Compare commits
3 Commits
5d5ad75c06
...
forgejo
| Author | SHA1 | Date | |
|---|---|---|---|
 John Lancaster
|
244519f406 | ||
|
John Lancaster
|
213d97d13e | ||
|
John Lancaster
|
51a2b8078f |
@@ -126,6 +126,7 @@
|
|||||||
discord
|
discord
|
||||||
my-neovim
|
my-neovim
|
||||||
proton-vpn
|
proton-vpn
|
||||||
|
joplin-desktop
|
||||||
];
|
];
|
||||||
ssh.certificates.enable = true;
|
ssh.certificates.enable = true;
|
||||||
ssh.matchSets = {
|
ssh.matchSets = {
|
||||||
|
|||||||
@@ -8,6 +8,7 @@ forgejo:
|
|||||||
#ENC[AES256_GCM,data:ZqwgnKjaolJtjcy287fnDOkb/oSLnBpfWfsTeVPwbIE8YLRSoPP4gbCnHJBLq+TJNNI=,iv:zTvw4ZS6C1ifUwOijNLuTfUQ3JM+5gj1X2f/s8MwWXc=,tag:Y1yKlL+jIRHVBulGlSErog==,type:comment]
|
#ENC[AES256_GCM,data:ZqwgnKjaolJtjcy287fnDOkb/oSLnBpfWfsTeVPwbIE8YLRSoPP4gbCnHJBLq+TJNNI=,iv:zTvw4ZS6C1ifUwOijNLuTfUQ3JM+5gj1X2f/s8MwWXc=,tag:Y1yKlL+jIRHVBulGlSErog==,type:comment]
|
||||||
jwt_secret: ENC[AES256_GCM,data:e59MlATOorsTIQjtTUKfX5Yo3CVsbbfuKczp1gh1m2D1kkZK3ORFztYpjg==,iv:JH3PVUmXToiThEKDkDJ8MGVMAPlIEgPSWhru+9WgNjk=,tag:FfDpaCPejpw6kGDkxJwDWw==,type:str]
|
jwt_secret: ENC[AES256_GCM,data:e59MlATOorsTIQjtTUKfX5Yo3CVsbbfuKczp1gh1m2D1kkZK3ORFztYpjg==,iv:JH3PVUmXToiThEKDkDJ8MGVMAPlIEgPSWhru+9WgNjk=,tag:FfDpaCPejpw6kGDkxJwDWw==,type:str]
|
||||||
lfs_jwt_secret: ENC[AES256_GCM,data:xi9PEKFUGRyc3YOg3JM3KrrENi9xsbeBjiz4R16SK5WDafoGFLazN6KRJQ==,iv:1IhPyQDwA8tZ22pfZJiU8TRTCLCHC/HAnKdmSGDfvcM=,tag:rLdREVSKBm67rt8ayN16Vw==,type:str]
|
lfs_jwt_secret: ENC[AES256_GCM,data:xi9PEKFUGRyc3YOg3JM3KrrENi9xsbeBjiz4R16SK5WDafoGFLazN6KRJQ==,iv:1IhPyQDwA8tZ22pfZJiU8TRTCLCHC/HAnKdmSGDfvcM=,tag:rLdREVSKBm67rt8ayN16Vw==,type:str]
|
||||||
|
restic_password: ENC[AES256_GCM,data:u7QOZXJkxVG4J75K5nphb2uJGdz6jbWuVSsKKu+41fshp7cVoRijtr/Cs02LjVse,iv:bt1W2FeBTG6ypBFYzMPXPIkYTSn0uHURY2ui6MRgYY8=,tag:DObAMws/zQcM+UKUe9EECA==,type:str]
|
||||||
sops:
|
sops:
|
||||||
age:
|
age:
|
||||||
- recipient: age1ykcs39e62pz3xu6cedg8ea685kv5d5qsrhgkndygzm8rx30xd5ys5t3qxt
|
- recipient: age1ykcs39e62pz3xu6cedg8ea685kv5d5qsrhgkndygzm8rx30xd5ys5t3qxt
|
||||||
@@ -37,7 +38,7 @@ sops:
|
|||||||
Yjd0MUcxcExvWVpCOUR3MkdZdGQyWUkKnru0Y2A98+0Mps7EtVK7ct3vPqIGveUt
|
Yjd0MUcxcExvWVpCOUR3MkdZdGQyWUkKnru0Y2A98+0Mps7EtVK7ct3vPqIGveUt
|
||||||
E5fzpcKvdefzObrx7BPTwJ19t2fZg/dSi7HKwx3vmKZSzyQaqJOzsg==
|
E5fzpcKvdefzObrx7BPTwJ19t2fZg/dSi7HKwx3vmKZSzyQaqJOzsg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2026-04-02T03:47:52Z"
|
lastmodified: "2026-04-04T23:18:43Z"
|
||||||
mac: ENC[AES256_GCM,data:NvCF78rzYOv2Ulf3TLB4eKtYEqNkfSzPBPRXcpTTO9QoSH3axdapkhUzsSq2d30RV/F/PLMbMaERMgW1SFT0Uikvk0s5ALmwN29MMwA6BMyup5bzOQeOIxOoeYrKOeqCJdI3ZhtqV/ebvyTebVI7Q6Jw0QKf+9SW2RfYGFJkKF0=,iv:VSoGZkzSzI9SPnvrzyIgWgW/teRNiFlf5fdmHKVg2TE=,tag:qm/jUdQ63MdWUxBDJ9kxww==,type:str]
|
mac: ENC[AES256_GCM,data:qBgeli5lHb4pyA8nAADBuRBAaq8VbAIsFI37OZtgnbnoHW2crxo3YC+EknaIYnZpZ48kwVhQS5lGRjI6JsWWhTH3+LVAhTmS2Qj/pZTD/JDLK6XJGXS4U9nB7m9aGYyW8gFCy9/DfoJWGsS//+ZmUikKPfd5kMZgh1zGoYCIGug=,iv:h+2fA+bO2SMCNrEslP36x3BPRaIy25cU/DNX8CYSC6A=,tag:RvVyUZ4ONRaKaqGiT31eUQ==,type:str]
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.12.2
|
version: 3.12.2
|
||||||
|
|||||||
@@ -47,8 +47,8 @@ in
|
|||||||
];
|
];
|
||||||
lifetime = "12h";
|
lifetime = "12h";
|
||||||
renew.onCalendar = "*:3/15";
|
renew.onCalendar = "*:3/15";
|
||||||
renew.reloadUnits = [ "forgejo.service" ];
|
renew.reloadUnits = [ "forgejo.service" "restic-rest-server.service" ];
|
||||||
certReaders = [ config.services.forgejo.user "postgres" ];
|
certReaders = [ config.services.forgejo.user "restic" ];
|
||||||
};
|
};
|
||||||
forgejo = {
|
forgejo = {
|
||||||
enable = true;
|
enable = true;
|
||||||
@@ -57,11 +57,25 @@ in
|
|||||||
port = 443;
|
port = 443;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ 8000 ];
|
||||||
|
services.restic.server = {
|
||||||
|
enable = true;
|
||||||
|
privateRepos = true;
|
||||||
|
listenAddress = "0.0.0.0:8000";
|
||||||
|
extraFlags = [
|
||||||
|
"--no-auth"
|
||||||
|
"--tls"
|
||||||
|
"--tls-cert=${config.mtls.certFile}"
|
||||||
|
"--tls-key=${config.mtls.keyFile}"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
loginText.extraServiceStatus = {
|
loginText.extraServiceStatus = {
|
||||||
Docker = "docker";
|
Docker = "docker";
|
||||||
"mTLS Renewal" = "mtls-renew.timer";
|
"mTLS Renewal" = "mtls-renew.timer";
|
||||||
Forgejo = "forgejo.service";
|
Forgejo = "forgejo.service";
|
||||||
"Forgejo Backup" = "forgejo-dump.timer";
|
"Forgejo Backup" = "forgejo-dump.timer";
|
||||||
|
"Restic REST Server" = "restic-rest-server.service";
|
||||||
};
|
};
|
||||||
|
|
||||||
step-ssh-host.hostname = hostname;
|
step-ssh-host.hostname = hostname;
|
||||||
@@ -79,6 +93,7 @@ in
|
|||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.janus-ca
|
inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.janus-ca
|
||||||
inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.my-neovim
|
inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.my-neovim
|
||||||
|
inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.jsl-zsh
|
||||||
];
|
];
|
||||||
})
|
})
|
||||||
];
|
];
|
||||||
|
|||||||
@@ -13,7 +13,7 @@
|
|||||||
text = ''
|
text = ''
|
||||||
HOSTNAME=$(hostname -s)
|
HOSTNAME=$(hostname -s)
|
||||||
echo "Switching to the $HOSTNAME nixos profile"
|
echo "Switching to the $HOSTNAME nixos profile"
|
||||||
sudo nh os switch "$@" ${flakeDir}#$HOSTNAME
|
nh os switch "$@" "${flakeDir}#$HOSTNAME"
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
nfsu = with pkgs; writeShellApplication {
|
nfsu = with pkgs; writeShellApplication {
|
||||||
|
|||||||
Reference in New Issue
Block a user