James/eve-psr-nix0
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Drop GitLab and passwordFiles

Browse Source
This commit is contained in:
James Eversole
2024-01-28 12:30:36 -06:00
parent a2508935af
commit 441e7f2c35
8 changed files with 20 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

98
nix/application/containers.nix
View File

@ -22,28 +22,8 @@
[ config.age.secrets.atuin-env.path ];
};
gitlab = {
image = "gitlab/gitlab-ce:latest";
ports = [ "26616:80" "26617:22" ];
volumes = [
"/home/sezycei/srv/containerdata/gitlab/config:/etc/gitlab"
"/home/sezycei/srv/containerdata/gitlab/log:/var/log/gitlab"
"/home/sezycei/srv/containerdata/gitlab/data:/var/opt/gitlab"
];
environment = {
GITLAB_OMNIBUS_CONFIG = ''
external_url 'https://git.eversole.co'
nginx['listen_port'] = 80
nginx['listen_https'] = false
gitlab_rails['gitlab_shell_ssh_port'] = 26617
'';
};
};
# gitlab-runner = a service definition at the bottom of this file.
jellyfin = {
image = "linuxserver/jellyfin";
image = "linuxserver/jellyfin:10.8.13";
ports = [ "8096:8096" "8920:8920" ];
volumes = [
"/home/sezycei/srv/containerdata/jellyfin/config:/config"
@ -61,23 +41,6 @@
};
};
mealie = {
image = "hkotel/mealie:omni-nightly";
ports = [ "52230:3000" ];
volumes = [
"/home/sezycei/srv/containerdata/mealie/data:/app/data"
"/home/sezycei/srv/containerdata/mealie/hosts:/etc/hosts"
];
environment = {
ALLOW_SIGNUP = "false";
PGID = "1000";
PUID = "1000";
TZ = "America/Chicago";
BASE_URL = "https://food.eversole.co";
};
extraOptions = [ "--network=slirp4netns:enable_ipv6=false" ];
};
murmur = {
image = "goofball222/murmur";
ports = [ "64738:64738" "64738:64738/udp" ];
@ -100,7 +63,7 @@
};
registry = {
image = "registry:2";
image = "registry:2.8.3";
ports = [ "3001:5000" ];
volumes = [
"/home/sezycei/srv/containerdata/registry/registry/data:/var/lib/registry"
@ -110,8 +73,21 @@
environment = { };
};
softserve = {
image = "charmcli/soft-serve:v0.7.3";
ports = [ "23231:23231" "23232:23232"
"23233:23233" "9418:9418" ];
volumes = [ "/home/sezycei/srv/containerdata/soft-serve/data:/soft-serve" ];
environment = {
SOFT_SERVE_NAME = "git.eversole.co";
SOFT_SERVE_HTTP_PUBLIC_URL = "git.eversole.co";
SOFT_SERVE_GIT_MAX_CONNECTIONS = "5";
SOFT_SERVE_INITIAL_ADMIN_KEYS = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCzsewMuoEbC0DwwNK23ZJb/ncpNtUuEgZNI2EdAsc7RnhIOhQBxj237qNMhh2mF/8hkASJZ2e4wrmNkjBM7aaz8mrcDY9rG23JMfnGiP4cU6dBC/NqHOuJypt6X28FI5I+dgw2T40sdIbkWAXOr5u5EAJcO6ROdas4zYSPHwl95s3txoGtQrQtgLHgddWMCr53n5KMwFUmqwM1ovVPZplZGaGG5m6VwBkjA0GZQPVFC+RIg6kIp9vUlsAlzPrlDqhTR32jazvaONNBsyUTuE+CJjitU4xoBs67jIFTcesMiFdThKt2HTq1AhXqiUgIfKaDvHfjzWLT8GihxDLpTBxS8G1qWlvkSja09nB/Pn1Y6XqgczM/y51OloowbvuskDZleFoapSYmJdq+rqSCoJ3JCykNGOcpdSBCucnDgR6CHEUPkJJoR0iCrK0ACEIxWhFuSterh/P8gxcH3e2PdcgxO8SfSBagdizOnDsWOw1SR8w6wVOLRrczMyx3hDXoabs= james@eversole.co";
};
};
transmission = {
image = "haugene/transmission-openvpn";
image = "haugene/transmission-openvpn:5";
ports = [ "9091:9091" ];
volumes = [
"/home/sezycei/srv/scripts/transmission/settings.json:/etc/transmission-daemon/settings.json"
@ -125,46 +101,4 @@
};
};
services.gitlab-runner = {
enable = true;
services = {
nix = with lib; {
registrationConfigFile = toString /run/agenix/gitlab-runner;
dockerImage = "alpine";
dockerVolumes = [
"/nix/store:/nix/store:ro"
"/nix/var/nix/db:/nix/var/nix/db:ro"
"/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
];
preBuildScript = pkgs.writeScript "setup-container" ''
mkdir -p -m 0755 /nix/var/log/nix/drvs
mkdir -p -m 0755 /nix/var/nix/gcroots
mkdir -p -m 0755 /nix/var/nix/profiles
mkdir -p -m 0755 /nix/var/nix/temproots
mkdir -p -m 0755 /nix/var/nix/userpool
mkdir -p -m 1777 /nix/var/nix/gcroots/per-user
mkdir -p -m 1777 /nix/var/nix/profiles/per-user
mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root
mkdir -p -m 0700 "$HOME/.nix-defexpr"
. ${pkgs.nix}/etc/profile.d/nix-daemon.sh
${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixos-23.05 nixpkgs
${pkgs.nix}/bin/nix-channel --update nixpkgs
${pkgs.nix}/bin/nix-env -i ${concatStringsSep " " (with pkgs; [ nix cacert git openssh ])}
# Config
mkdir -p "$HOME/.config/nix"
echo "experimental-features = nix-command flakes" >> "$HOME/.config/nix/nix.conf"
echo "max-jobs = 8" >> "$HOME/.config/nix/nix.conf"
echo "build-cores = 8" >> "$HOME/.config/nix/nix.conf"
'';
environmentVariables = {
ENV = "/etc/profile";
USER = "root";
NIX_REMOTE = "daemon";
PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin";
NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt";
};
};
};
};
}

5
nix/application/nginx.nix
View File

@ -58,10 +58,7 @@
"food.eversole.co" = proxied {
target = "http://127.0.0.1:52230";
};
"git.eversole.co" = base {
"/".proxyPass = "http://127.0.0.1:26616";
"/purr".return = "301 https://git.eversole.co/James/purr";
};
"git.eversole.co" = static { dir = "/var/www/jame.su"; };
"graf.matri.cx" = { root = "/var/www/graf.matri.cx"; }; # refer to /monitoring/nginx.nix
"hydra.matri.cx" = proxied {
target = "http://127.0.0.1:3034";

2
nix/system/age.nix
View File

@ -3,7 +3,6 @@
secrets = {
atuin-env.file = ../../secrets/atuin-env.age;
cache-key.file = ../../secrets/cache-key.age;
cridycei.file = ../../secrets/cridycei.age;
gitlab-runner.file = ../../secrets/gitlab-runner.age;
graf-email = {
file = ../../secrets/graf-email.age;
@ -13,7 +12,6 @@
};
htpasswd-dock.file = ../../secrets/htpasswd-dock.age;
keys.file = ../../secrets/keys.age;
sezycei.file = ../../secrets/sezycei.age;
transmission-env.file = ../../secrets/transmission-env.age;
};
identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];

4
nix/system/network.nix
View File

@ -2,8 +2,8 @@
networking = {
hostName = "eve-psr-nix0";
firewall = {
allowedTCPPorts = [ 22 80 443 7860 ];
allowedUDPPorts = [ 22 80 443 53 1194 ];
allowedTCPPorts = [ 22 80 443 7860 23231 23232 23233 9418 ];
allowedUDPPorts = [ 53 1194 ];
trustedInterfaces = [ "tun0" ];
};
nat = {

5
nix/user/users.nix
View File

@ -1,19 +1,16 @@
{ config, pkgs, ... }: {
programs.bash.promptInit = ''
PS1="\n\[\033[01;32m\]\u $\[\033[00m\]\[\033[01;36m\] \w >\[\033[00m\] "
PS1='\u@\h:\w\n-> '
'';
users.users = {
sezycei = {
isNormalUser = true;
passwordFile = config.age.secrets.sezycei.path;
extraGroups = [ "wheel" "nginx" ];
packages = with pkgs; [ atuin bun byobu purescript stack tmux ];
shell = pkgs.zsh;
};
cridycei = {
isNormalUser = true;
passwordFile = config.age.secrets.cridycei.path;
extraGroups = [ ];
packages = with pkgs; [ ];
};

2
secrets.nix
View File

@ -8,11 +8,9 @@ in
{
"secrets/atuin-env.age" = { publicKeys = all; };
"secrets/cache-key.age" = { publicKeys = all; };
"secrets/cridycei.age" = { publicKeys = all; };
"secrets/gitlab-runner.age" = { publicKeys = all; };
"secrets/graf-email.age" = { publicKeys = all; };
"secrets/htpasswd-dock.age" = { publicKeys = all; };
"secrets/keys.age" = { publicKeys = all; };
"secrets/sezycei.age" = { publicKeys = all; };
"secrets/transmission-env.age" = { publicKeys = all; };
}

9
secrets/cridycei.age
View File

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 dQ70Fw JjlCw/irZPT376ImrCS5zNx5E7H/5S01p3Yht6mDgGg
W3/sDbylZ8M9tfgnAFvsmh0doQJwN57TNw2DFp4M8mo
-> ssh-ed25519 ZIoeGg Ci5IhC62qwp0+Q/3zwQxCFpq/2UNJAIx4W9FAUVtvxE
6DB1HgElb2I2TQ4rY2mLvvu3k0u2wBcp7/68eDrLy9Y
-> nqe>L"N-grease 2i<P
2YwYFogi5KbsXLNFh7Teu3OLAV2PG6RwzvLqUygEuA
--- eCTcAOIJVf8fgiStOgRQMtaEMEN24gmxKQ0N7l4ag20
dv<EFBFBD>*0<><30>Y6<59><36><EFBFBD>)<29>.<2E>Fe<46>6<18>֛<EFBFBD>Z<EFBFBD><5A>=-<2D><>i<EFBFBD><69><EFBFBD>IE<49>{><3E>"Z<>

9
secrets/sezycei.age
View File

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 dQ70Fw 3IuGJg1Bmbdhx4+4WV+EaEpQ0795MDG2QKHnQA02M0Q
qQgBpM1lKO3LCogVfDpN+EoCjYN6xsAezcoEOR/RsXw
-> ssh-ed25519 ZIoeGg vF5+NjxMu0PjaRpTHYEQ8yodaV4JB7kVby8q9e53S3A
fnloGnvaQrBtJ+JTTczxqikpbhG2RrDNTTAyCgnTkLo
-> 46"=M-grease )Ek`P B?bmJPNj B^(u_8 TrBLv
6JtU+tKd6pFfvzg5svdM
--- PiP0DrBQUbngSItXfNh1FJVNFUXKlnVnN7nASKntfFg
.<05><>g<EFBFBD><67>K<><4B><EFBFBD>-<2D>T<EFBFBD><07>k<EFBFBD><6B>&<26><><EFBFBD>>[Q<><51>ì<EFBFBD><C3AC>\<5C><> <20><EFBFBD>k<>