From c18e54fcdd474e470c78855aa56832a4edc711d5 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sat, 30 Nov 2024 00:30:57 -0500 Subject: [PATCH] gitea over ssh is working, https in progress Signed-off-by: ahuston-0 --- systems/palatine-hill/docker/act-runner.nix | 65 +++++++++++++++++++++ systems/palatine-hill/docker/default.nix | 1 + systems/palatine-hill/firewall.nix | 4 ++ systems/palatine-hill/gitea.nix | 14 ++++- systems/palatine-hill/secrets.yaml | 5 +- systems/palatine-hill/vars.nix | 3 +- 6 files changed, 87 insertions(+), 5 deletions(-) create mode 100644 systems/palatine-hill/docker/act-runner.nix diff --git a/systems/palatine-hill/docker/act-runner.nix b/systems/palatine-hill/docker/act-runner.nix new file mode 100644 index 0000000..7867a50 --- /dev/null +++ b/systems/palatine-hill/docker/act-runner.nix @@ -0,0 +1,65 @@ +{ + config, + ... +}: + +let + vars = import ../vars.nix; + act_path = vars.primary_act; +in +{ + virtualisation.oci-containers.containers.act-stable-latest-1 = + + { + image = "gitea/act_runner:latest"; + extraOptions = [ + "--stop-signal=SIGINT" + ]; + labels = { + "com.centurylinklabs.watchtower.enable" = "true"; + "com.centurylinklabs.watchtower.scope" = "act-runner"; + }; + volumes = [ + "${act_path}/stable-latest-1/config.yaml:/config.yaml" + "${act_path}/stable-latest-1/data:/data" + "/var/run/docker.sock:/var/run/docker.sock" + ]; + environment = { + CONFIG_FILE = "/config.yaml"; + GITEA_RUNNER_NAME = "stable-latest-1"; + }; + environmentFiles = [ config.sops.secrets."docker/act-runner".path ]; + log-driver = "local"; + + }; + + systemd = { + timers."custom-watchtower@act-runner" = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnBootSec = "20m"; + OnUnitActiveSec = "5m"; + Unit = "custom-watchtower@act-runner.service"; + }; + }; + services."custom-watchtower@act-runner" = { + bindsTo = [ "docker.service" ]; + after = [ "docker.service" ]; + description = "a watchtower-esque script for systemd-based oci-containers"; + serviceConfig = { + Type = "oneshot"; + User = "root"; + ExecStart = "${config.nix.package}/bin/nix ${./watchtower.bash} 'com.centurylinklabs.watchtower.scope' 'act-runner'"; + }; + }; + }; + + sops.secrets = { + "docker/act-runner" = { + owner = "root"; + restartUnits = [ + "docker-act-stable-latest-1.service" + ]; + }; + }; +} diff --git a/systems/palatine-hill/docker/default.nix b/systems/palatine-hill/docker/default.nix index 915aad8..086c49c 100644 --- a/systems/palatine-hill/docker/default.nix +++ b/systems/palatine-hill/docker/default.nix @@ -7,6 +7,7 @@ { imports = [ + ./act-runner.nix ./archiveteam.nix # ./books.nix #./firefly.nix diff --git a/systems/palatine-hill/firewall.nix b/systems/palatine-hill/firewall.nix index 6ebb38b..09c797c 100644 --- a/systems/palatine-hill/firewall.nix +++ b/systems/palatine-hill/firewall.nix @@ -13,6 +13,10 @@ # minio 8500 8501 + + # gitea + 2222 + 2223 ]; } diff --git a/systems/palatine-hill/gitea.nix b/systems/palatine-hill/gitea.nix index 73b99fd..882ebe9 100644 --- a/systems/palatine-hill/gitea.nix +++ b/systems/palatine-hill/gitea.nix @@ -21,14 +21,24 @@ in }; settings = { server = { - DOMAIN = "git.alicehuston.xyz"; - ROOT_URL = "https://git.alicehuston.xyz/"; + DOMAIN = "nayeonie.com"; + ROOT_URL = "https://nayeonie.com/"; HTTP_PORT = 6443; SSH_PORT = 2222; + SSH_LISTEN_PORT = 2223; + START_SSH_SERVER = true; }; service = { DISABLE_REGISTRATION = true; }; + log = { + LEVEL = "Trace"; + ENABLE_SSH_LOG = true; + }; + "log.console-warn" = { + LEVEL = "Trace"; + ENABLE_SSH_LOG = true; + }; }; stateDir = base_path; lfs.enable = true; diff --git a/systems/palatine-hill/secrets.yaml b/systems/palatine-hill/secrets.yaml index 5c0b373..d91330c 100644 --- a/systems/palatine-hill/secrets.yaml +++ b/systems/palatine-hill/secrets.yaml @@ -19,6 +19,7 @@ docker: foundry: ENC[AES256_GCM,data:5Z0FvVhJBzTwDPRN6c//caZokiTnkdqiLGFFuyen+tYsdjbQ3AXH5y7HfxKbxsJvU5uShOuIg0jVMvow2NYmzyYDDKBKPOz0bgXOmFq06wzCJubjyZmR/mDcWBBDzAFzaazpyW8=,iv:6wLS00zhX0tjJUe5uADAjzEshJP8QOkF2i4Aw+Y9RSk=,tag:sNr/exY1u3evYGcImyCUlA==,type:str] nextcloud: ENC[AES256_GCM,data:dm2Cha+CvFORgdcBvJAzzdOGcJ95vLJYTZcUJnjNp6HOQIIoJrDone1NOAYJh9rdWG/17/ntOmd+TysAj4AsD0dw/PatZmy3I+dcVghkt2XNTc7jD64QjctIHzR+om1joAbKemG1R3St7qDU68TWYxoxIfYZcJvg3ds/lJcYgFRh079UZ/IRlGVR6sWPEXyY+UUrwtk0Fr+y8UtwwWZiLp0akUbIV06huRGiAp/PeWETuPPuacl2++ayIgJFZkJjUl/a52RI1Q0nLG5iyK6QYpY1JSRJTOkiQQ4PB5GRdLCdoM5/ZXTQ6gGcoM5jXFllsTn+yRicNRucuBp7Z2achbk6eITCdjjdXVI7zM4YXpzVLu5fJckLAu07aEIGYCBT7ZXd7TRgfB68POwtwaJGBozg+nuhq8xEH04yi8jFODH6aFplIgJ+bbaP72zw+92lzZa33FEtOwKdtx+YUv0eLLDJs+8Z6Sn6RyN8prwIz1/9LuIMx39g4R7id9W2bV2MXqTU4nN8f0TXWqe+hnb5pDLBaZOBMkwbRka6Vptsi4dbL5Lnexa2DoIHZ2unyxZ+4SkRt9LH39j8fXf2w5JPFCSLstf7+Zu7xzRS0TTCug7k,iv:oOWcFdQJb/+KZKJmQChhJ5jOCcM3o+ojZSMyiRnO9n8=,tag:PWGQkwPe0juLgAdlKiWKpg==,type:str] redis: ENC[AES256_GCM,data:c+55cN6IpUNeKd+wC2zv3eunYjBsmZtXTczokqaxB2Q=,iv:M3pwNUlT9kUMv4JDE6bp/gub9CdBGxdApIvpOt3JpgE=,tag:3rPlV3U0AP9zAeF7xDouKw==,type:str] + act-runner: ENC[AES256_GCM,data:gdrqXBBzdMW26MgNfP6P1c/m7pLANCXjcZLvVsxlWcgpAZd8IaO2FUqomL3xFI3UDPveQh0UvC3044ueoWhYJOq7ZmKJGvdf0ZrpP1MkXZKvjFjbTsuf/6/SYKhPqnP28HqznUWIVJYcRmP+A2oVeJY=,iv:/yOqJYDpxbqCm1whqcypp7Ba1Xlaebrv+h6lHr57Qa8=,tag:PzVqxP+QwQq69jqhmagj3w==,type:str] server-validation: webhook: ENC[AES256_GCM,data:Lwqy4UhyFutpXjai7EJPKp8MDlI+ayDna4T8jluvC6qkeJ7o1UaaDCOsgLy4Fw7LC77tXhJtkcmep9w37JaiHp2CoDOfy2iAaq8o9CCSi/a0zqMJx+HdZYZNemvmpc6E/be0K+JDrFZLbjr3unSpCidQ3whccC6XyY013R12swN3bFZIu1gtzXCgUZ4U,iv:pVbrRwH3ziu4+R5BfimPV7N71QmyerJEc9M5K4eofOc=,tag:zNrCXrIioQWPEPVz/wMDpQ==,type:str] sops: @@ -36,8 +37,8 @@ sops: cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-28T18:56:39Z" - mac: ENC[AES256_GCM,data:hpQrj3M9BKaZ7XivuJHQ08J0VUbHhK+yoB6DyQ5fL7S/fAOgTidX2O6ZyPB9ubPUQhjrcNDfFrFpGGFu5q9bwW0yfkDBzQ7XmL4RtKrvWbRYyVe6G4hZWbgT5Q/Imo9kEpQxVglQPJtD1fhMwi0SyMmzG0+7d02sSsilC1FjpsE=,iv:jtikHIFcoJd+7fSbyaD24x68wT2Ovda9jzUZm5LdtRk=,tag:Uj3QFIz58vfiv6qOSYS5KQ==,type:str] + lastmodified: "2024-11-30T05:28:04Z" + mac: ENC[AES256_GCM,data:0ZT+1mkiV8XKsY3jL7tyaISBy5mZB/cHGH3K860QUi3eEhLgi+GIdAJ5Ia2YMWIdFsrO1z08YUG9ZmeCBgmtNLueNzjk+AjMTq7G4QOwLdA2HZthDPxOmroX4nhXYdRgZEdSUm4ZBpu8X137o9N+dqzVL/kD/Mfqjw7Sixy22U8=,iv:Q6Hosaxoe8dXPJvaFZasT6u0gDEyxAFNNYEUIilp36I=,tag:vSmTHwvFXJltJOuBdutMGA==,type:str] pgp: - created_at: "2024-11-28T18:56:39Z" enc: |- diff --git a/systems/palatine-hill/vars.nix b/systems/palatine-hill/vars.nix index d8613a7..9b06ade 100644 --- a/systems/palatine-hill/vars.nix +++ b/systems/palatine-hill/vars.nix @@ -2,6 +2,7 @@ rec { zfs_primary = "/ZFS/ZFS-primary"; # primary + primary_act = "${zfs_primary}/act-runner"; primary_archiveteam = "${zfs_primary}/archiveteam"; primary_attic = "${zfs_primary}/attic"; primary_backups = "${zfs_primary}/backups"; @@ -11,9 +12,9 @@ rec { primary_games = "${zfs_primary}/games"; primary_hydra = "${zfs_primary}/hydra"; primary_libvirt = "${zfs_primary}/libvirt"; + primary_loki = "${zfs_primary}/loki"; primary_minio = "${zfs_primary}/minio"; primary_nextcloud = "${zfs_primary}/nextcloud"; primary_redis = "${zfs_primary}/redis"; primary_torr = "${zfs_primary}/torr"; - primary_loki = "${zfs_primary}/loki"; }