diff --git a/hosts/kazuki/default.nix b/hosts/kazuki/default.nix index 64ba24e..c4faafd 100644 --- a/hosts/kazuki/default.nix +++ b/hosts/kazuki/default.nix @@ -18,6 +18,7 @@ ./attic.nix ./ntfy.nix ./zitadel.nix + ./forgejo.nix ]; nixpkgs.hostPlatform = "aarch64-linux"; diff --git a/hosts/kazuki/forgejo.nix b/hosts/kazuki/forgejo.nix new file mode 100644 index 0000000..9f200e2 --- /dev/null +++ b/hosts/kazuki/forgejo.nix @@ -0,0 +1,62 @@ +{ config, ... }: +{ + age.secrets.rab-lol-cf = { + file = ../../secrets/rab-lol-cf.age; + owner = config.services.nginx.user; + }; + + services.forgejo = { + enable = true; + settings = { + server = { + DOMAIN = "git.rab.lol"; + ROOT_URL = "https://git.rab.lol/"; + }; + oauth2_client = { + REGISTER_EMAIL_CONFIRM = false; + ENABLE_AUTO_REGISTRATION = true; + ACCOUNT_LINKING = "auto"; + UPDATE_AVATAR = true; + }; + service = { + DISABLE_REGISTRATION = false; + ALLOW_ONLY_INTERNAL_REGISTRATION = false; + ALLOW_ONLY_EXTERNAL_REGISTRATION = true; + }; + federation.ENABLED = true; + }; + repositoryRoot = "/storage-box/forgejo/repos"; + lfs = { + enable = true; + contentDir = "/storage-box/forgejo/lfs"; + }; + }; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedTlsSettings = true; + virtualHosts."git.rab.lol" = { + forceSSL = true; + enableACME = true; + acmeRoot = null; + locations."/" = { + proxyPass = "http://127.0.0.1:3000"; + extraConfig = '' + proxy_set_header Connection $http_connection; + proxy_set_header Upgrade $http_upgrade; + ''; + }; + }; + }; + + users.users.nginx.extraGroups = [ "acme" ]; + security.acme.acceptTerms = true; + security.acme.certs."git.rab.lol" = { + dnsProvider = "cloudflare"; + credentialsFile = config.age.secrets.rab-lol-cf.path; + email = "nikodem@rabulinski.com"; + }; +} diff --git a/secrets/alert-nrab-lol-pass.age b/secrets/alert-nrab-lol-pass.age index 0734ba7..4e34281 100644 Binary files a/secrets/alert-nrab-lol-pass.age and b/secrets/alert-nrab-lol-pass.age differ diff --git a/secrets/alert-plain-pass.age b/secrets/alert-plain-pass.age index 3d0d103..0204c32 100644 Binary files a/secrets/alert-plain-pass.age and b/secrets/alert-plain-pass.age differ diff --git a/secrets/attic-creds.age b/secrets/attic-creds.age index 0c7e18a..557c86a 100644 --- a/secrets/attic-creds.age +++ b/secrets/attic-creds.age @@ -1,8 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw 2qksYjzfcPZzHnREXVW29MhWvazYIMiVRWVfPgqNuRg -9dz5OzreQRec3sRJRtdz43LXHNTtDewu4fWOEZ3GXUE --> ssh-ed25519 GKhvwg iS687XOI4dbrHhG5l6VPpq9iZaTJH4xF2EpLVXxyvjU -Tmdotb9hjGsuiH5aLIC8Pot4jZ6hGuy/muECh5BRn/Y ---- 9fZK/ccW2l2pYo8b8SWdMcuXodrRNRg8GHZ563XvCy0 -i 7sUq'';pԮsG9jErsrjs~hUiuPݿVpIɚɹR ssh-ed25519 84j9mw 0DJjRtW0WqGWZ8NWVQYGKgGxXeMdddizs/WUWfSx5Uw +VLFkBGSOjhQB5riMjsQ2U6WqsATZgQQ80TVrE6qOXv8 +-> ssh-ed25519 GKhvwg HGe3GocuRC1rVdQv+zpxf2Yky0ISJsKC8YOuLGdX+i8 +lT4rVeBD2zhTm3KWDmH46NscXHCiN6vKf6t4B6LXUPI +--- 3G4VY3jPnN3o6jfv1GsQx3v2xW1QYeVwVmEA6VDo1ro +Sĕ2Өnj2BV +dQ/X>[u#A3hv7&Yg{)j;Rݎmt22l5v'c+p\6VJF ?!K L ݀6kDTjX%1h'0ri[ \ No newline at end of file diff --git a/secrets/github-token.age b/secrets/github-token.age index d0473f3..25e333e 100644 --- a/secrets/github-token.age +++ b/secrets/github-token.age @@ -1,13 +1,13 @@ age-encryption.org/v1 --> ssh-ed25519 IFuY+w KxBuZIqLX9AD6ZbmBBSby4tAcmPI5hYTTEK4R719lwU -HIBcTY6arP79lGSA/darvIeOtDGxo1qtO4dodYtAVpQ --> ssh-ed25519 84j9mw koQjhSrpJLoMMrnrqDZtWbbla3DEbkMzrLqT9dWXP04 -Bk/O9e64nPuLit4rTpaMYcaYL0DSN2MdkGl03r8Oor4 --> ssh-ed25519 ioPMHA Onl/uaahcw61i9P0L3iFDbpspirzSA4L+m14WYUzFwY -A1zhIe3x+J8UpZWoF6VJvlyuuquu0O16r5qMvPJV9x4 --> ssh-ed25519 5A7peQ PJ2ODZjmY8RRrg036L4nvTEWPJgN6WMh6Dg4fvRUynA -K4Rr55KyjH/hJ+Mb82nMwVRzrgfbZSMO9Imt0zbrmSg --> ssh-ed25519 GKhvwg aA7+TesIIfUcNUFaLlftkX7Tz68Hm8OgMD0tUqhZUBg -+fLyX0krrMC5FpzwfzTsywgFTK5uRe4KFMdL5fDZUkI ---- TPzhwBPekXX1mmDbTOkWW9nB6ck7dymeIjkFHaq43V8 -Xz-8MȨm`p(O/j3$@8 "ȳBX(khlj8HEPb \ No newline at end of file +-> ssh-ed25519 IFuY+w nyBEszEusqQE6jM7y9G4KCyzNHawdyy+hTfm9LsuRCY +1bbg4kmmv9m2Gwp+3x8zvqFOkmTKt898/sGCUK9rpGE +-> ssh-ed25519 84j9mw 5s2PNoIOMWf2gBwzmRHmssMOuvu2kv43316E20McKh8 +FyA+VjPgPynvMQfxm3d2+SOEpsJFIKJE8pbXeIkOfGI +-> ssh-ed25519 ioPMHA 4N9PsYYaeqJDbxpQpyCgvR/JWwLPDCAi65YB6M0uT0U +mFCqo1htPi2WRKiJz/t8Y7TMD/p7X81HsHGG0KIsROQ +-> ssh-ed25519 5A7peQ ZjRTqjDou2xS638dR8AWKCv5uKTSmOSJ/4rkfFckhjY +yUJABvMDLN0C15XBmnZJZ88khXAXLUP+aEqH5DlJcKY +-> ssh-ed25519 GKhvwg w1OKhVPY89J/pbrrXIHVifV++5e1tLqlSL9yM/2rqX0 +VF0cvmdtCZAlPgIqcNZYp7ANPhvDqlFE7h018lCbWyg +--- YWa0wXlaYVF+g06+w/u/h+NURlfMY8lauf5ZtrrhrF4 +3ͅP׆?4)mf.²`aFCj"Jwd鱇Bƌ+{dK \ No newline at end of file diff --git a/secrets/hercules-cache.age b/secrets/hercules-cache.age index c8f545e..615b2c2 100644 Binary files a/secrets/hercules-cache.age and b/secrets/hercules-cache.age differ diff --git a/secrets/hercules-secrets.age b/secrets/hercules-secrets.age index 8c204e4..f63b958 100644 Binary files a/secrets/hercules-secrets.age and b/secrets/hercules-secrets.age differ diff --git a/secrets/hercules-token.age b/secrets/hercules-token.age index c11597d..66500a1 100644 Binary files a/secrets/hercules-token.age and b/secrets/hercules-token.age differ diff --git a/secrets/leet-nrab-lol-pass.age b/secrets/leet-nrab-lol-pass.age index 1131874..28c300e 100644 --- a/secrets/leet-nrab-lol-pass.age +++ b/secrets/leet-nrab-lol-pass.age @@ -1,7 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw /4EXihTNwoJjJHmCldhT+67ZMuTLNLmf5oDGQ8ZDxV4 -VDRX6MRCs8Xp01yA3/9AzaN96uM0HI24w8Fpd5TGwJw --> ssh-ed25519 GKhvwg R0So7TPGmZ6e4syoLb8l1vgW+/FWUIufIsbpmRDnxjk -UKvX1UMpHicSEMmFMOBkKQ1lo15DgRfIxCo2azTX6Ac ---- L8BkLO3WSy/aKJ9x4uvp5uJDEmXm4hCNutQ8B8Jiio0 -ĉ%rgD/߉ghTӻ% o nJ$W0i|{!bpTe*K Xu iX:~O\X#(Q)R@s A \ No newline at end of file +-> ssh-ed25519 84j9mw ZuGILSHnMIMy/GDEjkAriTBKBykkytcIVo63DPd4MhA +aa/sGLpf+GrLzo8Jf3JWAPI0Uk96SH/CvGhynNJVx6E +-> ssh-ed25519 GKhvwg STHVqp1zYhQzu73INk2Cmkuf8X8kJPLtGSY8LJze/Tc +Ny1C5CAnqSCcunIbM8if8oQ2VlerIIW5Dqds/Ztektw +--- gaHP+odPfw8A4f5NJkYOuvvYRWwo5EzRZVkXp6E7dfI +NfO=+T3T 0w ssh-ed25519 ioPMHA wC40k2E26e/5foBXXf43FFKYGSlnoQyFzjJtQRshJw0 -F7LlDuPFfyKjKTT9orFBBUqcmON7DSFrsqHC24x/7jc --> ssh-ed25519 GKhvwg LvajdH8hQ9LQ09qgzIjxYyQfoyJJr649Ks41rmFNWEA -8kLSIbryosex94KkLqJILIUWplrf5vtf59QjJdprOTY ---- 0XLL9dP31jyO/WdtwUu+C38NqCVcOjkdHKhB82rPUiQ -}5y(i~B+0q:!-V1΋"ӧF>l UB¼7"e˝o%p+Cާ:,,WT3 \ No newline at end of file +-> ssh-ed25519 ioPMHA K64Chk5/f0PpwHg5IzsUNYr5lQxpjIIQTe6ls9lnmBo +J37Cz80gmkT7GX3Yvbwl5Q708wpj9oixjMCmyWb3MDQ +-> ssh-ed25519 GKhvwg r46Ti9DfXxyEnXRtLonwA4JnNeQVLKDIMcXYCUe7j2U +VWacAQw/pc2uaLZy7/I078hbwmuD/Hut8XH7XAHW9bQ +--- bGfqo9trmubXG+4Y3SWmqh8BSyuHpw3+udGllY740S8 +d _-z3( 1a +T@c!ԁ|=nguuK ƷrDrW- f-+DKC`R:5mHȲrd.Ct"J \ No newline at end of file diff --git a/secrets/miyagi-niko-pass.age b/secrets/miyagi-niko-pass.age index 43c8e19..17e59da 100644 --- a/secrets/miyagi-niko-pass.age +++ b/secrets/miyagi-niko-pass.age @@ -1,7 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 g2vRWw 3mHAcu63Cw+hKbRkAQMlddIg071e+ggdU7lGWF3Lmmw -K3NBGhpyON3JLa8kb46dJD6mY+4ZHYDO5v78uYUY96s --> ssh-ed25519 GKhvwg hm8EAsFbWe1OykH/uovSvmPJdVIQd91rcWvgjfIEPwg -Wn1ywatZ7KCfxOhvoLXUGAA15nAobR6Qs+5xuOb51rM ---- NS6E6N7YAmP+kTht3ZiqVEuyNsJzIumut4sppS7L6dQ -a93jm;0pl;¨ncCJHH ʴÄ/M0,kJoZ!?:^D72Z5ao'4T09‹ \ No newline at end of file +-> ssh-ed25519 g2vRWw //TMaNWwTNS5wE3Hg/SEwqriIaOiOUE5remdVF449Vk +8K3isM05ep9HJ58TlNE9bmiIuqJPoq3lI/3AbUrLw8Q +-> ssh-ed25519 GKhvwg GANoFnELye0945KaMuS7xw6CGPhI5vigD+vScnpbQxI +CSx0E7fOB8A5MSc1ySywNFj5mkkdi6DDUc+ObaW/kew +--- +BiFZI/o5loCYZ95bkY4zQYr2y6SYc2bmnRuAMg2MPM +"D1Mh`dclU;]Puռ /?5\\D1l6øzNS +N;<+^Bpm՚y sZ;Vj \ No newline at end of file diff --git a/secrets/nrab-lol-cf.age b/secrets/nrab-lol-cf.age index 42c2b5b..d1672d7 100644 Binary files a/secrets/nrab-lol-cf.age and b/secrets/nrab-lol-cf.age differ diff --git a/secrets/ntfy-alert-pass.age b/secrets/ntfy-alert-pass.age index 6d157ff..7819217 100644 --- a/secrets/ntfy-alert-pass.age +++ b/secrets/ntfy-alert-pass.age @@ -1,17 +1,17 @@ age-encryption.org/v1 --> ssh-ed25519 H0Rg/A 5qbQNdu7cPFz8Ckk/rkmOUEjGxvQ/xLJjJanW3yW7EY -wffzBgQfjnV4T9EoSPUXpBBjax0kn9EYvuxJ8MjsQ+A --> ssh-ed25519 84j9mw hNlKz0lO4IRdU9QbZVUnFbfYyVxi4pNN/rF/iZMj33o -naM1DVoftYQiqb6aiCKOHW9neR2WvRLACA64C5gMOus --> ssh-ed25519 5A7peQ D3PbqVToxRnoMB8PLKWXR1i+Wj+lBfAOZWIJbZhXMVM -dvIRFfytQB3HYT3l/XIYQGgKlTsCLiqGu7a8TntgLwE --> ssh-ed25519 ioPMHA 8tnQt8aDlpi4EY3KXkSWU9hwiG87QEjbf5WSxtdXqWU -ZL0RnU9K7rlRvBf62up+PWIA4lyp7uXmghJiIoaSDUQ --> ssh-ed25519 g2vRWw dq2T5cV7ChXrOjzHV2oNEvBf8X83prauzODhWz4nVz8 -qVmcA4cx/0NQ5DCpRaDt+OzjGWmmKX+Tjt5eayO5+3k --> ssh-ed25519 IFuY+w +S7iVY0JQsmL2JdZY7AcypCkL8CcHDZZqPPFdsaznCs -3vMjLGHEtpIrYOEZU4P8doxgYK+SIwnlVlpiWoodjxE --> ssh-ed25519 GKhvwg 7NXLTP8qYxF3C2QAlmAQ8XeVknJ7z6LBd2r/N0SxMHo -GAICwB3Q+qYoGN9GYPp0qaTx+QdQxLC50T+lIMiPPfg ---- y/GvxOXuOevIogx9o+ZwmiicfOF8NMmydrKUB5GSjTg -aE|:H8f!j6HSlaPMd_]w> ,H%AEJdQ \ No newline at end of file +-> ssh-ed25519 H0Rg/A 0fS4hFGApCXEVxeS2vjMjh0AK2yp6I7kj3jNR4PoJGY ++3vGwadl7JfgYAqoNRD2Qi1Y9fMb8JpPKEQdikvsVgI +-> ssh-ed25519 84j9mw 1aHwFWtpDG2DQHdwVwpEgJK5qGwo0ln0Z3ZJywUXYV4 +sKcMQdZBVp4oeX3tEmlWIqZt5xUIuMVQp0uLYc97QVA +-> ssh-ed25519 5A7peQ Zt+U88BWZhKgbSyG6dAuYU88NfQF8kw1T+lw/8Al/xg +LJRq04OR460RfUgKYwDm81a9AcXZWSuWrZkihVvo8MM +-> ssh-ed25519 ioPMHA IAnt9wu0vk3q0TiebE7Ojf+KI4nrwe+i8zdwgejn52E +77SJKJIjJ8sr4hdmWAPxRh42JZQo5CImhqclNi2p8Ak +-> ssh-ed25519 g2vRWw e4vo2n6AnW2fcT6mul0ytIpfGTcR+tqCWwGVllScwhI +P1LkRmJY98/UZwiJi+SdsIkckqg9dX1aGXQkhSpxJGg +-> ssh-ed25519 IFuY+w mITC+Jg5WMc9Ufy6Fkba8mao71/kP0meW/RjSPER/3I +Lly7RvQ4Bb0ZAvfXhWNgLLAmt2ABMrx8hdWx8mWXPzw +-> ssh-ed25519 GKhvwg /+C8xTcFTG8LmKOzs05wQsCtxyAM7pCbX+FevBJ1bGM +ZdAtZtQldGtvdmHbysyd0saoiYGoUj1o9F77jbG7YnE +--- G1O9di6cDML/82E7WkdBSRcTrmEbDWG3u6jP9H5OpBQ ++O0.-w] bmytU"@+y6boF8őpŰ9d \ No newline at end of file diff --git a/secrets/ntfy-niko-pass.age b/secrets/ntfy-niko-pass.age index 0dda63e..cca1985 100644 --- a/secrets/ntfy-niko-pass.age +++ b/secrets/ntfy-niko-pass.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw NPno3Ox+binqR7DxgPLHoPxfp7aScR4bEyR4Sck6VEo -jnQrnf7CrWL5nhj/GFEV5mXP8SFQV2EkL9NCV5mhgxU --> ssh-ed25519 GKhvwg v8SFsdzsloII81FQZ89krfNaWEKtfJAK0VuYXHSzfR0 -j3sOP5IzAINcai+kGjkCX93bkmM7FWSxj8TseWirOrI ---- WsXIVgFQVz5CmYA7d28aanO6iaHb1DP/bcwwmNrdGQw -#HD9 \ No newline at end of file +-> ssh-ed25519 84j9mw tR4gg/XeVdS8xCIuHxN25uaRKu6a09DSW26SI3AWDlM +uC2gJ9UWDE6uVXkUDlaVZlWAH5iLDgagkN+54msvyoY +-> ssh-ed25519 GKhvwg q27QskTYhI5gjIKKpNHn5V2FRmhIg8QFJ8m0TPZiwSY +/0RIbiG/nwxKDJ613BLoCNvjej6f65mr1xwCN7/aueI +--- XU82wFZVE+zTZ/mGhnoxqWrdUOv3n6VOwQizZSHPLfw +"1KĽ. J'!nlO]>Y EX \ No newline at end of file diff --git a/secrets/rab-lol-cf.age b/secrets/rab-lol-cf.age index 16f3ff6..00a6556 100644 --- a/secrets/rab-lol-cf.age +++ b/secrets/rab-lol-cf.age @@ -1,7 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 ioPMHA OalLSgF0zP+HWMvce3JMzuPzkMfKB6mfObp9DCMBE1M -YaQXa2PGhrpSPgbHODvN80m6ovnaz+ZezS3OsW1YYcc --> ssh-ed25519 GKhvwg uUOhm+rQ/BL8uX85R+thBcRWNupUrMj/wYZ/rzhjugU -XAm8FqJ4G4sUwibp8vC/cyZIrsrk2GNp7rVIfM/phBI ---- bvhcnA92V3feL8yv3Nx5aBKZi64Eg47zT2MS9I1hL0c -;ᠥְ $Q^G5@L9|k?F?B0sʥ^,U[9&yhO0."~PPA \ No newline at end of file +-> ssh-ed25519 ioPMHA efHpBvtB+mXXa7RoRdqePHGOmsY5BXVOgGsfOhPm30w +2GvumVVuuLGEarpdauTCrB61aLtVtrkM3/pPlWIODnk +-> ssh-ed25519 84j9mw rqj6xvESlvrfcjhVEWCbpd//vvdKjrTjt3ZDPeLHowQ +dcUD131zvVQGiUYQWt9A51CnIpLGNSGinSZk7HSGHoc +-> ssh-ed25519 GKhvwg cIji8zRSGWEbC/xxS8C4jyDCpQsFv05j2Yo8UjaHSAk ++c/tIYPigZdPQWKvGYaoA6AYRAB83XlEEdfucihB984 +--- TEQTQ/lm/JqyyWU2sC10qHl4AL/2IP9yCUfhXG4LdP4 +ȮS F-dc‹D\?h Qg@W +xA|M*rt0ű~ѰXa{y/WUѸY렬{װ}TAxD \ No newline at end of file diff --git a/secrets/rabulinski-com-cf.age b/secrets/rabulinski-com-cf.age index a68d276..2a15532 100644 Binary files a/secrets/rabulinski-com-cf.age and b/secrets/rabulinski-com-cf.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index f568cce..a0a3609 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -74,6 +74,7 @@ in ]; "rab-lol-cf.age".publicKeys = [ keys.system.legion + keys.system.kazuki keys.other.bootstrap ]; "rabulinski-com-cf.age".publicKeys = [ diff --git a/secrets/storage-box-creds.age b/secrets/storage-box-creds.age index dd97048..02e128e 100644 --- a/secrets/storage-box-creds.age +++ b/secrets/storage-box-creds.age @@ -1,7 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw Hnei3vVAC9dL9O1H9GIVL0WqR8/rinZ04AM8vwacgwg -vPzKjQDCPKdwEHvdDibg6i/LeDjFwXBnINkzwlh0hBk --> ssh-ed25519 GKhvwg PAvDfn/sTrH8lhbHZ/l9hmyjNXIPSdN7MCOYkD1ZC1g -Bh+PCt3X89RJZMS6XCQRFCC9dW4BWlWPbZgdzVniW9E ---- Ad8wu6O3CZUDHmsxhaFiVcpTLHtMmSVENddCD2Ns4r0 -MgD_&t]V"RiK)·?ev) z֤9DN<*1Gl \ No newline at end of file +-> ssh-ed25519 84j9mw voingQjX/CjAjo63KLaRPFaG74IpxcRb0qv+r2b5wzo +ccWzQQSJW7cc8RiS9PzN2U5Xj0+Z7804tPsaGrq09KA +-> ssh-ed25519 GKhvwg 2z8J0YRxQ4WP1G/W7DxRK7z1b6UBjodvN8ECP4fLg1U +wRG4U9oAJ2KtPUHg5l0yDmmHatmwXOrn2nJlOQJMlpE +--- qs7kR5AIkwQ8NtDjYnmKZmCl4+1G6MFBNB3Mu3J9Y1M + +8[WѕS]&ZaؼuEB!pϴ4pYݱ" +QYqSƬ` \ No newline at end of file diff --git a/secrets/storage-box-webdav.age b/secrets/storage-box-webdav.age index 35de89f..8a7f3b8 100644 Binary files a/secrets/storage-box-webdav.age and b/secrets/storage-box-webdav.age differ diff --git a/secrets/zitadel-master.age b/secrets/zitadel-master.age index c10ed7e..68a374a 100644 Binary files a/secrets/zitadel-master.age and b/secrets/zitadel-master.age differ