1
0
Fork 0

Compare commits

...

3 commits

14 changed files with 146 additions and 95 deletions

View file

@ -18,6 +18,10 @@
file = ./adguardhome-sync/environment.age;
};
forgejo-actions-token = {
file = ./forgejo-actions/token.age;
};
weewx-proxy-environment = {
file = ./weewx-proxy/environment.age;
};

Binary file not shown.

View file

@ -1,9 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g j3LJbMvC+F+WI80vay1mUtT4AU/iPrVlJspYtDwL5WI
JllJKpMrJtNEF2Wjlt+FQZjt0HYg1jcM5Z23Nyr0JDQ
-> ssh-ed25519 iO8/4g M2tItsaOdbUwDrIR6CniYnQtmdgLBL31D/xdYI27DR4
hdQhMFbQ88Qd0b9/yUqSCp0jmWBVTamHRHxvfzMKQd0
-> a88u-grease %<;6}T6g dP%)[l 5M?k?Ff
66xUudBfSs81QpoQPElEtQ9W5IUdTpeO613+2nVdnOVb
--- +iZj/5A8YtvHw9xzvg95+S7aYwRvA87KYF8fsZyuORk
ÿ§Zh§è#ÊÖÆ&BÕÓ÷îÈKe¡Z`×òŠýD$;TH¡Àì³ÏÿÓL´×% à•ŒƒÈX©Høh$8€Ù³„)ÊŒ÷HàX<qã
-> ssh-ed25519 MtGp6g jM+++wGqvWlj9wKwKdrS3d8xpwfLp1ks4GCh3sm/6zM
QkBPJf0lBF617AFcko4KA/Aq6mi6eMWp/ye2Abf2fKk
-> ssh-ed25519 iO8/4g IGCdvdMB6PdiqxA9yamSUMCfH4Bk0JmtOuZt4WZrFGM
cz19imzpQAkWv+iCoUzBfMRC5D0yusCMQkROrjBhoJ0
-> PT|e-grease cJG6UW4o
4G+Rp2jt1sZbGLxuKl7DgX1wl1kaOhhEjkloCeaHg0lt6P7bmjcg++jh6hWs7MhO
dMp8SKY9
--- VdFRpEBs74LJOqJNYwiGeb/wy/e7Wm+aFQnw3AI1pFw
r åkòBúxµvŠ™a ob""éh&éÅîb{ñÌH´òã,×q¢·Ã RSm½¤ûÃTûo ¾hB•gdµ ÷?GÒ¼n0©î

View file

@ -13,11 +13,11 @@
]
},
"locked": {
"lastModified": 1690228878,
"narHash": "sha256-9Xe7JV0krp4RJC9W9W9WutZVlw6BlHTFMiUP/k48LQY=",
"lastModified": 1694734964,
"narHash": "sha256-FvBMAbl6EMFVODzgaEwQ9z7tfGMQvDeyc0YZ5ArPYPE=",
"owner": "ryantm",
"repo": "agenix",
"rev": "d8c973fd228949736dedf61b7f8cc1ece3236792",
"rev": "20deb735cc405831ba04a0088fecb3887aa255c0",
"type": "github"
},
"original": {
@ -109,11 +109,11 @@
]
},
"locked": {
"lastModified": 1694511957,
"narHash": "sha256-teCLY68npc0nuyOHYJURLuJSOME0yotJI29WXcpF1E4=",
"lastModified": 1694763556,
"narHash": "sha256-csMoysn8NrVAaPuhAB64nRd4CeH+yXEdFcYf04vFfw0=",
"owner": "nix-community",
"repo": "disko",
"rev": "be98cffef02e5ebf438ea80b34b86e669c48eff1",
"rev": "8aa6ec5ff220f1d9749d636dbeb46ec929f112dc",
"type": "github"
},
"original": {
@ -300,11 +300,11 @@
]
},
"locked": {
"lastModified": 1694585439,
"narHash": "sha256-70BlfEsdURx5f8sioj8JuM+R4/SZFyE8UYrULMknxlI=",
"lastModified": 1694643239,
"narHash": "sha256-pv2k/5FvyirDE8g4TNehzwZ0T4UOMMmqWSQnM/luRtE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "a0ddf43b6268f1717afcda54133dea30435eb178",
"rev": "d9b88b43524db1591fb3d9410a21428198d75d49",
"type": "github"
},
"original": {
@ -323,11 +323,11 @@
},
"locked": {
"dir": "contrib",
"lastModified": 1694591514,
"narHash": "sha256-IFWKN1v8f+Nq16YKI7/Bn68s+7xD3Sl5VgWEEjVKwLo=",
"lastModified": 1694764612,
"narHash": "sha256-ESl/NMxS8ld9IU0prayYTATEqxBdj4D3BrXwUiTY2IY=",
"owner": "neovim",
"repo": "neovim",
"rev": "4607807f9fcb83d4e183f6f67e705ffd7f451077",
"rev": "a6e4793bafa0edda2ef5e948cd071dc9626688d8",
"type": "github"
},
"original": {
@ -346,11 +346,11 @@
]
},
"locked": {
"lastModified": 1694593224,
"narHash": "sha256-Ik4E8fER3sbpkbFJUErN63PNkKUMNcmsQIg2a2OkRkw=",
"lastModified": 1694766001,
"narHash": "sha256-vzleD8ZNZ6juhR8Uivadh4V47Iqd0qDVNNTXArCeIwQ=",
"owner": "nifoc",
"repo": "nix-overlay",
"rev": "4e541b5cbce5a26ac02c4dda5683204f8d5cf525",
"rev": "e568419bda1ed080c30d6f91f68ea24edb3fb300",
"type": "github"
},
"original": {
@ -381,11 +381,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1694591211,
"narHash": "sha256-NPP7XGZH+Q5ey7nE2zGLrBrzKmLYPhj8YgsTSdhH0D4=",
"lastModified": 1694710316,
"narHash": "sha256-uRh46iIC86D8BD1wCDA5gRrt+hslUXiD0kx/UjnjBcs=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "3ccd87fcdae4732fe33773cefa4375c641a057e7",
"rev": "570256327eb6ca6f7bebe8d93af49459092a0c43",
"type": "github"
},
"original": {
@ -397,11 +397,11 @@
},
"nixos-unstable": {
"locked": {
"lastModified": 1694422566,
"narHash": "sha256-lHJ+A9esOz9vln/3CJG23FV6Wd2OoOFbDeEs4cMGMqc=",
"lastModified": 1694669921,
"narHash": "sha256-6ESpJ6FsftHV96JO/zn6je07tyV2dlLR7SdLsmkegTY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3a2786eea085f040a66ecde1bc3ddc7099f6dbeb",
"rev": "f2ea252d23ebc9a5336bf6a61e0644921f64e67c",
"type": "github"
},
"original": {

View file

@ -30,23 +30,23 @@ in
};
nvim-web-devicons = buildVimPluginFrom2Nix {
pname = "nvim-web-devicons";
version = "2023-09-11";
version = "2023-09-15";
src = fetchFromGitHub {
owner = "kyazdani42";
repo = "nvim-web-devicons";
rev = "925e2aa30dc9fe9332060199c19f132ec0f3d493";
sha256 = "0i2ixmmapld2j681z606g00ws17vwzmpb0cxvbzsx9bqhap3qgzr";
rev = "973ab742f143a796a779af4d786ec409116a0d87";
sha256 = "1fmvym6ryxmff5559s6aw6nv4h5cgz2lnkjnhzbwws4iryvc90zl";
fetchSubmodules = false;
};
};
wezterm-nvim = buildVimPluginFrom2Nix {
pname = "wezterm.nvim";
version = "2023-09-13";
version = "2023-09-14";
src = fetchFromGitHub {
owner = "willothy";
repo = "wezterm.nvim";
rev = "4d626e4d868a8c53b8a787f50d2fd533673e864f";
sha256 = "0i061n9sr3lb3gsymz9a7amv667vq1kqczvwmx8i4711k272raz7";
rev = "cdce700a688735c594a4978a4ea31801f4354fcb";
sha256 = "044g9pvwbs88s02f131nvzd69v4c9lw4vavjp37h267y292msbyp";
fetchSubmodules = false;
};
};
@ -118,12 +118,12 @@ in
};
nvim-treesitter = buildVimPluginFrom2Nix {
pname = "nvim-treesitter";
version = "2023-09-13";
version = "2023-09-15";
src = fetchFromGitHub {
owner = "nvim-treesitter";
repo = "nvim-treesitter";
rev = "9ab4e9cc8989e3811b14897cd0eb21ae35e5541e";
sha256 = "1jd3wylb9ibd0pylpmpzhir9290qmmx5gradqxd5vvarr5wvpzak";
rev = "48b237fd3f482aef2f5896b8b7a6ece71c19ad99";
sha256 = "1vwrz7w2bwd9m0mj2w9w1gpxjqx6z0rg5zs2ciglghfqjgnwvdhg";
fetchSubmodules = false;
};
};
@ -162,12 +162,12 @@ in
};
telescope-nvim = buildVimPluginFrom2Nix {
pname = "telescope.nvim";
version = "2023-09-10";
version = "2023-09-14";
src = fetchFromGitHub {
owner = "nvim-telescope";
repo = "telescope.nvim";
rev = "a19770625aed49ad2a9f591a5e3946707f7359f6";
sha256 = "13r2bbmylh9n5yqmc8mff669w6c4wx0j20xiy4sx2cdmfj089a9k";
rev = "59812c26d826e8c717e29406267ea1260f71e103";
sha256 = "1c5gs74pajsmdq99g6qfzk7vbp1pl6milxy33zrj2mi3d5hqqwwa";
fetchSubmodules = false;
};
};
@ -242,23 +242,23 @@ in
};
nvim-lspconfig = buildVimPluginFrom2Nix {
pname = "nvim-lspconfig";
version = "2023-09-12";
version = "2023-09-15";
src = fetchFromGitHub {
owner = "neovim";
repo = "nvim-lspconfig";
rev = "360a895125ac4f39df6aa8f763635eff07e69fff";
sha256 = "0sy9w8bl46i9krikxkbnsryrnnccji2hrw29k3ccihnn8nrxwvsl";
rev = "cc388d3f6b9c7c943ae2b2dcd46ad470fd257f91";
sha256 = "0xw1xya93qks2azp0rg2k7fyg2ak31c3z897af9d3lx0nrhy31xs";
fetchSubmodules = false;
};
};
nvim-jdtls = buildVimPluginFrom2Nix {
pname = "nvim-jdtls";
version = "2023-08-01";
version = "2023-09-14";
src = fetchFromGitHub {
owner = "mfussenegger";
repo = "nvim-jdtls";
rev = "095dc490f362adc85be66dc14bd9665ddd94413b";
sha256 = "02b1kqfmj03snmvjd1z1piklihxq2n0w7rpdchaf6ylqh0arka7h";
rev = "697b39e3db0e0d0ce9ee4c2df506a4e0386af6c2";
sha256 = "0iaccv986r4z1lmfih24dk2ls501bfqw3n7z4h0mwbf7xqm9jml3";
fetchSubmodules = false;
};
};
@ -297,12 +297,12 @@ in
};
nvim-lint = buildVimPluginFrom2Nix {
pname = "nvim-lint";
version = "2023-09-07";
version = "2023-09-14";
src = fetchFromGitHub {
owner = "mfussenegger";
repo = "nvim-lint";
rev = "73682da41b74c9c35f33b1b2dbd0cc02cc59452f";
sha256 = "061x7p90p1nmjf2fs4alrgyj0w0v8w6kbg2n86q2khl40w522ihk";
rev = "12517fb62b9760053b3edebc0b03308921a30f5c";
sha256 = "1qsn5ziprl8wz606rjpri18i25hdsc12b39w4xb2nqkxwx3hdi2l";
fetchSubmodules = false;
};
};

View file

@ -87,6 +87,8 @@ in
"agenix/hosts/argon/acme/credentials.age".publicKeys = argon;
"agenix/hosts/argon/forgejo-actions/token.age".publicKeys = argon;
"agenix/hosts/argon/tailscale/authkey.age".publicKeys = argon;
"agenix/hosts/argon/adguardhome-sync/environment.age".publicKeys = argon;

View file

@ -22,6 +22,8 @@ in
../nixos/attic.nix
(import ../nixos/forgejo-runner.nix (args // { name = "argon"; tag = "ubuntu-latest-arm64"; }))
../nixos/tailscale.nix
../nixos/unbound.nix
@ -45,12 +47,14 @@ in
substituters = [
"https://attic.cache.daniel.sx/nifoc-systems"
"https://attic.cache.daniel.sx/nifoc-ci"
"https://nifoc.cachix.org"
"https://nix-community.cachix.org"
];
trusted-public-keys = [
"nifoc-systems:eDDqVP5BFR6/1KvXbF9oUL8JahDdmbrsYtxlQ57LOTU="
"nifoc-ci:JpD9zqVQi8JuS7B8htPDOQZh08rhInMnGFS9RVhiuwk="
"nifoc.cachix.org-1:ymuftq7RgN/lf/iWXFK8gpwDSAGFaGBeliWe9u6q8II="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];

View file

@ -33,6 +33,7 @@ in
../nixos/fedifetcher.nix
../nixos/forgejo.nix
(import ../nixos/forgejo-runner.nix (args // { name = "tanker"; tag = "ubuntu-latest-amd64"; }))
(import ../nixos/home-proxy.nix (args // { inherit secret; }))
@ -72,12 +73,14 @@ in
substituters = [
"https://attic.cache.daniel.sx/nifoc-systems"
"https://attic.cache.daniel.sx/nifoc-ci"
"https://nifoc.cachix.org"
"https://nix-community.cachix.org"
];
trusted-public-keys = [
"nifoc-systems:eDDqVP5BFR6/1KvXbF9oUL8JahDdmbrsYtxlQ57LOTU="
"nifoc-ci:JpD9zqVQi8JuS7B8htPDOQZh08rhInMnGFS9RVhiuwk="
"nifoc.cachix.org-1:ymuftq7RgN/lf/iWXFK8gpwDSAGFaGBeliWe9u6q8II="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
@ -109,10 +112,6 @@ in
hostName = "tanker";
hostId = "d89f488a";
useNetworkd = true;
extraHosts = ''
127.0.0.1 attic.cache.daniel.sx
'';
};
systemd = {

View file

@ -0,0 +1,24 @@
{ pkgs, config, name, tag, ... }:
let
forgejoUrl = "https://git.kempkens.io";
in
{
services.gitea-actions-runner = {
package = pkgs.forgejo-actions-runner;
instances = {
tanker = {
enable = true;
url = forgejoUrl;
inherit name;
tokenFile = config.age.secrets.forgejo-actions-token.path;
labels = [
"${tag}:docker://ghcr.io/catthehacker/ubuntu:act-latest"
];
};
};
};
}

View file

@ -1,4 +1,4 @@
{ pkgs, config, ... }:
{ pkgs, ... }:
let
fqdn = "git.kempkens.io";
@ -24,6 +24,7 @@ in
PROTOCOL = "http+unix";
DOMAIN = fqdn;
ROOT_URL = "https://${fqdn}/";
LANDING_PAGE = "explore";
};
service = {
@ -42,35 +43,13 @@ in
SAME_SITE = "strict";
};
repository = {
DISABLE_HTTP_GIT = true;
};
actions = {
ENABLED = true;
};
other = {
SHOW_FOOTER_VERSION = false;
};
};
};
gitea-actions-runner = {
package = pkgs.forgejo-actions-runner;
instances = {
tanker = {
enable = true;
url = "https://${fqdn}";
name = "tanker";
tokenFile = config.age.secrets.forgejo-actions-token.path;
labels = [
"debian-bullseye:docker://node:18-bullseye"
"debian-bookworm:docker://node:18-bookworm"
];
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
};
};
};

View file

@ -1,3 +1,5 @@
{ lib, config, ... }:
{
services.nginx.virtualHosts."default.internal.kempkens.network" = {
listen = [
@ -34,4 +36,20 @@
return = "418";
};
};
networking.firewall.interfaces =
let
interfaces = lib.mapAttrsToList (_: lib.attrsets.attrByPath [ "matchConfig" "Name" ] null) config.systemd.network.networks ++ [ "tailscale0" ];
in
builtins.listToAttrs
(builtins.map
(iface:
{
name = iface;
value = {
allowedTCPPorts = [ 80 443 ];
allowedUDPPorts = [ 443 ];
};
})
(builtins.filter builtins.isString interfaces));
}

View file

@ -1,3 +1,5 @@
{ lib, config, ... }:
{
services.nginx.virtualHosts."default.internal.kempkens.network" = {
listen = [
@ -34,4 +36,20 @@
return = "418";
};
};
networking.firewall.interfaces =
let
interfaces = lib.mapAttrsToList (_: lib.attrsets.attrByPath [ "matchConfig" "Name" ] null) config.systemd.network.networks ++ [ "tailscale0" ];
in
builtins.listToAttrs
(builtins.map
(iface:
{
name = iface;
value = {
allowedTCPPorts = [ 80 443 ];
allowedUDPPorts = [ 443 ];
};
})
(builtins.filter builtins.isString interfaces));
}

View file

@ -1,3 +1,5 @@
{ lib, config, ... }:
{
services.nginx.virtualHosts."default.kempkens.io" = {
listen = [
@ -34,4 +36,20 @@
return = "418";
};
};
networking.firewall.interfaces =
let
interfaces = lib.mapAttrsToList (_: lib.attrsets.attrByPath [ "matchConfig" "Name" ] null) config.systemd.network.networks ++ [ "tailscale0" ];
in
builtins.listToAttrs
(builtins.map
(iface:
{
name = iface;
value = {
allowedTCPPorts = [ 80 443 ];
allowedUDPPorts = [ 443 ];
};
})
(builtins.filter builtins.isString interfaces));
}

View file

@ -1,4 +1,4 @@
{ pkgs, lib, config, ... }:
{ pkgs, ... }:
{
services.nginx = {
@ -25,20 +25,4 @@
access_log /var/log/nginx/access.log combined_anon buffer=32k flush=5m;
'';
};
networking.firewall.interfaces =
let
interfaces = lib.mapAttrsToList (_: lib.attrsets.attrByPath [ "matchConfig" "Name" ] null) config.systemd.network.networks ++ [ "tailscale0" ];
in
builtins.listToAttrs
(builtins.map
(iface:
{
name = iface;
value = {
allowedTCPPorts = [ 80 443 ];
allowedUDPPorts = [ 443 ];
};
})
(builtins.filter builtins.isString interfaces));
}