privatevoid.net/depot
1
1
Fork 0
Code Issues 25 Pull requests 2 Projects 3 Releases Packages Wiki Activity Actions

Compare commits

base: privatevoid.net:63002031d6a00727130dd8e0b41b02729b3b615a
Branches Tags
privatevoid.net:master
privatevoid.net:pr-simulacrum-performance
privatevoid.net:pr-drop-gitlab
privatevoid.net:pr-s3ql-5.2.2-fix
privatevoid.net:staging
privatevoid.net:pr-hyprspace-libp2p-0.37-test
privatevoid.net:pr-consul-acl
privatevoid.net:pr-hci-no-ifd
privatevoid.net:pr-frangiclave
privatevoid.net:attic-ha
privatevoid.net:pg-auto-migrations
privatevoid.net:pkg-ircbot
privatevoid.net:d2n-bug-symlink-bin
..
compare: privatevoid.net:9b59388c3c2a3f512808db2a001ef62fe99fdf0b
Branches Tags
privatevoid.net:master
privatevoid.net:pr-simulacrum-performance
privatevoid.net:pr-drop-gitlab
privatevoid.net:pr-s3ql-5.2.2-fix
privatevoid.net:staging
privatevoid.net:pr-hyprspace-libp2p-0.37-test
privatevoid.net:pr-consul-acl
privatevoid.net:pr-hci-no-ifd
privatevoid.net:pr-frangiclave
privatevoid.net:attic-ha
privatevoid.net:pg-auto-migrations
privatevoid.net:pkg-ircbot
privatevoid.net:d2n-bug-symlink-bin

5 commits
63002031d6 ... 9b59388c3c

Author SHA1 Message Date
Max
9b59388c3c cluster/services/wireguard: move storm from VEGAS/wireguard-server 2024-07-22 00:25:18 +02:00
Max
3289e05101 cluster/services/mail: move from VEGAS/mail 2024-07-22 00:25:18 +02:00
Max
6ccc263100 cluster/services/sso: move from VEGAS/sso 2024-07-22 00:25:18 +02:00
Max
e85c6bb2c8 cluster/services/bitwarden: move from VEGAS/bitwarden 2024-07-22 00:24:46 +02:00
Max
78f97dfcad cluster/services/gitlab: move from VEGAS/gitlab 2024-07-22 00:24:42 +02:00
18 changed files with 41 additions and 16 deletions
Show stats Expand all files Collapse all files

5
cluster/services/bitwarden/default.nix
View file

@ -1,5 +1,10 @@
{ depot, ... }: { depot, ... }:
{ {
services.bitwarden = {
nodes.host = [ "VEGAS" ];
nixos.host = ./host.nix;
};
dns.records.keychain.target = [ depot.hours.VEGAS.interfaces.primary.addrPublic ]; dns.records.keychain.target = [ depot.hours.VEGAS.interfaces.primary.addrPublic ];
} }

0
hosts/VEGAS/services/bitwarden/default.nix → cluster/services/bitwarden/host.nix
View file

5
cluster/services/gitlab/default.nix
View file

@ -1,5 +1,10 @@
{ depot, ... }: { depot, ... }:
{ {
services.gitlab = {
nodes.host = [ "VEGAS" ];
nixos.host = ./host.nix;
};
dns.records.git.target = [ depot.hours.VEGAS.interfaces.primary.addrPublic ]; dns.records.git.target = [ depot.hours.VEGAS.interfaces.primary.addrPublic ];
} }

2
hosts/VEGAS/services/gitlab/default.nix → cluster/services/gitlab/host.nix
View file

@ -9,7 +9,7 @@ let
owner = "gitlab"; owner = "gitlab";
group = "gitlab"; group = "gitlab";
mode = "0400"; mode = "0400";
file = ../../../../secrets/${name}.age; file = ../../../secrets/${name}.age;
}; };
secrets = lib.mapAttrs (_: v: v.path) config.age.secrets; secrets = lib.mapAttrs (_: v: v.path) config.age.secrets;

7
hosts/VEGAS/services/mail/default.nix → cluster/services/mail/certificate.nix
View file

@ -1,11 +1,6 @@
{ depot, lib, ... }: { depot, lib, ... }:
{
imports = [
./imap.nix
./opendkim.nix
./postfix.nix
];
{
security.acme.certs."mail.${depot.lib.meta.domain}" = { security.acme.certs."mail.${depot.lib.meta.domain}" = {
dnsProvider = "exec"; dnsProvider = "exec";
webroot = lib.mkForce null; webroot = lib.mkForce null;

18
cluster/services/mail/default.nix
View file

@ -1,6 +1,24 @@
{ depot, ... }: { depot, ... }:
{ {
services.mail = {
nodes = {
smtp = [ "VEGAS" ];
imap = [ "VEGAS" ];
};
nixos = {
smtp = [
./postfix.nix
./opendkim.nix
./certificate.nix
];
imap = [
./imap.nix
./certificate.nix
];
};
};
dns.records = let dns.records = let
inherit (depot.lib.meta) domain adminEmail; inherit (depot.lib.meta) domain adminEmail;
mailServerAddr = depot.hours.VEGAS.interfaces.primary.addrPublic; mailServerAddr = depot.hours.VEGAS.interfaces.primary.addrPublic;

0
hosts/VEGAS/services/mail/generic-aliases → cluster/services/mail/generic-aliases
View file

2
hosts/VEGAS/services/mail/imap.nix → cluster/services/mail/imap.nix
View file

@ -32,7 +32,7 @@ let
''; '';
in { in {
age.secrets.dovecotLdapToken.file = ../../../../secrets/dovecot-ldap-token.age; age.secrets.dovecotLdapToken.file = ../../../secrets/dovecot-ldap-token.age;
networking.firewall.allowedTCPPorts = [ 143 993 ]; networking.firewall.allowedTCPPorts = [ 143 993 ];

0
hosts/VEGAS/services/mail/known-spam-domains → cluster/services/mail/known-spam-domains
View file

0
hosts/VEGAS/services/mail/opendkim.nix → cluster/services/mail/opendkim.nix
View file

2
hosts/VEGAS/services/mail/postfix.nix → cluster/services/mail/postfix.nix
View file

@ -14,7 +14,7 @@ let
in in
{ {
age.secrets."postfix-ldap-mailboxes.cf" = { age.secrets."postfix-ldap-mailboxes.cf" = {
file = ../../../../secrets/postfix-ldap-mailboxes.age; file = ../../../secrets/postfix-ldap-mailboxes.age;
owner = "postfix"; owner = "postfix";
group = "postfix"; group = "postfix";
mode = "0400"; mode = "0400";

0
hosts/VEGAS/services/mail/sieve/plus.sieve → cluster/services/mail/sieve/plus.sieve
View file

0
hosts/VEGAS/services/mail/virtual-mail-domain-aliases → cluster/services/mail/virtual-mail-domain-aliases
View file

5
cluster/services/sso/default.nix
View file

@ -1,6 +1,11 @@
{ depot, ... }: { depot, ... }:
{ {
services.sso = {
nodes.host = [ "VEGAS" ];
nixos.host = ./host.nix;
};
dns.records = let dns.records = let
ssoAddr = [ depot.hours.VEGAS.interfaces.primary.addrPublic ]; ssoAddr = [ depot.hours.VEGAS.interfaces.primary.addrPublic ];
in { in {

2
hosts/VEGAS/services/sso/default.nix → cluster/services/sso/host.nix
View file

@ -9,7 +9,7 @@ in
links.keycloak.protocol = "http"; links.keycloak.protocol = "http";
age.secrets.keycloak-dbpass = { age.secrets.keycloak-dbpass = {
file = ../../../../secrets/keycloak-dbpass.age; file = ../../../secrets/keycloak-dbpass.age;
owner = "root"; owner = "root";
group = "root"; group = "root";
mode = "0400"; mode = "0400";

2
cluster/services/wireguard/default.nix
View file

@ -66,9 +66,11 @@ in
services.wireguard = { services.wireguard = {
nodes = { nodes = {
mesh = [ "checkmate" "grail" "thunderskin" "VEGAS" "prophet" ]; mesh = [ "checkmate" "grail" "thunderskin" "VEGAS" "prophet" ];
storm = [ "VEGAS" ];
}; };
nixos = { nixos = {
mesh = ./mesh.nix; mesh = ./mesh.nix;
storm = ./storm.nix;
}; };
secrets.meshPrivateKey = { secrets.meshPrivateKey = {
nodes = config.services.wireguard.nodes.mesh; nodes = config.services.wireguard.nodes.mesh;

2
hosts/VEGAS/services/wireguard-server/default.nix → cluster/services/wireguard/storm.nix
View file

@ -6,7 +6,7 @@ let
in in
{ {
age.secrets.wireguard-key-storm = { age.secrets.wireguard-key-storm = {
file = ../../../../secrets + "/wireguard-key-storm-${hostName}.age"; file = ../../../secrets + "/wireguard-key-storm-${hostName}.age";
mode = "0400"; mode = "0400";
}; };

5
hosts/VEGAS/system.nix
View file

@ -16,15 +16,10 @@
# Services # Services
./services/backbone-routing ./services/backbone-routing
./services/bitwarden
./services/cdn-shield ./services/cdn-shield
./services/gitlab
./services/jokes ./services/jokes
./services/mail
./services/minecraft ./services/minecraft
./services/sso
./services/websites ./services/websites
./services/wireguard-server
depot.nixosModules.hyprspace depot.nixosModules.hyprspace
depot.nixosModules.nix-builder depot.nixosModules.nix-builder