From 441e7f2c355df6ed873270b104554e1e78e7f44d Mon Sep 17 00:00:00 2001 From: James Eversole Date: Sun, 28 Jan 2024 12:30:36 -0600 Subject: [PATCH] Drop GitLab and passwordFiles --- nix/application/containers.nix | 98 ++++++---------------------------- nix/application/nginx.nix | 5 +- nix/system/age.nix | 2 - nix/system/network.nix | 4 +- nix/user/users.nix | 5 +- secrets.nix | 2 - secrets/cridycei.age | 9 ---- secrets/sezycei.age | 9 ---- 8 files changed, 20 insertions(+), 114 deletions(-) delete mode 100644 secrets/cridycei.age delete mode 100644 secrets/sezycei.age diff --git a/nix/application/containers.nix b/nix/application/containers.nix index ac2e721..fa0b702 100644 --- a/nix/application/containers.nix +++ b/nix/application/containers.nix @@ -22,28 +22,8 @@ [ config.age.secrets.atuin-env.path ]; }; - gitlab = { - image = "gitlab/gitlab-ce:latest"; - ports = [ "26616:80" "26617:22" ]; - volumes = [ - "/home/sezycei/srv/containerdata/gitlab/config:/etc/gitlab" - "/home/sezycei/srv/containerdata/gitlab/log:/var/log/gitlab" - "/home/sezycei/srv/containerdata/gitlab/data:/var/opt/gitlab" - ]; - environment = { - GITLAB_OMNIBUS_CONFIG = '' - external_url 'https://git.eversole.co' - nginx['listen_port'] = 80 - nginx['listen_https'] = false - gitlab_rails['gitlab_shell_ssh_port'] = 26617 - ''; - }; - }; - - # gitlab-runner = a service definition at the bottom of this file. - jellyfin = { - image = "linuxserver/jellyfin"; + image = "linuxserver/jellyfin:10.8.13"; ports = [ "8096:8096" "8920:8920" ]; volumes = [ "/home/sezycei/srv/containerdata/jellyfin/config:/config" @@ -61,23 +41,6 @@ }; }; - mealie = { - image = "hkotel/mealie:omni-nightly"; - ports = [ "52230:3000" ]; - volumes = [ - "/home/sezycei/srv/containerdata/mealie/data:/app/data" - "/home/sezycei/srv/containerdata/mealie/hosts:/etc/hosts" - ]; - environment = { - ALLOW_SIGNUP = "false"; - PGID = "1000"; - PUID = "1000"; - TZ = "America/Chicago"; - BASE_URL = "https://food.eversole.co"; - }; - extraOptions = [ "--network=slirp4netns:enable_ipv6=false" ]; - }; - murmur = { image = "goofball222/murmur"; ports = [ "64738:64738" "64738:64738/udp" ]; @@ -100,7 +63,7 @@ }; registry = { - image = "registry:2"; + image = "registry:2.8.3"; ports = [ "3001:5000" ]; volumes = [ "/home/sezycei/srv/containerdata/registry/registry/data:/var/lib/registry" @@ -110,8 +73,21 @@ environment = { }; }; + softserve = { + image = "charmcli/soft-serve:v0.7.3"; + ports = [ "23231:23231" "23232:23232" + "23233:23233" "9418:9418" ]; + volumes = [ "/home/sezycei/srv/containerdata/soft-serve/data:/soft-serve" ]; + environment = { + SOFT_SERVE_NAME = "git.eversole.co"; + SOFT_SERVE_HTTP_PUBLIC_URL = "git.eversole.co"; + SOFT_SERVE_GIT_MAX_CONNECTIONS = "5"; + SOFT_SERVE_INITIAL_ADMIN_KEYS = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCzsewMuoEbC0DwwNK23ZJb/ncpNtUuEgZNI2EdAsc7RnhIOhQBxj237qNMhh2mF/8hkASJZ2e4wrmNkjBM7aaz8mrcDY9rG23JMfnGiP4cU6dBC/NqHOuJypt6X28FI5I+dgw2T40sdIbkWAXOr5u5EAJcO6ROdas4zYSPHwl95s3txoGtQrQtgLHgddWMCr53n5KMwFUmqwM1ovVPZplZGaGG5m6VwBkjA0GZQPVFC+RIg6kIp9vUlsAlzPrlDqhTR32jazvaONNBsyUTuE+CJjitU4xoBs67jIFTcesMiFdThKt2HTq1AhXqiUgIfKaDvHfjzWLT8GihxDLpTBxS8G1qWlvkSja09nB/Pn1Y6XqgczM/y51OloowbvuskDZleFoapSYmJdq+rqSCoJ3JCykNGOcpdSBCucnDgR6CHEUPkJJoR0iCrK0ACEIxWhFuSterh/P8gxcH3e2PdcgxO8SfSBagdizOnDsWOw1SR8w6wVOLRrczMyx3hDXoabs= james@eversole.co"; + }; + }; + transmission = { - image = "haugene/transmission-openvpn"; + image = "haugene/transmission-openvpn:5"; ports = [ "9091:9091" ]; volumes = [ "/home/sezycei/srv/scripts/transmission/settings.json:/etc/transmission-daemon/settings.json" @@ -125,46 +101,4 @@ }; }; - - services.gitlab-runner = { - enable = true; - services = { - nix = with lib; { - registrationConfigFile = toString /run/agenix/gitlab-runner; - dockerImage = "alpine"; - dockerVolumes = [ - "/nix/store:/nix/store:ro" - "/nix/var/nix/db:/nix/var/nix/db:ro" - "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro" - ]; - preBuildScript = pkgs.writeScript "setup-container" '' - mkdir -p -m 0755 /nix/var/log/nix/drvs - mkdir -p -m 0755 /nix/var/nix/gcroots - mkdir -p -m 0755 /nix/var/nix/profiles - mkdir -p -m 0755 /nix/var/nix/temproots - mkdir -p -m 0755 /nix/var/nix/userpool - mkdir -p -m 1777 /nix/var/nix/gcroots/per-user - mkdir -p -m 1777 /nix/var/nix/profiles/per-user - mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root - mkdir -p -m 0700 "$HOME/.nix-defexpr" - . ${pkgs.nix}/etc/profile.d/nix-daemon.sh - ${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixos-23.05 nixpkgs - ${pkgs.nix}/bin/nix-channel --update nixpkgs - ${pkgs.nix}/bin/nix-env -i ${concatStringsSep " " (with pkgs; [ nix cacert git openssh ])} - # Config - mkdir -p "$HOME/.config/nix" - echo "experimental-features = nix-command flakes" >> "$HOME/.config/nix/nix.conf" - echo "max-jobs = 8" >> "$HOME/.config/nix/nix.conf" - echo "build-cores = 8" >> "$HOME/.config/nix/nix.conf" - ''; - environmentVariables = { - ENV = "/etc/profile"; - USER = "root"; - NIX_REMOTE = "daemon"; - PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin"; - NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"; - }; - }; - }; - }; } diff --git a/nix/application/nginx.nix b/nix/application/nginx.nix index e38b50b..9f55619 100644 --- a/nix/application/nginx.nix +++ b/nix/application/nginx.nix @@ -58,10 +58,7 @@ "food.eversole.co" = proxied { target = "http://127.0.0.1:52230"; }; - "git.eversole.co" = base { - "/".proxyPass = "http://127.0.0.1:26616"; - "/purr".return = "301 https://git.eversole.co/James/purr"; - }; + "git.eversole.co" = static { dir = "/var/www/jame.su"; }; "graf.matri.cx" = { root = "/var/www/graf.matri.cx"; }; # refer to /monitoring/nginx.nix "hydra.matri.cx" = proxied { target = "http://127.0.0.1:3034"; diff --git a/nix/system/age.nix b/nix/system/age.nix index 52838d3..73df3af 100644 --- a/nix/system/age.nix +++ b/nix/system/age.nix @@ -3,7 +3,6 @@ secrets = { atuin-env.file = ../../secrets/atuin-env.age; cache-key.file = ../../secrets/cache-key.age; - cridycei.file = ../../secrets/cridycei.age; gitlab-runner.file = ../../secrets/gitlab-runner.age; graf-email = { file = ../../secrets/graf-email.age; @@ -13,7 +12,6 @@ }; htpasswd-dock.file = ../../secrets/htpasswd-dock.age; keys.file = ../../secrets/keys.age; - sezycei.file = ../../secrets/sezycei.age; transmission-env.file = ../../secrets/transmission-env.age; }; identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; diff --git a/nix/system/network.nix b/nix/system/network.nix index 8ed9900..ef9c21f 100644 --- a/nix/system/network.nix +++ b/nix/system/network.nix @@ -2,8 +2,8 @@ networking = { hostName = "eve-psr-nix0"; firewall = { - allowedTCPPorts = [ 22 80 443 7860 ]; - allowedUDPPorts = [ 22 80 443 53 1194 ]; + allowedTCPPorts = [ 22 80 443 7860 23231 23232 23233 9418 ]; + allowedUDPPorts = [ 53 1194 ]; trustedInterfaces = [ "tun0" ]; }; nat = { diff --git a/nix/user/users.nix b/nix/user/users.nix index cfb8949..c4f9736 100644 --- a/nix/user/users.nix +++ b/nix/user/users.nix @@ -1,19 +1,16 @@ { config, pkgs, ... }: { programs.bash.promptInit = '' - PS1="\n\[\033[01;32m\]\u $\[\033[00m\]\[\033[01;36m\] \w >\[\033[00m\] " + PS1='\u@\h:\w\n-> ' ''; users.users = { sezycei = { isNormalUser = true; - passwordFile = config.age.secrets.sezycei.path; extraGroups = [ "wheel" "nginx" ]; packages = with pkgs; [ atuin bun byobu purescript stack tmux ]; - shell = pkgs.zsh; }; cridycei = { isNormalUser = true; - passwordFile = config.age.secrets.cridycei.path; extraGroups = [ ]; packages = with pkgs; [ ]; }; diff --git a/secrets.nix b/secrets.nix index 3a8c490..b834ad1 100644 --- a/secrets.nix +++ b/secrets.nix @@ -8,11 +8,9 @@ in { "secrets/atuin-env.age" = { publicKeys = all; }; "secrets/cache-key.age" = { publicKeys = all; }; - "secrets/cridycei.age" = { publicKeys = all; }; "secrets/gitlab-runner.age" = { publicKeys = all; }; "secrets/graf-email.age" = { publicKeys = all; }; "secrets/htpasswd-dock.age" = { publicKeys = all; }; "secrets/keys.age" = { publicKeys = all; }; - "secrets/sezycei.age" = { publicKeys = all; }; "secrets/transmission-env.age" = { publicKeys = all; }; } diff --git a/secrets/cridycei.age b/secrets/cridycei.age deleted file mode 100644 index eeeada9..0000000 --- a/secrets/cridycei.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 dQ70Fw JjlCw/irZPT376ImrCS5zNx5E7H/5S01p3Yht6mDgGg -W3/sDbylZ8M9tfgnAFvsmh0doQJwN57TNw2DFp4M8mo --> ssh-ed25519 ZIoeGg Ci5IhC62qwp0+Q/3zwQxCFpq/2UNJAIx4W9FAUVtvxE -6DB1HgElb2I2TQ4rY2mLvvu3k0u2wBcp7/68eDrLy9Y --> nqe>L"N-grease 2i

"Z \ No newline at end of file diff --git a/secrets/sezycei.age b/secrets/sezycei.age deleted file mode 100644 index 532c4da..0000000 --- a/secrets/sezycei.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 dQ70Fw 3IuGJg1Bmbdhx4+4WV+EaEpQ0795MDG2QKHnQA02M0Q -qQgBpM1lKO3LCogVfDpN+EoCjYN6xsAezcoEOR/RsXw --> ssh-ed25519 ZIoeGg vF5+NjxMu0PjaRpTHYEQ8yodaV4JB7kVby8q9e53S3A -fnloGnvaQrBtJ+JTTczxqikpbhG2RrDNTTAyCgnTkLo --> 46"=M-grease )Ek`P B?bmJPNj B^(u_8 TrBLv -6JtU+tKd6pFfvzg5svdM ---- PiP0DrBQUbngSItXfNh1FJVNFUXKlnVnN7nASKntfFg -.gK-Tk&>[Qì\ k \ No newline at end of file