aboutsummaryrefslogtreecommitdiff
path: root/machines/nixos
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--machines/nixos/x86_64-linux/do-rproxy/default.nix4
-rw-r--r--machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix6
-rw-r--r--machines/nixos/x86_64-linux/rivendell/default.nix2
-rw-r--r--machines/nixos/x86_64-linux/synology-vm/default.nix2
-rw-r--r--profiles/forgejo.nix (renamed from machines/nixos/x86_64-linux/synology-vm/profiles/forgejo.nix)38
-rw-r--r--profiles/keycloak.nix (renamed from machines/nixos/x86_64-linux/synology-vm/profiles/keycloak.nix)5
6 files changed, 25 insertions, 32 deletions
diff --git a/machines/nixos/x86_64-linux/do-rproxy/default.nix b/machines/nixos/x86_64-linux/do-rproxy/default.nix
index 0d74a1f..b49431f 100644
--- a/machines/nixos/x86_64-linux/do-rproxy/default.nix
+++ b/machines/nixos/x86_64-linux/do-rproxy/default.nix
@@ -20,13 +20,13 @@
{
# vm-synology
publicKey = "bJZyQoemudGJQox8Iegebm23c4BNVIxRPy1kmI2l904=";
- allowedIPs = [ "10.100.0.0/24" ];
+ allowedIPs = [ "10.100.0.40/32" ];
persistentKeepalive = 25;
}
{
# rivendell
publicKey = "jf7T7TMKQWSgSXhUplldZDV9G2y2BjMmHIAhg5d26ng=";
- allowedIPs = [ "10.100.0.0/24" ];
+ allowedIPs = [ "10.100.0.60/32" ];
persistentKeepalive = 25;
}
];
diff --git a/machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix b/machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix
index 78c0667..9267d20 100644
--- a/machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix
+++ b/machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix
@@ -52,10 +52,10 @@
acmeRoot = null;
forceSSL = true;
locations."/" = {
- proxyPass = "http://10.100.0.40:3000";
+ proxyPass = "http://10.100.0.60:3000";
};
locations."/metrics" = {
- proxyPass = "http://10.100.0.40:3000/metrics";
+ proxyPass = "http://10.100.0.60:3000/metrics";
extraConfig = ''
deny all;
access_log off;
@@ -75,7 +75,7 @@
acmeRoot = null;
forceSSL = true;
locations."/" = {
- proxyPass = "http://10.100.0.40:8080";
+ proxyPass = "http://10.100.0.60:8080";
};
};
"fcuny.net" = {
diff --git a/machines/nixos/x86_64-linux/rivendell/default.nix b/machines/nixos/x86_64-linux/rivendell/default.nix
index 1f38f6f..a34e885 100644
--- a/machines/nixos/x86_64-linux/rivendell/default.nix
+++ b/machines/nixos/x86_64-linux/rivendell/default.nix
@@ -10,6 +10,8 @@
(modulesPath + "/installer/scan/not-detected.nix")
inputs.nixos-hardware.nixosModules.framework-desktop-amd-ai-max-300-series
../../../../profiles/disk/btrfs-on-luks.nix
+ ../../../../profiles/forgejo.nix
+ ../../../../profiles/keycloak.nix
];
age = {
diff --git a/machines/nixos/x86_64-linux/synology-vm/default.nix b/machines/nixos/x86_64-linux/synology-vm/default.nix
index d04a44a..915d851 100644
--- a/machines/nixos/x86_64-linux/synology-vm/default.nix
+++ b/machines/nixos/x86_64-linux/synology-vm/default.nix
@@ -9,8 +9,6 @@
./disks.nix
./hardware.nix
./secrets.nix
- ./profiles/forgejo.nix
- ./profiles/keycloak.nix
./profiles/goget.nix
];
diff --git a/machines/nixos/x86_64-linux/synology-vm/profiles/forgejo.nix b/profiles/forgejo.nix
index 18d6207..70af185 100644
--- a/machines/nixos/x86_64-linux/synology-vm/profiles/forgejo.nix
+++ b/profiles/forgejo.nix
@@ -1,9 +1,4 @@
-{
- self,
- config,
- pkgs,
- ...
-}:
+{ config, pkgs, ... }:
let
# convenience wrapper for admin commands
forgejo-admin = pkgs.writeShellScriptBin "forgejo-admin" ''
@@ -14,7 +9,7 @@ in
networking.firewall.allowedTCPPorts = [ 3000 ];
age.secrets.forgejo-fastmail = {
- file = "${self}/secrets/forgejo-fastmail.age";
+ file = ../secrets/forgejo-fastmail.age;
};
environment.systemPackages = [ forgejo-admin ];
@@ -41,7 +36,6 @@ in
DOMAIN = "code.fcuny.net";
ROOT_URL = "https://code.fcuny.net";
HTTP_PORT = 3000;
- HTTP_ADDR = "10.100.0.40";
LANDING_PAGE = "explore";
};
mailer = {
@@ -93,18 +87,18 @@ in
};
};
- my.modules.backups = {
- local.paths = [ "/var/lib/forgejo" ];
- local.exclude = [
- "/var/lib/forgejo/data/indexers"
- "/var/lib/forgejo/data/repo-archive"
- "/var/lib/forgejo/data/tmp"
- ];
- remote.paths = [ "/var/lib/forgejo" ];
- remote.exclude = [
- "/var/lib/forgejo/data/indexers"
- "/var/lib/forgejo/data/repo-archive"
- "/var/lib/forgejo/data/tmp"
- ];
- };
+ # my.modules.backups = {
+ # local.paths = [ "/var/lib/forgejo" ];
+ # local.exclude = [
+ # "/var/lib/forgejo/data/indexers"
+ # "/var/lib/forgejo/data/repo-archive"
+ # "/var/lib/forgejo/data/tmp"
+ # ];
+ # remote.paths = [ "/var/lib/forgejo" ];
+ # remote.exclude = [
+ # "/var/lib/forgejo/data/indexers"
+ # "/var/lib/forgejo/data/repo-archive"
+ # "/var/lib/forgejo/data/tmp"
+ # ];
+ # };
}
diff --git a/machines/nixos/x86_64-linux/synology-vm/profiles/keycloak.nix b/profiles/keycloak.nix
index b6fb6c3..7aac133 100644
--- a/machines/nixos/x86_64-linux/synology-vm/profiles/keycloak.nix
+++ b/profiles/keycloak.nix
@@ -1,7 +1,7 @@
-{ config, self, ... }:
+{ config, ... }:
{
age.secrets.keycloak-db-password = {
- file = "${self}/secrets/keycloak-db-password.age";
+ file = ../secrets/keycloak-db-password.age;
};
networking.firewall.allowedTCPPorts = [ 8080 ];
@@ -11,7 +11,6 @@
database.passwordFile = config.age.secrets.keycloak-db-password.path;
settings = {
hostname = "id.fcuny.net";
- http-host = "10.100.0.40";
http-port = 8080;
proxy-headers = "xforwarded";
http-enabled = true;
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 19:25:00 +0000