privatevoid.net/depot
1
1
Fork 0
Code Issues 23 Pull requests 2 Projects 3 Releases Packages Wiki Activity Actions

New host: git.services.privatevoid.net

Browse source
This commit is contained in:
Max Headroom 2021-06-25 04:11:26 +02:00
parent 96acf122c9
commit fd905e5a04
6 changed files with 85 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
flake.nix
View file

@ -49,7 +49,7 @@
in { in {
nixosModules = aspect.modules; nixosModules = aspect.modules;
nixosConfigurations = nixosConfigurations =
(lib.genAttrs [ "styx" "meet" ] mkNixOS); (lib.genAttrs [ "styx" "meet" "git" ] mkNixOS);
deploy.nodes = with deploy-rs-lib; { deploy.nodes = with deploy-rs-lib; {
styx = { styx = {
@ -66,6 +66,13 @@
path = activate.nixos self.nixosConfigurations.meet; path = activate.nixos self.nixosConfigurations.meet;
}; };
}; };
git = {
hostname = "git.services.privatevoid.net";
profiles.system = {
user = "root";
path = activate.nixos self.nixosConfigurations.git;
};
};
}; };
packages.${system} = import ./packages { packages.${system} = import ./packages {

1
hosts/default.nix
View file

@ -5,6 +5,7 @@ in with tools.dns; {
# NixOS machines # NixOS machines
styx = import ./styx tools; styx = import ./styx tools;
meet = import ./meet tools; meet = import ./meet tools;
git = import ./git tools;
# Non-NixOS machine metadata # Non-NixOS machine metadata
VEGAS = { VEGAS = {

7
hosts/git/default.nix Normal file
View file

@ -0,0 +1,7 @@
tools: {
ssh.id = with tools.dns; {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0rChVEO9Qt7hr7vyiyOP7N45CjaxssFCZNOPCszEQi";
hostNames = subResolve "git" "services";
};
nixos = import ./system.nix;
}

55
hosts/git/system.nix Normal file
View file

@ -0,0 +1,55 @@
{ config, pkgs, lib, modulesPath, aspect, inputs, ... }:
{
imports = [
(modulesPath + "/virtualisation/lxc-container.nix")
inputs.agenix.nixosModules.age
]
++ (import ../../users "server").groups.admin
++ aspect.sets.server
++ (with aspect.modules; [ ]);
age.secrets = {
giteaDBPassword = {
file = ../../secrets/gitea-db-credentials.age;
owner = "git";
group = "gitea";
mode = "0400";
};
};
networking.hostName = "git";
networking.firewall.enable = false;
nix.trustedUsers = [ "root" "@wheel" ];
security.sudo.wheelNeedsPassword = false;
services.gitea = {
enable = true;
appName = "Private Void Gitea";
domain = "git";
rootUrl = "https://git.privatevoid.net";
disableRegistration = true;
ssh.enable = true;
user = "git";
log.level = "Warn";
database = {
createDatabase = false;
type = "postgres";
host = "10.1.0.1";
port = 5432;
name = "gitea";
user = "gitea";
passwordFile = config.age.secrets.giteaDBPassword.path;
};
};
users.users.git = {
description = "Git Service";
home = config.services.gitea.stateDir;
useDefaultShell = true;
group = "gitea";
isSystemUser = true;
};
}

13
secrets/gitea-db-credentials.age Normal file
View file

@ -0,0 +1,13 @@
age-encryption.org/v1
-> ssh-ed25519 NO562A j3g3B6nxxM4B6XgW2CYesr7YtTKyBfHfAb6YAMKqQxI
aTMvut/NvicYKVCUzRORzZKgu8leWC1iZUbg0hwFGEo
-> ssh-ed25519 5/zT0w k4fXusdfpmtXvWVsB69FcAWU8YE/Q+WprFc95cgNFz4
PNpWtqiIG7JnFcAW65+OPfajs8e7QuMj28sNXxx1PX8
-> ssh-ed25519 eDiawA SKR14VRaUDLPoqMQ0BrFKUAAYmoemRf3L2Lx/cyZmA8
bVQmN6Fvd/01TBQaxJ32bGD2/2hNxJUcsJ5+qyX3HHU
-> [-grease
7BlcEQVarNdjNBXT9gjmT6Fe80zDiHoj/hU28aww0II3keIJGRfROduIhQSgvpN1
bs5DjtZtdeCPWNjJu8UWFR9n4LJN2wPHsg4Wds8+bqGJ8qgRfUt+FITNNilw56V9
--- 8xO2TEohEHzFQ9nw1Loj/6640hEjF5ue5/fhhAqWMlA
ÿç7 Ñ)펧ҟÙ2~Õ+ýÀG<˜ 2lÏ£¥sð§$B#­GæK>% -ÿ`&ãz´ÜΨ* DÏOGΚDð\<5C>ç(

1
secrets/secrets.nix
View file

@ -6,4 +6,5 @@ in with hosts;
{ {
"hydra-s3.age".publicKeys = max ++ map systemKeys [ styx ]; "hydra-s3.age".publicKeys = max ++ map systemKeys [ styx ];
"hydra-db-credentials.age".publicKeys = max ++ map systemKeys [ styx ]; "hydra-db-credentials.age".publicKeys = max ++ map systemKeys [ styx ];
"gitea-db-credentials.age".publicKeys = max ++ map systemKeys [ git ];
} }