feat: add baxter
This commit is contained in:
parent
fdef711071
commit
6cb331f1c0
|
@ -39,6 +39,10 @@
|
|||
|
||||
deploy = lib.mkDeploy {
|
||||
inherit (inputs) self;
|
||||
overrides = {
|
||||
axol.hostname = "137.184.177.239";
|
||||
baxter.hostname = "209.38.149.197";
|
||||
};
|
||||
};
|
||||
|
||||
checks =
|
||||
|
|
108
modules/nixos/auxolotl/services/forge/default.nix
Normal file
108
modules/nixos/auxolotl/services/forge/default.nix
Normal file
|
@ -0,0 +1,108 @@
|
|||
{
|
||||
lib,
|
||||
pkgs,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
cfg = config.auxolotl.services.forge;
|
||||
in {
|
||||
options.auxolotl.services.forge = {
|
||||
enable = lib.mkEnableOption "Forge";
|
||||
|
||||
domain = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "auxolotl.org";
|
||||
description = "The domain name for the website.";
|
||||
};
|
||||
|
||||
subdomain = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "git";
|
||||
description = "The subdomain for the website.";
|
||||
};
|
||||
|
||||
port = lib.mkOption {
|
||||
type = lib.types.port;
|
||||
default = 3001;
|
||||
description = "The port for Forgejo to listen on.";
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.forgejo = {
|
||||
enable = true;
|
||||
|
||||
lfs.enable = true;
|
||||
|
||||
mailerPasswordFile = "/var/lib/secrets/forgejo-smtp-password";
|
||||
|
||||
database = {
|
||||
type = "postgres";
|
||||
};
|
||||
|
||||
settings = {
|
||||
DEFAULT = {
|
||||
APP_NAME = "Auxolotl Forge";
|
||||
};
|
||||
cron = {
|
||||
ENABLE = true;
|
||||
RUN_AT_START = true;
|
||||
};
|
||||
mailer = {
|
||||
ENABLED = true;
|
||||
FROM = "git@${cfg.domain}";
|
||||
PROTOCOL = "smtps";
|
||||
SMTP_ADDR = "smtp.${cfg.domain}";
|
||||
SMTP_PORT = 465;
|
||||
USER = "git@${cfg.domain}";
|
||||
};
|
||||
service = {
|
||||
ENABLE_CAPTCHA = true;
|
||||
ENABLE_BASIC_AUTHENTICATION = false;
|
||||
REGISTER_EMAIL_CONFIRM = true;
|
||||
ENABLE_NOTIFY_MAIL = true;
|
||||
DISABLE_REGISTRATION = false;
|
||||
};
|
||||
server = {
|
||||
DOMAIN = "${cfg.subdomain}.${cfg.domain}";
|
||||
HTTP_PORT = cfg.port;
|
||||
};
|
||||
repository = {
|
||||
ENABLE_PUSH_CREATE_USER = true;
|
||||
ENABLE_PUSH_CREATE_ORG = true;
|
||||
};
|
||||
security = {
|
||||
INSTALL_LOCK = true;
|
||||
};
|
||||
indexer = {
|
||||
REPLO_INDEXER_ENABLED = true;
|
||||
UPDATE_BUFFER_LEN = 20;
|
||||
MAX_FILE_SIZE = 1048576;
|
||||
};
|
||||
session = {
|
||||
PROVIDER = "db";
|
||||
};
|
||||
"repository.pull-request" = {
|
||||
DEFAULT_MERGE_STYLE = "squash";
|
||||
};
|
||||
"repository.signing" = {
|
||||
DEFAULT_TRUST_MODEL = "committer";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
|
||||
virtualHosts = {
|
||||
"${cfg.subdomain}.${cfg.domain}" = {
|
||||
locations = {
|
||||
"/" = {
|
||||
proxyPass = "http://localhost:${builtins.toString cfg.port}";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
17
modules/nixos/auxolotl/services/ssh/default.nix
Normal file
17
modules/nixos/auxolotl/services/ssh/default.nix
Normal file
|
@ -0,0 +1,17 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
cfg = config.auxolotl.services.ssh;
|
||||
in {
|
||||
options.auxolotl.services.ssh = {
|
||||
enable = lib.mkEnableOption "SSH";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -24,12 +24,10 @@ in {
|
|||
openssh.authorizedKeys.keys = [
|
||||
# jakehamilton
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwaaCUq3Ooq1BaHbg5IwVxWj/xmNJY2dDthHKPZefrHXv/ksM/IREgm38J0CdoMpVS0Zp1C/vFrwGfaYZ2lCF5hBVdV3gf+mvj8Yb8Xpm6aM4L5ig+oBMp/3cz1+g/I4aLMJfCKCtdD6Q2o4vtkTpid6X+kL3UGZbX0HFn3pxoDinzOXQnVGSGw+pQhLASvQeVXWTJjVfIWhj9L2NRJau42cBRRlAH9kE3HUbcgLgyPUZ28aGXLLmiQ6CUjiIlce5ee16WNLHQHOzVfPJfF1e1F0HwGMMBe39ey3IEQz6ab1YqlIzjRx9fQ9hQK6Du+Duupby8JmBlbUAxhh8KJFCJB2cXW/K5Et4R8GHMS6MyIoKQwFUXGyrszVfiuNTGZIkPAYx9zlCq9M/J+x1xUZLHymL85WLPyxhlhN4ysM9ILYiyiJ3gYrPIn5FIZrW7MCQX4h8k0bEjWUwH5kF3dZpEvIT2ssyIu12fGzXkYaNQcJEb5D9gT1mNyi2dxQ62NPZ5orfYyIZ7fn22d1P/jegG+7LQeXPiy5NLE6b7MP5Rq2dL8Y9Oi8pOBtoY9BpLh7saSBbNFXTBtH/8OfAQacxDsZD/zTFtCzZjtTK6yiAaXCZTvMIOuoYGZvEk6zWXrjVsU8FlqF+4JOTfePqr/SSUXNJyKnrvQJ1BfHQiYsrckw=="
|
||||
# minion
|
||||
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIteIdlZv52nUDxW2SUsoJ2NZi/w9j1NZwuHanQ/o/DuAAAAHnNzaDpjb2xsYWJvcmFfeXViaWtleV9yZXNpZGVudA== collabora_yubikey_resident"
|
||||
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJRzQbQjXFpHKtt8lpNKmoNx57+EJ/z3wnKOn3/LjM6cAAAAFXNzaDppeXViaWtleV9yZXNpZGVudA== iyubikey_resident"
|
||||
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIOhzJ0p9bFRSURUjV05rrt5jCbxPXke7juNbEC9ZJXS/AAAAGXNzaDp0aW55X3l1YmlrZXlfcmVzaWRlbnQ= tiny_yubikey_resident"
|
||||
# isabel
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMQDiHbMSinj8twL9cTgPOfI6OMexrTZyHX27T8gnMj2"
|
||||
# minion
|
||||
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIteIdlZv52nUDxW2SUsoJ2NZi/w9j1NZwuHanQ/o/DuAAAAHnNzaDpjb2xsYWJvcmFfeXViaWtleV9yZXNpZGVudA== collabora_yubikey_resident"
|
||||
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJRzQbQjXFpHKtt8lpNKmoNx57+EJ/z3wnKOn3/LjM6cAAAAFXNzaDppeXViaWtleV9yZXNpZGVudA== iyubikey_resident"
|
||||
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIOhzJ0p9bFRSURUjV05rrt5jCbxPXke7juNbEC9ZJXS/AAAAGXNzaDp0aW55X3l1YmlrZXlfcmVzaWRlbnQ= tiny_yubikey_resident"
|
||||
];
|
||||
};
|
||||
|
||||
|
|
|
@ -37,6 +37,7 @@
|
|||
};
|
||||
|
||||
services = {
|
||||
ssh.enable = true;
|
||||
chat.enable = true;
|
||||
website.enable = true;
|
||||
};
|
||||
|
|
46
systems/x86_64-linux/baxter/default.nix
Normal file
46
systems/x86_64-linux/baxter/default.nix
Normal file
|
@ -0,0 +1,46 @@
|
|||
# baxter
|
||||
# 209.38.149.197
|
||||
{
|
||||
pkgs,
|
||||
modulesPath,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
(modulesPath + "/virtualisation/digital-ocean-config.nix")
|
||||
];
|
||||
|
||||
boot.loader.grub.enable = true;
|
||||
|
||||
virtualisation.digitalOcean.rebuildFromUserData = false;
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
80
|
||||
443
|
||||
];
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
neovim
|
||||
];
|
||||
|
||||
auxolotl = {
|
||||
nix.enable = true;
|
||||
|
||||
users.infra.enable = true;
|
||||
|
||||
security = {
|
||||
doas.enable = true;
|
||||
|
||||
acme = {
|
||||
enable = true;
|
||||
email = "jake.hamilton@hey.com";
|
||||
};
|
||||
};
|
||||
|
||||
services = {
|
||||
ssh.enable = true;
|
||||
forge.enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
system.stateVersion = "23.11";
|
||||
}
|
Loading…
Reference in a new issue