ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

gitea over ssh is working, https in progress
Some checks failed
Check Nix flake / Perform Nix flake checks (ubuntu-latest) (push) Failing after 6m50s
Details
Check flake.lock / Check health of `flake.lock` (push) Successful in 9m43s
Details
Check Nix formatting / Perform Nix format checks (push) Failing after 5m36s
Details
Update flakes / createPullRequest (push) Failing after 3h13m22s
Details

Browse Source 
Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
This commit is contained in:
ahuston-0 2024-11-30 00:30:57 -05:00
parent 8280d40eae
commit c18e54fcdd
No known key found for this signature in database
GPG Key ID: 47940175096C1330
6 changed files with 87 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
systems/palatine-hill/docker/act-runner.nix Normal file
View File

@ -0,0 +1,65 @@
{
config,
...
}:
let
vars = import ../vars.nix;
act_path = vars.primary_act;
in
{
virtualisation.oci-containers.containers.act-stable-latest-1 =
{
image = "gitea/act_runner:latest";
extraOptions = [
"--stop-signal=SIGINT"
];
labels = {
"com.centurylinklabs.watchtower.enable" = "true";
"com.centurylinklabs.watchtower.scope" = "act-runner";
};
volumes = [
"${act_path}/stable-latest-1/config.yaml:/config.yaml"
"${act_path}/stable-latest-1/data:/data"
"/var/run/docker.sock:/var/run/docker.sock"
];
environment = {
CONFIG_FILE = "/config.yaml";
GITEA_RUNNER_NAME = "stable-latest-1";
};
environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
log-driver = "local";
};
systemd = {
timers."custom-watchtower@act-runner" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "20m";
OnUnitActiveSec = "5m";
Unit = "custom-watchtower@act-runner.service";
};
};
services."custom-watchtower@act-runner" = {
bindsTo = [ "docker.service" ];
after = [ "docker.service" ];
description = "a watchtower-esque script for systemd-based oci-containers";
serviceConfig = {
Type = "oneshot";
User = "root";
ExecStart = "${config.nix.package}/bin/nix ${./watchtower.bash} 'com.centurylinklabs.watchtower.scope' 'act-runner'";
};
};
};
sops.secrets = {
"docker/act-runner" = {
owner = "root";
restartUnits = [
"docker-act-stable-latest-1.service"
];
};
};
}

1
systems/palatine-hill/docker/default.nix
View File

@ -7,6 +7,7 @@
{ {
imports = [ imports = [
./act-runner.nix
./archiveteam.nix ./archiveteam.nix
# ./books.nix # ./books.nix
#./firefly.nix #./firefly.nix

4
systems/palatine-hill/firewall.nix
View File

@ -13,6 +13,10 @@
# minio # minio
8500 8500
8501 8501
# gitea
2222
2223
]; ];
} }

14
systems/palatine-hill/gitea.nix
View File

@ -21,14 +21,24 @@ in
}; };
settings = { settings = {
server = { server = {
DOMAIN = "git.alicehuston.xyz"; DOMAIN = "nayeonie.com";
ROOT_URL = "https://git.alicehuston.xyz/"; ROOT_URL = "https://nayeonie.com/";
HTTP_PORT = 6443; HTTP_PORT = 6443;
SSH_PORT = 2222; SSH_PORT = 2222;
SSH_LISTEN_PORT = 2223;
START_SSH_SERVER = true;
}; };
service = { service = {
DISABLE_REGISTRATION = true; DISABLE_REGISTRATION = true;
}; };
log = {
LEVEL = "Trace";
ENABLE_SSH_LOG = true;
};
"log.console-warn" = {
LEVEL = "Trace";
ENABLE_SSH_LOG = true;
};
}; };
stateDir = base_path; stateDir = base_path;
lfs.enable = true; lfs.enable = true;

5
systems/palatine-hill/secrets.yaml
View File

@ -19,6 +19,7 @@ docker:
foundry: ENC[AES256_GCM,data:5Z0FvVhJBzTwDPRN6c//caZokiTnkdqiLGFFuyen+tYsdjbQ3AXH5y7HfxKbxsJvU5uShOuIg0jVMvow2NYmzyYDDKBKPOz0bgXOmFq06wzCJubjyZmR/mDcWBBDzAFzaazpyW8=,iv:6wLS00zhX0tjJUe5uADAjzEshJP8QOkF2i4Aw+Y9RSk=,tag:sNr/exY1u3evYGcImyCUlA==,type:str] foundry: ENC[AES256_GCM,data:5Z0FvVhJBzTwDPRN6c//caZokiTnkdqiLGFFuyen+tYsdjbQ3AXH5y7HfxKbxsJvU5uShOuIg0jVMvow2NYmzyYDDKBKPOz0bgXOmFq06wzCJubjyZmR/mDcWBBDzAFzaazpyW8=,iv:6wLS00zhX0tjJUe5uADAjzEshJP8QOkF2i4Aw+Y9RSk=,tag:sNr/exY1u3evYGcImyCUlA==,type:str]
nextcloud: ENC[AES256_GCM,data:dm2Cha+CvFORgdcBvJAzzdOGcJ95vLJYTZcUJnjNp6HOQIIoJrDone1NOAYJh9rdWG/17/ntOmd+TysAj4AsD0dw/PatZmy3I+dcVghkt2XNTc7jD64QjctIHzR+om1joAbKemG1R3St7qDU68TWYxoxIfYZcJvg3ds/lJcYgFRh079UZ/IRlGVR6sWPEXyY+UUrwtk0Fr+y8UtwwWZiLp0akUbIV06huRGiAp/PeWETuPPuacl2++ayIgJFZkJjUl/a52RI1Q0nLG5iyK6QYpY1JSRJTOkiQQ4PB5GRdLCdoM5/ZXTQ6gGcoM5jXFllsTn+yRicNRucuBp7Z2achbk6eITCdjjdXVI7zM4YXpzVLu5fJckLAu07aEIGYCBT7ZXd7TRgfB68POwtwaJGBozg+nuhq8xEH04yi8jFODH6aFplIgJ+bbaP72zw+92lzZa33FEtOwKdtx+YUv0eLLDJs+8Z6Sn6RyN8prwIz1/9LuIMx39g4R7id9W2bV2MXqTU4nN8f0TXWqe+hnb5pDLBaZOBMkwbRka6Vptsi4dbL5Lnexa2DoIHZ2unyxZ+4SkRt9LH39j8fXf2w5JPFCSLstf7+Zu7xzRS0TTCug7k,iv:oOWcFdQJb/+KZKJmQChhJ5jOCcM3o+ojZSMyiRnO9n8=,tag:PWGQkwPe0juLgAdlKiWKpg==,type:str] nextcloud: ENC[AES256_GCM,data:dm2Cha+CvFORgdcBvJAzzdOGcJ95vLJYTZcUJnjNp6HOQIIoJrDone1NOAYJh9rdWG/17/ntOmd+TysAj4AsD0dw/PatZmy3I+dcVghkt2XNTc7jD64QjctIHzR+om1joAbKemG1R3St7qDU68TWYxoxIfYZcJvg3ds/lJcYgFRh079UZ/IRlGVR6sWPEXyY+UUrwtk0Fr+y8UtwwWZiLp0akUbIV06huRGiAp/PeWETuPPuacl2++ayIgJFZkJjUl/a52RI1Q0nLG5iyK6QYpY1JSRJTOkiQQ4PB5GRdLCdoM5/ZXTQ6gGcoM5jXFllsTn+yRicNRucuBp7Z2achbk6eITCdjjdXVI7zM4YXpzVLu5fJckLAu07aEIGYCBT7ZXd7TRgfB68POwtwaJGBozg+nuhq8xEH04yi8jFODH6aFplIgJ+bbaP72zw+92lzZa33FEtOwKdtx+YUv0eLLDJs+8Z6Sn6RyN8prwIz1/9LuIMx39g4R7id9W2bV2MXqTU4nN8f0TXWqe+hnb5pDLBaZOBMkwbRka6Vptsi4dbL5Lnexa2DoIHZ2unyxZ+4SkRt9LH39j8fXf2w5JPFCSLstf7+Zu7xzRS0TTCug7k,iv:oOWcFdQJb/+KZKJmQChhJ5jOCcM3o+ojZSMyiRnO9n8=,tag:PWGQkwPe0juLgAdlKiWKpg==,type:str]
redis: ENC[AES256_GCM,data:c+55cN6IpUNeKd+wC2zv3eunYjBsmZtXTczokqaxB2Q=,iv:M3pwNUlT9kUMv4JDE6bp/gub9CdBGxdApIvpOt3JpgE=,tag:3rPlV3U0AP9zAeF7xDouKw==,type:str] redis: ENC[AES256_GCM,data:c+55cN6IpUNeKd+wC2zv3eunYjBsmZtXTczokqaxB2Q=,iv:M3pwNUlT9kUMv4JDE6bp/gub9CdBGxdApIvpOt3JpgE=,tag:3rPlV3U0AP9zAeF7xDouKw==,type:str]
act-runner: ENC[AES256_GCM,data:gdrqXBBzdMW26MgNfP6P1c/m7pLANCXjcZLvVsxlWcgpAZd8IaO2FUqomL3xFI3UDPveQh0UvC3044ueoWhYJOq7ZmKJGvdf0ZrpP1MkXZKvjFjbTsuf/6/SYKhPqnP28HqznUWIVJYcRmP+A2oVeJY=,iv:/yOqJYDpxbqCm1whqcypp7Ba1Xlaebrv+h6lHr57Qa8=,tag:PzVqxP+QwQq69jqhmagj3w==,type:str]
server-validation: server-validation:
webhook: ENC[AES256_GCM,data:Lwqy4UhyFutpXjai7EJPKp8MDlI+ayDna4T8jluvC6qkeJ7o1UaaDCOsgLy4Fw7LC77tXhJtkcmep9w37JaiHp2CoDOfy2iAaq8o9CCSi/a0zqMJx+HdZYZNemvmpc6E/be0K+JDrFZLbjr3unSpCidQ3whccC6XyY013R12swN3bFZIu1gtzXCgUZ4U,iv:pVbrRwH3ziu4+R5BfimPV7N71QmyerJEc9M5K4eofOc=,tag:zNrCXrIioQWPEPVz/wMDpQ==,type:str] webhook: ENC[AES256_GCM,data:Lwqy4UhyFutpXjai7EJPKp8MDlI+ayDna4T8jluvC6qkeJ7o1UaaDCOsgLy4Fw7LC77tXhJtkcmep9w37JaiHp2CoDOfy2iAaq8o9CCSi/a0zqMJx+HdZYZNemvmpc6E/be0K+JDrFZLbjr3unSpCidQ3whccC6XyY013R12swN3bFZIu1gtzXCgUZ4U,iv:pVbrRwH3ziu4+R5BfimPV7N71QmyerJEc9M5K4eofOc=,tag:zNrCXrIioQWPEPVz/wMDpQ==,type:str]
sops: sops:
@ -36,8 +37,8 @@ sops:
cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At
LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw== LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-28T18:56:39Z" lastmodified: "2024-11-30T05:28:04Z"
mac: ENC[AES256_GCM,data:hpQrj3M9BKaZ7XivuJHQ08J0VUbHhK+yoB6DyQ5fL7S/fAOgTidX2O6ZyPB9ubPUQhjrcNDfFrFpGGFu5q9bwW0yfkDBzQ7XmL4RtKrvWbRYyVe6G4hZWbgT5Q/Imo9kEpQxVglQPJtD1fhMwi0SyMmzG0+7d02sSsilC1FjpsE=,iv:jtikHIFcoJd+7fSbyaD24x68wT2Ovda9jzUZm5LdtRk=,tag:Uj3QFIz58vfiv6qOSYS5KQ==,type:str] mac: ENC[AES256_GCM,data:0ZT+1mkiV8XKsY3jL7tyaISBy5mZB/cHGH3K860QUi3eEhLgi+GIdAJ5Ia2YMWIdFsrO1z08YUG9ZmeCBgmtNLueNzjk+AjMTq7G4QOwLdA2HZthDPxOmroX4nhXYdRgZEdSUm4ZBpu8X137o9N+dqzVL/kD/Mfqjw7Sixy22U8=,iv:Q6Hosaxoe8dXPJvaFZasT6u0gDEyxAFNNYEUIilp36I=,tag:vSmTHwvFXJltJOuBdutMGA==,type:str]
pgp: pgp:
- created_at: "2024-11-28T18:56:39Z" - created_at: "2024-11-28T18:56:39Z"
enc: |- enc: |-

3
systems/palatine-hill/vars.nix
View File

@ -2,6 +2,7 @@ rec {
zfs_primary = "/ZFS/ZFS-primary"; zfs_primary = "/ZFS/ZFS-primary";
# primary # primary
primary_act = "${zfs_primary}/act-runner";
primary_archiveteam = "${zfs_primary}/archiveteam"; primary_archiveteam = "${zfs_primary}/archiveteam";
primary_attic = "${zfs_primary}/attic"; primary_attic = "${zfs_primary}/attic";
primary_backups = "${zfs_primary}/backups"; primary_backups = "${zfs_primary}/backups";
@ -11,9 +12,9 @@ rec {
primary_games = "${zfs_primary}/games"; primary_games = "${zfs_primary}/games";
primary_hydra = "${zfs_primary}/hydra"; primary_hydra = "${zfs_primary}/hydra";
primary_libvirt = "${zfs_primary}/libvirt"; primary_libvirt = "${zfs_primary}/libvirt";
primary_loki = "${zfs_primary}/loki";
primary_minio = "${zfs_primary}/minio"; primary_minio = "${zfs_primary}/minio";
primary_nextcloud = "${zfs_primary}/nextcloud"; primary_nextcloud = "${zfs_primary}/nextcloud";
primary_redis = "${zfs_primary}/redis"; primary_redis = "${zfs_primary}/redis";
primary_torr = "${zfs_primary}/torr"; primary_torr = "${zfs_primary}/torr";
primary_loki = "${zfs_primary}/loki";
} }