This commit is contained in:
parent
0bb7f84fe5
commit
202d7d9328
14 changed files with 194 additions and 536 deletions
|
@ -1,12 +1,9 @@
|
||||||
{
|
{ config, pkgs, ... }:
|
||||||
config,
|
let
|
||||||
pkgs,
|
|
||||||
...
|
|
||||||
}: let
|
|
||||||
genericBackupPath = "/var/lib/backups/";
|
genericBackupPath = "/var/lib/backups/";
|
||||||
nixosContainersBackupPath = "/var/lib/nixos-containers/";
|
nixosContainersBackupPath = "/var/lib/nixos-containers/";
|
||||||
in rec {
|
in rec {
|
||||||
environment.systemPackages = with pkgs; [restic];
|
environment.systemPackages = with pkgs; [ restic ];
|
||||||
|
|
||||||
sops.secrets."restic-backups-b2-repo-password" = {
|
sops.secrets."restic-backups-b2-repo-password" = {
|
||||||
sopsFile = ./restic.sops.yaml;
|
sopsFile = ./restic.sops.yaml;
|
||||||
|
@ -18,23 +15,34 @@ in rec {
|
||||||
};
|
};
|
||||||
services = {
|
services = {
|
||||||
restic.backups.b2 = {
|
restic.backups.b2 = {
|
||||||
passwordFile = "/run/secrets/restic-backups-b2-repo-password";
|
passwordFile = config.sops.secrets."restic-backups-b2-repo-password".path;
|
||||||
paths = [
|
paths = [
|
||||||
"/var/lib/foundryvtt"
|
"/var/lib/foundryvtt"
|
||||||
"/var/lib/gitea"
|
"/var/lib/gitea"
|
||||||
"/var/lib/mastodon"
|
"/var/lib/mastodon"
|
||||||
|
"/var/lib/postgresql"
|
||||||
|
"/var/lib/private/cryptpad/"
|
||||||
"${nixosContainersBackupPath}"
|
"${nixosContainersBackupPath}"
|
||||||
];
|
];
|
||||||
repository = "b2:cyplo-restic-vpsfree";
|
repository = "b2:cyplo-backup-cupsnet";
|
||||||
backupPrepareCommand = ''
|
backupPrepareCommand = ''
|
||||||
systemctl stop container@mastodon.service
|
systemctl stop container@foundryvtt.service
|
||||||
|
systemctl stop cryptpad.service
|
||||||
|
systemctl stop forgejo.service
|
||||||
|
systemctl stop mastodon*
|
||||||
|
systemctl stop postgresql.service
|
||||||
'';
|
'';
|
||||||
backupCleanupCommand = ''
|
backupCleanupCommand = ''
|
||||||
systemctl start container@mastodon.service
|
systemctl start postgresql.service
|
||||||
|
systemctl start mastodon*
|
||||||
|
systemctl start forgejo.service
|
||||||
|
systemctl start cryptpad.service
|
||||||
|
systemctl start container@foundryvtt.service
|
||||||
'';
|
'';
|
||||||
timerConfig = {OnCalendar = "daily";};
|
timerConfig = { OnCalendar = "daily"; };
|
||||||
environmentFile = "${config.sops.secrets.restic-backups-b2-environment.path}";
|
environmentFile =
|
||||||
exclude = ["cache"];
|
"${config.sops.secrets.restic-backups-b2-environment.path}";
|
||||||
|
exclude = [ "cache" ];
|
||||||
pruneOpts = [
|
pruneOpts = [
|
||||||
"--keep-hourly 25"
|
"--keep-hourly 25"
|
||||||
"--keep-daily 8"
|
"--keep-daily 8"
|
||||||
|
@ -42,9 +50,7 @@ in rec {
|
||||||
"--keep-monthly 13"
|
"--keep-monthly 13"
|
||||||
"--keep-yearly 2"
|
"--keep-yearly 2"
|
||||||
];
|
];
|
||||||
checkOpts = [
|
checkOpts = [ "--with-cache" ];
|
||||||
"--with-cache"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
"${inputs.nixpkgs-stable}/nixos/modules/profiles/qemu-guest.nix"
|
"${inputs.nixpkgs-stable}/nixos/modules/profiles/qemu-guest.nix"
|
||||||
../cli.nix
|
../cli.nix
|
||||||
../send-logs.nix
|
../send-logs.nix
|
||||||
|
./backups.nix
|
||||||
./boot.nix
|
./boot.nix
|
||||||
./cryptpad.nix
|
./cryptpad.nix
|
||||||
./disks.nix
|
./disks.nix
|
||||||
|
|
60
nixos/boxes/cupsnet/restic-environment.sops
Normal file
60
nixos/boxes/cupsnet/restic-environment.sops
Normal file
|
@ -0,0 +1,60 @@
|
||||||
|
{
|
||||||
|
"data": "ENC[AES256_GCM,data:XPPaokHHmETVwWxPMN62fKI/i+9PMVh4zAo4/mrdxbZHIoXZ+8KTWrJBGqTkhiINos5piZyh5Ox1V25mW/w/0vQfpBwr6rsVuZAIQzN3OGspv8c2gykynQ==,iv:R6nOavL0AXXbIXPMKA+ogQdTERana9Q70PJ/Z+aSmUI=,tag:NtKBkpDv+HWY5SLUd3IvvQ==,type:str]",
|
||||||
|
"sops": {
|
||||||
|
"kms": null,
|
||||||
|
"gcp_kms": null,
|
||||||
|
"azure_kv": null,
|
||||||
|
"hc_vault": null,
|
||||||
|
"age": [
|
||||||
|
{
|
||||||
|
"recipient": "age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoSzN5SHlCWG9IbHQ3NDFP\nT2RIVjlXVnVXdDJrUjN5dURnT1FJWjBQb1ZrCm5wQi9wYnhNTVpod2duUEVnMjZW\nbkkwZGlVdy9nVE5JM25YdFNqMUFZVEEKLS0tIEt0aHlDWmhhSnZBazBXWnArSHpw\nM0phSm56M2IzQXRDdGxNcE1ROENMdFUKBdihdeR2+/rgeHelH5Wcw0A9D5j5+6Tq\nMJXQt9Yq6XkSKvmgVvDoaf7VmEjqrwLoEYHeb16N72hnMXM6UWQ6MQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"recipient": "age1s3z2rfske90kt93a3z7twp6kew6mqd08sgunupym0gpmuh8ezqqscdrv7m",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwV1BRb3ZRV2pmVnBFWUxr\nUm1ET0ZLS1A0dEdJSE15TUY2b2pCcVZaMGpFCmNIQ2sxclorejE4enRwcUg2aEFM\nSDdFSjNncE55b1E3UEZ3Sk45UTFxRmMKLS0tIENkMFNENzBZQTJCUmJOczc5UmRU\nN0JlWlpkY0hibjVqcjB0MVRkMzB5SFEKPFRM/gOyw1hICIbA0o44mu7fp3TiEY2y\n8lhoQh5jWd6DoNh/rwoOooc/+2r9yYI/QBTnWEmVMQ91s7l4psWQRA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"recipient": "age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1TnZ5NldTVlY1TFpzcmxT\nbHJ4U1MvYzNkZVlvcVVDenZhMTBSZjQ3VVRJCnR2RTJYR3lMVDlOdjAwckp1ZWlB\nVzJ0SnVxc1ZObXNMS3RUc1pLZkcxV0kKLS0tIFJ0YnJFYk00UnlseFFuOUpBNSs2\nU3NRdmVRQk1vVlorVythTWYwSVcxcVkKik9U5tNXezDMSIdNnQpZHtTDQRZxxN9E\nFRw6rDpCopSNVLd/ZBjEGYQzDgxPff7d2CGuRnJ1qEpxg/WjRzoIcQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"recipient": "age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrbXMrSlhyZmVnRlVQa1ZN\nQVl5dk4rZHJTU1NkR0NldCtBdHlTUkZYUW5zCnIzU05IYlBBWXN6aXBSSVBkclRJ\nVVlOMlMybUtZREg1Z1QrSG53NzVQVlUKLS0tIGhjVjdhOUhNaGlEcnJYUnl4d3ZV\nRW9kYXlXVndPVklHV2U0bEJ4V21qalkKDtgj7Awbm/drEhZxL88Yh4SzYQugIYdh\n3qc+eHekNB/evJH4Ybn3d6nU4I8cUiC+3DISNW1mIfBv9wE2iaI61A==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"recipient": "age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBncmVNT01KNVU1N2JXMlpD\ncGlLeVdHSTVIaUlBcDYvSVREbkNWR3RxRVZjClIyUkovRmJSdzRPVWk3cm9FRTN0\nK0psWDhFZThOeXNxVEt2ZzNQOG9HTEkKLS0tIE1CQS9OZlk5aEpwaXZQTWJzazF5\nbTkyZEkzM0JiMjBuM2QwSE91dGQxT1UKIyLNhovSPUqy6TJiCC3Sh2U7qXjEtEXf\n40hSKLX14UhHQzXuPF4U96N0qj1S7OTjo0LTfLm8uWDc2We6twGOLA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"recipient": "age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3SFRqUE40UThnOGFWWThv\nTVdJRHk0dWJYOExmdDJLalpBREF0eGJ2NkZRCklFUWYzckxVczliRmtpUlVpeE9x\nVzRIZDNkQjBLRDUyNzlxYk40TXg2QjQKLS0tIEZnQmxjUENYeXhMZDBIcWVHRDk0\nTHFxZzg2WkU1eE45S0F4OG9VdWo0UFkKydPe8WtUJ0BVRqKaMX3I/bxLPjd01cEF\nA6imJ4F+EoqWM+3VEdmqFdCBIQMOQHCgXHvLchiuZu6+B10/ICZFVg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"recipient": "age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMWTdkbHF3cE5HUHVjQ2tl\nY2xNRnlzcVl6UWZHZFViaWFtNVlteUdHblZNCllxQ0V0SmxETy9mUmN2V3BpYUpY\nOWJlMU1wZDZOcFRrK1lUeVpIL0hHczgKLS0tIDBzVkNHM2I3U1lZd0wyanVxbmNH\nS2g2SkEydWN3WFJ6cWhTditROHN2aHMK7esa/qIW2hQMgtjHch1ZIVMmGckRXUiU\n5bnI4+ho07fI9fWO+r99dmXgSZoA6t92v+aIHuTiRgeofYGz+UXnog==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"recipient": "age18vg9wvmj2jc8tdcyc202v46lvfndqfe3dse2hewx0snalpvk43fqc22n6y",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzWVdLSmRvZlhkRno4Z2pt\nYU5JNUN3aCsyTllJVFo5WkdkUGNlK0tpcmc4CmFlMGYyZVpRMk1iQjQyeG1OSmd3\ncEtvRGxRTm9OMEZsMXdCbGRldHV0QzgKLS0tIFZTUzdXWDg2V3lpaHFBaWMvbmNQ\nbjRvcG9aTFJjYlpJZklvK3hzQmVKL3MKidJx/yYvw5UOmmJulTJB6DMRB3aJSMaN\nuSEsNZwpF29zSoUmQhfcqC18qARk9hTQZfPB5pa+Cim3ot8MQmy4aQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"recipient": "age108m6yx77k7aqcyesy4zmkulryzvyep6m92pflmldcnv3w5a0k9xqn5h7cx",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBdE1UMHpxNnovcGFwMmh5\nOFAvVG11VmxUblhQTzI1L1VMc3k0eW9wV0NNCkdpUXFvY2dBMTh1a2V6cm96dHB6\nRUg2WUdaMDVyMzZseDVRT2pRdXhKbXMKLS0tIGI1UUZGaXYzZ29ZcGdVMTZJZ3NG\nOEZQa21nS0JPYmNPWTBRV3BGWGZubzAKOxEauxCxFc2zg04+zUPuSNZYjICiKG39\nVDcNoyvNVu7cfGBkM0U+090Yzn0JZ4G9UJoVH0DsIIPwqKXLcNr6yA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"recipient": "age1n09swn3qekcuw23vksp7hv4hpg0krlag3c5qcjjaf08m99c3ysqs6sxeyk",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwM1lxd25lMnJQb0dCODU3\nM3hlNEQxWkxMTElGMVFCTERaMXZGOHhiOEdjCjBwNkRZUm1uWjdBKzJDcDk0WmNi\nYXNCUyt0ZUphdXM4Rk1BQUVSaEREWG8KLS0tIHVDMERvMC9mYmRYSG54NmMvRHRj\nV2hjUjFrYW54Q0QxZ3hmeXRmK042cFUKz+2uEsnmkXEC+uRUdJnNNvIG7VCSr4fM\n0pwlIgeCnj5bdjsSmnaSVV6STim6H9dRDIL6uNO4xIp/JLF/hQjjaA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"recipient": "age1tt4c8t72fha2fj7xlm0dew5avmkdxujmgplte4qm7sxlcucggedq0eyk7t",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzVTczclZWRzFBUFRPaU9I\nUnlrT0hIaDZUVGp5SXRIb2NZQUZuZlBaeWc0ClVwTno0cTJ4TnBHbS95YU55STZ4\nd1liZ1puQThaL0ZwbVRrMm1FSHM3WEUKLS0tIDdRZ0hpVWpaTFlzc0swOUNVTG95\nTE9LbDNQQjBjQXVubHdwUkhEMGRhNFUK2tiG2hBJ1Y/Zr1KU0+nZYK9Pa6WF9c/Y\nASg330JwnOo5IUFTWZ43LoLfvlr+MAewK0r7iF8rCc6n9k42gNij2g==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"lastmodified": "2024-04-21T11:03:22Z",
|
||||||
|
"mac": "ENC[AES256_GCM,data:z2xcvPVDtN+GB3Rc+3LLkR2vwBU3FWNmPB5pFcjiwiaDTpxiaIFcbyJQ2ufENk4afouaoqAyu9r0VpW3NpOWabG7kT4zHJeCcJX6rBYf40E8bo7oQV1PhwKHESnfANTK/X80V0v23YDJVThgabIoLvkf10Fg5xflbvd4X4H0AQI=,iv:wyC7rBr8W+Z3GoN2ycdia06cYrX2wm2SRO6DIwZDVeo=,tag:fKgFB0bgJCc6+NUG8Xu86Q==,type:str]",
|
||||||
|
"pgp": null,
|
||||||
|
"unencrypted_suffix": "_unencrypted",
|
||||||
|
"version": "3.8.1"
|
||||||
|
}
|
||||||
|
}
|
111
nixos/boxes/cupsnet/restic.sops.yaml
Normal file
111
nixos/boxes/cupsnet/restic.sops.yaml
Normal file
|
@ -0,0 +1,111 @@
|
||||||
|
restic-backups-b2-repo-password: ENC[AES256_GCM,data:f7Q1DzcGBBcRtrpQgNvMLtfzoCOt9wuY6Xa3iJ20cbJ5fDhA1ZmSJdONhD566Dr7sM7pTwMv1Qbed2PLxPwODjr1wtSfzkgLUdXwKBLITwBdjuDByYYwABq4vRhEyq12JMUFLFVKfGgV8jOFRJ8YEYrw/N9pcIXTvhU+u62cMnGvIA502Oo64oocHMPf15y+2mZnTs9TkP8ujJvPYS/tu3zBIauGN9lXvzS5u7OOfrkD/TwHvRX4hawG2/fr0kOT6jp7hZi8GPhAHt7UqnSLIov4PYaiAJYEsMwY7+aCoyiVN8jqxIhi7oE26fbKQ0O1TltCCrO8n1TVb4CjqtS6Dw==,iv:RFIbYbBsRDmJSUQfXtDaONTRYkqGzE15ZJZ3YkeCXrw=,tag:rghWNadkJdJkTq2zlIVVLQ==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0ZSsvSVpaZ09JSHhuUGpl
|
||||||
|
VThZeUFNWlRvMEpXTEZEeStMbVp3cE00ckYwCklKVVRIOGVCUjFiTEVOZXp2TGg1
|
||||||
|
T3pNQ0U1ZENnS3JCMlN4ekNxN2k3am8KLS0tIDY5bXRSSXR5TC9FUVM0UTNMRG9h
|
||||||
|
eHFuenM2RmpvT3VobWQrWkVpMkFJcUUKJ8QBxzRo9HuhUYvEFAPxQwgix6Yt+Bmw
|
||||||
|
ZjxncRxxcSaOa5Yav7OTHmaUqssWQdvB0LMnqAU+3m1+Vlv/HXLDZw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1s3z2rfske90kt93a3z7twp6kew6mqd08sgunupym0gpmuh8ezqqscdrv7m
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1VjZ1RHBGckJVT1RsRTVs
|
||||||
|
S0JlbUdlcVBWcTc5Q0pZU2h3RHEwRHpFZUV3CmZxa1F3TzZvQ2pOUXhmZWFFMHZx
|
||||||
|
VkhiOHNQbTBRQWlPcnNqcnROZTZ2T1UKLS0tIEZFRGxlVEJtTDc4NkFNckowd3lB
|
||||||
|
ZW9sV0JrMHBsc1BOMTlqSEs5QTFQSnMKLebqmmfgBxi4hoiSZx+Z0fwUXNtjMWd9
|
||||||
|
i8JqAulHxXjLmS3IID6d7HySClXWszLHXwtMwfenFk5BuJvr7Zb22g==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0c25kS2hJSERPekZiYmJQ
|
||||||
|
TFlUblh5SkVpRVVVdHFmK0J6dTg5ZEhHSTFnCmhqYTIvODVHblg2MTNFNnFGV2V3
|
||||||
|
NmdWSnpjQkV2dEJtZXBIc1g4T3RMSTAKLS0tIHJKQkYxMFlleTU5N0psQmRGK2Nh
|
||||||
|
eWQwaWtmVHhUODQxVWlRQ0hhVitCYXMKYTEJf9lAC/f2MSCGj9+GKJ5A5dHSIReZ
|
||||||
|
5KNNywBlcEgRaWi2cnlKjxDT3596Rj86YloaI7HHh/MC2bT9Wv1Bow==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBd3BzVVpJRjcyUkQzQmIx
|
||||||
|
Wmx2TytjcWk3ekJwMW0zN0ZvWEVaM05kdUYwCktuc0pGMUZXWVpFU0FGS3RzK3My
|
||||||
|
SWphWW0xcGNNSDk0enJuWkg5NXJmaUEKLS0tIHk3bXRkOWhqMDdtamtrOVZ5T1dn
|
||||||
|
MUxPbnhmZDdUMTBsSVl0OVg5c285TTQKN+p1D0qrXz+gd5/szkosYUb7qX77p9W1
|
||||||
|
5fFTzChQadrIi3kYiTUJhfw8U0ubToB8YLqatbftYuZruy1h248A/w==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOWXRWMG5rYkVnL1hFZm1m
|
||||||
|
Unphc3JsTWQ3YnBvc2ZtVXg2U2tPTGU4NHdzCnhpRUUyVUhaK0hHZzVJcFhaWFY2
|
||||||
|
SlpsV3QwWGZPOUF3dzIrcDVTWERuODgKLS0tIGpQZmRCaHpvcm5qekR0MzdrQnlz
|
||||||
|
VWU0MkNxSlA3MWh6Z1ZmcUg5ZGdONUkK38XyX8bofX2nPlpWMuESTezhz4Z8dQYC
|
||||||
|
yBpEg5etniJtjNy0khH4ZMdZe9jVaOKvwdz5aBhpVGJuklZus2FfEA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrUHlvVmtPSlZnT00zaExm
|
||||||
|
dlBCSnRyL3ZZdFdVQVpuQWd2amsrR3Z4TzNnCkpPenhSV3V3OVJ5dG1IQ0svRTBY
|
||||||
|
VERuQlRZelNhNWhiZzRlQllSNnoxK0kKLS0tIGFTSkNMVjJkaStTNzNrb29FY0M5
|
||||||
|
S1FBejlJNGtBakxGZXRVMXJMd25sN0EKu3h2EKlgFp63UVL9llxkKeF/f5Nq2In1
|
||||||
|
Rkok03pL1FS7/Jco5tbOj9E7T/GZkKbfSiDUFT5LShJu/iry4fx68A==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJWFBQajFvK1QrUUlnR3Yv
|
||||||
|
MjdTc0NwZjJDS1YyVjltY2NqNVQ5T3BtY1IwCmxYVnJsRVdZbFBRYUt5ZUpNeHgz
|
||||||
|
Z1hWYlFPeG1JYndNeWNKOHd1aE9ITXMKLS0tIGlFM3JybjFkbGZ0a0tkMEVzMU56
|
||||||
|
WEZ1dmF5SFF4enlZb1YvYmUzalJITTgKD5gHzpUfu4Kmd3SkUH7k7vaiiPYaNRyC
|
||||||
|
XoU0i7OawlTLvE0xe7eq5IEv7rRCvUX0SIYTCYrftjQll+SRcxITqw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age18vg9wvmj2jc8tdcyc202v46lvfndqfe3dse2hewx0snalpvk43fqc22n6y
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0VjY1TU1xMHVSUC84VnZp
|
||||||
|
Qm5ZOWlMUWR6ZjN3aUF2L1BnYmxsUG5oOGhVCk50MkkvamNvdmp6UG5RR3RPQVBI
|
||||||
|
M1NPTGJNOE5haVMzaGJTMUJ5SmdrZjAKLS0tIHdQMmFKSGxqSUVXbnAzSlpORVJl
|
||||||
|
dHA4Ty85U3o3Rk1NUWZuSVJWb0F2RU0KE9RcQRoVMA7BbxDbAQ90rMNzcGVtPN9o
|
||||||
|
KHi6w+Qmx27urvUEVJPdHe0wrzsayTaThSKcCvCDrdVzb9QknSVEWA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age108m6yx77k7aqcyesy4zmkulryzvyep6m92pflmldcnv3w5a0k9xqn5h7cx
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1TkNtMzBWSXFaRDlVbURS
|
||||||
|
ZXJmT0dnS3NidDNGTGRsTjJRSnFsYXJKbVhzCkRjUWFLa1ZHTlBvMnpFcUp4cnhP
|
||||||
|
eFdHTksrNTdYUDMrUnBoL05qUEpmTWcKLS0tIHhtbU1zejU4emlpdm5OanlZeG9l
|
||||||
|
NDVnNU1SUnJadnBSRGtTaXYvekJQV1UK+MaUX1rbTfhMDJE45CAJclbIG202DToN
|
||||||
|
BR2ALC3Bx8qxEfks4wakr6C/ULHrdKgJk0QVQsHqHHAJOXjJtRcXFg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1n09swn3qekcuw23vksp7hv4hpg0krlag3c5qcjjaf08m99c3ysqs6sxeyk
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIYmFFbkcyT2gvWFJRaU9l
|
||||||
|
OFZMUkRqMUlYSlhIM0tFMDAzdkFNSENJaHl3CkJXL21vVWV3MnZLNy83b0Z3MUNs
|
||||||
|
UkVQcG14SGFCaUVTMVVOcnRrYml4TFUKLS0tIEpyTU55WERuR1JYZTAxVmFwT2lj
|
||||||
|
T3EyazBjbDlIOW5acUg1ZVQ3dENqdEkKrXZVPl2OzyVwLLw+rT/U4QeJcB9hU7us
|
||||||
|
Bsa3l6X9VZ34nzfFGERVqZI6hbsXnuuRgjrD0oQHh5P69dSyRDgCmw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1tt4c8t72fha2fj7xlm0dew5avmkdxujmgplte4qm7sxlcucggedq0eyk7t
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzc3ZtSVhzOGY5NVZtRGJy
|
||||||
|
eHRYVDNxMWhNSUR0UjdwVlUxTTBKUlZDc0FzCnE2aE1FbURENTJpNXVzUlZXWlVs
|
||||||
|
cUVRZnpxTmR0c29WRUhaODh5Qkd4RFEKLS0tIEpuZHMrYXArUnJ4NytBa2F5VUUr
|
||||||
|
YnUraUNNQ01hZ1NSUnlybHdkMVk1YkEKsXrO8NIH20cfWDF4ghUWgZV/I67kMkEq
|
||||||
|
PrjRBt3o2kRJe6YZXqnJpawKPYguyJQuQR5nBBxcfg2Zwyy7RkZamg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-04-21T11:01:32Z"
|
||||||
|
mac: ENC[AES256_GCM,data:3LZUGqSj96oMrohPGaf62RPBKG1mSOddCEuIDfvmIPxCSgu5JIt4Hx3t8vEUUiQq4bsbZStSm096ekk3cNFxlfMrenObeIySYrHPLk3s63yC8ItlJPkgiTrTCLgmAxtIdhPlCYgP9cVl9glLcvM0rA9flGIq3gc8KxTfT4/Ig48=,iv:ysS781aFCJosp1EF6RGaIdEq5AUAuZtwYd83k4riByI=,tag:oeb5kwFQYQ/sP61rt/8HoA==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
|
@ -1,21 +0,0 @@
|
||||||
{...}: {
|
|
||||||
networking.hostName = "vpsfree1";
|
|
||||||
|
|
||||||
imports = [
|
|
||||||
./vpsfree1-vpsadminos.nix
|
|
||||||
../cli.nix
|
|
||||||
../nginx.nix
|
|
||||||
../send-logs.nix
|
|
||||||
./backups.nix
|
|
||||||
./ssh.nix
|
|
||||||
./syncthing-relay.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
systemd.extraConfig = ''
|
|
||||||
DefaultTimeoutStartSec=900s
|
|
||||||
'';
|
|
||||||
|
|
||||||
boot.binfmt.emulatedSystems = ["aarch64-linux"];
|
|
||||||
time.timeZone = "Europe/London";
|
|
||||||
nix.settings.cores = 8;
|
|
||||||
}
|
|
|
@ -1,85 +0,0 @@
|
||||||
{
|
|
||||||
config,
|
|
||||||
pkgs,
|
|
||||||
inputs,
|
|
||||||
lib,
|
|
||||||
...
|
|
||||||
}: let
|
|
||||||
port = 8081;
|
|
||||||
domain = "fossil.cyplo.dev";
|
|
||||||
baseurl = "https://${domain}";
|
|
||||||
path = "/var/lib/fossil";
|
|
||||||
in {
|
|
||||||
imports = [../nginx.nix];
|
|
||||||
|
|
||||||
services.nginx = {
|
|
||||||
virtualHosts = {
|
|
||||||
"${domain}" = {
|
|
||||||
forceSSL = true;
|
|
||||||
enableACME = true;
|
|
||||||
locations."/" = {proxyPass = "http://localhost:" + toString port;};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
containers.fossil = {
|
|
||||||
autoStart = true;
|
|
||||||
forwardPorts = [
|
|
||||||
{
|
|
||||||
containerPort = port;
|
|
||||||
hostPort = port;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
bindMounts = {
|
|
||||||
"${path}" = {
|
|
||||||
hostPath = "${path}";
|
|
||||||
isReadOnly = false;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
config = {
|
|
||||||
config,
|
|
||||||
pkgs,
|
|
||||||
...
|
|
||||||
}: let
|
|
||||||
user = "fossil";
|
|
||||||
group = "fossil";
|
|
||||||
in {
|
|
||||||
system.stateVersion = "23.11";
|
|
||||||
environment.systemPackages = [pkgs.fossil];
|
|
||||||
users.groups = {"${group}" = {};};
|
|
||||||
users.users = {
|
|
||||||
fossil = {
|
|
||||||
inherit group;
|
|
||||||
description = "Fossil Service";
|
|
||||||
home = path;
|
|
||||||
useDefaultShell = true;
|
|
||||||
isSystemUser = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.tmpfiles.rules = ["d '${path}' 0770 ${user} ${group} - -"];
|
|
||||||
systemd.services.fossil = {
|
|
||||||
description = "fossil server";
|
|
||||||
after = ["network-online.target"];
|
|
||||||
wantedBy = ["multi-user.target"];
|
|
||||||
path = [pkgs.fossil pkgs.git];
|
|
||||||
|
|
||||||
serviceConfig = {
|
|
||||||
User = user;
|
|
||||||
Group = group;
|
|
||||||
WorkingDirectory = path;
|
|
||||||
ReadWritePaths = [path];
|
|
||||||
ExecStart =
|
|
||||||
"${pkgs.fossil}/bin/fossil server"
|
|
||||||
+ " --localhost"
|
|
||||||
+ " --https"
|
|
||||||
+ " --port ${toString port}"
|
|
||||||
+ " --baseurl ${baseurl}"
|
|
||||||
+ " --repolist ${path}";
|
|
||||||
Restart = "always";
|
|
||||||
RestartSec = 3;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,94 +0,0 @@
|
||||||
gitea-mailgun-smtp-password: ENC[AES256_GCM,data:90aeGpoadDETlj3asOynIGFl0Fypsp0Eq7aKnGRR3+NGQr5DFg54gKrlX3KMZgddnSE=,iv:xjtVQEILVl+XFel+thoS8OvF/fpFYSNtt5MTRUhgyrI=,tag:8+KaSsB6/65TonpTl9Mi/A==,type:str]
|
|
||||||
mastodon-mailgun-smtp-password: ENC[AES256_GCM,data:Ln3rFbrddNtbnpqsG3i241BpT1B6sUXCPRpoV9QZxiKEF+E6AZjZw2LBXVcwgIm9Dd0=,iv:9BJuVSfOC48K69kDLUjr1oK3g0xSKAxlzDI/py3STt8=,tag:geLjytd+xC4dtf7hUMJ/8Q==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSeWVuY3Evcm1taWFSM3Jv
|
|
||||||
aFdUSGVCcXZ0MkFWbUhYMVlMKzNWbkw1WlVvClkrMUVrcjEzQ0tjN2hSOUdPdXNE
|
|
||||||
cnpnN3BqN1QwTVMvbklkL3B3ZlJOd00KLS0tIEdyMmp5VmpZdGZXRS9WdDBrWHE0
|
|
||||||
aXZ0ZFJLZUplQVltS0VkMCtlMGdleFEK0aAWEkyRzM0SdR+eNTurVvD70yhJJxC7
|
|
||||||
oRNuo5SD5XU4AMakCLffc1I4XkM8L6SwffS20yP+s9UY/D1n9FBZAg==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1s3z2rfske90kt93a3z7twp6kew6mqd08sgunupym0gpmuh8ezqqscdrv7m
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFWUFBaHBZdmVIWnRuaHpT
|
|
||||||
WVBOLzJKNERBQXhrNVEyWVcyZllPSFV6bG40CisrQWU4R3plcHJ3ODRTbXNvL2dr
|
|
||||||
TXV0R3loVjUxcFI2dnJqaURMOXJqQWsKLS0tIHhpMkNlckc3VDNRelBmMTVNZy94
|
|
||||||
T0hxY1hOLzNTYithQ0g0YlBuUExlK1UKOCUEwKPlXL+im23fxkbHY5iMD7tSaEq5
|
|
||||||
qF686lZHPJ9hil/8O+cmQ/qQPOiEqJBh9cvw9deWo+T65pp7aeixRQ==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVTBodlh0cXl4MEc3cXli
|
|
||||||
ZndJV21aV2U3OEJLZXkrNmVPNy93T2tXbURBCnhBQVRGSXVaMXJiWG9jbU5kR1Jk
|
|
||||||
Um1seVd5L1FkK3YxRmp2ZExUekwzMTAKLS0tIHoyK0FwVG1HQ3BFc0huRUZneGFR
|
|
||||||
QUh6NGdtZ2xkbUhXeXdpeVdjZTdHZ1kK/DeOe18HwJpoRNxo4JvdNGc8Ema61J4w
|
|
||||||
oxTZpqszWeNItmLtTvWJk9kahR1PhUwReG3zhVpxa+SzJTkLLy9amQ==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCaVVpeVphcENhN1RNV0JK
|
|
||||||
MUFDTFo0aEZuN0dYOGU4YmQwampPdTJQcUEwCld1WlhFUG11bzZTL3MzOVhNa1J6
|
|
||||||
RmhpeUN0Sm0xK1B6WTJsUjdCNXRzU2cKLS0tIHpNd1d4bVBXVlYyMG5hVjRkVi9Z
|
|
||||||
SFN5TUhqWWxHd2ZMeEdtUGV3SmljOUUKKPazmCwOsqYVLTW1wo6ie1+l910X5o6I
|
|
||||||
ygmi3TSv0ztwgqi94x3ma/1v82pPT/GCtGe22tCUOOiR+qn70mOGZw==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBRmFJMVJlMHBrNzltNDdq
|
|
||||||
RVZKYUJlMEcwVGtwaEI1RTloOHowbVNZREQ4CkFnSGlzM1VkWW5pcVNDWSsrQ1NI
|
|
||||||
dkVGaWhhaWd4VTA4RmplSUV0NTFpa0EKLS0tIEpqV1hWUEpvbytOOXNVeFhYWHNF
|
|
||||||
N0tHazQ3VEl2c1kwODNBd3lpS2NkM1kKt3uWMg2LuCeEquyYB5FNzEfI2qv7D1d2
|
|
||||||
8KD3X9mangmITwmLumdzcmxwEYmz0SD6im9fy413S1JZxDZonvZ8lA==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFaVI0N3JBbmFCdk9CMDk1
|
|
||||||
bTB0NTJLb1J3S3JKcjk2dzFzdmJmQkpvbFdJCklFSW9PL2NSSFRSeGlkZmJqR1Av
|
|
||||||
dDlrMmw2L21kZDFFT0ZTNG5aK1YvSncKLS0tIEFVZlNOSVduUHhOMDI2Z1Z5R2Uw
|
|
||||||
TytkQnZ5RXp3R1pCSThjM0VYdnkxcncKGM4ceBAfyXpgRGLAvTdEpE31uXJSCktR
|
|
||||||
KhfUZ/3lvuu7M12ju4ogqdoTND88IWDL2sewmgkyFRRbuBMHfEbKBg==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRDhsU2tLRDU2Zm8zTkpy
|
|
||||||
d3Y4RGtPc3IzM1h3TVBHYi90eElDM25qZTBrCkdSL2I1SGxNaktZMzF0V0xiOHVy
|
|
||||||
ZXdGc095ZWRLWjNTdkMzVFlXMUNVY00KLS0tIFF2S3V2Y3hpMFN6Sm54dW9PVUVI
|
|
||||||
UjE1NXVYa2RzZHhmN2ZiTFltTERtd2sKmHDLboVclE9tn/2dtA21SWWQ8an27HEd
|
|
||||||
6iUOFVPQ7Yy3wd64CU7sd+vUq7w24NMORjj+ltQJXnpDfedmoecALQ==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1n09swn3qekcuw23vksp7hv4hpg0krlag3c5qcjjaf08m99c3ysqs6sxeyk
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjVVlPeFkrdWN1aG9uWi9j
|
|
||||||
YVZacG1lRHA3VXpTWUlBSmFLbkxZemg0eFFvClZXcjJNLzVDVCtrZ3ZRNi92VWFM
|
|
||||||
VmJNeE1FWEVYWTZqQTdIYkYvUDhsZnMKLS0tIEg1RFNJUkJmNjVHMUQwMjBYb282
|
|
||||||
NmQrUk15LzZrcHQzV2c0K3VPOVc4V2cKXDggWmSB4WZbAqFoc+rGTRrpbG25L6Xz
|
|
||||||
7R3AD52Ul2dE60CdrPACoi7zJWKfr/QjJ5qfUi3xxhNn906qYRVQXQ==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1tt4c8t72fha2fj7xlm0dew5avmkdxujmgplte4qm7sxlcucggedq0eyk7t
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBId1FBN0Y5dHY3S2c1cEhi
|
|
||||||
eFNGTkdrQ0luMEliYU0zOVJpdmFENy9iOHhrClNmTHdsK01EeFlTWGk3Y1R3YTMx
|
|
||||||
SERzbTZ2YUdreWFVaGlXdlh1aC91U1EKLS0tIFR3RzRJZHIyR1IxZG13SFlUeTdI
|
|
||||||
SVNKZ0psWE9LVG9qaVZ6cUJhYVFxVEkKEai4IXJstKRavu4hrV4PFWv69kjdvWit
|
|
||||||
Y7xHFrR5OS5/Elfg5uPk6fkF91H+niY5XPytuRAkNdkIJh29sDClvg==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2022-12-03T22:10:58Z"
|
|
||||||
mac: ENC[AES256_GCM,data:gKoPQdINeMfQsofqxGLMRzikWfYqd9DFzR5JS7YQFHzlSrjxed6GFKr4YtKClBvfZU67AvE9OV6CyCweG9M5BFl9nDwjr8y85Lj0CvWrCtOVaQQ0nVloayrF4c1IKA2TH4BrXJA+kV9mSgc8eRYmwI6dY988nMLRsSp+oEgAJQk=,iv:d73wS8SaRao2L8MpRst1PXAtrjl8ViqiqoIFMzWKRv0=,tag:fMvq4Pp5BmM4A85VFBMlog==,type:str]
|
|
||||||
pgp: []
|
|
||||||
unencrypted_suffix: _unencrypted
|
|
||||||
version: 3.7.3
|
|
|
@ -1,39 +0,0 @@
|
||||||
{
|
|
||||||
config,
|
|
||||||
pkgs,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
services.nginx = {
|
|
||||||
virtualHosts = {
|
|
||||||
"cyplo.dev" = {
|
|
||||||
forceSSL = true;
|
|
||||||
enableACME = true;
|
|
||||||
locations."= /.well-known/matrix/server".extraConfig = let
|
|
||||||
server = {"m.server" = "cyplo.dev:443";};
|
|
||||||
in ''
|
|
||||||
add_header Content-Type application/json;
|
|
||||||
return 200 '${builtins.toJSON server}';
|
|
||||||
'';
|
|
||||||
|
|
||||||
locations."= /.well-known/matrix/client".extraConfig = let
|
|
||||||
client = {
|
|
||||||
"m.homeserver" = {"base_url" = "https://cyplo.dev";};
|
|
||||||
"m.identity_server" = {"base_url" = "https://vector.im";};
|
|
||||||
};
|
|
||||||
in ''
|
|
||||||
add_header Content-Type application/json;
|
|
||||||
add_header Access-Control-Allow-Origin *;
|
|
||||||
return 200 '${builtins.toJSON client}';
|
|
||||||
'';
|
|
||||||
|
|
||||||
locations."/".extraConfig = ''
|
|
||||||
return 404;
|
|
||||||
'';
|
|
||||||
|
|
||||||
locations."/_matrix" = {
|
|
||||||
proxyPass = "http://bolty:8008"; # without a trailing /
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,44 +0,0 @@
|
||||||
{
|
|
||||||
"data": "ENC[AES256_GCM,data:XbZZT4EvSrmaL3ISyEQjTWnnOKoWZ/uEyZr275eXlJFXL2V1y11IzOOaEanXEKvcyAmW62j034IWoM1hMAmGC0UFC74pKsubw71pjKQb9UclOeMPTAZBdw==,iv:/BJY2a65QAm3+9Ohvvp+VxMPXedPDbcGFglDgQPCZMM=,tag:i1oSYO24z/TaG2w62XMoAg==,type:str]",
|
|
||||||
"sops": {
|
|
||||||
"kms": null,
|
|
||||||
"gcp_kms": null,
|
|
||||||
"azure_kv": null,
|
|
||||||
"hc_vault": null,
|
|
||||||
"age": [
|
|
||||||
{
|
|
||||||
"recipient": "age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n",
|
|
||||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKc0pLQ0t4K280WVVwRnJ0\nYnZ3RGtXQ01PaE45N0tmTC9aOVBKdkp5dm5NCnN6bHlTeFBoazdKOWthdDE2dHBO\naXFTR1NETHZINzk0UkpFL3RobjJTQ0EKLS0tIHBwNmQrd0xHQWx3eG1UdzJ1THdv\naFBTeG9mR09XMmZsNFBGUzIzNnZsb1EK6tkaiqS2s3BKNUSzD/wt6T/RPlz8hM/u\nmzBKryrlYszGV76kKPO3XBtze7lqnsY3E/Mi01AvWH9jJeaI8X69Jg==\n-----END AGE ENCRYPTED FILE-----\n"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"recipient": "age1s3z2rfske90kt93a3z7twp6kew6mqd08sgunupym0gpmuh8ezqqscdrv7m",
|
|
||||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzc1Q1Q2g5My9BL3dVUEp1\nRjJjclkxdWd6bXVqUThuK3hON2NHaVZRTndFClpxM1hWUUJieGYzTVVWWHdiM2xH\naWJpSlBTSEhoMTVXWGJoTWt1UTl5Rk0KLS0tIENwMlFiZndtWWhwV2NNOVhtQk5l\nSzV4VGg5ZU8yaXY1UWJSK1JVWjZDZFEKAXPLsV5ytWUcBw2Qf3l0HOp/ASWKqjJk\ncD0OZXNd+1yKoC6TtZxhhp7rO8RQrggoo+0mQMqDe9NJPRnTqannjg==\n-----END AGE ENCRYPTED FILE-----\n"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"recipient": "age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn",
|
|
||||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKU0NSN1VDYUlFbkNUaTN6\nWVFBbXRneXJwWTBuRFUwenRwOFVINjVwa0NrCm5rMjFJK1p6Q09pR3pzazdhNHhP\nNGdFdlJhdC9LZ3Z5bGU0c1A1K2Y0bjgKLS0tIFQ1c3dySHVpK1hDckswTlMxTC9O\nSTE3MG5tWEdjNFQ3R2xrSW5HdDFOU28KJbV+leDxSf/CfCbZbiKx1bb2uE9UQhis\nFTLregz9Wg20ZOY5+/Mn+p2FHs1VFmm5LSkzLd4dDodf4XB7X5L03g==\n-----END AGE ENCRYPTED FILE-----\n"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"recipient": "age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt",
|
|
||||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwcmxPNjMvOE1IWjNGN2ZG\nUGh2UWhxN2xjTEFiWHMzYy96clJpbktYeDBNCldiSVpDNEdSLzhIbHc2NUg2Sm53\nRW5HK21KV3JGRGs5V0NmQzMvSVQ0UUUKLS0tIDRtWUVVSFFGSkhhbGp4UjNER01S\nRllaZDhXTGJ5V2ZtS2F1WWJ0UithbGcKG3FFQmyzGstt8RRx/56f2L+d7lknLs9U\nzjgedEKFlVeWh9nbvV3D5Fqh4ekoSmZE0KJZKcjEcBDrMYeU0fcc2w==\n-----END AGE ENCRYPTED FILE-----\n"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"recipient": "age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu",
|
|
||||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYSkdCb1hhQkljSFh6UHkx\ncGFnSTJDcDV1am0wd0IvOXdxWW5jMSswN0FBCnU3QVhsT1JGQzg2TGRZU1ltWmRN\ncjhrYTdtUnFUb3BvWGYyRkhjSHpnRUUKLS0tIEVLeWY3MWxTZUJzTWw0dVBoUVdv\nV3NFTHdRVWp4WEh1MGp6SnBjRGtZNGcKVJToOhX2ptmsvTA2B8VSiZ1e9te+SOIN\nrEdEH47h4/t4pswnZSZg9Ll8asYbmtbPNBWdEKtO/80cFMMz4N4QBQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"recipient": "age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla",
|
|
||||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnRGIzbzhzZ2pjVXhDci9S\nV0JOcHlOcDVhM0pzb0c3Q01ZYXp3ek1CY0dNCnhGY2NMM3dhVUpWUFhiQUNUcXlL\nMTNNN2xnTWZqWWVkeGhURkNCU01Cd0kKLS0tIGg3eEZZOGhoakZ4Ni9DMzBvcllx\nREJTOHFOWHdwTU80QzMxamkzc2JsTVUKnmxnq+4LBfHxyIomCE8JeiNLloXEygGd\nx0Sm3hN99Qohp2IEKF9UiSfzcmoUgC0yzXal4GxkE4zO/5EkxMoBfw==\n-----END AGE ENCRYPTED FILE-----\n"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"recipient": "age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla",
|
|
||||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIZ3ZSVEFOZ2o1eVR4Z21R\nM1JtTFVuSUpjNWJreERHUlpPVHlTS0paVHpjClRqamhjUVpMZFhHb0dRZ0lCbGhV\nTWtIM3luODlqalNUN3VqU3g1RHhFUzAKLS0tIERNSWRCQUxDd3ZMNFFYamRLYXUv\nTDQrbTVremRWNFpqWFZrWlBpUUpXcUUKEyBwbsNf3EF05EbIxLBECNlkEaQ0+B96\nEDVOiMYyStKRSJvaaiJK2mNSizc8qs6aJvyF/F5qeJUWSa2JguzBtQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"lastmodified": "2022-08-20T08:49:31Z",
|
|
||||||
"mac": "ENC[AES256_GCM,data:+yp1/bwAu8cN0i6yec2iTbBTwIOnO7465nX3+Qkex1sRGMB6hra92jEZyo2sVgFl8ws5APzGmmsyAeAaKqdzvC/8OGbqlSb+SXKqaa9mxZA58+NnIuAI8gtYQKz1gZ/N6gr0gZpllF+u622ooHrwiL2/GmzOYVApBmSpAROOGsw=,iv:rJzDHQH6Urwb2E1u5nT3dTtlEqGCFQME0uChghG1G94=,tag:vC20wbEyiwvvDpxMD4uYJA==,type:str]",
|
|
||||||
"pgp": null,
|
|
||||||
"unencrypted_suffix": "_unencrypted",
|
|
||||||
"version": "3.7.3"
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,75 +0,0 @@
|
||||||
restic-backups-b2-repo-password: ENC[AES256_GCM,data:Th/Uz+kcaWdz8GcRoU0uACOqV51n42FkcheSuK99h1VIN4tg1Qrjd38tEWCsrqswURWQdNdVnR+AmQlm3lmmT/aQBhHSwWRgxLjnx1WRvNANS4jC/OImr0u8/1Z6rfVwaHCIgkWOpsG1BSWYmGrX1+Lpx8+YpP6RUVy1csLforDoukvRhtGPjz/TfKs0pVkTmoSJvyCNnzjeHAMrpGYiUSTqhUNCr78OW1EQhDUjoNMHNQZJN8yiDykA83OQiyZRfvpYJyk5QrLIbmBwdj7fjMSvV4X7gWjpYn/hm4pqfFSTMhIcBDtmRouohsAElMAt1VFDTh+dSbITfhLTiHr6IQ==,iv:V/ZyW1yqlN8ZbeyTlkztBNtUF+H7BfKK6hgTtX2T6Jw=,tag:HQjlo4GxpGsOzybSWtfM1A==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArdXh2MGtKc0lrRG0rWWFF
|
|
||||||
bnFidy90a1IzcXV1U0dFWW1pdmg2MGNxQkhrClU2NUdtZU83aGhuWlBRMDdLQjFm
|
|
||||||
T2VJMlJvMWc2YlNGT29Oem9VT0lxUG8KLS0tIG92c3VsWi9JK0xKNjliY1MzWTZs
|
|
||||||
WmdMUXBEYzluWHNJTklYRVhmMGF4dDAK6+vMr86fOjy0Bw4e+7MPSrOqQ7m50MNc
|
|
||||||
Aj4btH7NffuUrOsjpxCos0y8q6oQxOFpOAt2N6jhx9QyXAmxKeHZpg==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1s3z2rfske90kt93a3z7twp6kew6mqd08sgunupym0gpmuh8ezqqscdrv7m
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXWVRFZnV1YjhsZFNZUVhq
|
|
||||||
NU1TZ1JFV09vY212aHVXT21LZmVUYXRIMkJRClhPQStSN1BmL2NweTlhMkRLQVht
|
|
||||||
dUd2YTVkZnJkWVZueFdMNGRFcDlkRFUKLS0tIEM2WGpCd3BwakRIL0RLS2tJMVQ1
|
|
||||||
Qm1hZ0dHTzRWdWs0bnFpTUJaS0NiT2MKzabwKNeYP13NDjqNis9jk5su2EwZLanX
|
|
||||||
TOToLrk8NmARHAyqGPrHGDCJb7y3o34sAFbXeRTtkpeyC4PXo3DA1A==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFQzFsa2pIVnA1NmhiZFFa
|
|
||||||
eFVkSERHeVp2Z3FRbXNFNUJaVER2czFOOEVrCm9ZYWVOWXdsSnk4OUxtdnlUYnRo
|
|
||||||
TjhTc01UYTFNQWNwWkFpNmt0WGtiRkUKLS0tIDV4QUxpZVB3NG1tQi9QTFdLcERF
|
|
||||||
TG03SGoxYkNqVG1DZ29LV3JES1MyMlUKsmORsigoSec0HAa3UzFEi2YDVdvONKhT
|
|
||||||
rgPBLCVDsHgrH+b3NYcTyiGG1cwiEoy3EDIDCDorN4a0XytpRhw6jQ==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzK0M4cVdod3RzVmN1elJC
|
|
||||||
UW1ZSy82R2J1V2dSTk9EZC9xOVI3NTFBQTBZClkxZGJoSEQ4YVlnQWZzbnJkbHBG
|
|
||||||
NVdYYkdOalk0cjZYWDFnSEtrWFpTZ0EKLS0tIFFORzRtRkFMNzRMWFVWY2xQTmpm
|
|
||||||
RWsxWVVwYXV5U1E1MWZSNmxQQnhGeGcKPQUxaJwfKEc8/NUdALftg9t4ZfX2xKOJ
|
|
||||||
BEEcTAo+eS+TQ10gPBrhX6fmuQcWkKH27AcooQczLRj7h0KWm4mNiQ==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTSStiYjRFNUtaTFc0bGpJ
|
|
||||||
TkdQbDlVTGxJSkpPL3VEZ3VSMmEwMHdYc3lnCmdqRDc2Y2E1R2MwR2ljWG9CcEha
|
|
||||||
MklxSkZOUTVCNXpuTS8yTUVDNXUvb0kKLS0tIHZKWGFOd3l5ZnllbnJOVmdzN1FS
|
|
||||||
d1JMNFNxTS85K09zMXZsdVIvbThiaWsK8GAykyhoW+/iOgfbgQCtblA4BjlrIVcY
|
|
||||||
6uw00sByQB0e2KT48Lb/hiWDnNbyH8nv9U2K3Iyo/BFkbCQ/GJOXTw==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGbFBVTFFvU05XUGptb2hj
|
|
||||||
eTZaUm16bE9xZFJUUEZNVTE1ZGpYRVh2dlNRCjRabWxzcTE3UDBsRXUvVG82dXkw
|
|
||||||
elFONkU5UkVoY3Z4OU9ZbG9CdldUd00KLS0tIDFvSGRid3RMMHZETDFURHNnVThW
|
|
||||||
cHE4Y2F1ZWh6Q2tGZ1ZUaGlPT1JGck0KV4hiMystiZ/nD/8D9nPF5JrtSauj9GIO
|
|
||||||
4E/2syq+dXp8o5UPf3zCYfAiVm0hurFNIv3noS0t5ucIEELQ2bsH/w==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJZFZjU1R1L3F6RjJNdjVB
|
|
||||||
MksxSVVtdlh0Vm9LZ1JVVHVjV0ZMa042N3drCmErOUpaOUFVR3BVVWVqUVErajR0
|
|
||||||
bkpXMCtHaHJNYmhKTTlpTzJId1o1UmMKLS0tIGs3VUtmaC9DSDZIenpYMmZibVpi
|
|
||||||
UGs3bmVxNkF0NVNDSit3UDJOMGpNMkUKg0A+T0zMthtarMORQk9P8F0Eh4kNYAdO
|
|
||||||
0VgyYS5JfJ76Le9YJGRMygUciidptyfK4W1MJ5D1lPceNmCQ7uLSdg==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2022-08-20T08:34:12Z"
|
|
||||||
mac: ENC[AES256_GCM,data:WXYIXl20eI4YwvWfrlY0Kje947u5b2xcGunFLB6KQkuoBM/3Mv9MNJ5NsWpPruRiX5BEIW7rIFfsuVYBn0EVZOPR2xGUsgGWxQ7hU1C0GNVB4NODoQ1iW0W75fM3XW+vzEE6SIxxAkFJK470JwpJpWI/TNC28gj16Z2Kt6yAuBU=,iv:YmyxRbrw8SgxVccRBwVVuqNBFw8LNCUQsDD6ds8qzUk=,tag:16B2m9p/VAVY1VvZdxBBYw==,type:str]
|
|
||||||
pgp: []
|
|
||||||
unencrypted_suffix: _unencrypted
|
|
||||||
version: 3.7.3
|
|
|
@ -1,13 +0,0 @@
|
||||||
{
|
|
||||||
config,
|
|
||||||
pkgs,
|
|
||||||
...
|
|
||||||
}: let
|
|
||||||
port = 2222;
|
|
||||||
in {
|
|
||||||
services.openssh = {
|
|
||||||
enable = true;
|
|
||||||
ports = [port];
|
|
||||||
};
|
|
||||||
networking.firewall.allowedTCPPorts = [port];
|
|
||||||
}
|
|
|
@ -1,14 +0,0 @@
|
||||||
{
|
|
||||||
config,
|
|
||||||
pkgs,
|
|
||||||
inputs,
|
|
||||||
lib,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
networking.firewall.allowedTCPPorts = [22067 22070];
|
|
||||||
services.syncthing.relay = {
|
|
||||||
enable = true;
|
|
||||||
listenAddress = "vpsfree1.cyplo.github.beta.tailscale.net";
|
|
||||||
pools = [""]; # private relay
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,61 +0,0 @@
|
||||||
# This file provides compatibility for NixOS to run in a container on vpsAdminOS
|
|
||||||
# hosts.
|
|
||||||
#
|
|
||||||
# If you're experiencing issues, try updating this file to the latest version
|
|
||||||
# from vpsAdminOS repository:
|
|
||||||
#
|
|
||||||
# https://github.com/vpsfreecz/vpsadminos/blob/staging/os/lib/nixos-container/vpsadminos.nix
|
|
||||||
{
|
|
||||||
config,
|
|
||||||
pkgs,
|
|
||||||
lib,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
with lib; let
|
|
||||||
nameservers = ["1.1.1.1" "2606:4700:4700::1111"];
|
|
||||||
in {
|
|
||||||
networking.nameservers = mkDefault nameservers;
|
|
||||||
services.resolved = mkDefault {fallbackDns = nameservers;};
|
|
||||||
networking.dhcpcd.extraConfig = "noipv4ll";
|
|
||||||
|
|
||||||
systemd.services.systemd-sysctl.enable = false;
|
|
||||||
systemd.sockets."systemd-journald-audit".enable = false;
|
|
||||||
systemd.mounts = [
|
|
||||||
{
|
|
||||||
where = "/sys/kernel/debug";
|
|
||||||
enable = false;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
systemd.services.systemd-udev-trigger.enable = false;
|
|
||||||
systemd.services.rpc-gssd.enable = false;
|
|
||||||
|
|
||||||
boot.isContainer = true;
|
|
||||||
boot.enableContainers = mkDefault true;
|
|
||||||
boot.loader.initScript.enable = true;
|
|
||||||
boot.specialFileSystems."/run/keys".fsType = mkForce "tmpfs";
|
|
||||||
boot.systemdExecutable =
|
|
||||||
mkDefault
|
|
||||||
"/run/current-system/systemd/lib/systemd/systemd systemd.unified_cgroup_hierarchy=0";
|
|
||||||
|
|
||||||
# Overrides for <nixpkgs/nixos/modules/virtualisation/container-config.nix>
|
|
||||||
documentation.enable = mkOverride 500 true;
|
|
||||||
documentation.nixos.enable = mkOverride 500 true;
|
|
||||||
networking.useHostResolvConf = mkOverride 500 false;
|
|
||||||
services.openssh.startWhenNeeded = mkOverride 500 false;
|
|
||||||
|
|
||||||
# Bring up the network, /ifcfg.{add,del} are supplied by the vpsAdminOS host
|
|
||||||
systemd.services.networking-setup = {
|
|
||||||
description = "Load network configuration provided by the vpsAdminOS host";
|
|
||||||
before = ["network.target"];
|
|
||||||
wantedBy = ["network.target"];
|
|
||||||
after = ["network-pre.target"];
|
|
||||||
path = [pkgs.iproute];
|
|
||||||
serviceConfig = {
|
|
||||||
Type = "oneshot";
|
|
||||||
RemainAfterExit = true;
|
|
||||||
ExecStart = "${pkgs.bash}/bin/bash /ifcfg.add";
|
|
||||||
ExecStop = "${pkgs.bash}/bin/bash /ifcfg.del";
|
|
||||||
};
|
|
||||||
unitConfig.ConditionPathExists = "/ifcfg.add";
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,74 +0,0 @@
|
||||||
{
|
|
||||||
config,
|
|
||||||
pkgs,
|
|
||||||
inputs,
|
|
||||||
lib,
|
|
||||||
...
|
|
||||||
}: let
|
|
||||||
httpPort = 8000;
|
|
||||||
agentPort = 9000;
|
|
||||||
domain = "ci.cyplo.dev";
|
|
||||||
path = "/var/lib/woodpecker";
|
|
||||||
serverContainerName = "woodpecker-server";
|
|
||||||
uid = 2061;
|
|
||||||
gid = 3061;
|
|
||||||
systemUserName = "woodpecker";
|
|
||||||
systemGroupName = "woodpecker";
|
|
||||||
in {
|
|
||||||
imports = [../nginx.nix];
|
|
||||||
|
|
||||||
users = {
|
|
||||||
users."${systemUserName}" = {
|
|
||||||
inherit uid;
|
|
||||||
isSystemUser = true;
|
|
||||||
isNormalUser = false;
|
|
||||||
group = systemGroupName;
|
|
||||||
extraGroups = ["podman"];
|
|
||||||
};
|
|
||||||
groups."${systemGroupName}" = {
|
|
||||||
inherit gid;
|
|
||||||
members = ["${systemUserName}"];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.nginx = {
|
|
||||||
virtualHosts = {
|
|
||||||
"${domain}" = {
|
|
||||||
forceSSL = true;
|
|
||||||
enableACME = true;
|
|
||||||
locations."/" = {
|
|
||||||
proxyPass = "http://localhost:" + toString httpPort;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
sops.secrets."gitea-env" = {
|
|
||||||
sopsFile = ./gitea.sops;
|
|
||||||
format = "binary";
|
|
||||||
};
|
|
||||||
|
|
||||||
virtualisation.podman = {
|
|
||||||
enable = true;
|
|
||||||
defaultNetwork.dnsname.enable = true;
|
|
||||||
};
|
|
||||||
networking.firewall.allowedTCPPorts = [agentPort];
|
|
||||||
virtualisation.oci-containers.containers = {
|
|
||||||
"${serverContainerName}" = {
|
|
||||||
image = "woodpeckerci/woodpecker-server@sha256:acb188797f93b1b9228415b4418b8b8d2153df2e21f8c0c561a893243a542439";
|
|
||||||
volumes = ["woodpecker-server-data:${path}"];
|
|
||||||
environmentFiles = ["${config.sops.secrets.gitea-env.path}"];
|
|
||||||
environment = {
|
|
||||||
WOODPECKER_OPEN = "false";
|
|
||||||
WOODPECKER_ADMIN = "cyplo";
|
|
||||||
WOODPECKER_HOST = "https://${domain}";
|
|
||||||
WOODPECKER_GITEA = "true";
|
|
||||||
WOODPECKER_GITEA_URL = "https://git.cyplo.dev";
|
|
||||||
};
|
|
||||||
ports = [
|
|
||||||
"${toString httpPort}:${toString httpPort}"
|
|
||||||
"${toString agentPort}:${toString agentPort}"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
Loading…
Reference in a new issue