helvetica/puter
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

stuff

Browse source
This commit is contained in:
Lukas Wurzinger 2024-12-21 17:31:10 +01:00
parent d61e17b73a
commit b9cc3201b8
No known key found for this signature in database
6 changed files with 125 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
common/ripgrep.nix Normal file
View file

@ -0,0 +1,5 @@
{pkgs, ...}: {
environment.systemPackages = [
pkgs.ripgrep
];
}

18
flake.lock
View file

@ -338,11 +338,11 @@
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1734720291, "lastModified": 1734745015,
"narHash": "sha256-a0ArHOrz4X3TK0fwXs67lBwlNPG2y78LBTf9lUJxo54=", "narHash": "sha256-HGl0yR/qfGTO99NfiB5bqTe2nPKmD57opzB/TwhJSW0=",
"owner": "lilyinstarlight", "owner": "lilyinstarlight",
"repo": "nixos-cosmic", "repo": "nixos-cosmic",
"rev": "b5f8f498a70d4ca6fd33772cab9d0cc8f8cf611d", "rev": "1c922245aec471610533c7a225bf9c20e7002ff2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -381,11 +381,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1734323986, "lastModified": 1734600368,
"narHash": "sha256-m/lh6hYMIWDYHCAsn81CDAiXoT3gmxXI9J987W5tZrE=", "narHash": "sha256-nbG9TijTMcfr+au7ZVbKpAhMJzzE2nQBYmRvSdXUD8g=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "394571358ce82dff7411395829aa6a3aad45b907", "rev": "b47fd6fa00c6afca88b8ee46cfdb00e104f50bca",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -498,11 +498,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1734575524, "lastModified": 1734661750,
"narHash": "sha256-BxQ/4JuHEi0zRjF0P8B5xnbXOLulgsK2gfwVRXGZ4a4=", "narHash": "sha256-BI58NBdimxu1lnpOrG9XxBz7Cwqy+qIf99zunWofX5w=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "573c674a3ad06e8a525263185ebef336a411d1d5", "rev": "7d3d910d5fd575e6e8c5600d83d54e5c47273bfe",
"type": "github" "type": "github"
}, },
"original": { "original": {

87
hosts/server/abacus/forgejo.nix Normal file
View file

@ -0,0 +1,87 @@
{
config,
lib,
...
}: let
inherit (config.networking) domain;
virtualHostName = "tea.${domain}";
in {
age.secrets = lib.mkSecrets {
forgejo-mailer = {
mode = "400";
owner = "forgejo";
};
forgejo-admin = {
mode = "400";
owner = "forgejo";
};
};
services.forgejo = {
enable = true;
database.type = "postgres";
lfs.enable = true;
settings = {
server = {
DOMAIN = virtualHostName;
ROOT_URL = "https://${virtualHostName}/";
HTTP_ADDR = "127.0.0.1";
HTTP_PORT = 8060;
};
service = {
DISABLE_REGISTRATION = true;
ENABLE_NOTIFY_MAIL = true;
REQUIRE_SIGNIN_VIEW = true; # TODO
};
federation = {
ENABLED = false; # TODO
SHARE_USER_STATISTICS = false; # TODO
};
mailer = {
ENABLED = true;
SMTP_ADDR = "smtp.fastmail.com";
FROM = "tea@${domain}";
USER = "lukas@${domain}";
};
};
secrets.mailer.PASSWD = config.age.secrets.forgejo-mailer.path;
};
systemd.services.forgejo.preStart = let
forgejo = lib.getExe config.services.forgejo.package;
passwordFile = config.age.secrets.forgejo-admin.path;
user = "lukas";
email = "lukas@wrz.one";
in ''
if ! \
${forgejo} admin user change-password \
--username ${lib.escapeShellArg user} \
--password "$(cat -- ${lib.escapeShellArg passwordFile})"
then
${forgejo} admin user create \
--admin \
--email ${lib.escapeShellArg email} \
--username ${lib.escapeShellArg user} \
--password "$(cat -- ${lib.escapeShellArg passwordFile})"
fi
'';
services.nginx.virtualHosts.${virtualHostName} = {
enableACME = true;
forceSSL = true;
extraConfig = ''
client_max_body_size 512M;
'';
locations."/".proxyPass = let
inherit (config.services.forgejo.settings.server) HTTP_ADDR HTTP_PORT;
in "http://${lib.formatHostPort {
host = HTTP_ADDR;
port = HTTP_PORT;
}}";
};
}

9
secrets/forgejo-admin.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 SFHVrw AX7EqqMZLaetIHP2UX3tAah1sM62HC4Q6yQN+GfI/mY
ZjQ3rIVxjUKvH49WsQx5GH1Xrt5YhcQV1xGy1Ha0QVM
-> ssh-ed25519 S+dwQQ srmW8YUI+usZdBng7/vYefhK8U7h8lhmZPnQBXIVyzo
PGwiccVGY9LXWwKjaNCNajYiqQeNftGdURSlU+7i6/w
-> ssh-ed25519 ffmsLw sezlUhl2yIHgR6igudKrnRaYlowBNT1mTZPmJL83G0o
vBpTR6Rl4UGtFbdPKrl29QpzyQV2RkJJ5OF5a9TDlzg
--- gpOgzSPpqa4CN+2v7jBkc1CBHJblq1NHlr8bDNvM3Vk
é.u³óð¡c'ß„ÔÌo¥tºi£P‰rt®¨†Íy<íU&ɲCŒÝ&h

10
secrets/forgejo-mailer.age Normal file
View file

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 SFHVrw U6hzdh0ovG3u8KtQyYX/rPDWLPZZ8aqRpwt7uleDjE0
cXXazXoaasaYWq65ZTo45nY4cQ3Pt4pU4tfWHdynwU8
-> ssh-ed25519 S+dwQQ u63Xj4MX8z8V1C/O+u+ZWEqANe7OWB7+HckJLxfoFG0
q+6GDIb16IbADLxxs7c4qooYPoGq7LuMMPMqaNRoiwY
-> ssh-ed25519 ffmsLw mtafAVhaZQwgcWA+KqK6cRNC4OJfQofBctJbPbryzXI
P1R4aRaFXHdfUzYoJwOBc9GPwRGb25XtL+/0ayqzgtA
--- qvpsZVBmcOxhGNEhTqaJThat+D7uVcUXIVR4zNO/Vq0
TƒYR}ËÊFmb<03>r
Š¿güw¢µÀF.r2ÁSüÉt¦q«\‰Â°<C382>Ô´|š÷

5
secrets/secrets.nix
View file

@ -2,9 +2,14 @@ with import ../pubkeys.nix; {
"user-lukas.age".publicKeys = (builtins.attrValues users) ++ (builtins.attrValues hosts); "user-lukas.age".publicKeys = (builtins.attrValues users) ++ (builtins.attrValues hosts);
"microbin.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus]; "microbin.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus];
"miniflux.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus]; "miniflux.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus];
"vaultwarden.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus]; "vaultwarden.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus];
"forgejo-mailer.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus];
"forgejo-admin.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus];
"restic-vessel.age".publicKeys = (builtins.attrValues users) ++ [hosts.vessel]; "restic-vessel.age".publicKeys = (builtins.attrValues users) ++ [hosts.vessel];
"restic-abacus.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus]; "restic-abacus.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus];
} }