privatevoid.net/depot
1
1
Fork 0
Code Issues 25 Pull requests 2 Projects 3 Releases Packages Wiki Activity Actions

Compare commits

base: privatevoid.net:c7508baf70f2b1e7733167033a1964933b59e24f
Branches Tags
privatevoid.net:master
privatevoid.net:pr-simulacrum-performance
privatevoid.net:pr-drop-gitlab
privatevoid.net:pr-s3ql-5.2.2-fix
privatevoid.net:staging
privatevoid.net:pr-hyprspace-libp2p-0.37-test
privatevoid.net:pr-consul-acl
privatevoid.net:pr-hci-no-ifd
privatevoid.net:pr-frangiclave
privatevoid.net:attic-ha
privatevoid.net:pg-auto-migrations
privatevoid.net:pkg-ircbot
privatevoid.net:d2n-bug-symlink-bin
...
compare: privatevoid.net:e6d02692626233579e0bbfc4e7f0450499f503fa
Branches Tags
privatevoid.net:master
privatevoid.net:pr-simulacrum-performance
privatevoid.net:pr-drop-gitlab
privatevoid.net:pr-s3ql-5.2.2-fix
privatevoid.net:staging
privatevoid.net:pr-hyprspace-libp2p-0.37-test
privatevoid.net:pr-consul-acl
privatevoid.net:pr-hci-no-ifd
privatevoid.net:pr-frangiclave
privatevoid.net:attic-ha
privatevoid.net:pg-auto-migrations
privatevoid.net:pkg-ircbot
privatevoid.net:d2n-bug-symlink-bin

7 commits
c7508baf70 ... e6d0269262

Author SHA1 Message Date
Max
e6d0269262 cluster/services/wireguard: move storm from VEGAS/wireguard-server 2024-07-21 23:35:11 +02:00
Max
cbac233a6a cluster/services/mail: move from VEGAS/mail 2024-07-21 23:23:42 +02:00
Max
dabebbae57 fixup! cluster/services/gitlab: move from VEGAS/gitlab 2024-07-21 23:16:50 +02:00
Max
18a376e8dd cluster/services/frangiclave: some cluster stuff 2024-07-20 23:52:16 +02:00
Max
3179d90463 cluster/services/sso: move from VEGAS/sso 2024-07-20 23:04:19 +02:00
Max
540275e71c cluster/services/bitwarden: move from VEGAS/bitwarden 2024-07-20 23:03:01 +02:00
Max
abdf08be6f cluster/services/gitlab: move from VEGAS/gitlab 2024-07-20 23:00:52 +02:00
20 changed files with 65 additions and 17 deletions
Show stats Expand all files Collapse all files

5
cluster/services/bitwarden/default.nix
View file

@ -1,5 +1,10 @@
{ depot, ... }:
{
services.bitwarden = {
nodes.host = [ "VEGAS" ];
nixos.host = ./host.nix;
};
dns.records.keychain.target = [ depot.hours.VEGAS.interfaces.primary.addrPublic ];
}

0
hosts/VEGAS/services/bitwarden/default.nix → cluster/services/bitwarden/host.nix
View file

10
cluster/services/frangiclave/default.nix
View file

@ -1,13 +1,21 @@
{ config, ... }:
{
services.frangiclave = {
nodes = {
server = [ "VEGAS" "grail" "prophet" ]; # 3 reliable nodes
server = [ "VEGAS" "grail" "prophet" ];
cluster = config.services.frangiclave.nodes.server;
agent = []; # all nodes, for vault-agent, secret templates, etc.
};
meshLinks = {
server.link.protocol = "http";
cluster.link.protocol = "http";
};
nixos = {
server = [
./server.nix
];
cluster = [];
agent = [];
};
};

17
cluster/services/frangiclave/server.nix
View file

@ -1,8 +1,23 @@
{ depot, ... }:
{ cluster, config, depot, ... }:
let
apiLink = cluster.config.hostLinks.${config.networking.hostName}.frangiclave-server;
clusterLink = cluster.config.hostLinks.${config.networking.hostName}.frangiclave-cluster;
in
{
services.vault = {
enable = true;
package = depot.packages.openbao;
address = apiLink.tuple;
extraConfig = /*hcl*/ ''
api_addr = "${apiLink.url}"
cluster_addr = "${clusterLink.url}"
'';
storageBackend = "raft";
storageConfig = /*hcl*/ ''
node_id = "x${builtins.hashString "sha256" "frangiclave-node-${config.networking.hostName}"}"
'';
};
}

5
cluster/services/gitlab/default.nix
View file

@ -1,5 +1,10 @@
{ depot, ... }:
{
services.gitlab = {
nodes.host = [ "VEGAS" ];
nixos.host = ./host.nix;
};
dns.records.git.target = [ depot.hours.VEGAS.interfaces.primary.addrPublic ];
}

2
hosts/VEGAS/services/gitlab/default.nix → cluster/services/gitlab/host.nix
View file

@ -9,7 +9,7 @@ let
owner = "gitlab";
group = "gitlab";
mode = "0400";
file = ../../../../secrets/${name}.age;
file = ../../../secrets/${name}.age;
};
secrets = lib.mapAttrs (_: v: v.path) config.age.secrets;

7
hosts/VEGAS/services/mail/default.nix → cluster/services/mail/certificate.nix
View file

@ -1,11 +1,6 @@
{ depot, lib, ... }:
{
imports = [
./imap.nix
./opendkim.nix
./postfix.nix
];
{
security.acme.certs."mail.${depot.lib.meta.domain}" = {
dnsProvider = "exec";
webroot = lib.mkForce null;

18
cluster/services/mail/default.nix
View file

@ -1,6 +1,24 @@
{ depot, ... }:
{
services.mail = {
nodes = {
smtp = [ "VEGAS" ];
imap = [ "VEGAS" ];
};
nixos = {
smtp = [
./postfix.nix
./opendkim.nix
./certificate.nix
];
imap = [
./imap.nix
./certificate.nix
];
};
};
dns.records = let
inherit (depot.lib.meta) domain adminEmail;
mailServerAddr = depot.hours.VEGAS.interfaces.primary.addrPublic;

0
hosts/VEGAS/services/mail/generic-aliases → cluster/services/mail/generic-aliases
View file

2
hosts/VEGAS/services/mail/imap.nix → cluster/services/mail/imap.nix
View file

@ -32,7 +32,7 @@ let
'';
in {
age.secrets.dovecotLdapToken.file = ../../../../secrets/dovecot-ldap-token.age;
age.secrets.dovecotLdapToken.file = ../../../secrets/dovecot-ldap-token.age;
networking.firewall.allowedTCPPorts = [ 143 993 ];

0
hosts/VEGAS/services/mail/known-spam-domains → cluster/services/mail/known-spam-domains
View file

0
hosts/VEGAS/services/mail/opendkim.nix → cluster/services/mail/opendkim.nix
View file

2
hosts/VEGAS/services/mail/postfix.nix → cluster/services/mail/postfix.nix
View file

@ -14,7 +14,7 @@ let
in
{
age.secrets."postfix-ldap-mailboxes.cf" = {
file = ../../../../secrets/postfix-ldap-mailboxes.age;
file = ../../../secrets/postfix-ldap-mailboxes.age;
owner = "postfix";
group = "postfix";
mode = "0400";

0
hosts/VEGAS/services/mail/sieve/plus.sieve → cluster/services/mail/sieve/plus.sieve
View file

0
hosts/VEGAS/services/mail/virtual-mail-domain-aliases → cluster/services/mail/virtual-mail-domain-aliases
View file

5
cluster/services/sso/default.nix
View file

@ -1,6 +1,11 @@
{ depot, ... }:
{
services.sso = {
nodes.host = [ "VEGAS" ];
nixos.host = ./host.nix;
};
dns.records = let
ssoAddr = [ depot.hours.VEGAS.interfaces.primary.addrPublic ];
in {

0
hosts/VEGAS/services/sso/default.nix → cluster/services/sso/host.nix
View file

2
cluster/services/wireguard/default.nix
View file

@ -66,9 +66,11 @@ in
services.wireguard = {
nodes = {
mesh = [ "checkmate" "grail" "thunderskin" "VEGAS" "prophet" ];
storm = [ "VEGAS" ];
};
nixos = {
mesh = ./mesh.nix;
storm = ./storm.nix;
};
secrets.meshPrivateKey = {
nodes = config.services.wireguard.nodes.mesh;

2
hosts/VEGAS/services/wireguard-server/default.nix → cluster/services/wireguard/storm.nix
View file

@ -6,7 +6,7 @@ let
in
{
age.secrets.wireguard-key-storm = {
file = ../../../../secrets + "/wireguard-key-storm-${hostName}.age";
file = ../../../secrets + "/wireguard-key-storm-${hostName}.age";
mode = "0400";
};

5
hosts/VEGAS/system.nix
View file

@ -16,15 +16,10 @@
# Services
./services/backbone-routing
./services/bitwarden
./services/cdn-shield
./services/gitlab
./services/jokes
./services/mail
./services/minecraft
./services/sso
./services/websites
./services/wireguard-server
depot.nixosModules.hyprspace
depot.nixosModules.nix-builder