diff options
Diffstat (limited to 'machines/nixos/x86_64-linux')
6 files changed, 7 insertions, 137 deletions
diff --git a/machines/nixos/x86_64-linux/do-rproxy/default.nix b/machines/nixos/x86_64-linux/do-rproxy/default.nix index 0d74a1f..b49431f 100644 --- a/machines/nixos/x86_64-linux/do-rproxy/default.nix +++ b/machines/nixos/x86_64-linux/do-rproxy/default.nix @@ -20,13 +20,13 @@ { # vm-synology publicKey = "bJZyQoemudGJQox8Iegebm23c4BNVIxRPy1kmI2l904="; - allowedIPs = [ "10.100.0.0/24" ]; + allowedIPs = [ "10.100.0.40/32" ]; persistentKeepalive = 25; } { # rivendell publicKey = "jf7T7TMKQWSgSXhUplldZDV9G2y2BjMmHIAhg5d26ng="; - allowedIPs = [ "10.100.0.0/24" ]; + allowedIPs = [ "10.100.0.60/32" ]; persistentKeepalive = 25; } ]; diff --git a/machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix b/machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix index 78c0667..9267d20 100644 --- a/machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix +++ b/machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix @@ -52,10 +52,10 @@ acmeRoot = null; forceSSL = true; locations."/" = { - proxyPass = "http://10.100.0.40:3000"; + proxyPass = "http://10.100.0.60:3000"; }; locations."/metrics" = { - proxyPass = "http://10.100.0.40:3000/metrics"; + proxyPass = "http://10.100.0.60:3000/metrics"; extraConfig = '' deny all; access_log off; @@ -75,7 +75,7 @@ acmeRoot = null; forceSSL = true; locations."/" = { - proxyPass = "http://10.100.0.40:8080"; + proxyPass = "http://10.100.0.60:8080"; }; }; "fcuny.net" = { diff --git a/machines/nixos/x86_64-linux/rivendell/default.nix b/machines/nixos/x86_64-linux/rivendell/default.nix index 1f38f6f..a34e885 100644 --- a/machines/nixos/x86_64-linux/rivendell/default.nix +++ b/machines/nixos/x86_64-linux/rivendell/default.nix @@ -10,6 +10,8 @@ (modulesPath + "/installer/scan/not-detected.nix") inputs.nixos-hardware.nixosModules.framework-desktop-amd-ai-max-300-series ../../../../profiles/disk/btrfs-on-luks.nix + ../../../../profiles/forgejo.nix + ../../../../profiles/keycloak.nix ]; age = { diff --git a/machines/nixos/x86_64-linux/synology-vm/default.nix b/machines/nixos/x86_64-linux/synology-vm/default.nix index d04a44a..915d851 100644 --- a/machines/nixos/x86_64-linux/synology-vm/default.nix +++ b/machines/nixos/x86_64-linux/synology-vm/default.nix @@ -9,8 +9,6 @@ ./disks.nix ./hardware.nix ./secrets.nix - ./profiles/forgejo.nix - ./profiles/keycloak.nix ./profiles/goget.nix ]; diff --git a/machines/nixos/x86_64-linux/synology-vm/profiles/forgejo.nix b/machines/nixos/x86_64-linux/synology-vm/profiles/forgejo.nix deleted file mode 100644 index 18d6207..0000000 --- a/machines/nixos/x86_64-linux/synology-vm/profiles/forgejo.nix +++ /dev/null @@ -1,110 +0,0 @@ -{ - self, - config, - pkgs, - ... -}: -let - # convenience wrapper for admin commands - forgejo-admin = pkgs.writeShellScriptBin "forgejo-admin" '' - sudo -u forgejo ${pkgs.forgejo}/bin/gitea -c ${config.services.forgejo.customDir}/conf/app.ini admin "$@" - ''; -in -{ - networking.firewall.allowedTCPPorts = [ 3000 ]; - - age.secrets.forgejo-fastmail = { - file = "${self}/secrets/forgejo-fastmail.age"; - }; - - environment.systemPackages = [ forgejo-admin ]; - - services.forgejo = { - enable = true; - dump = { - enable = true; - }; - database.type = "postgres"; - lfs.enable = false; - secrets = { - mailer.PASSWD = config.age.secrets.forgejo-fastmail.path; - }; - settings = { - DEFAULT.APP_NAME = "¯\\_(ツ)_/¯"; - session = { - COOKIE_SECURE = true; - PROVIDER = "db"; - PROVIDER_CONFIG = ""; - SESSION_LIFE_TIME = 86400 * 5; - }; - server = { - DOMAIN = "code.fcuny.net"; - ROOT_URL = "https://code.fcuny.net"; - HTTP_PORT = 3000; - HTTP_ADDR = "10.100.0.40"; - LANDING_PAGE = "explore"; - }; - mailer = { - ENABLED = true; - PROTOCOL = "smtp+starttls"; - FROM = "code <forgejo@code.fcuny.net>"; - USER = "franck@fcuny.net"; - SMTP_ADDR = "smtp.fastmail.com"; - }; - metrics = { - ENABLED = true; - ENABLED_ISSUE_BY_LABEL = true; - ENABLED_ISSUE_BY_REPOSITORY = true; - }; - service = { - REGISTER_EMAIL_CONFIRM = true; - DISABLE_REGISTRATION = true; - ALLOW_ONLY_EXTERNAL_REGISTRATION = false; - SHOW_REGISTRATION_BUTTON = true; - }; - openid = { - ENABLE_OPENID_SIGNIN = true; - ENABLE_OPENID_SIGNUP = true; - }; - oauth2_client = { - REGISTER_EMAIL_CONFIRM = false; - ENABLE_AUTO_REGISTRATION = true; - USERNAME = "preferred_username"; - ACCOUNT_LINKING = "auto"; - }; - repository = { - DEFAULT_PRIVATE = "public"; - DEFAULT_PUSH_CREATE_PRIVATE = true; - ENABLE_PUSH_CREATE_USER = true; - PREFERRED_LICENSES = "GPL-3.0-or-later,MIT"; - DEFAULT_REPO_UNITS = "repo.code,repo.issues,repo.pulls"; - DISABLE_STARS = true; # self-hosting so, doesn't make sense - }; - "service.explore" = { - DISABLE_USERS_PAGE = true; - }; - federation = { - ENABLED = true; - }; - ui = { - # To protect privacy of users. - SHOW_USER_EMAIL = false; - }; - }; - }; - - my.modules.backups = { - local.paths = [ "/var/lib/forgejo" ]; - local.exclude = [ - "/var/lib/forgejo/data/indexers" - "/var/lib/forgejo/data/repo-archive" - "/var/lib/forgejo/data/tmp" - ]; - remote.paths = [ "/var/lib/forgejo" ]; - remote.exclude = [ - "/var/lib/forgejo/data/indexers" - "/var/lib/forgejo/data/repo-archive" - "/var/lib/forgejo/data/tmp" - ]; - }; -} diff --git a/machines/nixos/x86_64-linux/synology-vm/profiles/keycloak.nix b/machines/nixos/x86_64-linux/synology-vm/profiles/keycloak.nix deleted file mode 100644 index b6fb6c3..0000000 --- a/machines/nixos/x86_64-linux/synology-vm/profiles/keycloak.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, self, ... }: -{ - age.secrets.keycloak-db-password = { - file = "${self}/secrets/keycloak-db-password.age"; - }; - - networking.firewall.allowedTCPPorts = [ 8080 ]; - - services.keycloak = { - enable = true; - database.passwordFile = config.age.secrets.keycloak-db-password.path; - settings = { - hostname = "id.fcuny.net"; - http-host = "10.100.0.40"; - http-port = 8080; - proxy-headers = "xforwarded"; - http-enabled = true; - }; - }; -} |