cupsnet backups plus vpsfree cleanup
Some checks failed
use nix / build (push) Failing after 2s

This commit is contained in:
Cyryl Płotnicki 2024-04-21 12:18:05 +01:00
parent 0bb7f84fe5
commit 202d7d9328
14 changed files with 194 additions and 536 deletions

View file

@ -1,12 +1,9 @@
{
config,
pkgs,
...
}: let
{ config, pkgs, ... }:
let
genericBackupPath = "/var/lib/backups/";
nixosContainersBackupPath = "/var/lib/nixos-containers/";
in rec {
environment.systemPackages = with pkgs; [restic];
environment.systemPackages = with pkgs; [ restic ];
sops.secrets."restic-backups-b2-repo-password" = {
sopsFile = ./restic.sops.yaml;
@ -18,23 +15,34 @@ in rec {
};
services = {
restic.backups.b2 = {
passwordFile = "/run/secrets/restic-backups-b2-repo-password";
passwordFile = config.sops.secrets."restic-backups-b2-repo-password".path;
paths = [
"/var/lib/foundryvtt"
"/var/lib/gitea"
"/var/lib/mastodon"
"/var/lib/postgresql"
"/var/lib/private/cryptpad/"
"${nixosContainersBackupPath}"
];
repository = "b2:cyplo-restic-vpsfree";
repository = "b2:cyplo-backup-cupsnet";
backupPrepareCommand = ''
systemctl stop container@mastodon.service
systemctl stop container@foundryvtt.service
systemctl stop cryptpad.service
systemctl stop forgejo.service
systemctl stop mastodon*
systemctl stop postgresql.service
'';
backupCleanupCommand = ''
systemctl start container@mastodon.service
systemctl start postgresql.service
systemctl start mastodon*
systemctl start forgejo.service
systemctl start cryptpad.service
systemctl start container@foundryvtt.service
'';
timerConfig = {OnCalendar = "daily";};
environmentFile = "${config.sops.secrets.restic-backups-b2-environment.path}";
exclude = ["cache"];
timerConfig = { OnCalendar = "daily"; };
environmentFile =
"${config.sops.secrets.restic-backups-b2-environment.path}";
exclude = [ "cache" ];
pruneOpts = [
"--keep-hourly 25"
"--keep-daily 8"
@ -42,9 +50,7 @@ in rec {
"--keep-monthly 13"
"--keep-yearly 2"
];
checkOpts = [
"--with-cache"
];
checkOpts = [ "--with-cache" ];
};
};

View file

@ -3,6 +3,7 @@
"${inputs.nixpkgs-stable}/nixos/modules/profiles/qemu-guest.nix"
../cli.nix
../send-logs.nix
./backups.nix
./boot.nix
./cryptpad.nix
./disks.nix

View file

@ -0,0 +1,60 @@
{
"data": "ENC[AES256_GCM,data:XPPaokHHmETVwWxPMN62fKI/i+9PMVh4zAo4/mrdxbZHIoXZ+8KTWrJBGqTkhiINos5piZyh5Ox1V25mW/w/0vQfpBwr6rsVuZAIQzN3OGspv8c2gykynQ==,iv:R6nOavL0AXXbIXPMKA+ogQdTERana9Q70PJ/Z+aSmUI=,tag:NtKBkpDv+HWY5SLUd3IvvQ==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoSzN5SHlCWG9IbHQ3NDFP\nT2RIVjlXVnVXdDJrUjN5dURnT1FJWjBQb1ZrCm5wQi9wYnhNTVpod2duUEVnMjZW\nbkkwZGlVdy9nVE5JM25YdFNqMUFZVEEKLS0tIEt0aHlDWmhhSnZBazBXWnArSHpw\nM0phSm56M2IzQXRDdGxNcE1ROENMdFUKBdihdeR2+/rgeHelH5Wcw0A9D5j5+6Tq\nMJXQt9Yq6XkSKvmgVvDoaf7VmEjqrwLoEYHeb16N72hnMXM6UWQ6MQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1s3z2rfske90kt93a3z7twp6kew6mqd08sgunupym0gpmuh8ezqqscdrv7m",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwV1BRb3ZRV2pmVnBFWUxr\nUm1ET0ZLS1A0dEdJSE15TUY2b2pCcVZaMGpFCmNIQ2sxclorejE4enRwcUg2aEFM\nSDdFSjNncE55b1E3UEZ3Sk45UTFxRmMKLS0tIENkMFNENzBZQTJCUmJOczc5UmRU\nN0JlWlpkY0hibjVqcjB0MVRkMzB5SFEKPFRM/gOyw1hICIbA0o44mu7fp3TiEY2y\n8lhoQh5jWd6DoNh/rwoOooc/+2r9yYI/QBTnWEmVMQ91s7l4psWQRA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1TnZ5NldTVlY1TFpzcmxT\nbHJ4U1MvYzNkZVlvcVVDenZhMTBSZjQ3VVRJCnR2RTJYR3lMVDlOdjAwckp1ZWlB\nVzJ0SnVxc1ZObXNMS3RUc1pLZkcxV0kKLS0tIFJ0YnJFYk00UnlseFFuOUpBNSs2\nU3NRdmVRQk1vVlorVythTWYwSVcxcVkKik9U5tNXezDMSIdNnQpZHtTDQRZxxN9E\nFRw6rDpCopSNVLd/ZBjEGYQzDgxPff7d2CGuRnJ1qEpxg/WjRzoIcQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrbXMrSlhyZmVnRlVQa1ZN\nQVl5dk4rZHJTU1NkR0NldCtBdHlTUkZYUW5zCnIzU05IYlBBWXN6aXBSSVBkclRJ\nVVlOMlMybUtZREg1Z1QrSG53NzVQVlUKLS0tIGhjVjdhOUhNaGlEcnJYUnl4d3ZV\nRW9kYXlXVndPVklHV2U0bEJ4V21qalkKDtgj7Awbm/drEhZxL88Yh4SzYQugIYdh\n3qc+eHekNB/evJH4Ybn3d6nU4I8cUiC+3DISNW1mIfBv9wE2iaI61A==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBncmVNT01KNVU1N2JXMlpD\ncGlLeVdHSTVIaUlBcDYvSVREbkNWR3RxRVZjClIyUkovRmJSdzRPVWk3cm9FRTN0\nK0psWDhFZThOeXNxVEt2ZzNQOG9HTEkKLS0tIE1CQS9OZlk5aEpwaXZQTWJzazF5\nbTkyZEkzM0JiMjBuM2QwSE91dGQxT1UKIyLNhovSPUqy6TJiCC3Sh2U7qXjEtEXf\n40hSKLX14UhHQzXuPF4U96N0qj1S7OTjo0LTfLm8uWDc2We6twGOLA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3SFRqUE40UThnOGFWWThv\nTVdJRHk0dWJYOExmdDJLalpBREF0eGJ2NkZRCklFUWYzckxVczliRmtpUlVpeE9x\nVzRIZDNkQjBLRDUyNzlxYk40TXg2QjQKLS0tIEZnQmxjUENYeXhMZDBIcWVHRDk0\nTHFxZzg2WkU1eE45S0F4OG9VdWo0UFkKydPe8WtUJ0BVRqKaMX3I/bxLPjd01cEF\nA6imJ4F+EoqWM+3VEdmqFdCBIQMOQHCgXHvLchiuZu6+B10/ICZFVg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMWTdkbHF3cE5HUHVjQ2tl\nY2xNRnlzcVl6UWZHZFViaWFtNVlteUdHblZNCllxQ0V0SmxETy9mUmN2V3BpYUpY\nOWJlMU1wZDZOcFRrK1lUeVpIL0hHczgKLS0tIDBzVkNHM2I3U1lZd0wyanVxbmNH\nS2g2SkEydWN3WFJ6cWhTditROHN2aHMK7esa/qIW2hQMgtjHch1ZIVMmGckRXUiU\n5bnI4+ho07fI9fWO+r99dmXgSZoA6t92v+aIHuTiRgeofYGz+UXnog==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age18vg9wvmj2jc8tdcyc202v46lvfndqfe3dse2hewx0snalpvk43fqc22n6y",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzWVdLSmRvZlhkRno4Z2pt\nYU5JNUN3aCsyTllJVFo5WkdkUGNlK0tpcmc4CmFlMGYyZVpRMk1iQjQyeG1OSmd3\ncEtvRGxRTm9OMEZsMXdCbGRldHV0QzgKLS0tIFZTUzdXWDg2V3lpaHFBaWMvbmNQ\nbjRvcG9aTFJjYlpJZklvK3hzQmVKL3MKidJx/yYvw5UOmmJulTJB6DMRB3aJSMaN\nuSEsNZwpF29zSoUmQhfcqC18qARk9hTQZfPB5pa+Cim3ot8MQmy4aQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age108m6yx77k7aqcyesy4zmkulryzvyep6m92pflmldcnv3w5a0k9xqn5h7cx",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBdE1UMHpxNnovcGFwMmh5\nOFAvVG11VmxUblhQTzI1L1VMc3k0eW9wV0NNCkdpUXFvY2dBMTh1a2V6cm96dHB6\nRUg2WUdaMDVyMzZseDVRT2pRdXhKbXMKLS0tIGI1UUZGaXYzZ29ZcGdVMTZJZ3NG\nOEZQa21nS0JPYmNPWTBRV3BGWGZubzAKOxEauxCxFc2zg04+zUPuSNZYjICiKG39\nVDcNoyvNVu7cfGBkM0U+090Yzn0JZ4G9UJoVH0DsIIPwqKXLcNr6yA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1n09swn3qekcuw23vksp7hv4hpg0krlag3c5qcjjaf08m99c3ysqs6sxeyk",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwM1lxd25lMnJQb0dCODU3\nM3hlNEQxWkxMTElGMVFCTERaMXZGOHhiOEdjCjBwNkRZUm1uWjdBKzJDcDk0WmNi\nYXNCUyt0ZUphdXM4Rk1BQUVSaEREWG8KLS0tIHVDMERvMC9mYmRYSG54NmMvRHRj\nV2hjUjFrYW54Q0QxZ3hmeXRmK042cFUKz+2uEsnmkXEC+uRUdJnNNvIG7VCSr4fM\n0pwlIgeCnj5bdjsSmnaSVV6STim6H9dRDIL6uNO4xIp/JLF/hQjjaA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1tt4c8t72fha2fj7xlm0dew5avmkdxujmgplte4qm7sxlcucggedq0eyk7t",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzVTczclZWRzFBUFRPaU9I\nUnlrT0hIaDZUVGp5SXRIb2NZQUZuZlBaeWc0ClVwTno0cTJ4TnBHbS95YU55STZ4\nd1liZ1puQThaL0ZwbVRrMm1FSHM3WEUKLS0tIDdRZ0hpVWpaTFlzc0swOUNVTG95\nTE9LbDNQQjBjQXVubHdwUkhEMGRhNFUK2tiG2hBJ1Y/Zr1KU0+nZYK9Pa6WF9c/Y\nASg330JwnOo5IUFTWZ43LoLfvlr+MAewK0r7iF8rCc6n9k42gNij2g==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-04-21T11:03:22Z",
"mac": "ENC[AES256_GCM,data:z2xcvPVDtN+GB3Rc+3LLkR2vwBU3FWNmPB5pFcjiwiaDTpxiaIFcbyJQ2ufENk4afouaoqAyu9r0VpW3NpOWabG7kT4zHJeCcJX6rBYf40E8bo7oQV1PhwKHESnfANTK/X80V0v23YDJVThgabIoLvkf10Fg5xflbvd4X4H0AQI=,iv:wyC7rBr8W+Z3GoN2ycdia06cYrX2wm2SRO6DIwZDVeo=,tag:fKgFB0bgJCc6+NUG8Xu86Q==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}

View file

@ -0,0 +1,111 @@
restic-backups-b2-repo-password: ENC[AES256_GCM,data:f7Q1DzcGBBcRtrpQgNvMLtfzoCOt9wuY6Xa3iJ20cbJ5fDhA1ZmSJdONhD566Dr7sM7pTwMv1Qbed2PLxPwODjr1wtSfzkgLUdXwKBLITwBdjuDByYYwABq4vRhEyq12JMUFLFVKfGgV8jOFRJ8YEYrw/N9pcIXTvhU+u62cMnGvIA502Oo64oocHMPf15y+2mZnTs9TkP8ujJvPYS/tu3zBIauGN9lXvzS5u7OOfrkD/TwHvRX4hawG2/fr0kOT6jp7hZi8GPhAHt7UqnSLIov4PYaiAJYEsMwY7+aCoyiVN8jqxIhi7oE26fbKQ0O1TltCCrO8n1TVb4CjqtS6Dw==,iv:RFIbYbBsRDmJSUQfXtDaONTRYkqGzE15ZJZ3YkeCXrw=,tag:rghWNadkJdJkTq2zlIVVLQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0ZSsvSVpaZ09JSHhuUGpl
VThZeUFNWlRvMEpXTEZEeStMbVp3cE00ckYwCklKVVRIOGVCUjFiTEVOZXp2TGg1
T3pNQ0U1ZENnS3JCMlN4ekNxN2k3am8KLS0tIDY5bXRSSXR5TC9FUVM0UTNMRG9h
eHFuenM2RmpvT3VobWQrWkVpMkFJcUUKJ8QBxzRo9HuhUYvEFAPxQwgix6Yt+Bmw
ZjxncRxxcSaOa5Yav7OTHmaUqssWQdvB0LMnqAU+3m1+Vlv/HXLDZw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1s3z2rfske90kt93a3z7twp6kew6mqd08sgunupym0gpmuh8ezqqscdrv7m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1VjZ1RHBGckJVT1RsRTVs
S0JlbUdlcVBWcTc5Q0pZU2h3RHEwRHpFZUV3CmZxa1F3TzZvQ2pOUXhmZWFFMHZx
VkhiOHNQbTBRQWlPcnNqcnROZTZ2T1UKLS0tIEZFRGxlVEJtTDc4NkFNckowd3lB
ZW9sV0JrMHBsc1BOMTlqSEs5QTFQSnMKLebqmmfgBxi4hoiSZx+Z0fwUXNtjMWd9
i8JqAulHxXjLmS3IID6d7HySClXWszLHXwtMwfenFk5BuJvr7Zb22g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0c25kS2hJSERPekZiYmJQ
TFlUblh5SkVpRVVVdHFmK0J6dTg5ZEhHSTFnCmhqYTIvODVHblg2MTNFNnFGV2V3
NmdWSnpjQkV2dEJtZXBIc1g4T3RMSTAKLS0tIHJKQkYxMFlleTU5N0psQmRGK2Nh
eWQwaWtmVHhUODQxVWlRQ0hhVitCYXMKYTEJf9lAC/f2MSCGj9+GKJ5A5dHSIReZ
5KNNywBlcEgRaWi2cnlKjxDT3596Rj86YloaI7HHh/MC2bT9Wv1Bow==
-----END AGE ENCRYPTED FILE-----
- recipient: age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBd3BzVVpJRjcyUkQzQmIx
Wmx2TytjcWk3ekJwMW0zN0ZvWEVaM05kdUYwCktuc0pGMUZXWVpFU0FGS3RzK3My
SWphWW0xcGNNSDk0enJuWkg5NXJmaUEKLS0tIHk3bXRkOWhqMDdtamtrOVZ5T1dn
MUxPbnhmZDdUMTBsSVl0OVg5c285TTQKN+p1D0qrXz+gd5/szkosYUb7qX77p9W1
5fFTzChQadrIi3kYiTUJhfw8U0ubToB8YLqatbftYuZruy1h248A/w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOWXRWMG5rYkVnL1hFZm1m
Unphc3JsTWQ3YnBvc2ZtVXg2U2tPTGU4NHdzCnhpRUUyVUhaK0hHZzVJcFhaWFY2
SlpsV3QwWGZPOUF3dzIrcDVTWERuODgKLS0tIGpQZmRCaHpvcm5qekR0MzdrQnlz
VWU0MkNxSlA3MWh6Z1ZmcUg5ZGdONUkK38XyX8bofX2nPlpWMuESTezhz4Z8dQYC
yBpEg5etniJtjNy0khH4ZMdZe9jVaOKvwdz5aBhpVGJuklZus2FfEA==
-----END AGE ENCRYPTED FILE-----
- recipient: age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrUHlvVmtPSlZnT00zaExm
dlBCSnRyL3ZZdFdVQVpuQWd2amsrR3Z4TzNnCkpPenhSV3V3OVJ5dG1IQ0svRTBY
VERuQlRZelNhNWhiZzRlQllSNnoxK0kKLS0tIGFTSkNMVjJkaStTNzNrb29FY0M5
S1FBejlJNGtBakxGZXRVMXJMd25sN0EKu3h2EKlgFp63UVL9llxkKeF/f5Nq2In1
Rkok03pL1FS7/Jco5tbOj9E7T/GZkKbfSiDUFT5LShJu/iry4fx68A==
-----END AGE ENCRYPTED FILE-----
- recipient: age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJWFBQajFvK1QrUUlnR3Yv
MjdTc0NwZjJDS1YyVjltY2NqNVQ5T3BtY1IwCmxYVnJsRVdZbFBRYUt5ZUpNeHgz
Z1hWYlFPeG1JYndNeWNKOHd1aE9ITXMKLS0tIGlFM3JybjFkbGZ0a0tkMEVzMU56
WEZ1dmF5SFF4enlZb1YvYmUzalJITTgKD5gHzpUfu4Kmd3SkUH7k7vaiiPYaNRyC
XoU0i7OawlTLvE0xe7eq5IEv7rRCvUX0SIYTCYrftjQll+SRcxITqw==
-----END AGE ENCRYPTED FILE-----
- recipient: age18vg9wvmj2jc8tdcyc202v46lvfndqfe3dse2hewx0snalpvk43fqc22n6y
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0VjY1TU1xMHVSUC84VnZp
Qm5ZOWlMUWR6ZjN3aUF2L1BnYmxsUG5oOGhVCk50MkkvamNvdmp6UG5RR3RPQVBI
M1NPTGJNOE5haVMzaGJTMUJ5SmdrZjAKLS0tIHdQMmFKSGxqSUVXbnAzSlpORVJl
dHA4Ty85U3o3Rk1NUWZuSVJWb0F2RU0KE9RcQRoVMA7BbxDbAQ90rMNzcGVtPN9o
KHi6w+Qmx27urvUEVJPdHe0wrzsayTaThSKcCvCDrdVzb9QknSVEWA==
-----END AGE ENCRYPTED FILE-----
- recipient: age108m6yx77k7aqcyesy4zmkulryzvyep6m92pflmldcnv3w5a0k9xqn5h7cx
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1TkNtMzBWSXFaRDlVbURS
ZXJmT0dnS3NidDNGTGRsTjJRSnFsYXJKbVhzCkRjUWFLa1ZHTlBvMnpFcUp4cnhP
eFdHTksrNTdYUDMrUnBoL05qUEpmTWcKLS0tIHhtbU1zejU4emlpdm5OanlZeG9l
NDVnNU1SUnJadnBSRGtTaXYvekJQV1UK+MaUX1rbTfhMDJE45CAJclbIG202DToN
BR2ALC3Bx8qxEfks4wakr6C/ULHrdKgJk0QVQsHqHHAJOXjJtRcXFg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1n09swn3qekcuw23vksp7hv4hpg0krlag3c5qcjjaf08m99c3ysqs6sxeyk
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIYmFFbkcyT2gvWFJRaU9l
OFZMUkRqMUlYSlhIM0tFMDAzdkFNSENJaHl3CkJXL21vVWV3MnZLNy83b0Z3MUNs
UkVQcG14SGFCaUVTMVVOcnRrYml4TFUKLS0tIEpyTU55WERuR1JYZTAxVmFwT2lj
T3EyazBjbDlIOW5acUg1ZVQ3dENqdEkKrXZVPl2OzyVwLLw+rT/U4QeJcB9hU7us
Bsa3l6X9VZ34nzfFGERVqZI6hbsXnuuRgjrD0oQHh5P69dSyRDgCmw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1tt4c8t72fha2fj7xlm0dew5avmkdxujmgplte4qm7sxlcucggedq0eyk7t
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzc3ZtSVhzOGY5NVZtRGJy
eHRYVDNxMWhNSUR0UjdwVlUxTTBKUlZDc0FzCnE2aE1FbURENTJpNXVzUlZXWlVs
cUVRZnpxTmR0c29WRUhaODh5Qkd4RFEKLS0tIEpuZHMrYXArUnJ4NytBa2F5VUUr
YnUraUNNQ01hZ1NSUnlybHdkMVk1YkEKsXrO8NIH20cfWDF4ghUWgZV/I67kMkEq
PrjRBt3o2kRJe6YZXqnJpawKPYguyJQuQR5nBBxcfg2Zwyy7RkZamg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-21T11:01:32Z"
mac: ENC[AES256_GCM,data:3LZUGqSj96oMrohPGaf62RPBKG1mSOddCEuIDfvmIPxCSgu5JIt4Hx3t8vEUUiQq4bsbZStSm096ekk3cNFxlfMrenObeIySYrHPLk3s63yC8ItlJPkgiTrTCLgmAxtIdhPlCYgP9cVl9glLcvM0rA9flGIq3gc8KxTfT4/Ig48=,iv:ysS781aFCJosp1EF6RGaIdEq5AUAuZtwYd83k4riByI=,tag:oeb5kwFQYQ/sP61rt/8HoA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

View file

@ -1,21 +0,0 @@
{...}: {
networking.hostName = "vpsfree1";
imports = [
./vpsfree1-vpsadminos.nix
../cli.nix
../nginx.nix
../send-logs.nix
./backups.nix
./ssh.nix
./syncthing-relay.nix
];
systemd.extraConfig = ''
DefaultTimeoutStartSec=900s
'';
boot.binfmt.emulatedSystems = ["aarch64-linux"];
time.timeZone = "Europe/London";
nix.settings.cores = 8;
}

View file

@ -1,85 +0,0 @@
{
config,
pkgs,
inputs,
lib,
...
}: let
port = 8081;
domain = "fossil.cyplo.dev";
baseurl = "https://${domain}";
path = "/var/lib/fossil";
in {
imports = [../nginx.nix];
services.nginx = {
virtualHosts = {
"${domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {proxyPass = "http://localhost:" + toString port;};
};
};
};
containers.fossil = {
autoStart = true;
forwardPorts = [
{
containerPort = port;
hostPort = port;
}
];
bindMounts = {
"${path}" = {
hostPath = "${path}";
isReadOnly = false;
};
};
config = {
config,
pkgs,
...
}: let
user = "fossil";
group = "fossil";
in {
system.stateVersion = "23.11";
environment.systemPackages = [pkgs.fossil];
users.groups = {"${group}" = {};};
users.users = {
fossil = {
inherit group;
description = "Fossil Service";
home = path;
useDefaultShell = true;
isSystemUser = true;
};
};
systemd.tmpfiles.rules = ["d '${path}' 0770 ${user} ${group} - -"];
systemd.services.fossil = {
description = "fossil server";
after = ["network-online.target"];
wantedBy = ["multi-user.target"];
path = [pkgs.fossil pkgs.git];
serviceConfig = {
User = user;
Group = group;
WorkingDirectory = path;
ReadWritePaths = [path];
ExecStart =
"${pkgs.fossil}/bin/fossil server"
+ " --localhost"
+ " --https"
+ " --port ${toString port}"
+ " --baseurl ${baseurl}"
+ " --repolist ${path}";
Restart = "always";
RestartSec = 3;
};
};
};
};
}

View file

@ -1,94 +0,0 @@
gitea-mailgun-smtp-password: ENC[AES256_GCM,data:90aeGpoadDETlj3asOynIGFl0Fypsp0Eq7aKnGRR3+NGQr5DFg54gKrlX3KMZgddnSE=,iv:xjtVQEILVl+XFel+thoS8OvF/fpFYSNtt5MTRUhgyrI=,tag:8+KaSsB6/65TonpTl9Mi/A==,type:str]
mastodon-mailgun-smtp-password: ENC[AES256_GCM,data:Ln3rFbrddNtbnpqsG3i241BpT1B6sUXCPRpoV9QZxiKEF+E6AZjZw2LBXVcwgIm9Dd0=,iv:9BJuVSfOC48K69kDLUjr1oK3g0xSKAxlzDI/py3STt8=,tag:geLjytd+xC4dtf7hUMJ/8Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSeWVuY3Evcm1taWFSM3Jv
aFdUSGVCcXZ0MkFWbUhYMVlMKzNWbkw1WlVvClkrMUVrcjEzQ0tjN2hSOUdPdXNE
cnpnN3BqN1QwTVMvbklkL3B3ZlJOd00KLS0tIEdyMmp5VmpZdGZXRS9WdDBrWHE0
aXZ0ZFJLZUplQVltS0VkMCtlMGdleFEK0aAWEkyRzM0SdR+eNTurVvD70yhJJxC7
oRNuo5SD5XU4AMakCLffc1I4XkM8L6SwffS20yP+s9UY/D1n9FBZAg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1s3z2rfske90kt93a3z7twp6kew6mqd08sgunupym0gpmuh8ezqqscdrv7m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFWUFBaHBZdmVIWnRuaHpT
WVBOLzJKNERBQXhrNVEyWVcyZllPSFV6bG40CisrQWU4R3plcHJ3ODRTbXNvL2dr
TXV0R3loVjUxcFI2dnJqaURMOXJqQWsKLS0tIHhpMkNlckc3VDNRelBmMTVNZy94
T0hxY1hOLzNTYithQ0g0YlBuUExlK1UKOCUEwKPlXL+im23fxkbHY5iMD7tSaEq5
qF686lZHPJ9hil/8O+cmQ/qQPOiEqJBh9cvw9deWo+T65pp7aeixRQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVTBodlh0cXl4MEc3cXli
ZndJV21aV2U3OEJLZXkrNmVPNy93T2tXbURBCnhBQVRGSXVaMXJiWG9jbU5kR1Jk
Um1seVd5L1FkK3YxRmp2ZExUekwzMTAKLS0tIHoyK0FwVG1HQ3BFc0huRUZneGFR
QUh6NGdtZ2xkbUhXeXdpeVdjZTdHZ1kK/DeOe18HwJpoRNxo4JvdNGc8Ema61J4w
oxTZpqszWeNItmLtTvWJk9kahR1PhUwReG3zhVpxa+SzJTkLLy9amQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCaVVpeVphcENhN1RNV0JK
MUFDTFo0aEZuN0dYOGU4YmQwampPdTJQcUEwCld1WlhFUG11bzZTL3MzOVhNa1J6
RmhpeUN0Sm0xK1B6WTJsUjdCNXRzU2cKLS0tIHpNd1d4bVBXVlYyMG5hVjRkVi9Z
SFN5TUhqWWxHd2ZMeEdtUGV3SmljOUUKKPazmCwOsqYVLTW1wo6ie1+l910X5o6I
ygmi3TSv0ztwgqi94x3ma/1v82pPT/GCtGe22tCUOOiR+qn70mOGZw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBRmFJMVJlMHBrNzltNDdq
RVZKYUJlMEcwVGtwaEI1RTloOHowbVNZREQ4CkFnSGlzM1VkWW5pcVNDWSsrQ1NI
dkVGaWhhaWd4VTA4RmplSUV0NTFpa0EKLS0tIEpqV1hWUEpvbytOOXNVeFhYWHNF
N0tHazQ3VEl2c1kwODNBd3lpS2NkM1kKt3uWMg2LuCeEquyYB5FNzEfI2qv7D1d2
8KD3X9mangmITwmLumdzcmxwEYmz0SD6im9fy413S1JZxDZonvZ8lA==
-----END AGE ENCRYPTED FILE-----
- recipient: age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFaVI0N3JBbmFCdk9CMDk1
bTB0NTJLb1J3S3JKcjk2dzFzdmJmQkpvbFdJCklFSW9PL2NSSFRSeGlkZmJqR1Av
dDlrMmw2L21kZDFFT0ZTNG5aK1YvSncKLS0tIEFVZlNOSVduUHhOMDI2Z1Z5R2Uw
TytkQnZ5RXp3R1pCSThjM0VYdnkxcncKGM4ceBAfyXpgRGLAvTdEpE31uXJSCktR
KhfUZ/3lvuu7M12ju4ogqdoTND88IWDL2sewmgkyFRRbuBMHfEbKBg==
-----END AGE ENCRYPTED FILE-----
- recipient: age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRDhsU2tLRDU2Zm8zTkpy
d3Y4RGtPc3IzM1h3TVBHYi90eElDM25qZTBrCkdSL2I1SGxNaktZMzF0V0xiOHVy
ZXdGc095ZWRLWjNTdkMzVFlXMUNVY00KLS0tIFF2S3V2Y3hpMFN6Sm54dW9PVUVI
UjE1NXVYa2RzZHhmN2ZiTFltTERtd2sKmHDLboVclE9tn/2dtA21SWWQ8an27HEd
6iUOFVPQ7Yy3wd64CU7sd+vUq7w24NMORjj+ltQJXnpDfedmoecALQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1n09swn3qekcuw23vksp7hv4hpg0krlag3c5qcjjaf08m99c3ysqs6sxeyk
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjVVlPeFkrdWN1aG9uWi9j
YVZacG1lRHA3VXpTWUlBSmFLbkxZemg0eFFvClZXcjJNLzVDVCtrZ3ZRNi92VWFM
VmJNeE1FWEVYWTZqQTdIYkYvUDhsZnMKLS0tIEg1RFNJUkJmNjVHMUQwMjBYb282
NmQrUk15LzZrcHQzV2c0K3VPOVc4V2cKXDggWmSB4WZbAqFoc+rGTRrpbG25L6Xz
7R3AD52Ul2dE60CdrPACoi7zJWKfr/QjJ5qfUi3xxhNn906qYRVQXQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1tt4c8t72fha2fj7xlm0dew5avmkdxujmgplte4qm7sxlcucggedq0eyk7t
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBId1FBN0Y5dHY3S2c1cEhi
eFNGTkdrQ0luMEliYU0zOVJpdmFENy9iOHhrClNmTHdsK01EeFlTWGk3Y1R3YTMx
SERzbTZ2YUdreWFVaGlXdlh1aC91U1EKLS0tIFR3RzRJZHIyR1IxZG13SFlUeTdI
SVNKZ0psWE9LVG9qaVZ6cUJhYVFxVEkKEai4IXJstKRavu4hrV4PFWv69kjdvWit
Y7xHFrR5OS5/Elfg5uPk6fkF91H+niY5XPytuRAkNdkIJh29sDClvg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-12-03T22:10:58Z"
mac: ENC[AES256_GCM,data:gKoPQdINeMfQsofqxGLMRzikWfYqd9DFzR5JS7YQFHzlSrjxed6GFKr4YtKClBvfZU67AvE9OV6CyCweG9M5BFl9nDwjr8y85Lj0CvWrCtOVaQQ0nVloayrF4c1IKA2TH4BrXJA+kV9mSgc8eRYmwI6dY988nMLRsSp+oEgAJQk=,iv:d73wS8SaRao2L8MpRst1PXAtrjl8ViqiqoIFMzWKRv0=,tag:fMvq4Pp5BmM4A85VFBMlog==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

View file

@ -1,39 +0,0 @@
{
config,
pkgs,
...
}: {
services.nginx = {
virtualHosts = {
"cyplo.dev" = {
forceSSL = true;
enableACME = true;
locations."= /.well-known/matrix/server".extraConfig = let
server = {"m.server" = "cyplo.dev:443";};
in ''
add_header Content-Type application/json;
return 200 '${builtins.toJSON server}';
'';
locations."= /.well-known/matrix/client".extraConfig = let
client = {
"m.homeserver" = {"base_url" = "https://cyplo.dev";};
"m.identity_server" = {"base_url" = "https://vector.im";};
};
in ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON client}';
'';
locations."/".extraConfig = ''
return 404;
'';
locations."/_matrix" = {
proxyPass = "http://bolty:8008"; # without a trailing /
};
};
};
};
}

View file

@ -1,44 +0,0 @@
{
"data": "ENC[AES256_GCM,data:XbZZT4EvSrmaL3ISyEQjTWnnOKoWZ/uEyZr275eXlJFXL2V1y11IzOOaEanXEKvcyAmW62j034IWoM1hMAmGC0UFC74pKsubw71pjKQb9UclOeMPTAZBdw==,iv:/BJY2a65QAm3+9Ohvvp+VxMPXedPDbcGFglDgQPCZMM=,tag:i1oSYO24z/TaG2w62XMoAg==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKc0pLQ0t4K280WVVwRnJ0\nYnZ3RGtXQ01PaE45N0tmTC9aOVBKdkp5dm5NCnN6bHlTeFBoazdKOWthdDE2dHBO\naXFTR1NETHZINzk0UkpFL3RobjJTQ0EKLS0tIHBwNmQrd0xHQWx3eG1UdzJ1THdv\naFBTeG9mR09XMmZsNFBGUzIzNnZsb1EK6tkaiqS2s3BKNUSzD/wt6T/RPlz8hM/u\nmzBKryrlYszGV76kKPO3XBtze7lqnsY3E/Mi01AvWH9jJeaI8X69Jg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1s3z2rfske90kt93a3z7twp6kew6mqd08sgunupym0gpmuh8ezqqscdrv7m",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzc1Q1Q2g5My9BL3dVUEp1\nRjJjclkxdWd6bXVqUThuK3hON2NHaVZRTndFClpxM1hWUUJieGYzTVVWWHdiM2xH\naWJpSlBTSEhoMTVXWGJoTWt1UTl5Rk0KLS0tIENwMlFiZndtWWhwV2NNOVhtQk5l\nSzV4VGg5ZU8yaXY1UWJSK1JVWjZDZFEKAXPLsV5ytWUcBw2Qf3l0HOp/ASWKqjJk\ncD0OZXNd+1yKoC6TtZxhhp7rO8RQrggoo+0mQMqDe9NJPRnTqannjg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKU0NSN1VDYUlFbkNUaTN6\nWVFBbXRneXJwWTBuRFUwenRwOFVINjVwa0NrCm5rMjFJK1p6Q09pR3pzazdhNHhP\nNGdFdlJhdC9LZ3Z5bGU0c1A1K2Y0bjgKLS0tIFQ1c3dySHVpK1hDckswTlMxTC9O\nSTE3MG5tWEdjNFQ3R2xrSW5HdDFOU28KJbV+leDxSf/CfCbZbiKx1bb2uE9UQhis\nFTLregz9Wg20ZOY5+/Mn+p2FHs1VFmm5LSkzLd4dDodf4XB7X5L03g==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwcmxPNjMvOE1IWjNGN2ZG\nUGh2UWhxN2xjTEFiWHMzYy96clJpbktYeDBNCldiSVpDNEdSLzhIbHc2NUg2Sm53\nRW5HK21KV3JGRGs5V0NmQzMvSVQ0UUUKLS0tIDRtWUVVSFFGSkhhbGp4UjNER01S\nRllaZDhXTGJ5V2ZtS2F1WWJ0UithbGcKG3FFQmyzGstt8RRx/56f2L+d7lknLs9U\nzjgedEKFlVeWh9nbvV3D5Fqh4ekoSmZE0KJZKcjEcBDrMYeU0fcc2w==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYSkdCb1hhQkljSFh6UHkx\ncGFnSTJDcDV1am0wd0IvOXdxWW5jMSswN0FBCnU3QVhsT1JGQzg2TGRZU1ltWmRN\ncjhrYTdtUnFUb3BvWGYyRkhjSHpnRUUKLS0tIEVLeWY3MWxTZUJzTWw0dVBoUVdv\nV3NFTHdRVWp4WEh1MGp6SnBjRGtZNGcKVJToOhX2ptmsvTA2B8VSiZ1e9te+SOIN\nrEdEH47h4/t4pswnZSZg9Ll8asYbmtbPNBWdEKtO/80cFMMz4N4QBQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnRGIzbzhzZ2pjVXhDci9S\nV0JOcHlOcDVhM0pzb0c3Q01ZYXp3ek1CY0dNCnhGY2NMM3dhVUpWUFhiQUNUcXlL\nMTNNN2xnTWZqWWVkeGhURkNCU01Cd0kKLS0tIGg3eEZZOGhoakZ4Ni9DMzBvcllx\nREJTOHFOWHdwTU80QzMxamkzc2JsTVUKnmxnq+4LBfHxyIomCE8JeiNLloXEygGd\nx0Sm3hN99Qohp2IEKF9UiSfzcmoUgC0yzXal4GxkE4zO/5EkxMoBfw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIZ3ZSVEFOZ2o1eVR4Z21R\nM1JtTFVuSUpjNWJreERHUlpPVHlTS0paVHpjClRqamhjUVpMZFhHb0dRZ0lCbGhV\nTWtIM3luODlqalNUN3VqU3g1RHhFUzAKLS0tIERNSWRCQUxDd3ZMNFFYamRLYXUv\nTDQrbTVremRWNFpqWFZrWlBpUUpXcUUKEyBwbsNf3EF05EbIxLBECNlkEaQ0+B96\nEDVOiMYyStKRSJvaaiJK2mNSizc8qs6aJvyF/F5qeJUWSa2JguzBtQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2022-08-20T08:49:31Z",
"mac": "ENC[AES256_GCM,data:+yp1/bwAu8cN0i6yec2iTbBTwIOnO7465nX3+Qkex1sRGMB6hra92jEZyo2sVgFl8ws5APzGmmsyAeAaKqdzvC/8OGbqlSb+SXKqaa9mxZA58+NnIuAI8gtYQKz1gZ/N6gr0gZpllF+u622ooHrwiL2/GmzOYVApBmSpAROOGsw=,iv:rJzDHQH6Urwb2E1u5nT3dTtlEqGCFQME0uChghG1G94=,tag:vC20wbEyiwvvDpxMD4uYJA==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.7.3"
}
}

View file

@ -1,75 +0,0 @@
restic-backups-b2-repo-password: ENC[AES256_GCM,data:Th/Uz+kcaWdz8GcRoU0uACOqV51n42FkcheSuK99h1VIN4tg1Qrjd38tEWCsrqswURWQdNdVnR+AmQlm3lmmT/aQBhHSwWRgxLjnx1WRvNANS4jC/OImr0u8/1Z6rfVwaHCIgkWOpsG1BSWYmGrX1+Lpx8+YpP6RUVy1csLforDoukvRhtGPjz/TfKs0pVkTmoSJvyCNnzjeHAMrpGYiUSTqhUNCr78OW1EQhDUjoNMHNQZJN8yiDykA83OQiyZRfvpYJyk5QrLIbmBwdj7fjMSvV4X7gWjpYn/hm4pqfFSTMhIcBDtmRouohsAElMAt1VFDTh+dSbITfhLTiHr6IQ==,iv:V/ZyW1yqlN8ZbeyTlkztBNtUF+H7BfKK6hgTtX2T6Jw=,tag:HQjlo4GxpGsOzybSWtfM1A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArdXh2MGtKc0lrRG0rWWFF
bnFidy90a1IzcXV1U0dFWW1pdmg2MGNxQkhrClU2NUdtZU83aGhuWlBRMDdLQjFm
T2VJMlJvMWc2YlNGT29Oem9VT0lxUG8KLS0tIG92c3VsWi9JK0xKNjliY1MzWTZs
WmdMUXBEYzluWHNJTklYRVhmMGF4dDAK6+vMr86fOjy0Bw4e+7MPSrOqQ7m50MNc
Aj4btH7NffuUrOsjpxCos0y8q6oQxOFpOAt2N6jhx9QyXAmxKeHZpg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1s3z2rfske90kt93a3z7twp6kew6mqd08sgunupym0gpmuh8ezqqscdrv7m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXWVRFZnV1YjhsZFNZUVhq
NU1TZ1JFV09vY212aHVXT21LZmVUYXRIMkJRClhPQStSN1BmL2NweTlhMkRLQVht
dUd2YTVkZnJkWVZueFdMNGRFcDlkRFUKLS0tIEM2WGpCd3BwakRIL0RLS2tJMVQ1
Qm1hZ0dHTzRWdWs0bnFpTUJaS0NiT2MKzabwKNeYP13NDjqNis9jk5su2EwZLanX
TOToLrk8NmARHAyqGPrHGDCJb7y3o34sAFbXeRTtkpeyC4PXo3DA1A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFQzFsa2pIVnA1NmhiZFFa
eFVkSERHeVp2Z3FRbXNFNUJaVER2czFOOEVrCm9ZYWVOWXdsSnk4OUxtdnlUYnRo
TjhTc01UYTFNQWNwWkFpNmt0WGtiRkUKLS0tIDV4QUxpZVB3NG1tQi9QTFdLcERF
TG03SGoxYkNqVG1DZ29LV3JES1MyMlUKsmORsigoSec0HAa3UzFEi2YDVdvONKhT
rgPBLCVDsHgrH+b3NYcTyiGG1cwiEoy3EDIDCDorN4a0XytpRhw6jQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzK0M4cVdod3RzVmN1elJC
UW1ZSy82R2J1V2dSTk9EZC9xOVI3NTFBQTBZClkxZGJoSEQ4YVlnQWZzbnJkbHBG
NVdYYkdOalk0cjZYWDFnSEtrWFpTZ0EKLS0tIFFORzRtRkFMNzRMWFVWY2xQTmpm
RWsxWVVwYXV5U1E1MWZSNmxQQnhGeGcKPQUxaJwfKEc8/NUdALftg9t4ZfX2xKOJ
BEEcTAo+eS+TQ10gPBrhX6fmuQcWkKH27AcooQczLRj7h0KWm4mNiQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTSStiYjRFNUtaTFc0bGpJ
TkdQbDlVTGxJSkpPL3VEZ3VSMmEwMHdYc3lnCmdqRDc2Y2E1R2MwR2ljWG9CcEha
MklxSkZOUTVCNXpuTS8yTUVDNXUvb0kKLS0tIHZKWGFOd3l5ZnllbnJOVmdzN1FS
d1JMNFNxTS85K09zMXZsdVIvbThiaWsK8GAykyhoW+/iOgfbgQCtblA4BjlrIVcY
6uw00sByQB0e2KT48Lb/hiWDnNbyH8nv9U2K3Iyo/BFkbCQ/GJOXTw==
-----END AGE ENCRYPTED FILE-----
- recipient: age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGbFBVTFFvU05XUGptb2hj
eTZaUm16bE9xZFJUUEZNVTE1ZGpYRVh2dlNRCjRabWxzcTE3UDBsRXUvVG82dXkw
elFONkU5UkVoY3Z4OU9ZbG9CdldUd00KLS0tIDFvSGRid3RMMHZETDFURHNnVThW
cHE4Y2F1ZWh6Q2tGZ1ZUaGlPT1JGck0KV4hiMystiZ/nD/8D9nPF5JrtSauj9GIO
4E/2syq+dXp8o5UPf3zCYfAiVm0hurFNIv3noS0t5ucIEELQ2bsH/w==
-----END AGE ENCRYPTED FILE-----
- recipient: age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJZFZjU1R1L3F6RjJNdjVB
MksxSVVtdlh0Vm9LZ1JVVHVjV0ZMa042N3drCmErOUpaOUFVR3BVVWVqUVErajR0
bkpXMCtHaHJNYmhKTTlpTzJId1o1UmMKLS0tIGs3VUtmaC9DSDZIenpYMmZibVpi
UGs3bmVxNkF0NVNDSit3UDJOMGpNMkUKg0A+T0zMthtarMORQk9P8F0Eh4kNYAdO
0VgyYS5JfJ76Le9YJGRMygUciidptyfK4W1MJ5D1lPceNmCQ7uLSdg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-08-20T08:34:12Z"
mac: ENC[AES256_GCM,data:WXYIXl20eI4YwvWfrlY0Kje947u5b2xcGunFLB6KQkuoBM/3Mv9MNJ5NsWpPruRiX5BEIW7rIFfsuVYBn0EVZOPR2xGUsgGWxQ7hU1C0GNVB4NODoQ1iW0W75fM3XW+vzEE6SIxxAkFJK470JwpJpWI/TNC28gj16Z2Kt6yAuBU=,iv:YmyxRbrw8SgxVccRBwVVuqNBFw8LNCUQsDD6ds8qzUk=,tag:16B2m9p/VAVY1VvZdxBBYw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

View file

@ -1,13 +0,0 @@
{
config,
pkgs,
...
}: let
port = 2222;
in {
services.openssh = {
enable = true;
ports = [port];
};
networking.firewall.allowedTCPPorts = [port];
}

View file

@ -1,14 +0,0 @@
{
config,
pkgs,
inputs,
lib,
...
}: {
networking.firewall.allowedTCPPorts = [22067 22070];
services.syncthing.relay = {
enable = true;
listenAddress = "vpsfree1.cyplo.github.beta.tailscale.net";
pools = [""]; # private relay
};
}

View file

@ -1,61 +0,0 @@
# This file provides compatibility for NixOS to run in a container on vpsAdminOS
# hosts.
#
# If you're experiencing issues, try updating this file to the latest version
# from vpsAdminOS repository:
#
# https://github.com/vpsfreecz/vpsadminos/blob/staging/os/lib/nixos-container/vpsadminos.nix
{
config,
pkgs,
lib,
...
}:
with lib; let
nameservers = ["1.1.1.1" "2606:4700:4700::1111"];
in {
networking.nameservers = mkDefault nameservers;
services.resolved = mkDefault {fallbackDns = nameservers;};
networking.dhcpcd.extraConfig = "noipv4ll";
systemd.services.systemd-sysctl.enable = false;
systemd.sockets."systemd-journald-audit".enable = false;
systemd.mounts = [
{
where = "/sys/kernel/debug";
enable = false;
}
];
systemd.services.systemd-udev-trigger.enable = false;
systemd.services.rpc-gssd.enable = false;
boot.isContainer = true;
boot.enableContainers = mkDefault true;
boot.loader.initScript.enable = true;
boot.specialFileSystems."/run/keys".fsType = mkForce "tmpfs";
boot.systemdExecutable =
mkDefault
"/run/current-system/systemd/lib/systemd/systemd systemd.unified_cgroup_hierarchy=0";
# Overrides for <nixpkgs/nixos/modules/virtualisation/container-config.nix>
documentation.enable = mkOverride 500 true;
documentation.nixos.enable = mkOverride 500 true;
networking.useHostResolvConf = mkOverride 500 false;
services.openssh.startWhenNeeded = mkOverride 500 false;
# Bring up the network, /ifcfg.{add,del} are supplied by the vpsAdminOS host
systemd.services.networking-setup = {
description = "Load network configuration provided by the vpsAdminOS host";
before = ["network.target"];
wantedBy = ["network.target"];
after = ["network-pre.target"];
path = [pkgs.iproute];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${pkgs.bash}/bin/bash /ifcfg.add";
ExecStop = "${pkgs.bash}/bin/bash /ifcfg.del";
};
unitConfig.ConditionPathExists = "/ifcfg.add";
};
}

View file

@ -1,74 +0,0 @@
{
config,
pkgs,
inputs,
lib,
...
}: let
httpPort = 8000;
agentPort = 9000;
domain = "ci.cyplo.dev";
path = "/var/lib/woodpecker";
serverContainerName = "woodpecker-server";
uid = 2061;
gid = 3061;
systemUserName = "woodpecker";
systemGroupName = "woodpecker";
in {
imports = [../nginx.nix];
users = {
users."${systemUserName}" = {
inherit uid;
isSystemUser = true;
isNormalUser = false;
group = systemGroupName;
extraGroups = ["podman"];
};
groups."${systemGroupName}" = {
inherit gid;
members = ["${systemUserName}"];
};
};
services.nginx = {
virtualHosts = {
"${domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:" + toString httpPort;
};
};
};
};
sops.secrets."gitea-env" = {
sopsFile = ./gitea.sops;
format = "binary";
};
virtualisation.podman = {
enable = true;
defaultNetwork.dnsname.enable = true;
};
networking.firewall.allowedTCPPorts = [agentPort];
virtualisation.oci-containers.containers = {
"${serverContainerName}" = {
image = "woodpeckerci/woodpecker-server@sha256:acb188797f93b1b9228415b4418b8b8d2153df2e21f8c0c561a893243a542439";
volumes = ["woodpecker-server-data:${path}"];
environmentFiles = ["${config.sops.secrets.gitea-env.path}"];
environment = {
WOODPECKER_OPEN = "false";
WOODPECKER_ADMIN = "cyplo";
WOODPECKER_HOST = "https://${domain}";
WOODPECKER_GITEA = "true";
WOODPECKER_GITEA_URL = "https://git.cyplo.dev";
};
ports = [
"${toString httpPort}:${toString httpPort}"
"${toString agentPort}:${toString agentPort}"
];
};
};
}