||
rev = "095dc490f362adc85be66dc14bd9665ddd94413b";
|
rev = "697b39e3db0e0d0ce9ee4c2df506a4e0386af6c2";
|
||||||
sha256 = "02b1kqfmj03snmvjd1z1piklihxq2n0w7rpdchaf6ylqh0arka7h";
|
sha256 = "0iaccv986r4z1lmfih24dk2ls501bfqw3n7z4h0mwbf7xqm9jml3";
|
||||||
fetchSubmodules = false;
|
fetchSubmodules = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -297,12 +297,12 @@ in
|
||||||
};
|
};
|
||||||
nvim-lint = buildVimPluginFrom2Nix {
|
nvim-lint = buildVimPluginFrom2Nix {
|
||||||
pname = "nvim-lint";
|
pname = "nvim-lint";
|
||||||
version = "2023-09-07";
|
version = "2023-09-14";
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "mfussenegger";
|
owner = "mfussenegger";
|
||||||
repo = "nvim-lint";
|
repo = "nvim-lint";
|
||||||
rev = "73682da41b74c9c35f33b1b2dbd0cc02cc59452f";
|
rev = "12517fb62b9760053b3edebc0b03308921a30f5c";
|
||||||
sha256 = "061x7p90p1nmjf2fs4alrgyj0w0v8w6kbg2n86q2khl40w522ihk";
|
sha256 = "1qsn5ziprl8wz606rjpri18i25hdsc12b39w4xb2nqkxwx3hdi2l";
|
||||||
fetchSubmodules = false;
|
fetchSubmodules = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -87,6 +87,8 @@ in
|
||||||
|
|
||||||
"agenix/hosts/argon/acme/credentials.age".publicKeys = argon;
|
"agenix/hosts/argon/acme/credentials.age".publicKeys = argon;
|
||||||
|
|
||||||
|
"agenix/hosts/argon/forgejo-actions/token.age".publicKeys = argon;
|
||||||
|
|
||||||
"agenix/hosts/argon/tailscale/authkey.age".publicKeys = argon;
|
"agenix/hosts/argon/tailscale/authkey.age".publicKeys = argon;
|
||||||
|
|
||||||
"agenix/hosts/argon/adguardhome-sync/environment.age".publicKeys = argon;
|
"agenix/hosts/argon/adguardhome-sync/environment.age".publicKeys = argon;
|
||||||
|
|
|
@ -22,6 +22,8 @@ in
|
||||||
|
|
||||||
../nixos/attic.nix
|
../nixos/attic.nix
|
||||||
|
|
||||||
|
(import ../nixos/forgejo-runner.nix (args // { name = "argon"; tag = "ubuntu-latest-arm64"; }))
|
||||||
|
|
||||||
../nixos/tailscale.nix
|
../nixos/tailscale.nix
|
||||||
|
|
||||||
../nixos/unbound.nix
|
../nixos/unbound.nix
|
||||||
|
@ -45,12 +47,14 @@ in
|
||||||
|
|
||||||
substituters = [
|
substituters = [
|
||||||
"https://attic.cache.daniel.sx/nifoc-systems"
|
"https://attic.cache.daniel.sx/nifoc-systems"
|
||||||
|
"https://attic.cache.daniel.sx/nifoc-ci"
|
||||||
"https://nifoc.cachix.org"
|
"https://nifoc.cachix.org"
|
||||||
"https://nix-community.cachix.org"
|
"https://nix-community.cachix.org"
|
||||||
];
|
];
|
||||||
|
|
||||||
trusted-public-keys = [
|
trusted-public-keys = [
|
||||||
"nifoc-systems:eDDqVP5BFR6/1KvXbF9oUL8JahDdmbrsYtxlQ57LOTU="
|
"nifoc-systems:eDDqVP5BFR6/1KvXbF9oUL8JahDdmbrsYtxlQ57LOTU="
|
||||||
|
"nifoc-ci:JpD9zqVQi8JuS7B8htPDOQZh08rhInMnGFS9RVhiuwk="
|
||||||
"nifoc.cachix.org-1:ymuftq7RgN/lf/iWXFK8gpwDSAGFaGBeliWe9u6q8II="
|
"nifoc.cachix.org-1:ymuftq7RgN/lf/iWXFK8gpwDSAGFaGBeliWe9u6q8II="
|
||||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||||
];
|
];
|
||||||
|
|
|
@ -33,6 +33,7 @@ in
|
||||||
../nixos/fedifetcher.nix
|
../nixos/fedifetcher.nix
|
||||||
|
|
||||||
../nixos/forgejo.nix
|
../nixos/forgejo.nix
|
||||||
|
(import ../nixos/forgejo-runner.nix (args // { name = "tanker"; tag = "ubuntu-latest-amd64"; }))
|
||||||
|
|
||||||
(import ../nixos/home-proxy.nix (args // { inherit secret; }))
|
(import ../nixos/home-proxy.nix (args // { inherit secret; }))
|
||||||
|
|
||||||
|
@ -72,12 +73,14 @@ in
|
||||||
|
|
||||||
substituters = [
|
substituters = [
|
||||||
"https://attic.cache.daniel.sx/nifoc-systems"
|
"https://attic.cache.daniel.sx/nifoc-systems"
|
||||||
|
"https://attic.cache.daniel.sx/nifoc-ci"
|
||||||
"https://nifoc.cachix.org"
|
"https://nifoc.cachix.org"
|
||||||
"https://nix-community.cachix.org"
|
"https://nix-community.cachix.org"
|
||||||
];
|
];
|
||||||
|
|
||||||
trusted-public-keys = [
|
trusted-public-keys = [
|
||||||
"nifoc-systems:eDDqVP5BFR6/1KvXbF9oUL8JahDdmbrsYtxlQ57LOTU="
|
"nifoc-systems:eDDqVP5BFR6/1KvXbF9oUL8JahDdmbrsYtxlQ57LOTU="
|
||||||
|
"nifoc-ci:JpD9zqVQi8JuS7B8htPDOQZh08rhInMnGFS9RVhiuwk="
|
||||||
"nifoc.cachix.org-1:ymuftq7RgN/lf/iWXFK8gpwDSAGFaGBeliWe9u6q8II="
|
"nifoc.cachix.org-1:ymuftq7RgN/lf/iWXFK8gpwDSAGFaGBeliWe9u6q8II="
|
||||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||||
];
|
];
|
||||||
|
@ -109,10 +112,6 @@ in
|
||||||
hostName = "tanker";
|
hostName = "tanker";
|
||||||
hostId = "d89f488a";
|
hostId = "d89f488a";
|
||||||
useNetworkd = true;
|
useNetworkd = true;
|
||||||
|
|
||||||
extraHosts = ''
|
|
||||||
127.0.0.1 attic.cache.daniel.sx
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd = {
|
systemd = {
|
||||||
|
|
24
system/nixos/forgejo-runner.nix
Normal file
24
system/nixos/forgejo-runner.nix
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
{ pkgs, config, name, tag, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
forgejoUrl = "https://git.kempkens.io";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
services.gitea-actions-runner = {
|
||||||
|
package = pkgs.forgejo-actions-runner;
|
||||||
|
|
||||||
|
instances = {
|
||||||
|
tanker = {
|
||||||
|
enable = true;
|
||||||
|
url = forgejoUrl;
|
||||||
|
|
||||||
|
inherit name;
|
||||||
|
tokenFile = config.age.secrets.forgejo-actions-token.path;
|
||||||
|
|
||||||
|
labels = [
|
||||||
|
"${tag}:docker://ghcr.io/catthehacker/ubuntu:act-latest"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,4 +1,4 @@
|
||||||
{ pkgs, config, ... }:
|
{ pkgs, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
fqdn = "git.kempkens.io";
|
fqdn = "git.kempkens.io";
|
||||||
|
@ -24,6 +24,7 @@ in
|
||||||
PROTOCOL = "http+unix";
|
PROTOCOL = "http+unix";
|
||||||
DOMAIN = fqdn;
|
DOMAIN = fqdn;
|
||||||
ROOT_URL = "https://${fqdn}/";
|
ROOT_URL = "https://${fqdn}/";
|
||||||
|
LANDING_PAGE = "explore";
|
||||||
};
|
};
|
||||||
|
|
||||||
service = {
|
service = {
|
||||||
|
@ -42,35 +43,13 @@ in
|
||||||
SAME_SITE = "strict";
|
SAME_SITE = "strict";
|
||||||
};
|
};
|
||||||
|
|
||||||
repository = {
|
|
||||||
DISABLE_HTTP_GIT = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
actions = {
|
actions = {
|
||||||
ENABLED = true;
|
ENABLED = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
other = {
|
other = {
|
||||||
SHOW_FOOTER_VERSION = false;
|
SHOW_FOOTER_VERSION = false;
|
||||||
};
|
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
gitea-actions-runner = {
|
|
||||||
package = pkgs.forgejo-actions-runner;
|
|
||||||
|
|
||||||
instances = {
|
|
||||||
tanker = {
|
|
||||||
enable = true;
|
|
||||||
url = "https://${fqdn}";
|
|
||||||
|
|
||||||
name = "tanker";
|
|
||||||
tokenFile = config.age.secrets.forgejo-actions-token.path;
|
|
||||||
|
|
||||||
labels = [
|
|
||||||
"debian-bullseye:docker://node:18-bullseye"
|
|
||||||
"debian-bookworm:docker://node:18-bookworm"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
{ lib, config, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
services.nginx.virtualHosts."default.internal.kempkens.network" = {
|
services.nginx.virtualHosts."default.internal.kempkens.network" = {
|
||||||
listen = [
|
listen = [
|
||||||
|
@ -34,4 +36,20 @@
|
||||||
return = "418";
|
return = "418";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
networking.firewall.interfaces =
|
||||||
|
let
|
||||||
|
interfaces = lib.mapAttrsToList (_: lib.attrsets.attrByPath [ "matchConfig" "Name" ] null) config.systemd.network.networks ++ [ "tailscale0" ];
|
||||||
|
in
|
||||||
|
builtins.listToAttrs
|
||||||
|
(builtins.map
|
||||||
|
(iface:
|
||||||
|
{
|
||||||
|
name = iface;
|
||||||
|
value = {
|
||||||
|
allowedTCPPorts = [ 80 443 ];
|
||||||
|
allowedUDPPorts = [ 443 ];
|
||||||
|
};
|
||||||
|
})
|
||||||
|
(builtins.filter builtins.isString interfaces));
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
{ lib, config, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
services.nginx.virtualHosts."default.internal.kempkens.network" = {
|
services.nginx.virtualHosts."default.internal.kempkens.network" = {
|
||||||
listen = [
|
listen = [
|
||||||
|
@ -34,4 +36,20 @@
|
||||||
return = "418";
|
return = "418";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
networking.firewall.interfaces =
|
||||||
|
let
|
||||||
|
interfaces = lib.mapAttrsToList (_: lib.attrsets.attrByPath [ "matchConfig" "Name" ] null) config.systemd.network.networks ++ [ "tailscale0" ];
|
||||||
|
in
|
||||||
|
builtins.listToAttrs
|
||||||
|
(builtins.map
|
||||||
|
(iface:
|
||||||
|
{
|
||||||
|
name = iface;
|
||||||
|
value = {
|
||||||
|
allowedTCPPorts = [ 80 443 ];
|
||||||
|
allowedUDPPorts = [ 443 ];
|
||||||
|
};
|
||||||
|
})
|
||||||
|
(builtins.filter builtins.isString interfaces));
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
{ lib, config, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
services.nginx.virtualHosts."default.kempkens.io" = {
|
services.nginx.virtualHosts."default.kempkens.io" = {
|
||||||
listen = [
|
listen = [
|
||||||
|
@ -34,4 +36,20 @@
|
||||||
return = "418";
|
return = "418";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
networking.firewall.interfaces =
|
||||||
|
let
|
||||||
|
interfaces = lib.mapAttrsToList (_: lib.attrsets.attrByPath [ "matchConfig" "Name" ] null) config.systemd.network.networks ++ [ "tailscale0" ];
|
||||||
|
in
|
||||||
|
builtins.listToAttrs
|
||||||
|
(builtins.map
|
||||||
|
(iface:
|
||||||
|
{
|
||||||
|
name = iface;
|
||||||
|
value = {
|
||||||
|
allowedTCPPorts = [ 80 443 ];
|
||||||
|
allowedUDPPorts = [ 443 ];
|
||||||
|
};
|
||||||
|
})
|
||||||
|
(builtins.filter builtins.isString interfaces));
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ pkgs, lib, config, ... }:
|
{ pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
|
@ -25,20 +25,4 @@
|
||||||
access_log /var/log/nginx/access.log combined_anon buffer=32k flush=5m;
|
access_log /var/log/nginx/access.log combined_anon buffer=32k flush=5m;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.firewall.interfaces =
|
|
||||||
let
|
|
||||||
interfaces = lib.mapAttrsToList (_: lib.attrsets.attrByPath [ "matchConfig" "Name" ] null) config.systemd.network.networks ++ [ "tailscale0" ];
|
|
||||||
in
|
|
||||||
builtins.listToAttrs
|
|
||||||
(builtins.map
|
|
||||||
(iface:
|
|
||||||
{
|
|
||||||
name = iface;
|
|
||||||
value = {
|
|
||||||
allowedTCPPorts = [ 80 443 ];
|
|
||||||
allowedUDPPorts = [ 443 ];
|
|
||||||
};
|
|
||||||
})
|
|
||||||
(builtins.filter builtins.isString interfaces));
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue