From 6cb331f1c0a038f24e5ca19225af392194057805 Mon Sep 17 00:00:00 2001 From: Jake Hamilton Date: Tue, 21 May 2024 13:38:54 -0700 Subject: [PATCH] feat: add baxter --- flake.nix | 4 + .../nixos/auxolotl/services/forge/default.nix | 108 ++++++++++++++++++ .../nixos/auxolotl/services/ssh/default.nix | 17 +++ .../nixos/auxolotl/users/infra/default.nix | 10 +- systems/x86_64-linux/axol/default.nix | 1 + systems/x86_64-linux/baxter/default.nix | 46 ++++++++ 6 files changed, 180 insertions(+), 6 deletions(-) create mode 100644 modules/nixos/auxolotl/services/forge/default.nix create mode 100644 modules/nixos/auxolotl/services/ssh/default.nix create mode 100644 systems/x86_64-linux/baxter/default.nix diff --git a/flake.nix b/flake.nix index 1d26e13..82bd123 100644 --- a/flake.nix +++ b/flake.nix @@ -39,6 +39,10 @@ deploy = lib.mkDeploy { inherit (inputs) self; + overrides = { + axol.hostname = "137.184.177.239"; + baxter.hostname = "209.38.149.197"; + }; }; checks = diff --git a/modules/nixos/auxolotl/services/forge/default.nix b/modules/nixos/auxolotl/services/forge/default.nix new file mode 100644 index 0000000..2c65a6c --- /dev/null +++ b/modules/nixos/auxolotl/services/forge/default.nix @@ -0,0 +1,108 @@ +{ + lib, + pkgs, + config, + ... +}: let + cfg = config.auxolotl.services.forge; +in { + options.auxolotl.services.forge = { + enable = lib.mkEnableOption "Forge"; + + domain = lib.mkOption { + type = lib.types.str; + default = "auxolotl.org"; + description = "The domain name for the website."; + }; + + subdomain = lib.mkOption { + type = lib.types.str; + default = "git"; + description = "The subdomain for the website."; + }; + + port = lib.mkOption { + type = lib.types.port; + default = 3001; + description = "The port for Forgejo to listen on."; + }; + }; + + config = lib.mkIf cfg.enable { + services.forgejo = { + enable = true; + + lfs.enable = true; + + mailerPasswordFile = "/var/lib/secrets/forgejo-smtp-password"; + + database = { + type = "postgres"; + }; + + settings = { + DEFAULT = { + APP_NAME = "Auxolotl Forge"; + }; + cron = { + ENABLE = true; + RUN_AT_START = true; + }; + mailer = { + ENABLED = true; + FROM = "git@${cfg.domain}"; + PROTOCOL = "smtps"; + SMTP_ADDR = "smtp.${cfg.domain}"; + SMTP_PORT = 465; + USER = "git@${cfg.domain}"; + }; + service = { + ENABLE_CAPTCHA = true; + ENABLE_BASIC_AUTHENTICATION = false; + REGISTER_EMAIL_CONFIRM = true; + ENABLE_NOTIFY_MAIL = true; + DISABLE_REGISTRATION = false; + }; + server = { + DOMAIN = "${cfg.subdomain}.${cfg.domain}"; + HTTP_PORT = cfg.port; + }; + repository = { + ENABLE_PUSH_CREATE_USER = true; + ENABLE_PUSH_CREATE_ORG = true; + }; + security = { + INSTALL_LOCK = true; + }; + indexer = { + REPLO_INDEXER_ENABLED = true; + UPDATE_BUFFER_LEN = 20; + MAX_FILE_SIZE = 1048576; + }; + session = { + PROVIDER = "db"; + }; + "repository.pull-request" = { + DEFAULT_MERGE_STYLE = "squash"; + }; + "repository.signing" = { + DEFAULT_TRUST_MODEL = "committer"; + }; + }; + }; + + services.nginx = { + enable = true; + + virtualHosts = { + "${cfg.subdomain}.${cfg.domain}" = { + locations = { + "/" = { + proxyPass = "http://localhost:${builtins.toString cfg.port}"; + }; + }; + }; + }; + }; + }; +} diff --git a/modules/nixos/auxolotl/services/ssh/default.nix b/modules/nixos/auxolotl/services/ssh/default.nix new file mode 100644 index 0000000..a3345a6 --- /dev/null +++ b/modules/nixos/auxolotl/services/ssh/default.nix @@ -0,0 +1,17 @@ +{ + lib, + config, + ... +}: let + cfg = config.auxolotl.services.ssh; +in { + options.auxolotl.services.ssh = { + enable = lib.mkEnableOption "SSH"; + }; + + config = lib.mkIf cfg.enable { + services.openssh = { + enable = true; + }; + }; +} diff --git a/modules/nixos/auxolotl/users/infra/default.nix b/modules/nixos/auxolotl/users/infra/default.nix index c3bb1c4..556231d 100644 --- a/modules/nixos/auxolotl/users/infra/default.nix +++ b/modules/nixos/auxolotl/users/infra/default.nix @@ -24,12 +24,10 @@ in { openssh.authorizedKeys.keys = [ # jakehamilton "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwaaCUq3Ooq1BaHbg5IwVxWj/xmNJY2dDthHKPZefrHXv/ksM/IREgm38J0CdoMpVS0Zp1C/vFrwGfaYZ2lCF5hBVdV3gf+mvj8Yb8Xpm6aM4L5ig+oBMp/3cz1+g/I4aLMJfCKCtdD6Q2o4vtkTpid6X+kL3UGZbX0HFn3pxoDinzOXQnVGSGw+pQhLASvQeVXWTJjVfIWhj9L2NRJau42cBRRlAH9kE3HUbcgLgyPUZ28aGXLLmiQ6CUjiIlce5ee16WNLHQHOzVfPJfF1e1F0HwGMMBe39ey3IEQz6ab1YqlIzjRx9fQ9hQK6Du+Duupby8JmBlbUAxhh8KJFCJB2cXW/K5Et4R8GHMS6MyIoKQwFUXGyrszVfiuNTGZIkPAYx9zlCq9M/J+x1xUZLHymL85WLPyxhlhN4ysM9ILYiyiJ3gYrPIn5FIZrW7MCQX4h8k0bEjWUwH5kF3dZpEvIT2ssyIu12fGzXkYaNQcJEb5D9gT1mNyi2dxQ62NPZ5orfYyIZ7fn22d1P/jegG+7LQeXPiy5NLE6b7MP5Rq2dL8Y9Oi8pOBtoY9BpLh7saSBbNFXTBtH/8OfAQacxDsZD/zTFtCzZjtTK6yiAaXCZTvMIOuoYGZvEk6zWXrjVsU8FlqF+4JOTfePqr/SSUXNJyKnrvQJ1BfHQiYsrckw==" - # minion - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIteIdlZv52nUDxW2SUsoJ2NZi/w9j1NZwuHanQ/o/DuAAAAHnNzaDpjb2xsYWJvcmFfeXViaWtleV9yZXNpZGVudA== collabora_yubikey_resident" - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJRzQbQjXFpHKtt8lpNKmoNx57+EJ/z3wnKOn3/LjM6cAAAAFXNzaDppeXViaWtleV9yZXNpZGVudA== iyubikey_resident" - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIOhzJ0p9bFRSURUjV05rrt5jCbxPXke7juNbEC9ZJXS/AAAAGXNzaDp0aW55X3l1YmlrZXlfcmVzaWRlbnQ= tiny_yubikey_resident" - # isabel - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMQDiHbMSinj8twL9cTgPOfI6OMexrTZyHX27T8gnMj2" + # minion + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIteIdlZv52nUDxW2SUsoJ2NZi/w9j1NZwuHanQ/o/DuAAAAHnNzaDpjb2xsYWJvcmFfeXViaWtleV9yZXNpZGVudA== collabora_yubikey_resident" + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJRzQbQjXFpHKtt8lpNKmoNx57+EJ/z3wnKOn3/LjM6cAAAAFXNzaDppeXViaWtleV9yZXNpZGVudA== iyubikey_resident" + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIOhzJ0p9bFRSURUjV05rrt5jCbxPXke7juNbEC9ZJXS/AAAAGXNzaDp0aW55X3l1YmlrZXlfcmVzaWRlbnQ= tiny_yubikey_resident" ]; }; diff --git a/systems/x86_64-linux/axol/default.nix b/systems/x86_64-linux/axol/default.nix index 01ff3fc..ef07448 100644 --- a/systems/x86_64-linux/axol/default.nix +++ b/systems/x86_64-linux/axol/default.nix @@ -37,6 +37,7 @@ }; services = { + ssh.enable = true; chat.enable = true; website.enable = true; }; diff --git a/systems/x86_64-linux/baxter/default.nix b/systems/x86_64-linux/baxter/default.nix new file mode 100644 index 0000000..f4f67ea --- /dev/null +++ b/systems/x86_64-linux/baxter/default.nix @@ -0,0 +1,46 @@ +# baxter +# 209.38.149.197 +{ + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/virtualisation/digital-ocean-config.nix") + ]; + + boot.loader.grub.enable = true; + + virtualisation.digitalOcean.rebuildFromUserData = false; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; + + environment.systemPackages = with pkgs; [ + neovim + ]; + + auxolotl = { + nix.enable = true; + + users.infra.enable = true; + + security = { + doas.enable = true; + + acme = { + enable = true; + email = "jake.hamilton@hey.com"; + }; + }; + + services = { + ssh.enable = true; + forge.enable = true; + }; + }; + + system.stateVersion = "23.11"; +}