diff --git a/modules/update.nix b/modules/update.nix index 143a4f8..0146082 100644 --- a/modules/update.nix +++ b/modules/update.nix @@ -1,7 +1,7 @@ { lib, ... }: { services.autopull = { - enable = lib.mkDefault false; + enable = lib.mkDefault true; repo.dotfiles = { enable = lib.mkDefault false; ssh-key = lib.mkDefault "/root/.ssh/id_ed25519_ghdeploy"; diff --git a/systems/palatine-hill/configuration.nix b/systems/palatine-hill/configuration.nix index 96f2b27..88ce2db 100644 --- a/systems/palatine-hill/configuration.nix +++ b/systems/palatine-hill/configuration.nix @@ -6,8 +6,9 @@ }: { imports = [ - ./docker ./attic + ./docker + ./gitea.nix ./haproxy ./hardware-changes.nix ./hydra.nix diff --git a/systems/palatine-hill/gitea.nix b/systems/palatine-hill/gitea.nix new file mode 100644 index 0000000..ae0050e --- /dev/null +++ b/systems/palatine-hill/gitea.nix @@ -0,0 +1,30 @@ +{ + config, + lib, + pkgs, + ... +}: +let + base_path = "/ZFS/ZFS-primary/gitea"; +in +{ + services.gitea = { + enable = true; + appName = "Nyx's Gitea"; # Give the site a name + database = { + type = "postgres"; + passwordFile = config.sops.secrets."gitea/dbpass".path; + host = "127.0.0.1:5432"; + }; + domain = "git.alicehuston.xyz"; + rootUrl = "https://git.alicehuston.xyz/"; + httpPort = 443; + stateDir = base_path; + lfs.enable = true; + recommendedDefaults = true; + }; + + sops.secrets = { + "gitea/dbpass".owner = "gitea"; + }; +} diff --git a/systems/palatine-hill/secrets.yaml b/systems/palatine-hill/secrets.yaml index a25feba..8dbc233 100644 --- a/systems/palatine-hill/secrets.yaml +++ b/systems/palatine-hill/secrets.yaml @@ -1,27 +1,21 @@ hydra: - environment: ENC[AES256_GCM,data:Rg9jb+E5ecx+9WtF2cr98xXsd/Bc2qCKHd/tKEESGBfw3HBmrQBgjg3Ajr1ZTLcGi/8DUL1lfgQQpgEPNGENYzosnpNS/25UB8PB8bw/Qd2R8lFZx7wT/d435W5Dipvyl8VAWol3GU6xVEDovYmOFBYubVJ/E7At3QKrGM38Buita9uym/R7VMtFWh8V5/D93j4kvBWaHMEONGT2DFlnD4lEKg6LUKskdLO3kqhXtdMPW8OnV4U+RbqZ2BqNXLxJ2n94VTz1umQP4R+vW7P+/A8=,iv:D2nqOuAQMBVnZgykFI12q7Bjhi23Z7aLjT+X7CRcl8k=,tag:MeFlWIRL72Ps0732mFe6Zg==,type:str] + environment: ENC[AES256_GCM,data:XUS68hCXWGMCoxxfecspEpFF8sxVJJVAm74ZZJM5/TiMAyzG0VTw17XQOgv+pP5aYABnQ3Rt9KFaxacaljrjFJ44O8qdGCQOi+g5+EpztHAI+yyeWkEqcVrcDKeb0jM0qygBUtyez5aLJyFwT7znqfNi3CHMP+cJTNVUAQkfL3RrU/lNzAZpIJ5tVG5PzDqMLDWMQXiDRICNdp9fUXyGee64bQ1NxGJALmYS9o1YT75e0nCBsIBD50+ChQvOTUfTGfxpG5SbnDGmL0JIUGB3MqM=,iv:TRsVfNxLnMuq5Wvu0ZX4JVHoIXQaj3Li3KsBXmoFiK8=,tag:gGTQo66uzdUBqCuUYHSE4A==,type:str] nix-serve: - secret-key: ENC[AES256_GCM,data:PU5JxRJqOYFqG08aYXJYIgl63TsaUb2b2ixbkOG8wke7pEWOpcR6LYHFqN3A8X3trJxNX3sI1aQPA82SKa7aLpb+cYphk8Q9nCm2uQylqFNT9X5HxapAiR+4snu6LLUJ2/4Xd/UCAngcPkLvP/Y=,iv:ogjnc/A3hl3qJys10UPua5PRNLm+7NhvjnA29uscUkg=,tag:jwJ6IbUkQdqW2IdpfQlazw==,type:str] + secret-key: ENC[AES256_GCM,data:dXpfTamvU17kkMwp0DZIktkh/iI96wgcQerEC9G0tdm7tL7NQSlS4giocf9uckXK1JNkK9q7urZznx82ZBV3kaZE8oZKgYtkR5xpHgGsbYgQbLx6gowKfBkPusikFl/BqUvUBLznYsYSkJddXJ4=,iv:yeHyAMY2NxQUyzirU9+ggF1O6kRsrM0lEJCY9U0qJN8=,tag:cSm1Obe6WnpHloF/JleVEA==,type:str] attic: - secret-key: ENC[AES256_GCM,data:/K7d91YCjSAe9yIAwJxeb36+VDWARCfwUch8+kwa9O00CjC95rVWjOtsiVIoxQShKSbndaZ1rYcva/gR5zRcIFohbM38QeS4YAjF36ByOuQh4YzPW8lwMyswBVpCXnDVsXBamDUe0OQa6r8z3D5XXsyFCIUlv2hzGJRslPkp/+6NeP5soVH+SqLgAuY42Y7yNTJeDOYOFfy1xtkcSUDor8cOnmUd3D4a+/zjoyxNLPkNTcvqL25xe1m4lo5ZtlMgnVw9FTOc+pZ/LQ0CF/T+SqUbqUTPKSvNHTh96t09/zXUB+6H+eDjRA==,iv:ozMGeMvVaGlFsC63g1IwRemSijk1lDJ4hBcN69F51RA=,tag:DaLZIdVhIYAhZyGbBLzj0g==,type:str] - database-url: ENC[AES256_GCM,data:EGzCrJex/Y0F6sAvvcbPd1hun/GWKw3NoGXJKQqypv5R4/LSdRwLE4q5fDqzKwZmew8uydZ29v4P,iv:8YGMXsaLNRXpd4B1Le0MZbl3LFDBaFGXWKHIkJDahAw=,tag:jGuzdiLHyyKxpZ67YuLdhQ==,type:str] - adm: ENC[AES256_GCM,data:Jltr0pQFPntVYSEIM3097qQqzL05zEyf69+iujNZ4oCM9tcq/b2qnjtgLcQifLvHO685CK0jo1yAPf8cd+gfDW1AKhx8PEUM7eeyHC2LWlmONAPafnURjcMvxK+EGkapAuTW/ntoP0W+A2bXniduiNF8CRIowJJWNEowWwJpS7PCUZIkJQT0MOJuJFVXPMU0YUcVZ9efxuWVpVfWxs92uUZ8j+y/4LzFbr04c8q7GzLIAdMzRn0VIlfhVC3WrwjyJzDVKDaRukg69WuM0mMpB3++MdpD5hqiR6zFuer4r1rX6naWieSkogMfJ8saE8TJf0iljynsRkE1O/LFZ90OMFraOwk3EQOb,iv:vekU4xbCwjCJBdxvDeCzf8OQezotfIejnW293EWKZyU=,tag:QMBsTyButXlvnqTyq4vLAQ==,type:str] + secret-key: ENC[AES256_GCM,data:0pVok0M5Ob08BdFBV57Ijr4MW6msdGuvgq7v5lunJocv/sM0u0Cy7ye67+me21YBy4xGqidAfQo0j4OQkn71Z7ouKJGQ6izqOuTvRerBLmY/V3GMnSrBgtb+gjKhwswf/T/WV/I2lc0GTrdiJi6JJC0VL14kJYWRQIdcadeGEoF+cZyzyHWV32TxyJrNlDGFu1aFhjKiHP50aDFxibIPwz1h9+lN6jEGEwsOa29K3gnL9zOmzaoS/F4wXEZlCXNETj6lvCd6Ywt3erkGmCvA4FTzfs/CdW/QcS2GneGUzoCy4NRcxx9dKQ==,iv:4QiN6tupBkIZbVkKt7MyLMiy5z/y0ExAT9xWVBL+pko=,tag:CT4F8y/rObKlIMCwtJk7AA==,type:str] + database-url: ENC[AES256_GCM,data:CrtsSB9KaA+KT9F34eM+z5trjb72wRKKy2LKOWDxBgvVtrNy5jj9c9KPnPCRWue1eABC1FdThKH1,iv:n3n16Qs/s77CxDNHws4lLTJaXx++DpqUrrVDp+Rpj2E=,tag:gkQhzX4gHPRmAQjZKBZF4Q==,type:str] + adm: ENC[AES256_GCM,data:fTXg7sVtyjzm2zPLBSYX0wsAjhPZz/fwOWjk6bYEFNDAz9Esw2VFqG84E53cSj62KxClx8jlakA6RyXH5betcrxoRybrEuvdej76TS4kAP3cgK1OUEbcw0gWsgJPleH2BVAn6/5AhtISmglx0RykyKDtjBoxO1ewwwKesd5brIBD2DhLyaYJLFB42to1HmLe7FgYDaR2Q/W5B6W7RMueFwjA4/Y2ELoFQpwqF2HvcyFO58x8BFhIla6T+MB5l5I2qoYNlN5AayUur5xlALRUGH2PCJEiTrt8hXhYPkSlkiiwORBwwK7w89kO+tsHoDW8u3F/aKBbBnikIkaXnSa694mg0twmTOYL,iv:OBk9nrRA2t/9DvEI/OJTwp8nX4iP+foohueZON9Tlgs=,tag:Y1hVX2wva9QridJ5els9Fg==,type:str] postgres: - init: ENC[AES256_GCM,data:jvp+vytc0d0bZ+TChD0I2K+2zh0GxRpMq5JXObM4hX5tytuRiUeC5zC+6CkBusyK3K9o51mx4hc=,iv:j9+g4iAMHQB3Ad60rm1n+4qehkLynkdbHgwfv/Z7qGQ=,tag:6Lr8tQw3jSVSqOtFtb5BDQ==,type:str] + init: ENC[AES256_GCM,data:Pq24kdMXLAbePqIHPiJx3xXYEm2UbY598iNDf+z2k1HDhStHAd10CCyJYEgppCw2lkDNY54A3PQ=,iv:RE9DQ9Xw4tDFBD67dk3ggyqYqoGVhZf5kO53WoF3fJ4=,tag:dZwZfgI2H9JTClkyUI1MqQ==,type:str] +gitea: + dbpass: ENC[AES256_GCM,data:BXcVMcG01PV2ri0mPXBmAw==,iv:e8y0bPf/yC24FXfw6U5bDz5k/FLVyMd2lWNKMMuntZ0=,tag:7gP32RszzISJfktxnOFF+g==,type:str] upsmon: - password: ENC[AES256_GCM,data:0oFAkltsP9aBDBqGu32PfkGK,iv:SRKbf6j60rXb5imay1xGhon2WlC18yF9R4U1Xtg2P1Y=,tag:ezEm3biq3ah9W+NkSYjORw==,type:str] + password: ENC[AES256_GCM,data:0tZKzQOYaij9jdnDTv61ma8i,iv:GEqlCOOUHTjUzfz+X5lCnqcX9SjAG6bVc8Luv97wnSg=,tag:XLvsucW6sIMHKG2AHmxZEw==,type:str] minio: - credentials: ENC[AES256_GCM,data:1M7ebRRdtTECQac+D9A4kVZcHOx5GIgAMPvd5x6AhYjrmZKmfvLeGGjNExi8QnXaAEmBo0gmwp1fn5Rq6gYi0Xf0BdTrIDD6WTr/KGh32K3n6D+bsTkx2lLo60Ekrr3vMjbW52CWtM8ZVKyp0/kBBpf8PvECyW4A/Kcz,iv:iGoJmTzRsFzhkfwjz45UcKbkQ0guAjt8ShHlc20+Iys=,tag:1LkeWEwYoUn9Bu1ajJMDKA==,type:str] + credentials: ENC[AES256_GCM,data:78ANAQ2756IISlkUFPxy9lQYRml8C9PvkkiXME4nMjtWwPgybvSM2nrO3yVhTgyOyUZjYYWzJlpwstfIAbuWEgGFhbMixSSNSgsWozojm0hWfPBWZ5x4iX++0ARFdfxIAjiGlM/HGa0YO/2tSA6oW6FqM4RbC1vPnqJc,iv:8Y+SilqKsUH/J6M+l4Wpm2J3nPXeoUhA1+GvhzlqMHE=,tag:5dYBlYPIUjd+U+r/dqJWIA==,type:str] server-validation: - webhook: ENC[AES256_GCM,data:ExwjxiIHRLK5c+BsZQHnfELgpWWFZibVmH363nZpZibIhH5M5WS8wLYQtNXJwg1i3ItbONlzct/J4u0zi6q/LLfoBO3yX/XxeYlOeuE/zuq4vbPK1xnnw824yXu8B1EV614Ldz2+bRw26kIV05+F5ripkKdmB4rkGTs+GQ4F3zXIRwWYBgQp8lMm4mgs,iv:VyZ3fqdqJ7loaVAL4bEQMsKZQtp5zutdewkMsxGPYlE=,tag:p+g9AqwmhED9otDMvnWZEA==,type:str] -docker: - pg: ENC[AES256_GCM,data:HrzoG/8jjFeIOjdo9kY8miCIEUN8sdHahGNitXTpZV75jOmeaJrpauHrmglJUosoiJmw+QvPrIrSem967SXQuv507KCMPXiTS17BNBhKbw==,iv:Vk0QmJr8ijJYbRyVumOkifiAHbC2rhtSdHUeOSBB9xU=,tag:GyE6NDg57eRMX5xUh7DpeQ==,type:str] - nextcloud: ENC[AES256_GCM,data:2TC7FR7VStMS6kPktshY1jVin5XuzlYcgHzQskziESzPICYeZ17PO61ke3XPOFZXfh9aLzpyzAnh6t0HqJfmgnLycUK8cUqfbk/mtXwnIoH2qo68TiAD5xB5Nkkyo9K++BxBLNWFaasiJrYEB0a2g9Tsmq04NxHjAJuzFtVRYa7Roxd0JyCfIWp8UC+/r0szqKLfsVMjx43XRxDfQFXDNM+AGlVaC2s7Zg1dfXN+8zf5bBI3wryFxUUbQVKeuvNmCllGW6wYZRH+NqZGR/q99UOVTMMcckByA+h1IPVN7o4bEdgslL8yghnF061utmtRmcjVzzv6WNJMRPnc45C4xC61p2Xe2YyAWNZvEkeORKru9v4UjVk2B4LfOGjjvxjktBdcDcNrR2TfbJIaha/cIlIPwGEm0Zr6yYJ1svZTtO7WLSpACAgeuzAJZO1/IdnQc2qQnCzDnsjIGZ/mOmVC3uMJbXXlG55NID3OQdWvS3rMYXNvPxPdWvYh4vZjFx6Neu7ADVe0xvw1igZ/J4LspS9Veo6s4Sanyli1BjhnfxApKTM=,iv:ZkCAZ8zBcuJNDCxWVmyvAoIa7IwS8yE6WvdNc0wdXc0=,tag:IMznic4HPdY2D9ofVGcGfw==,type:str] - redis: ENC[AES256_GCM,data:y/ZU/9xqokLNQBdqo8QVEgOYsTJOqEfesfG/J/V3D2UFXA==,iv:CUktAC93V7ulDZRhO3X0DZL/FQrACyF2twOemNs4DzY=,tag:HmT/56kOF54PavFypGuaTA==,type:str] - unifi: ENC[AES256_GCM,data:9JW2rYk0+YCBvnxz7gzDkrT+zE723ZqqCY4qLRzc3t2sm2I=,iv:QSABLUDqmfBKUShJSJS3dJXNEdRnl60XHlS6JGNAO5c=,tag:8YpAALkldb74tuby2+Aw+g==,type:str] - minecraft: ENC[AES256_GCM,data:74bxM/hHEwcMqqHSHR332mhIVV36HTBS7eCpkncclTq/oWf9bZQvmroz5tOpOwaq+Mj+2rNs0tXN/iB47ksji1lgqsiXDaM/R+9kAA==,iv:dUYAT9y8tU3jsqIgod4I1K8rHGOzSUuedkq8uDnNN+A=,tag:DDmhBHm/YO3/lH/qNxB8gw==,type:str] - deluge: ENC[AES256_GCM,data:gGaVth/2HsWo39ph/EeX98aIur0fi+GxYzLlJC5Y7oxT5Fzxd15AMCd6ET6ubjNPaoE24ihDMC6KxbHohnwTCzCkYpQNcSiIIuBpk5GZ5NRiGRlSsSZ9jFmG+86J7Zc7OdL7UG/j3CvARQT8ZJSPnAET4Qy18VXB6CkD3YI8G0Fc2Y9S88MILUTAS8QFguDm5Q69ckbJm3ZABcH9lS2Tq8ORNe1vGZqqNRGOppP/5aXF5jC0GUhke/1IEM61B1HPj/kphyOskTHwnxMsDP6YG9V4EzvCNui4oaNshe4Azxu/w5oTWLXbreFBS3WV3Dr0LSQ2+O+cSK+tTPhP13cVdvdKod1z+qk/I9QLlgHGhGKZrj8RafH0CH5x9A1km0a3bS0K66circm2xAmbUSoKZI7cTgvUzXEDhVkDoVET9JRfi3MxDxBT5Qxmqn8c5UbtNFHjNtq1kQ0WeEkKeFtz7QYPqJIvpF42muDYSvobLuqL3x6NolK0cbJkLg5v1Ef7Q4JjaK3X7wSU66aowLxGi9iAPaljWpOsgBN7IJXrJSd3jAtgtOt3ADPmfG2kyEITra19POQyXl7/4ulFWD+CIMT047erC65fhbgu3c7MHs7orTp6tnwWE55+hRv/RwSuKk7S4u8G/+IRRKomYCemLq9G3yvWtwUou0XXYDbkGoG+9d7aRCnf/E9aew0MniZthLpXsauxUxpAwlfrKf0PfPQ33jrBr50vG9RVn+DD939gkLv4e0uK3WlchCLbz6h6fclnabXlrzB2/vmBT42Q1d3+l3BkDcHNmpGTs5IsAhuUqqeNk/OVhFe81xMc6jfBzfEuulZ6yuTR8WkKgApXx6xZ2uIZSm8l33y3+Cohk28pjwUBrlKWvQecCzi4MEExDO7XAETjA6RpMy/USBQU/mRBf5C9sV/M0N0qYtILlLrYOvcINUsWU/8YHbk38RYTyOZZxcvgXle+bKgElmbKqwYOztYa5Mg=,iv:PrSGlvAPZGbPrw6I72qr3sWzZrX55N9oVzy6GOnHVaM=,tag:2B4mXQd1P3oWE29lXVz/Xw==,type:str] - foundry: ENC[AES256_GCM,data:aDWDR3P1NS8ZcOw2Tt87qNKSTYAWzwrkzHRRMbkF2kCVZ7oiI3zmSs1JV6TU5+PPbvya1eGBj3bphwIVjD3fZ2r5iOhVuFBfxSZfRAY5YFhXBta0fSXAuTCXb8AZrBV0,iv:nf1+C6qnrCBoBPP5IYCIpfkX2ljWdo2d+3pia2evBMg=,tag:BJA/xUFswbX4c5LQTcA9iQ==,type:str] + webhook: ENC[AES256_GCM,data:d8drMmXcbWCGwOanYr6jUCz5+d1bgTrPKMl4yxFi49oapqFUFSQo2pA3bP9DA2n0b63ZJp1IDyJGBRGjFUsSC8EkKQsYMIm962o++D4h7/l9GZU2TBcn5VgvSldETgwloMg92i3zEApNCeZTtwFwJuJTwmUsZmg528Kj7SBcDw4H18dW8MMfgzBTkZUh,iv:F/UtYjWNoG1la1xaNevRXP/4lNT2TgYfmukbncHILDA=,tag:fJpdG5di6j8Wm54KLHZEsg==,type:str] sops: kms: [] gcp_kms: [] @@ -37,8 +31,8 @@ sops: d241ZnZ2MWg3YVNBbkh2S0NqeE5PdFEKWqnQH4kZszkKZTSgur0c5hGMoMx9zBdz tSvUbe2+WKX7q6y7XqsD1KjFI+POVDF+YN7H9ja96+JqvKRteXNhCg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-08-18T00:53:19Z" - mac: ENC[AES256_GCM,data:IxvUHA5Rx/icbar+7H4ii0M2llOaMD7c3Nx57hR74FhDVgXj8/eCX/yJW3K8+w9ZGYasFmuJZrvd9Zan7kcPeiSMVJJUJNNyoURkBZeF2xPcVq56GYGrzzFsUIfzhrjz4PI5nEX/X1ODs+8KeIDb8pNPILoJXHhHWHSXavWvx/c=,iv:v4U+AeUDsBxKyrbu8sEmTy+RAAJvITK1IMY7mziRwtU=,tag:BWedhwz4hNXsou5FO53XMA==,type:str] + lastmodified: "2024-10-21T03:48:29Z" + mac: ENC[AES256_GCM,data:4Pt9+NLI9fawOFo8eljafNF8UgIlkSWAuZKGi9GHlVTSqBnpVuVBb5WYhNxLJ/02a2kJ4M1v/YdFIOuLiUVjLopF0phpWZU96eCrblO+9qzss+LvwCTVoTWTzA3Mqh5nKOo2PC8pPi/LeNjdpbIkPZB56O3o8oq0IAQ92h+jCJo=,iv:SU1v+xDK2WW6ugf2Z9QkuwtghavBuKceOr0gQ38tF+0=,tag:U6l+qQZpEZF6TApBbBaqYg==,type:str] pgp: - created_at: "2024-09-05T06:10:49Z" enc: |- @@ -53,4 +47,4 @@ sops: -----END PGP MESSAGE----- fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330 unencrypted_suffix: _unencrypted - version: 3.9.0 + version: 3.9.1 diff --git a/utils/sops-mergetool.sh b/utils/sops-mergetool.sh index 3f833ea..8f7953b 100755 --- a/utils/sops-mergetool.sh +++ b/utils/sops-mergetool.sh @@ -1,6 +1,8 @@ #!/usr/bin/env bash # Exit on first error and verify variables have been set/passed via CLI set -eu +set -v +set -x # Rename our variables to friendlier equivalents # https://git-scm.com/docs/gitattributes#_defining_a_custom_merge_driver