From 202d7d932808f202b25dafecec5b5dfd3c8dd1ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cyryl=20P=C5=82otnicki?= Date: Sun, 21 Apr 2024 12:18:05 +0100 Subject: [PATCH] cupsnet backups plus vpsfree cleanup --- nixos/boxes/{vpsfree1 => cupsnet}/backups.nix | 38 +++--- nixos/boxes/cupsnet/default.nix | 1 + nixos/boxes/cupsnet/restic-environment.sops | 60 ++++++++++ nixos/boxes/cupsnet/restic.sops.yaml | 111 ++++++++++++++++++ nixos/boxes/vpsfree1/default.nix | 21 ---- nixos/boxes/vpsfree1/fossil.nix | 85 -------------- nixos/boxes/vpsfree1/mailgun.sops.yaml | 94 --------------- nixos/boxes/vpsfree1/matrix-front.nix | 39 ------ nixos/boxes/vpsfree1/restic-environment.sops | 44 ------- nixos/boxes/vpsfree1/restic.sops.yaml | 75 ------------ nixos/boxes/vpsfree1/ssh.nix | 13 -- nixos/boxes/vpsfree1/syncthing-relay.nix | 14 --- nixos/boxes/vpsfree1/vpsfree1-vpsadminos.nix | 61 ---------- nixos/boxes/vpsfree1/woodpecker.nix | 74 ------------ 14 files changed, 194 insertions(+), 536 deletions(-) rename nixos/boxes/{vpsfree1 => cupsnet}/backups.nix (52%) create mode 100644 nixos/boxes/cupsnet/restic-environment.sops create mode 100644 nixos/boxes/cupsnet/restic.sops.yaml delete mode 100644 nixos/boxes/vpsfree1/default.nix delete mode 100644 nixos/boxes/vpsfree1/fossil.nix delete mode 100644 nixos/boxes/vpsfree1/mailgun.sops.yaml delete mode 100644 nixos/boxes/vpsfree1/matrix-front.nix delete mode 100644 nixos/boxes/vpsfree1/restic-environment.sops delete mode 100644 nixos/boxes/vpsfree1/restic.sops.yaml delete mode 100644 nixos/boxes/vpsfree1/ssh.nix delete mode 100644 nixos/boxes/vpsfree1/syncthing-relay.nix delete mode 100644 nixos/boxes/vpsfree1/vpsfree1-vpsadminos.nix delete mode 100644 nixos/boxes/vpsfree1/woodpecker.nix diff --git a/nixos/boxes/vpsfree1/backups.nix b/nixos/boxes/cupsnet/backups.nix similarity index 52% rename from nixos/boxes/vpsfree1/backups.nix rename to nixos/boxes/cupsnet/backups.nix index ffe47d75..dcec3936 100644 --- a/nixos/boxes/vpsfree1/backups.nix +++ b/nixos/boxes/cupsnet/backups.nix @@ -1,12 +1,9 @@ -{ - config, - pkgs, - ... -}: let +{ config, pkgs, ... }: +let genericBackupPath = "/var/lib/backups/"; nixosContainersBackupPath = "/var/lib/nixos-containers/"; in rec { - environment.systemPackages = with pkgs; [restic]; + environment.systemPackages = with pkgs; [ restic ]; sops.secrets."restic-backups-b2-repo-password" = { sopsFile = ./restic.sops.yaml; @@ -18,23 +15,34 @@ in rec { }; services = { restic.backups.b2 = { - passwordFile = "/run/secrets/restic-backups-b2-repo-password"; + passwordFile = config.sops.secrets."restic-backups-b2-repo-password".path; paths = [ "/var/lib/foundryvtt" "/var/lib/gitea" "/var/lib/mastodon" + "/var/lib/postgresql" + "/var/lib/private/cryptpad/" "${nixosContainersBackupPath}" ]; - repository = "b2:cyplo-restic-vpsfree"; + repository = "b2:cyplo-backup-cupsnet"; backupPrepareCommand = '' - systemctl stop container@mastodon.service + systemctl stop container@foundryvtt.service + systemctl stop cryptpad.service + systemctl stop forgejo.service + systemctl stop mastodon* + systemctl stop postgresql.service ''; backupCleanupCommand = '' - systemctl start container@mastodon.service + systemctl start postgresql.service + systemctl start mastodon* + systemctl start forgejo.service + systemctl start cryptpad.service + systemctl start container@foundryvtt.service ''; - timerConfig = {OnCalendar = "daily";}; - environmentFile = "${config.sops.secrets.restic-backups-b2-environment.path}"; - exclude = ["cache"]; + timerConfig = { OnCalendar = "daily"; }; + environmentFile = + "${config.sops.secrets.restic-backups-b2-environment.path}"; + exclude = [ "cache" ]; pruneOpts = [ "--keep-hourly 25" "--keep-daily 8" @@ -42,9 +50,7 @@ in rec { "--keep-monthly 13" "--keep-yearly 2" ]; - checkOpts = [ - "--with-cache" - ]; + checkOpts = [ "--with-cache" ]; }; }; diff --git a/nixos/boxes/cupsnet/default.nix b/nixos/boxes/cupsnet/default.nix index 9920d956..d45de526 100644 --- a/nixos/boxes/cupsnet/default.nix +++ b/nixos/boxes/cupsnet/default.nix @@ -3,6 +3,7 @@ "${inputs.nixpkgs-stable}/nixos/modules/profiles/qemu-guest.nix" ../cli.nix ../send-logs.nix + ./backups.nix ./boot.nix ./cryptpad.nix ./disks.nix diff --git a/nixos/boxes/cupsnet/restic-environment.sops b/nixos/boxes/cupsnet/restic-environment.sops new file mode 100644 index 00000000..9f1bcb08 --- /dev/null +++ b/nixos/boxes/cupsnet/restic-environment.sops @@ -0,0 +1,60 @@ +{ + "data": "ENC[AES256_GCM,data:XPPaokHHmETVwWxPMN62fKI/i+9PMVh4zAo4/mrdxbZHIoXZ+8KTWrJBGqTkhiINos5piZyh5Ox1V25mW/w/0vQfpBwr6rsVuZAIQzN3OGspv8c2gykynQ==,iv:R6nOavL0AXXbIXPMKA+ogQdTERana9Q70PJ/Z+aSmUI=,tag:NtKBkpDv+HWY5SLUd3IvvQ==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoSzN5SHlCWG9IbHQ3NDFP\nT2RIVjlXVnVXdDJrUjN5dURnT1FJWjBQb1ZrCm5wQi9wYnhNTVpod2duUEVnMjZW\nbkkwZGlVdy9nVE5JM25YdFNqMUFZVEEKLS0tIEt0aHlDWmhhSnZBazBXWnArSHpw\nM0phSm56M2IzQXRDdGxNcE1ROENMdFUKBdihdeR2+/rgeHelH5Wcw0A9D5j5+6Tq\nMJXQt9Yq6XkSKvmgVvDoaf7VmEjqrwLoEYHeb16N72hnMXM6UWQ6MQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1s3z2rfske90kt93a3z7twp6kew6mqd08sgunupym0gpmuh8ezqqscdrv7m", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwV1BRb3ZRV2pmVnBFWUxr\nUm1ET0ZLS1A0dEdJSE15TUY2b2pCcVZaMGpFCmNIQ2sxclorejE4enRwcUg2aEFM\nSDdFSjNncE55b1E3UEZ3Sk45UTFxRmMKLS0tIENkMFNENzBZQTJCUmJOczc5UmRU\nN0JlWlpkY0hibjVqcjB0MVRkMzB5SFEKPFRM/gOyw1hICIbA0o44mu7fp3TiEY2y\n8lhoQh5jWd6DoNh/rwoOooc/+2r9yYI/QBTnWEmVMQ91s7l4psWQRA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1TnZ5NldTVlY1TFpzcmxT\nbHJ4U1MvYzNkZVlvcVVDenZhMTBSZjQ3VVRJCnR2RTJYR3lMVDlOdjAwckp1ZWlB\nVzJ0SnVxc1ZObXNMS3RUc1pLZkcxV0kKLS0tIFJ0YnJFYk00UnlseFFuOUpBNSs2\nU3NRdmVRQk1vVlorVythTWYwSVcxcVkKik9U5tNXezDMSIdNnQpZHtTDQRZxxN9E\nFRw6rDpCopSNVLd/ZBjEGYQzDgxPff7d2CGuRnJ1qEpxg/WjRzoIcQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrbXMrSlhyZmVnRlVQa1ZN\nQVl5dk4rZHJTU1NkR0NldCtBdHlTUkZYUW5zCnIzU05IYlBBWXN6aXBSSVBkclRJ\nVVlOMlMybUtZREg1Z1QrSG53NzVQVlUKLS0tIGhjVjdhOUhNaGlEcnJYUnl4d3ZV\nRW9kYXlXVndPVklHV2U0bEJ4V21qalkKDtgj7Awbm/drEhZxL88Yh4SzYQugIYdh\n3qc+eHekNB/evJH4Ybn3d6nU4I8cUiC+3DISNW1mIfBv9wE2iaI61A==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBncmVNT01KNVU1N2JXMlpD\ncGlLeVdHSTVIaUlBcDYvSVREbkNWR3RxRVZjClIyUkovRmJSdzRPVWk3cm9FRTN0\nK0psWDhFZThOeXNxVEt2ZzNQOG9HTEkKLS0tIE1CQS9OZlk5aEpwaXZQTWJzazF5\nbTkyZEkzM0JiMjBuM2QwSE91dGQxT1UKIyLNhovSPUqy6TJiCC3Sh2U7qXjEtEXf\n40hSKLX14UhHQzXuPF4U96N0qj1S7OTjo0LTfLm8uWDc2We6twGOLA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3SFRqUE40UThnOGFWWThv\nTVdJRHk0dWJYOExmdDJLalpBREF0eGJ2NkZRCklFUWYzckxVczliRmtpUlVpeE9x\nVzRIZDNkQjBLRDUyNzlxYk40TXg2QjQKLS0tIEZnQmxjUENYeXhMZDBIcWVHRDk0\nTHFxZzg2WkU1eE45S0F4OG9VdWo0UFkKydPe8WtUJ0BVRqKaMX3I/bxLPjd01cEF\nA6imJ4F+EoqWM+3VEdmqFdCBIQMOQHCgXHvLchiuZu6+B10/ICZFVg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMWTdkbHF3cE5HUHVjQ2tl\nY2xNRnlzcVl6UWZHZFViaWFtNVlteUdHblZNCllxQ0V0SmxETy9mUmN2V3BpYUpY\nOWJlMU1wZDZOcFRrK1lUeVpIL0hHczgKLS0tIDBzVkNHM2I3U1lZd0wyanVxbmNH\nS2g2SkEydWN3WFJ6cWhTditROHN2aHMK7esa/qIW2hQMgtjHch1ZIVMmGckRXUiU\n5bnI4+ho07fI9fWO+r99dmXgSZoA6t92v+aIHuTiRgeofYGz+UXnog==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age18vg9wvmj2jc8tdcyc202v46lvfndqfe3dse2hewx0snalpvk43fqc22n6y", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzWVdLSmRvZlhkRno4Z2pt\nYU5JNUN3aCsyTllJVFo5WkdkUGNlK0tpcmc4CmFlMGYyZVpRMk1iQjQyeG1OSmd3\ncEtvRGxRTm9OMEZsMXdCbGRldHV0QzgKLS0tIFZTUzdXWDg2V3lpaHFBaWMvbmNQ\nbjRvcG9aTFJjYlpJZklvK3hzQmVKL3MKidJx/yYvw5UOmmJulTJB6DMRB3aJSMaN\nuSEsNZwpF29zSoUmQhfcqC18qARk9hTQZfPB5pa+Cim3ot8MQmy4aQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age108m6yx77k7aqcyesy4zmkulryzvyep6m92pflmldcnv3w5a0k9xqn5h7cx", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBdE1UMHpxNnovcGFwMmh5\nOFAvVG11VmxUblhQTzI1L1VMc3k0eW9wV0NNCkdpUXFvY2dBMTh1a2V6cm96dHB6\nRUg2WUdaMDVyMzZseDVRT2pRdXhKbXMKLS0tIGI1UUZGaXYzZ29ZcGdVMTZJZ3NG\nOEZQa21nS0JPYmNPWTBRV3BGWGZubzAKOxEauxCxFc2zg04+zUPuSNZYjICiKG39\nVDcNoyvNVu7cfGBkM0U+090Yzn0JZ4G9UJoVH0DsIIPwqKXLcNr6yA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1n09swn3qekcuw23vksp7hv4hpg0krlag3c5qcjjaf08m99c3ysqs6sxeyk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwM1lxd25lMnJQb0dCODU3\nM3hlNEQxWkxMTElGMVFCTERaMXZGOHhiOEdjCjBwNkRZUm1uWjdBKzJDcDk0WmNi\nYXNCUyt0ZUphdXM4Rk1BQUVSaEREWG8KLS0tIHVDMERvMC9mYmRYSG54NmMvRHRj\nV2hjUjFrYW54Q0QxZ3hmeXRmK042cFUKz+2uEsnmkXEC+uRUdJnNNvIG7VCSr4fM\n0pwlIgeCnj5bdjsSmnaSVV6STim6H9dRDIL6uNO4xIp/JLF/hQjjaA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1tt4c8t72fha2fj7xlm0dew5avmkdxujmgplte4qm7sxlcucggedq0eyk7t", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzVTczclZWRzFBUFRPaU9I\nUnlrT0hIaDZUVGp5SXRIb2NZQUZuZlBaeWc0ClVwTno0cTJ4TnBHbS95YU55STZ4\nd1liZ1puQThaL0ZwbVRrMm1FSHM3WEUKLS0tIDdRZ0hpVWpaTFlzc0swOUNVTG95\nTE9LbDNQQjBjQXVubHdwUkhEMGRhNFUK2tiG2hBJ1Y/Zr1KU0+nZYK9Pa6WF9c/Y\nASg330JwnOo5IUFTWZ43LoLfvlr+MAewK0r7iF8rCc6n9k42gNij2g==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-04-21T11:03:22Z", + "mac": "ENC[AES256_GCM,data:z2xcvPVDtN+GB3Rc+3LLkR2vwBU3FWNmPB5pFcjiwiaDTpxiaIFcbyJQ2ufENk4afouaoqAyu9r0VpW3NpOWabG7kT4zHJeCcJX6rBYf40E8bo7oQV1PhwKHESnfANTK/X80V0v23YDJVThgabIoLvkf10Fg5xflbvd4X4H0AQI=,iv:wyC7rBr8W+Z3GoN2ycdia06cYrX2wm2SRO6DIwZDVeo=,tag:fKgFB0bgJCc6+NUG8Xu86Q==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +} \ No newline at end of file diff --git a/nixos/boxes/cupsnet/restic.sops.yaml b/nixos/boxes/cupsnet/restic.sops.yaml new file mode 100644 index 00000000..6b9e77d1 --- /dev/null +++ b/nixos/boxes/cupsnet/restic.sops.yaml @@ -0,0 +1,111 @@ +restic-backups-b2-repo-password: ENC[AES256_GCM,data:f7Q1DzcGBBcRtrpQgNvMLtfzoCOt9wuY6Xa3iJ20cbJ5fDhA1ZmSJdONhD566Dr7sM7pTwMv1Qbed2PLxPwODjr1wtSfzkgLUdXwKBLITwBdjuDByYYwABq4vRhEyq12JMUFLFVKfGgV8jOFRJ8YEYrw/N9pcIXTvhU+u62cMnGvIA502Oo64oocHMPf15y+2mZnTs9TkP8ujJvPYS/tu3zBIauGN9lXvzS5u7OOfrkD/TwHvRX4hawG2/fr0kOT6jp7hZi8GPhAHt7UqnSLIov4PYaiAJYEsMwY7+aCoyiVN8jqxIhi7oE26fbKQ0O1TltCCrO8n1TVb4CjqtS6Dw==,iv:RFIbYbBsRDmJSUQfXtDaONTRYkqGzE15ZJZ3YkeCXrw=,tag:rghWNadkJdJkTq2zlIVVLQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0ZSsvSVpaZ09JSHhuUGpl + VThZeUFNWlRvMEpXTEZEeStMbVp3cE00ckYwCklKVVRIOGVCUjFiTEVOZXp2TGg1 + T3pNQ0U1ZENnS3JCMlN4ekNxN2k3am8KLS0tIDY5bXRSSXR5TC9FUVM0UTNMRG9h + eHFuenM2RmpvT3VobWQrWkVpMkFJcUUKJ8QBxzRo9HuhUYvEFAPxQwgix6Yt+Bmw + ZjxncRxxcSaOa5Yav7OTHmaUqssWQdvB0LMnqAU+3m1+Vlv/HXLDZw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1s3z2rfske90kt93a3z7twp6kew6mqd08sgunupym0gpmuh8ezqqscdrv7m + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1VjZ1RHBGckJVT1RsRTVs + S0JlbUdlcVBWcTc5Q0pZU2h3RHEwRHpFZUV3CmZxa1F3TzZvQ2pOUXhmZWFFMHZx + VkhiOHNQbTBRQWlPcnNqcnROZTZ2T1UKLS0tIEZFRGxlVEJtTDc4NkFNckowd3lB + ZW9sV0JrMHBsc1BOMTlqSEs5QTFQSnMKLebqmmfgBxi4hoiSZx+Z0fwUXNtjMWd9 + i8JqAulHxXjLmS3IID6d7HySClXWszLHXwtMwfenFk5BuJvr7Zb22g== + -----END AGE ENCRYPTED FILE----- + - recipient: age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0c25kS2hJSERPekZiYmJQ + TFlUblh5SkVpRVVVdHFmK0J6dTg5ZEhHSTFnCmhqYTIvODVHblg2MTNFNnFGV2V3 + NmdWSnpjQkV2dEJtZXBIc1g4T3RMSTAKLS0tIHJKQkYxMFlleTU5N0psQmRGK2Nh + eWQwaWtmVHhUODQxVWlRQ0hhVitCYXMKYTEJf9lAC/f2MSCGj9+GKJ5A5dHSIReZ + 5KNNywBlcEgRaWi2cnlKjxDT3596Rj86YloaI7HHh/MC2bT9Wv1Bow== + -----END AGE ENCRYPTED FILE----- + - recipient: age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBd3BzVVpJRjcyUkQzQmIx + Wmx2TytjcWk3ekJwMW0zN0ZvWEVaM05kdUYwCktuc0pGMUZXWVpFU0FGS3RzK3My + SWphWW0xcGNNSDk0enJuWkg5NXJmaUEKLS0tIHk3bXRkOWhqMDdtamtrOVZ5T1dn + MUxPbnhmZDdUMTBsSVl0OVg5c285TTQKN+p1D0qrXz+gd5/szkosYUb7qX77p9W1 + 5fFTzChQadrIi3kYiTUJhfw8U0ubToB8YLqatbftYuZruy1h248A/w== + -----END AGE ENCRYPTED FILE----- + - recipient: age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOWXRWMG5rYkVnL1hFZm1m + Unphc3JsTWQ3YnBvc2ZtVXg2U2tPTGU4NHdzCnhpRUUyVUhaK0hHZzVJcFhaWFY2 + SlpsV3QwWGZPOUF3dzIrcDVTWERuODgKLS0tIGpQZmRCaHpvcm5qekR0MzdrQnlz + VWU0MkNxSlA3MWh6Z1ZmcUg5ZGdONUkK38XyX8bofX2nPlpWMuESTezhz4Z8dQYC + yBpEg5etniJtjNy0khH4ZMdZe9jVaOKvwdz5aBhpVGJuklZus2FfEA== + -----END AGE ENCRYPTED FILE----- + - recipient: age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrUHlvVmtPSlZnT00zaExm + dlBCSnRyL3ZZdFdVQVpuQWd2amsrR3Z4TzNnCkpPenhSV3V3OVJ5dG1IQ0svRTBY + VERuQlRZelNhNWhiZzRlQllSNnoxK0kKLS0tIGFTSkNMVjJkaStTNzNrb29FY0M5 + S1FBejlJNGtBakxGZXRVMXJMd25sN0EKu3h2EKlgFp63UVL9llxkKeF/f5Nq2In1 + Rkok03pL1FS7/Jco5tbOj9E7T/GZkKbfSiDUFT5LShJu/iry4fx68A== + -----END AGE ENCRYPTED FILE----- + - recipient: age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJWFBQajFvK1QrUUlnR3Yv + MjdTc0NwZjJDS1YyVjltY2NqNVQ5T3BtY1IwCmxYVnJsRVdZbFBRYUt5ZUpNeHgz + Z1hWYlFPeG1JYndNeWNKOHd1aE9ITXMKLS0tIGlFM3JybjFkbGZ0a0tkMEVzMU56 + WEZ1dmF5SFF4enlZb1YvYmUzalJITTgKD5gHzpUfu4Kmd3SkUH7k7vaiiPYaNRyC + XoU0i7OawlTLvE0xe7eq5IEv7rRCvUX0SIYTCYrftjQll+SRcxITqw== + -----END AGE ENCRYPTED FILE----- + - recipient: age18vg9wvmj2jc8tdcyc202v46lvfndqfe3dse2hewx0snalpvk43fqc22n6y + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0VjY1TU1xMHVSUC84VnZp + Qm5ZOWlMUWR6ZjN3aUF2L1BnYmxsUG5oOGhVCk50MkkvamNvdmp6UG5RR3RPQVBI + M1NPTGJNOE5haVMzaGJTMUJ5SmdrZjAKLS0tIHdQMmFKSGxqSUVXbnAzSlpORVJl + dHA4Ty85U3o3Rk1NUWZuSVJWb0F2RU0KE9RcQRoVMA7BbxDbAQ90rMNzcGVtPN9o + KHi6w+Qmx27urvUEVJPdHe0wrzsayTaThSKcCvCDrdVzb9QknSVEWA== + -----END AGE ENCRYPTED FILE----- + - recipient: age108m6yx77k7aqcyesy4zmkulryzvyep6m92pflmldcnv3w5a0k9xqn5h7cx + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1TkNtMzBWSXFaRDlVbURS + ZXJmT0dnS3NidDNGTGRsTjJRSnFsYXJKbVhzCkRjUWFLa1ZHTlBvMnpFcUp4cnhP + eFdHTksrNTdYUDMrUnBoL05qUEpmTWcKLS0tIHhtbU1zejU4emlpdm5OanlZeG9l + NDVnNU1SUnJadnBSRGtTaXYvekJQV1UK+MaUX1rbTfhMDJE45CAJclbIG202DToN + BR2ALC3Bx8qxEfks4wakr6C/ULHrdKgJk0QVQsHqHHAJOXjJtRcXFg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1n09swn3qekcuw23vksp7hv4hpg0krlag3c5qcjjaf08m99c3ysqs6sxeyk + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIYmFFbkcyT2gvWFJRaU9l + OFZMUkRqMUlYSlhIM0tFMDAzdkFNSENJaHl3CkJXL21vVWV3MnZLNy83b0Z3MUNs + UkVQcG14SGFCaUVTMVVOcnRrYml4TFUKLS0tIEpyTU55WERuR1JYZTAxVmFwT2lj + T3EyazBjbDlIOW5acUg1ZVQ3dENqdEkKrXZVPl2OzyVwLLw+rT/U4QeJcB9hU7us + Bsa3l6X9VZ34nzfFGERVqZI6hbsXnuuRgjrD0oQHh5P69dSyRDgCmw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1tt4c8t72fha2fj7xlm0dew5avmkdxujmgplte4qm7sxlcucggedq0eyk7t + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzc3ZtSVhzOGY5NVZtRGJy + eHRYVDNxMWhNSUR0UjdwVlUxTTBKUlZDc0FzCnE2aE1FbURENTJpNXVzUlZXWlVs + cUVRZnpxTmR0c29WRUhaODh5Qkd4RFEKLS0tIEpuZHMrYXArUnJ4NytBa2F5VUUr + YnUraUNNQ01hZ1NSUnlybHdkMVk1YkEKsXrO8NIH20cfWDF4ghUWgZV/I67kMkEq + PrjRBt3o2kRJe6YZXqnJpawKPYguyJQuQR5nBBxcfg2Zwyy7RkZamg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-04-21T11:01:32Z" + mac: ENC[AES256_GCM,data:3LZUGqSj96oMrohPGaf62RPBKG1mSOddCEuIDfvmIPxCSgu5JIt4Hx3t8vEUUiQq4bsbZStSm096ekk3cNFxlfMrenObeIySYrHPLk3s63yC8ItlJPkgiTrTCLgmAxtIdhPlCYgP9cVl9glLcvM0rA9flGIq3gc8KxTfT4/Ig48=,iv:ysS781aFCJosp1EF6RGaIdEq5AUAuZtwYd83k4riByI=,tag:oeb5kwFQYQ/sP61rt/8HoA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/nixos/boxes/vpsfree1/default.nix b/nixos/boxes/vpsfree1/default.nix deleted file mode 100644 index 95cf6505..00000000 --- a/nixos/boxes/vpsfree1/default.nix +++ /dev/null @@ -1,21 +0,0 @@ -{...}: { - networking.hostName = "vpsfree1"; - - imports = [ - ./vpsfree1-vpsadminos.nix - ../cli.nix - ../nginx.nix - ../send-logs.nix - ./backups.nix - ./ssh.nix - ./syncthing-relay.nix - ]; - - systemd.extraConfig = '' - DefaultTimeoutStartSec=900s - ''; - - boot.binfmt.emulatedSystems = ["aarch64-linux"]; - time.timeZone = "Europe/London"; - nix.settings.cores = 8; -} diff --git a/nixos/boxes/vpsfree1/fossil.nix b/nixos/boxes/vpsfree1/fossil.nix deleted file mode 100644 index 0d1a1b3a..00000000 --- a/nixos/boxes/vpsfree1/fossil.nix +++ /dev/null @@ -1,85 +0,0 @@ -{ - config, - pkgs, - inputs, - lib, - ... -}: let - port = 8081; - domain = "fossil.cyplo.dev"; - baseurl = "https://${domain}"; - path = "/var/lib/fossil"; -in { - imports = [../nginx.nix]; - - services.nginx = { - virtualHosts = { - "${domain}" = { - forceSSL = true; - enableACME = true; - locations."/" = {proxyPass = "http://localhost:" + toString port;}; - }; - }; - }; - - containers.fossil = { - autoStart = true; - forwardPorts = [ - { - containerPort = port; - hostPort = port; - } - ]; - bindMounts = { - "${path}" = { - hostPath = "${path}"; - isReadOnly = false; - }; - }; - config = { - config, - pkgs, - ... - }: let - user = "fossil"; - group = "fossil"; - in { - system.stateVersion = "23.11"; - environment.systemPackages = [pkgs.fossil]; - users.groups = {"${group}" = {};}; - users.users = { - fossil = { - inherit group; - description = "Fossil Service"; - home = path; - useDefaultShell = true; - isSystemUser = true; - }; - }; - - systemd.tmpfiles.rules = ["d '${path}' 0770 ${user} ${group} - -"]; - systemd.services.fossil = { - description = "fossil server"; - after = ["network-online.target"]; - wantedBy = ["multi-user.target"]; - path = [pkgs.fossil pkgs.git]; - - serviceConfig = { - User = user; - Group = group; - WorkingDirectory = path; - ReadWritePaths = [path]; - ExecStart = - "${pkgs.fossil}/bin/fossil server" - + " --localhost" - + " --https" - + " --port ${toString port}" - + " --baseurl ${baseurl}" - + " --repolist ${path}"; - Restart = "always"; - RestartSec = 3; - }; - }; - }; - }; -} diff --git a/nixos/boxes/vpsfree1/mailgun.sops.yaml b/nixos/boxes/vpsfree1/mailgun.sops.yaml deleted file mode 100644 index 048055d0..00000000 --- a/nixos/boxes/vpsfree1/mailgun.sops.yaml +++ /dev/null @@ -1,94 +0,0 @@ -gitea-mailgun-smtp-password: ENC[AES256_GCM,data:90aeGpoadDETlj3asOynIGFl0Fypsp0Eq7aKnGRR3+NGQr5DFg54gKrlX3KMZgddnSE=,iv:xjtVQEILVl+XFel+thoS8OvF/fpFYSNtt5MTRUhgyrI=,tag:8+KaSsB6/65TonpTl9Mi/A==,type:str] -mastodon-mailgun-smtp-password: ENC[AES256_GCM,data:Ln3rFbrddNtbnpqsG3i241BpT1B6sUXCPRpoV9QZxiKEF+E6AZjZw2LBXVcwgIm9Dd0=,iv:9BJuVSfOC48K69kDLUjr1oK3g0xSKAxlzDI/py3STt8=,tag:geLjytd+xC4dtf7hUMJ/8Q==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSeWVuY3Evcm1taWFSM3Jv - aFdUSGVCcXZ0MkFWbUhYMVlMKzNWbkw1WlVvClkrMUVrcjEzQ0tjN2hSOUdPdXNE - cnpnN3BqN1QwTVMvbklkL3B3ZlJOd00KLS0tIEdyMmp5VmpZdGZXRS9WdDBrWHE0 - aXZ0ZFJLZUplQVltS0VkMCtlMGdleFEK0aAWEkyRzM0SdR+eNTurVvD70yhJJxC7 - oRNuo5SD5XU4AMakCLffc1I4XkM8L6SwffS20yP+s9UY/D1n9FBZAg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1s3z2rfske90kt93a3z7twp6kew6mqd08sgunupym0gpmuh8ezqqscdrv7m - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFWUFBaHBZdmVIWnRuaHpT - WVBOLzJKNERBQXhrNVEyWVcyZllPSFV6bG40CisrQWU4R3plcHJ3ODRTbXNvL2dr - TXV0R3loVjUxcFI2dnJqaURMOXJqQWsKLS0tIHhpMkNlckc3VDNRelBmMTVNZy94 - T0hxY1hOLzNTYithQ0g0YlBuUExlK1UKOCUEwKPlXL+im23fxkbHY5iMD7tSaEq5 - qF686lZHPJ9hil/8O+cmQ/qQPOiEqJBh9cvw9deWo+T65pp7aeixRQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVTBodlh0cXl4MEc3cXli - ZndJV21aV2U3OEJLZXkrNmVPNy93T2tXbURBCnhBQVRGSXVaMXJiWG9jbU5kR1Jk - Um1seVd5L1FkK3YxRmp2ZExUekwzMTAKLS0tIHoyK0FwVG1HQ3BFc0huRUZneGFR - QUh6NGdtZ2xkbUhXeXdpeVdjZTdHZ1kK/DeOe18HwJpoRNxo4JvdNGc8Ema61J4w - oxTZpqszWeNItmLtTvWJk9kahR1PhUwReG3zhVpxa+SzJTkLLy9amQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCaVVpeVphcENhN1RNV0JK - MUFDTFo0aEZuN0dYOGU4YmQwampPdTJQcUEwCld1WlhFUG11bzZTL3MzOVhNa1J6 - RmhpeUN0Sm0xK1B6WTJsUjdCNXRzU2cKLS0tIHpNd1d4bVBXVlYyMG5hVjRkVi9Z - SFN5TUhqWWxHd2ZMeEdtUGV3SmljOUUKKPazmCwOsqYVLTW1wo6ie1+l910X5o6I - ygmi3TSv0ztwgqi94x3ma/1v82pPT/GCtGe22tCUOOiR+qn70mOGZw== - -----END AGE ENCRYPTED FILE----- - - recipient: age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBRmFJMVJlMHBrNzltNDdq - RVZKYUJlMEcwVGtwaEI1RTloOHowbVNZREQ4CkFnSGlzM1VkWW5pcVNDWSsrQ1NI - dkVGaWhhaWd4VTA4RmplSUV0NTFpa0EKLS0tIEpqV1hWUEpvbytOOXNVeFhYWHNF - N0tHazQ3VEl2c1kwODNBd3lpS2NkM1kKt3uWMg2LuCeEquyYB5FNzEfI2qv7D1d2 - 8KD3X9mangmITwmLumdzcmxwEYmz0SD6im9fy413S1JZxDZonvZ8lA== - -----END AGE ENCRYPTED FILE----- - - recipient: age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFaVI0N3JBbmFCdk9CMDk1 - bTB0NTJLb1J3S3JKcjk2dzFzdmJmQkpvbFdJCklFSW9PL2NSSFRSeGlkZmJqR1Av - dDlrMmw2L21kZDFFT0ZTNG5aK1YvSncKLS0tIEFVZlNOSVduUHhOMDI2Z1Z5R2Uw - TytkQnZ5RXp3R1pCSThjM0VYdnkxcncKGM4ceBAfyXpgRGLAvTdEpE31uXJSCktR - KhfUZ/3lvuu7M12ju4ogqdoTND88IWDL2sewmgkyFRRbuBMHfEbKBg== - -----END AGE ENCRYPTED FILE----- - - recipient: age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRDhsU2tLRDU2Zm8zTkpy - d3Y4RGtPc3IzM1h3TVBHYi90eElDM25qZTBrCkdSL2I1SGxNaktZMzF0V0xiOHVy - ZXdGc095ZWRLWjNTdkMzVFlXMUNVY00KLS0tIFF2S3V2Y3hpMFN6Sm54dW9PVUVI - UjE1NXVYa2RzZHhmN2ZiTFltTERtd2sKmHDLboVclE9tn/2dtA21SWWQ8an27HEd - 6iUOFVPQ7Yy3wd64CU7sd+vUq7w24NMORjj+ltQJXnpDfedmoecALQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1n09swn3qekcuw23vksp7hv4hpg0krlag3c5qcjjaf08m99c3ysqs6sxeyk - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjVVlPeFkrdWN1aG9uWi9j - YVZacG1lRHA3VXpTWUlBSmFLbkxZemg0eFFvClZXcjJNLzVDVCtrZ3ZRNi92VWFM - VmJNeE1FWEVYWTZqQTdIYkYvUDhsZnMKLS0tIEg1RFNJUkJmNjVHMUQwMjBYb282 - NmQrUk15LzZrcHQzV2c0K3VPOVc4V2cKXDggWmSB4WZbAqFoc+rGTRrpbG25L6Xz - 7R3AD52Ul2dE60CdrPACoi7zJWKfr/QjJ5qfUi3xxhNn906qYRVQXQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1tt4c8t72fha2fj7xlm0dew5avmkdxujmgplte4qm7sxlcucggedq0eyk7t - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBId1FBN0Y5dHY3S2c1cEhi - eFNGTkdrQ0luMEliYU0zOVJpdmFENy9iOHhrClNmTHdsK01EeFlTWGk3Y1R3YTMx - SERzbTZ2YUdreWFVaGlXdlh1aC91U1EKLS0tIFR3RzRJZHIyR1IxZG13SFlUeTdI - SVNKZ0psWE9LVG9qaVZ6cUJhYVFxVEkKEai4IXJstKRavu4hrV4PFWv69kjdvWit - Y7xHFrR5OS5/Elfg5uPk6fkF91H+niY5XPytuRAkNdkIJh29sDClvg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-12-03T22:10:58Z" - mac: ENC[AES256_GCM,data:gKoPQdINeMfQsofqxGLMRzikWfYqd9DFzR5JS7YQFHzlSrjxed6GFKr4YtKClBvfZU67AvE9OV6CyCweG9M5BFl9nDwjr8y85Lj0CvWrCtOVaQQ0nVloayrF4c1IKA2TH4BrXJA+kV9mSgc8eRYmwI6dY988nMLRsSp+oEgAJQk=,iv:d73wS8SaRao2L8MpRst1PXAtrjl8ViqiqoIFMzWKRv0=,tag:fMvq4Pp5BmM4A85VFBMlog==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/nixos/boxes/vpsfree1/matrix-front.nix b/nixos/boxes/vpsfree1/matrix-front.nix deleted file mode 100644 index 807fd719..00000000 --- a/nixos/boxes/vpsfree1/matrix-front.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ - config, - pkgs, - ... -}: { - services.nginx = { - virtualHosts = { - "cyplo.dev" = { - forceSSL = true; - enableACME = true; - locations."= /.well-known/matrix/server".extraConfig = let - server = {"m.server" = "cyplo.dev:443";}; - in '' - add_header Content-Type application/json; - return 200 '${builtins.toJSON server}'; - ''; - - locations."= /.well-known/matrix/client".extraConfig = let - client = { - "m.homeserver" = {"base_url" = "https://cyplo.dev";}; - "m.identity_server" = {"base_url" = "https://vector.im";}; - }; - in '' - add_header Content-Type application/json; - add_header Access-Control-Allow-Origin *; - return 200 '${builtins.toJSON client}'; - ''; - - locations."/".extraConfig = '' - return 404; - ''; - - locations."/_matrix" = { - proxyPass = "http://bolty:8008"; # without a trailing / - }; - }; - }; - }; -} diff --git a/nixos/boxes/vpsfree1/restic-environment.sops b/nixos/boxes/vpsfree1/restic-environment.sops deleted file mode 100644 index 7b4fcb9b..00000000 --- a/nixos/boxes/vpsfree1/restic-environment.sops +++ /dev/null @@ -1,44 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:XbZZT4EvSrmaL3ISyEQjTWnnOKoWZ/uEyZr275eXlJFXL2V1y11IzOOaEanXEKvcyAmW62j034IWoM1hMAmGC0UFC74pKsubw71pjKQb9UclOeMPTAZBdw==,iv:/BJY2a65QAm3+9Ohvvp+VxMPXedPDbcGFglDgQPCZMM=,tag:i1oSYO24z/TaG2w62XMoAg==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": [ - { - "recipient": "age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKc0pLQ0t4K280WVVwRnJ0\nYnZ3RGtXQ01PaE45N0tmTC9aOVBKdkp5dm5NCnN6bHlTeFBoazdKOWthdDE2dHBO\naXFTR1NETHZINzk0UkpFL3RobjJTQ0EKLS0tIHBwNmQrd0xHQWx3eG1UdzJ1THdv\naFBTeG9mR09XMmZsNFBGUzIzNnZsb1EK6tkaiqS2s3BKNUSzD/wt6T/RPlz8hM/u\nmzBKryrlYszGV76kKPO3XBtze7lqnsY3E/Mi01AvWH9jJeaI8X69Jg==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1s3z2rfske90kt93a3z7twp6kew6mqd08sgunupym0gpmuh8ezqqscdrv7m", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzc1Q1Q2g5My9BL3dVUEp1\nRjJjclkxdWd6bXVqUThuK3hON2NHaVZRTndFClpxM1hWUUJieGYzTVVWWHdiM2xH\naWJpSlBTSEhoMTVXWGJoTWt1UTl5Rk0KLS0tIENwMlFiZndtWWhwV2NNOVhtQk5l\nSzV4VGg5ZU8yaXY1UWJSK1JVWjZDZFEKAXPLsV5ytWUcBw2Qf3l0HOp/ASWKqjJk\ncD0OZXNd+1yKoC6TtZxhhp7rO8RQrggoo+0mQMqDe9NJPRnTqannjg==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKU0NSN1VDYUlFbkNUaTN6\nWVFBbXRneXJwWTBuRFUwenRwOFVINjVwa0NrCm5rMjFJK1p6Q09pR3pzazdhNHhP\nNGdFdlJhdC9LZ3Z5bGU0c1A1K2Y0bjgKLS0tIFQ1c3dySHVpK1hDckswTlMxTC9O\nSTE3MG5tWEdjNFQ3R2xrSW5HdDFOU28KJbV+leDxSf/CfCbZbiKx1bb2uE9UQhis\nFTLregz9Wg20ZOY5+/Mn+p2FHs1VFmm5LSkzLd4dDodf4XB7X5L03g==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwcmxPNjMvOE1IWjNGN2ZG\nUGh2UWhxN2xjTEFiWHMzYy96clJpbktYeDBNCldiSVpDNEdSLzhIbHc2NUg2Sm53\nRW5HK21KV3JGRGs5V0NmQzMvSVQ0UUUKLS0tIDRtWUVVSFFGSkhhbGp4UjNER01S\nRllaZDhXTGJ5V2ZtS2F1WWJ0UithbGcKG3FFQmyzGstt8RRx/56f2L+d7lknLs9U\nzjgedEKFlVeWh9nbvV3D5Fqh4ekoSmZE0KJZKcjEcBDrMYeU0fcc2w==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYSkdCb1hhQkljSFh6UHkx\ncGFnSTJDcDV1am0wd0IvOXdxWW5jMSswN0FBCnU3QVhsT1JGQzg2TGRZU1ltWmRN\ncjhrYTdtUnFUb3BvWGYyRkhjSHpnRUUKLS0tIEVLeWY3MWxTZUJzTWw0dVBoUVdv\nV3NFTHdRVWp4WEh1MGp6SnBjRGtZNGcKVJToOhX2ptmsvTA2B8VSiZ1e9te+SOIN\nrEdEH47h4/t4pswnZSZg9Ll8asYbmtbPNBWdEKtO/80cFMMz4N4QBQ==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnRGIzbzhzZ2pjVXhDci9S\nV0JOcHlOcDVhM0pzb0c3Q01ZYXp3ek1CY0dNCnhGY2NMM3dhVUpWUFhiQUNUcXlL\nMTNNN2xnTWZqWWVkeGhURkNCU01Cd0kKLS0tIGg3eEZZOGhoakZ4Ni9DMzBvcllx\nREJTOHFOWHdwTU80QzMxamkzc2JsTVUKnmxnq+4LBfHxyIomCE8JeiNLloXEygGd\nx0Sm3hN99Qohp2IEKF9UiSfzcmoUgC0yzXal4GxkE4zO/5EkxMoBfw==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIZ3ZSVEFOZ2o1eVR4Z21R\nM1JtTFVuSUpjNWJreERHUlpPVHlTS0paVHpjClRqamhjUVpMZFhHb0dRZ0lCbGhV\nTWtIM3luODlqalNUN3VqU3g1RHhFUzAKLS0tIERNSWRCQUxDd3ZMNFFYamRLYXUv\nTDQrbTVremRWNFpqWFZrWlBpUUpXcUUKEyBwbsNf3EF05EbIxLBECNlkEaQ0+B96\nEDVOiMYyStKRSJvaaiJK2mNSizc8qs6aJvyF/F5qeJUWSa2JguzBtQ==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2022-08-20T08:49:31Z", - "mac": "ENC[AES256_GCM,data:+yp1/bwAu8cN0i6yec2iTbBTwIOnO7465nX3+Qkex1sRGMB6hra92jEZyo2sVgFl8ws5APzGmmsyAeAaKqdzvC/8OGbqlSb+SXKqaa9mxZA58+NnIuAI8gtYQKz1gZ/N6gr0gZpllF+u622ooHrwiL2/GmzOYVApBmSpAROOGsw=,iv:rJzDHQH6Urwb2E1u5nT3dTtlEqGCFQME0uChghG1G94=,tag:vC20wbEyiwvvDpxMD4uYJA==,type:str]", - "pgp": null, - "unencrypted_suffix": "_unencrypted", - "version": "3.7.3" - } -} \ No newline at end of file diff --git a/nixos/boxes/vpsfree1/restic.sops.yaml b/nixos/boxes/vpsfree1/restic.sops.yaml deleted file mode 100644 index 0b1422e9..00000000 --- a/nixos/boxes/vpsfree1/restic.sops.yaml +++ /dev/null @@ -1,75 +0,0 @@ -restic-backups-b2-repo-password: ENC[AES256_GCM,data:Th/Uz+kcaWdz8GcRoU0uACOqV51n42FkcheSuK99h1VIN4tg1Qrjd38tEWCsrqswURWQdNdVnR+AmQlm3lmmT/aQBhHSwWRgxLjnx1WRvNANS4jC/OImr0u8/1Z6rfVwaHCIgkWOpsG1BSWYmGrX1+Lpx8+YpP6RUVy1csLforDoukvRhtGPjz/TfKs0pVkTmoSJvyCNnzjeHAMrpGYiUSTqhUNCr78OW1EQhDUjoNMHNQZJN8yiDykA83OQiyZRfvpYJyk5QrLIbmBwdj7fjMSvV4X7gWjpYn/hm4pqfFSTMhIcBDtmRouohsAElMAt1VFDTh+dSbITfhLTiHr6IQ==,iv:V/ZyW1yqlN8ZbeyTlkztBNtUF+H7BfKK6hgTtX2T6Jw=,tag:HQjlo4GxpGsOzybSWtfM1A==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArdXh2MGtKc0lrRG0rWWFF - bnFidy90a1IzcXV1U0dFWW1pdmg2MGNxQkhrClU2NUdtZU83aGhuWlBRMDdLQjFm - T2VJMlJvMWc2YlNGT29Oem9VT0lxUG8KLS0tIG92c3VsWi9JK0xKNjliY1MzWTZs - WmdMUXBEYzluWHNJTklYRVhmMGF4dDAK6+vMr86fOjy0Bw4e+7MPSrOqQ7m50MNc - Aj4btH7NffuUrOsjpxCos0y8q6oQxOFpOAt2N6jhx9QyXAmxKeHZpg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1s3z2rfske90kt93a3z7twp6kew6mqd08sgunupym0gpmuh8ezqqscdrv7m - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXWVRFZnV1YjhsZFNZUVhq - NU1TZ1JFV09vY212aHVXT21LZmVUYXRIMkJRClhPQStSN1BmL2NweTlhMkRLQVht - dUd2YTVkZnJkWVZueFdMNGRFcDlkRFUKLS0tIEM2WGpCd3BwakRIL0RLS2tJMVQ1 - Qm1hZ0dHTzRWdWs0bnFpTUJaS0NiT2MKzabwKNeYP13NDjqNis9jk5su2EwZLanX - TOToLrk8NmARHAyqGPrHGDCJb7y3o34sAFbXeRTtkpeyC4PXo3DA1A== - -----END AGE ENCRYPTED FILE----- - - recipient: age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFQzFsa2pIVnA1NmhiZFFa - eFVkSERHeVp2Z3FRbXNFNUJaVER2czFOOEVrCm9ZYWVOWXdsSnk4OUxtdnlUYnRo - TjhTc01UYTFNQWNwWkFpNmt0WGtiRkUKLS0tIDV4QUxpZVB3NG1tQi9QTFdLcERF - TG03SGoxYkNqVG1DZ29LV3JES1MyMlUKsmORsigoSec0HAa3UzFEi2YDVdvONKhT - rgPBLCVDsHgrH+b3NYcTyiGG1cwiEoy3EDIDCDorN4a0XytpRhw6jQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzK0M4cVdod3RzVmN1elJC - UW1ZSy82R2J1V2dSTk9EZC9xOVI3NTFBQTBZClkxZGJoSEQ4YVlnQWZzbnJkbHBG - NVdYYkdOalk0cjZYWDFnSEtrWFpTZ0EKLS0tIFFORzRtRkFMNzRMWFVWY2xQTmpm - RWsxWVVwYXV5U1E1MWZSNmxQQnhGeGcKPQUxaJwfKEc8/NUdALftg9t4ZfX2xKOJ - BEEcTAo+eS+TQ10gPBrhX6fmuQcWkKH27AcooQczLRj7h0KWm4mNiQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTSStiYjRFNUtaTFc0bGpJ - TkdQbDlVTGxJSkpPL3VEZ3VSMmEwMHdYc3lnCmdqRDc2Y2E1R2MwR2ljWG9CcEha - MklxSkZOUTVCNXpuTS8yTUVDNXUvb0kKLS0tIHZKWGFOd3l5ZnllbnJOVmdzN1FS - d1JMNFNxTS85K09zMXZsdVIvbThiaWsK8GAykyhoW+/iOgfbgQCtblA4BjlrIVcY - 6uw00sByQB0e2KT48Lb/hiWDnNbyH8nv9U2K3Iyo/BFkbCQ/GJOXTw== - -----END AGE ENCRYPTED FILE----- - - recipient: age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGbFBVTFFvU05XUGptb2hj - eTZaUm16bE9xZFJUUEZNVTE1ZGpYRVh2dlNRCjRabWxzcTE3UDBsRXUvVG82dXkw - elFONkU5UkVoY3Z4OU9ZbG9CdldUd00KLS0tIDFvSGRid3RMMHZETDFURHNnVThW - cHE4Y2F1ZWh6Q2tGZ1ZUaGlPT1JGck0KV4hiMystiZ/nD/8D9nPF5JrtSauj9GIO - 4E/2syq+dXp8o5UPf3zCYfAiVm0hurFNIv3noS0t5ucIEELQ2bsH/w== - -----END AGE ENCRYPTED FILE----- - - recipient: age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJZFZjU1R1L3F6RjJNdjVB - MksxSVVtdlh0Vm9LZ1JVVHVjV0ZMa042N3drCmErOUpaOUFVR3BVVWVqUVErajR0 - bkpXMCtHaHJNYmhKTTlpTzJId1o1UmMKLS0tIGs3VUtmaC9DSDZIenpYMmZibVpi - UGs3bmVxNkF0NVNDSit3UDJOMGpNMkUKg0A+T0zMthtarMORQk9P8F0Eh4kNYAdO - 0VgyYS5JfJ76Le9YJGRMygUciidptyfK4W1MJ5D1lPceNmCQ7uLSdg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-08-20T08:34:12Z" - mac: ENC[AES256_GCM,data:WXYIXl20eI4YwvWfrlY0Kje947u5b2xcGunFLB6KQkuoBM/3Mv9MNJ5NsWpPruRiX5BEIW7rIFfsuVYBn0EVZOPR2xGUsgGWxQ7hU1C0GNVB4NODoQ1iW0W75fM3XW+vzEE6SIxxAkFJK470JwpJpWI/TNC28gj16Z2Kt6yAuBU=,iv:YmyxRbrw8SgxVccRBwVVuqNBFw8LNCUQsDD6ds8qzUk=,tag:16B2m9p/VAVY1VvZdxBBYw==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/nixos/boxes/vpsfree1/ssh.nix b/nixos/boxes/vpsfree1/ssh.nix deleted file mode 100644 index fb6a979a..00000000 --- a/nixos/boxes/vpsfree1/ssh.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - config, - pkgs, - ... -}: let - port = 2222; -in { - services.openssh = { - enable = true; - ports = [port]; - }; - networking.firewall.allowedTCPPorts = [port]; -} diff --git a/nixos/boxes/vpsfree1/syncthing-relay.nix b/nixos/boxes/vpsfree1/syncthing-relay.nix deleted file mode 100644 index 2cd46b54..00000000 --- a/nixos/boxes/vpsfree1/syncthing-relay.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - config, - pkgs, - inputs, - lib, - ... -}: { - networking.firewall.allowedTCPPorts = [22067 22070]; - services.syncthing.relay = { - enable = true; - listenAddress = "vpsfree1.cyplo.github.beta.tailscale.net"; - pools = [""]; # private relay - }; -} diff --git a/nixos/boxes/vpsfree1/vpsfree1-vpsadminos.nix b/nixos/boxes/vpsfree1/vpsfree1-vpsadminos.nix deleted file mode 100644 index 87deb16a..00000000 --- a/nixos/boxes/vpsfree1/vpsfree1-vpsadminos.nix +++ /dev/null @@ -1,61 +0,0 @@ -# This file provides compatibility for NixOS to run in a container on vpsAdminOS -# hosts. -# -# If you're experiencing issues, try updating this file to the latest version -# from vpsAdminOS repository: -# -# https://github.com/vpsfreecz/vpsadminos/blob/staging/os/lib/nixos-container/vpsadminos.nix -{ - config, - pkgs, - lib, - ... -}: -with lib; let - nameservers = ["1.1.1.1" "2606:4700:4700::1111"]; -in { - networking.nameservers = mkDefault nameservers; - services.resolved = mkDefault {fallbackDns = nameservers;}; - networking.dhcpcd.extraConfig = "noipv4ll"; - - systemd.services.systemd-sysctl.enable = false; - systemd.sockets."systemd-journald-audit".enable = false; - systemd.mounts = [ - { - where = "/sys/kernel/debug"; - enable = false; - } - ]; - systemd.services.systemd-udev-trigger.enable = false; - systemd.services.rpc-gssd.enable = false; - - boot.isContainer = true; - boot.enableContainers = mkDefault true; - boot.loader.initScript.enable = true; - boot.specialFileSystems."/run/keys".fsType = mkForce "tmpfs"; - boot.systemdExecutable = - mkDefault - "/run/current-system/systemd/lib/systemd/systemd systemd.unified_cgroup_hierarchy=0"; - - # Overrides for - documentation.enable = mkOverride 500 true; - documentation.nixos.enable = mkOverride 500 true; - networking.useHostResolvConf = mkOverride 500 false; - services.openssh.startWhenNeeded = mkOverride 500 false; - - # Bring up the network, /ifcfg.{add,del} are supplied by the vpsAdminOS host - systemd.services.networking-setup = { - description = "Load network configuration provided by the vpsAdminOS host"; - before = ["network.target"]; - wantedBy = ["network.target"]; - after = ["network-pre.target"]; - path = [pkgs.iproute]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStart = "${pkgs.bash}/bin/bash /ifcfg.add"; - ExecStop = "${pkgs.bash}/bin/bash /ifcfg.del"; - }; - unitConfig.ConditionPathExists = "/ifcfg.add"; - }; -} diff --git a/nixos/boxes/vpsfree1/woodpecker.nix b/nixos/boxes/vpsfree1/woodpecker.nix deleted file mode 100644 index 9b0696f9..00000000 --- a/nixos/boxes/vpsfree1/woodpecker.nix +++ /dev/null @@ -1,74 +0,0 @@ -{ - config, - pkgs, - inputs, - lib, - ... -}: let - httpPort = 8000; - agentPort = 9000; - domain = "ci.cyplo.dev"; - path = "/var/lib/woodpecker"; - serverContainerName = "woodpecker-server"; - uid = 2061; - gid = 3061; - systemUserName = "woodpecker"; - systemGroupName = "woodpecker"; -in { - imports = [../nginx.nix]; - - users = { - users."${systemUserName}" = { - inherit uid; - isSystemUser = true; - isNormalUser = false; - group = systemGroupName; - extraGroups = ["podman"]; - }; - groups."${systemGroupName}" = { - inherit gid; - members = ["${systemUserName}"]; - }; - }; - - services.nginx = { - virtualHosts = { - "${domain}" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://localhost:" + toString httpPort; - }; - }; - }; - }; - - sops.secrets."gitea-env" = { - sopsFile = ./gitea.sops; - format = "binary"; - }; - - virtualisation.podman = { - enable = true; - defaultNetwork.dnsname.enable = true; - }; - networking.firewall.allowedTCPPorts = [agentPort]; - virtualisation.oci-containers.containers = { - "${serverContainerName}" = { - image = "woodpeckerci/woodpecker-server@sha256:acb188797f93b1b9228415b4418b8b8d2153df2e21f8c0c561a893243a542439"; - volumes = ["woodpecker-server-data:${path}"]; - environmentFiles = ["${config.sops.secrets.gitea-env.path}"]; - environment = { - WOODPECKER_OPEN = "false"; - WOODPECKER_ADMIN = "cyplo"; - WOODPECKER_HOST = "https://${domain}"; - WOODPECKER_GITEA = "true"; - WOODPECKER_GITEA_URL = "https://git.cyplo.dev"; - }; - ports = [ - "${toString httpPort}:${toString httpPort}" - "${toString agentPort}:${toString agentPort}" - ]; - }; - }; -}