feat: add baxter

This commit is contained in:
Jake Hamilton 2024-05-21 13:38:54 -07:00
parent fdef711071
commit 6cb331f1c0
Signed by: jakehamilton
GPG key ID: 9762169A1B35EA68
6 changed files with 180 additions and 6 deletions

View file

@ -39,6 +39,10 @@
deploy = lib.mkDeploy {
inherit (inputs) self;
overrides = {
axol.hostname = "137.184.177.239";
baxter.hostname = "209.38.149.197";
};
};
checks =

View file

@ -0,0 +1,108 @@
{
lib,
pkgs,
config,
...
}: let
cfg = config.auxolotl.services.forge;
in {
options.auxolotl.services.forge = {
enable = lib.mkEnableOption "Forge";
domain = lib.mkOption {
type = lib.types.str;
default = "auxolotl.org";
description = "The domain name for the website.";
};
subdomain = lib.mkOption {
type = lib.types.str;
default = "git";
description = "The subdomain for the website.";
};
port = lib.mkOption {
type = lib.types.port;
default = 3001;
description = "The port for Forgejo to listen on.";
};
};
config = lib.mkIf cfg.enable {
services.forgejo = {
enable = true;
lfs.enable = true;
mailerPasswordFile = "/var/lib/secrets/forgejo-smtp-password";
database = {
type = "postgres";
};
settings = {
DEFAULT = {
APP_NAME = "Auxolotl Forge";
};
cron = {
ENABLE = true;
RUN_AT_START = true;
};
mailer = {
ENABLED = true;
FROM = "git@${cfg.domain}";
PROTOCOL = "smtps";
SMTP_ADDR = "smtp.${cfg.domain}";
SMTP_PORT = 465;
USER = "git@${cfg.domain}";
};
service = {
ENABLE_CAPTCHA = true;
ENABLE_BASIC_AUTHENTICATION = false;
REGISTER_EMAIL_CONFIRM = true;
ENABLE_NOTIFY_MAIL = true;
DISABLE_REGISTRATION = false;
};
server = {
DOMAIN = "${cfg.subdomain}.${cfg.domain}";
HTTP_PORT = cfg.port;
};
repository = {
ENABLE_PUSH_CREATE_USER = true;
ENABLE_PUSH_CREATE_ORG = true;
};
security = {
INSTALL_LOCK = true;
};
indexer = {
REPLO_INDEXER_ENABLED = true;
UPDATE_BUFFER_LEN = 20;
MAX_FILE_SIZE = 1048576;
};
session = {
PROVIDER = "db";
};
"repository.pull-request" = {
DEFAULT_MERGE_STYLE = "squash";
};
"repository.signing" = {
DEFAULT_TRUST_MODEL = "committer";
};
};
};
services.nginx = {
enable = true;
virtualHosts = {
"${cfg.subdomain}.${cfg.domain}" = {
locations = {
"/" = {
proxyPass = "http://localhost:${builtins.toString cfg.port}";
};
};
};
};
};
};
}

View file

@ -0,0 +1,17 @@
{
lib,
config,
...
}: let
cfg = config.auxolotl.services.ssh;
in {
options.auxolotl.services.ssh = {
enable = lib.mkEnableOption "SSH";
};
config = lib.mkIf cfg.enable {
services.openssh = {
enable = true;
};
};
}

View file

@ -24,12 +24,10 @@ in {
openssh.authorizedKeys.keys = [
# jakehamilton
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwaaCUq3Ooq1BaHbg5IwVxWj/xmNJY2dDthHKPZefrHXv/ksM/IREgm38J0CdoMpVS0Zp1C/vFrwGfaYZ2lCF5hBVdV3gf+mvj8Yb8Xpm6aM4L5ig+oBMp/3cz1+g/I4aLMJfCKCtdD6Q2o4vtkTpid6X+kL3UGZbX0HFn3pxoDinzOXQnVGSGw+pQhLASvQeVXWTJjVfIWhj9L2NRJau42cBRRlAH9kE3HUbcgLgyPUZ28aGXLLmiQ6CUjiIlce5ee16WNLHQHOzVfPJfF1e1F0HwGMMBe39ey3IEQz6ab1YqlIzjRx9fQ9hQK6Du+Duupby8JmBlbUAxhh8KJFCJB2cXW/K5Et4R8GHMS6MyIoKQwFUXGyrszVfiuNTGZIkPAYx9zlCq9M/J+x1xUZLHymL85WLPyxhlhN4ysM9ILYiyiJ3gYrPIn5FIZrW7MCQX4h8k0bEjWUwH5kF3dZpEvIT2ssyIu12fGzXkYaNQcJEb5D9gT1mNyi2dxQ62NPZ5orfYyIZ7fn22d1P/jegG+7LQeXPiy5NLE6b7MP5Rq2dL8Y9Oi8pOBtoY9BpLh7saSBbNFXTBtH/8OfAQacxDsZD/zTFtCzZjtTK6yiAaXCZTvMIOuoYGZvEk6zWXrjVsU8FlqF+4JOTfePqr/SSUXNJyKnrvQJ1BfHQiYsrckw=="
# minion
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIteIdlZv52nUDxW2SUsoJ2NZi/w9j1NZwuHanQ/o/DuAAAAHnNzaDpjb2xsYWJvcmFfeXViaWtleV9yZXNpZGVudA== collabora_yubikey_resident"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJRzQbQjXFpHKtt8lpNKmoNx57+EJ/z3wnKOn3/LjM6cAAAAFXNzaDppeXViaWtleV9yZXNpZGVudA== iyubikey_resident"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIOhzJ0p9bFRSURUjV05rrt5jCbxPXke7juNbEC9ZJXS/AAAAGXNzaDp0aW55X3l1YmlrZXlfcmVzaWRlbnQ= tiny_yubikey_resident"
# isabel
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMQDiHbMSinj8twL9cTgPOfI6OMexrTZyHX27T8gnMj2"
# minion
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIteIdlZv52nUDxW2SUsoJ2NZi/w9j1NZwuHanQ/o/DuAAAAHnNzaDpjb2xsYWJvcmFfeXViaWtleV9yZXNpZGVudA== collabora_yubikey_resident"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJRzQbQjXFpHKtt8lpNKmoNx57+EJ/z3wnKOn3/LjM6cAAAAFXNzaDppeXViaWtleV9yZXNpZGVudA== iyubikey_resident"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIOhzJ0p9bFRSURUjV05rrt5jCbxPXke7juNbEC9ZJXS/AAAAGXNzaDp0aW55X3l1YmlrZXlfcmVzaWRlbnQ= tiny_yubikey_resident"
];
};

View file

@ -37,6 +37,7 @@
};
services = {
ssh.enable = true;
chat.enable = true;
website.enable = true;
};

View file

@ -0,0 +1,46 @@
# baxter
# 209.38.149.197
{
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/virtualisation/digital-ocean-config.nix")
];
boot.loader.grub.enable = true;
virtualisation.digitalOcean.rebuildFromUserData = false;
networking.firewall.allowedTCPPorts = [
80
443
];
environment.systemPackages = with pkgs; [
neovim
];
auxolotl = {
nix.enable = true;
users.infra.enable = true;
security = {
doas.enable = true;
acme = {
enable = true;
email = "jake.hamilton@hey.com";
};
};
services = {
ssh.enable = true;
forge.enable = true;
};
};
system.stateVersion = "23.11";
}