Compare commits

..

3 commits

Author SHA1 Message Date
Leonardo Eugênio 68a7125822 phantom: add script to update, fmt 2024-04-06 20:44:20 -03:00
Leonardo Eugênio d0dd646246 mastodon: clean up media more often 2024-04-06 20:38:46 -03:00
Leonardo Eugênio 5edca9c2c6 phandom: add forgejo server 2024-04-06 20:38:35 -03:00
10 changed files with 49 additions and 15 deletions

View file

@ -1,6 +0,0 @@
on: [push]
jobs:
test:
runs-on: ubuntu-latest
steps:
- run: echo All Good!

View file

@ -866,11 +866,11 @@
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1712310679, "lastModified": 1710695816,
"narHash": "sha256-XgC/a/giEeNkhme/AV1ToipoZ/IVm1MV2ntiK4Tm+pw=", "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "72da83d9515b43550436891f538ff41d68eecc7f", "rev": "614b4613980a522ba49f0d194531beddbb7220d3",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -9,13 +9,21 @@
mailserver = { mailserver = {
enable = true; enable = true;
fqdn = "mail.lelgenio.xyz"; fqdn = "mail.lelgenio.xyz";
domains = [ "lelgenio.xyz" ]; domains = [
"lelgenio.xyz"
"git.lelgenio.xyz"
];
certificateScheme = "acme-nginx"; certificateScheme = "acme-nginx";
# Create passwords with
# nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
loginAccounts = { loginAccounts = {
"lelgenio@lelgenio.xyz" = { "lelgenio@lelgenio.xyz" = {
hashedPassword = "$2y$05$z5s7QCXcs5uTFsfyYpwNJeWzb3RmzgWxNgcPCr0zjSytkLFF/qZmS"; hashedPassword = "$2y$05$z5s7QCXcs5uTFsfyYpwNJeWzb3RmzgWxNgcPCr0zjSytkLFF/qZmS";
aliases = [ "postmaster@lelgenio.xyz" ]; aliases = [ "postmaster@lelgenio.xyz" ];
}; };
"noreply@git.lelgenio.xyz" = {
hashedPassword = "$2b$05$TmR1R7ZwXfec7yrOfeBL7u3ZtyXf0up5dEO6uMWSvb/O7LPEm.j0.";
};
}; };
}; };

View file

@ -29,12 +29,28 @@ in
lfs.enable = true; lfs.enable = true;
settings = { settings = {
service.DISABLE_REGISTRATION = true; service.DISABLE_REGISTRATION = true;
actions = {
ENABLED = true;
DEFAULT_ACTIONS_URL = "github";
};
server = { server = {
DOMAIN = "git.lelgenio.xyz"; DOMAIN = "git.lelgenio.xyz";
HTTP_PORT = 3000; HTTP_PORT = 3000;
ROOT_URL = "${srv.PROTOCOL}://${srv.DOMAIN}/"; ROOT_URL = "https://${srv.DOMAIN}/";
SSH_PORT = 9022; };
mailer = {
ENABLED = true;
SMTP_ADDR = "mail.lelgenio.xyz";
FROM = "noreply@git.lelgenio.xyz";
USER = "noreply@git.lelgenio.xyz";
}; };
}; };
mailerPasswordFile = config.age.secrets.phantom-forgejo-mailer-password.path;
};
age.secrets.phantom-forgejo-mailer-password = {
file = ../../secrets/phantom-forgejo-mailer-password.age;
mode = "400";
owner = "forgejo";
}; };
} }

View file

@ -2,7 +2,7 @@
security.rtkit.enable = true; security.rtkit.enable = true;
services.openssh = { services.openssh = {
enable = true; enable = true;
ports = [ 9022 ]; ports = [ 9022 22 ];
settings = { settings = {
PasswordAuthentication = false; PasswordAuthentication = false;
KbdInteractiveAuthentication = false; KbdInteractiveAuthentication = false;

View file

@ -13,7 +13,8 @@ let
"1.1.1.1" "1.1.1.1"
"2606:4700:4700::1111" "2606:4700:4700::1111"
]; ];
in { in
{
networking.nameservers = mkDefault nameservers; networking.nameservers = mkDefault nameservers;
services.resolved = mkDefault { fallbackDns = nameservers; }; services.resolved = mkDefault { fallbackDns = nameservers; };
networking.dhcpcd.extraConfig = "noipv4ll"; networking.dhcpcd.extraConfig = "noipv4ll";
@ -21,7 +22,7 @@ in {
systemd.services.systemd-sysctl.enable = false; systemd.services.systemd-sysctl.enable = false;
systemd.services.systemd-oomd.enable = false; systemd.services.systemd-oomd.enable = false;
systemd.sockets."systemd-journald-audit".enable = false; systemd.sockets."systemd-journald-audit".enable = false;
systemd.mounts = [ {where = "/sys/kernel/debug"; enable = false;} ]; systemd.mounts = [{ where = "/sys/kernel/debug"; enable = false; }];
systemd.services.rpc-gssd.enable = false; systemd.services.rpc-gssd.enable = false;
# Due to our restrictions in /sys, the default systemd-udev-trigger fails # Due to our restrictions in /sys, the default systemd-udev-trigger fails

Binary file not shown.

View file

@ -10,4 +10,5 @@ in
"phantom-nextcloud.age".publicKeys = [ main_ssh_public_key ]; "phantom-nextcloud.age".publicKeys = [ main_ssh_public_key ];
"phantom-writefreely.age".publicKeys = [ main_ssh_public_key ]; "phantom-writefreely.age".publicKeys = [ main_ssh_public_key ];
"phantom-renawiki.age".publicKeys = [ main_ssh_public_key ]; "phantom-renawiki.age".publicKeys = [ main_ssh_public_key ];
"phantom-forgejo-mailer-password.age".publicKeys = [ main_ssh_public_key ];
} }

12
switch-phantom Executable file
View file

@ -0,0 +1,12 @@
#!/bin/sh
nix fmt
git diff
nixos-rebuild switch --flake .#phantom \
--update-input nixpkgs \
--no-write-lock-file \
--build-host phantom \
--target-host phantom \
"$@"

View file

@ -10,5 +10,7 @@
../secrets/rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age; ../secrets/rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age;
secrets.monolith-nix-serve-privkey.file = secrets.monolith-nix-serve-privkey.file =
../secrets/monolith-nix-serve-privkey.age; ../secrets/monolith-nix-serve-privkey.age;
secrets.phantom-forgejo-mailer-password.file =
../secrets/phantom-forgejo-mailer-password.age;
}; };
} }