From 3aa35706171f16c1c3119cbb824eeb9d15eed650 Mon Sep 17 00:00:00 2001 From: Lander Van den Bulcke Date: Fri, 19 Sep 2025 17:39:54 +0200 Subject: [PATCH 1/2] feat: set landing page and theme Signed-off-by: Lander Van den Bulcke --- hosts/hosting-01/git/forgejo.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/hosting-01/git/forgejo.nix b/hosts/hosting-01/git/forgejo.nix index 6b0ae75..8a36d44 100644 --- a/hosts/hosting-01/git/forgejo.nix +++ b/hosts/hosting-01/git/forgejo.nix @@ -20,8 +20,11 @@ in DOMAIN = "git.escapeangle.com"; ROOT_URL = "https://${srv.DOMAIN}"; HTTP_PORT = 3000; + LANDING_PAGE = "explore"; }; + ui.DEFAULT_THEME = "gitea-auto"; + service = { DISABLE_REGISTRATION = false; ALLOW_ONLY_EXTERNAL_REGISTRATION = true; From 89857b997812027a7a82770719b5e41cba11d716 Mon Sep 17 00:00:00 2001 From: Lander Van den Bulcke Date: Fri, 19 Sep 2025 17:49:16 +0200 Subject: [PATCH 2/2] refactor: use mkHetznerMachine for db-01 Signed-off-by: Lander Van den Bulcke --- .sops.yaml | 6 +++ flake.nix | 8 +-- hosts/db-01/disk-config.nix | 52 ------------------- hosts/db-01/secrets.yaml | 30 ----------- .../{db-01/default.nix => servers/db-01.nix} | 16 +----- hosts/servers/db-01.yaml | 30 +++++++++++ 6 files changed, 39 insertions(+), 103 deletions(-) delete mode 100644 hosts/db-01/disk-config.nix delete mode 100644 hosts/db-01/secrets.yaml rename hosts/{db-01/default.nix => servers/db-01.nix} (85%) create mode 100644 hosts/servers/db-01.yaml diff --git a/.sops.yaml b/.sops.yaml index 52a0571..81d000a 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -37,6 +37,12 @@ creation_rules: - *db-01 pgp: - *lander + - path_regex: hosts/servers/db-01.yaml + key_groups: + - age: + - *db-01 + pgp: + - *lander - path_regex: hosts/hosting-01/secrets.yam?l$ key_groups: - age: diff --git a/flake.nix b/flake.nix index 04bf55b..53aaa0f 100644 --- a/flake.nix +++ b/flake.nix @@ -126,12 +126,8 @@ }; # servers - db-01 = nixpkgs.lib.nixosSystem { - system = "aarch64-linux"; - specialArgs = { inherit inputs outputs; }; - modules = [ - ./hosts/db-01 - ]; + db-01 = hetzner.mkHetznerMachine "db-01" { + ipv6Address = "2a01:4f8:c012:15d4::/64"; }; hosting-01 = nixpkgs.lib.nixosSystem { system = "aarch64-linux"; diff --git a/hosts/db-01/disk-config.nix b/hosts/db-01/disk-config.nix deleted file mode 100644 index aa2e1fa..0000000 --- a/hosts/db-01/disk-config.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ - lib, - disks ? [ "/dev/sda" ], - ... -}: -{ - disko.devices = { - disk = lib.genAttrs disks (disk: { - device = disk; - type = "disk"; - content = { - type = "gpt"; - partitions = { - boot = { - name = "boot"; - size = "256M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; - main = { - size = "100%"; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; # override existing partition - subvolumes = { - "/" = { - mountOptions = [ "compress=zstd" ]; - mountpoint = "/"; - }; - "/home" = { - mountOptions = [ "compress=zstd" ]; - mountpoint = "/home"; - }; - "/nix" = { - mountOptions = [ - "compress=zstd" - "noatime" - ]; - mountpoint = "/nix"; - }; - }; - }; - }; - }; - }; - }); - }; -} diff --git a/hosts/db-01/secrets.yaml b/hosts/db-01/secrets.yaml deleted file mode 100644 index e37a434..0000000 --- a/hosts/db-01/secrets.yaml +++ /dev/null @@ -1,30 +0,0 @@ -restic-environment: ENC[AES256_GCM,data:c8Ksx+QSpiIDhTlCfjT8q6eXcvUxcZleDbux0qO/3WIXCa6BH+CjpT/0vScUZofZS0GTMfwfp2KOdqjgmYrWMaUS2nDbG5/PCMZNwp45KwC5qIQ2NH5RT6L9Eli+QNsDmEcQKptX,iv:s0pKkKtI544isCTVPKOO2vM0yJV8DlelIEHGL4t50+w=,tag:ekPvAIALsu8HuEBky8gUug==,type:str] -restic-password: ENC[AES256_GCM,data:u1xmMLCTwTcTwNysIr1RpuAL+kL4zKd6ZA==,iv:VUw/nKj+7WDidPqVMshtlo3Fs0yo1/QmGWR+Zbil0s0=,tag:kmJYIl+WDwElvSvMbQ1xmg==,type:str] -restic-repository: ENC[AES256_GCM,data:KQzrOhXuJ2vn7y3fyAqLbPgHqaCfnOlguUlhuFry11Ap3rKgyIy+QHa4z/akeigJsg==,iv:VFpi3GXU/jXlIBMCXDzZ7Jrc05/42Ur1K7lJXOAJJ1w=,tag:d4P0cOwFvoHa21UGakT1mQ==,type:str] -sops: - age: - - recipient: age1a5zz4cyda0aqh0hgf8svpyh9ktwy6z5x3gnnu5ysvpvek9rn03csx7dyqn - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCY0tVQk5tdUZJa2h6Q3Yy - QWxjaUVnZ3ZRZzhSbW42VVpVSHRZUXlSdmlrCk9iTllWeno5d3ZScjdxZGM3ZmlX - MnRWNWI3NHhWbmFUa3hvYVJ4WU5pa0kKLS0tIENHaG1YUTBRaE02Nkx6eDExcEhO - Qyt4M05FMnZubkN1Rk8ybFVCSjh5aEkKb40hoPGE7nHaL1CiYnoLo1QVZj91qSCk - XvfItL+ATREgjUDlc0zV0/Ps/XFL6wkyPASHIfkO+q1VSwSTMLNGlw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-09-19T14:03:15Z" - mac: ENC[AES256_GCM,data:tI8I3DwAwdfZEkzU1QldMEQjy7qUvyy6mCAifMxe7/63l2/zJ02T2AhRHbIbbcQdwj3oSshopucyTU65q7PZWEkrkxfIaZSHyMi3xkgQXIvVeD5KRLpw3G242ae2EFSL+3D+hrnaOBEUb4rtXrTlsBcIEsPSeVgK7ySNBfBnUj0=,iv:sCfLTRQlrSQLDkWsdQhefL9mOkqlkMCRQiHY747tt88=,tag:JLPUqOSYcjYfCETbWPgG0g==,type:str] - pgp: - - created_at: "2025-09-19T14:03:01Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hF4DARdpY4woM6wSAQdAZBTYQrGKSh9Al/PomMw4FrqT+Z6FdqDP+SWHgMCMmE8w - d3kiCOBTs4IETttl+o0ZqZ0bR7QHI0NUOAlWdopI2m6dDGl7WDGxVMxbokpK+3ot - 0l4BtsYlAvcJKrBRAY+/lgwYkxeaJwfXtqK7FdrpRv+criLyDn9T95TVz4Ss2zhe - rzkQS/NaX7CY7JhEwyPqENwHWKBw6x8GEKTdpPEL7Mi/OSKbjWUYn02mMkCtGQU3 - =uMmY - -----END PGP MESSAGE----- - fp: 4BE1257015580BAB9F4B9D5FCA5B1C34E649BF92 - unencrypted_suffix: _unencrypted - version: 3.10.2 diff --git a/hosts/db-01/default.nix b/hosts/servers/db-01.nix similarity index 85% rename from hosts/db-01/default.nix rename to hosts/servers/db-01.nix index d76acc1..abc8936 100644 --- a/hosts/db-01/default.nix +++ b/hosts/servers/db-01.nix @@ -1,19 +1,5 @@ { config, pkgs, ... }: { - imports = [ - ./disk-config.nix - { - _module.args.disks = [ "/dev/sda" ]; - } - - ../common/servers - ]; - - time.timeZone = "Europe/Berlin"; - - networking.hostName = "db-01"; - networking.nameservers = [ "8.8.8.8" ]; - services.postgresql = { enable = true; enableTCPIP = true; @@ -79,7 +65,7 @@ }; sops = { - defaultSopsFile = ./secrets.yaml; + defaultSopsFile = ./db-01.yaml; secrets = { restic-environment = { owner = "root"; diff --git a/hosts/servers/db-01.yaml b/hosts/servers/db-01.yaml new file mode 100644 index 0000000..cfbcabb --- /dev/null +++ b/hosts/servers/db-01.yaml @@ -0,0 +1,30 @@ +restic-environment: ENC[AES256_GCM,data:Q6W/vOld3Or+Wrh4yCQzQo5O9IT1oNQYWTEiTzue7blrKkMysUZ8se9d0tXwlC/KcHWe+luV3A8MTsAg52gBFPyCzFYue/JwCiesg/7NN7ITvETgl5k2LIPha809gE1mSEsWvvdw,iv:phVKcs9JucAfGRlfEubaqDMPWYvkEHzZUZMi989VUgI=,tag:LW2HBn0cEDbHZfp+T/tcWg==,type:str] +restic-password: ENC[AES256_GCM,data:8JUiNyc0YGRm12FVpAheJ1wyWZJxuz3SWg==,iv:Il5Uzs/V1Z14Eo155XybjVW5PJEFG3X/+YZHY3LYit4=,tag:rsQBtOs5ylL+KrPPENec9w==,type:str] +restic-repository: ENC[AES256_GCM,data:8snVO99xFHv0fX23PbRpRst1gQrANzk0+AyfwzDv74xbNrgIrliwQ8q9LAcMjN4NIQ==,iv:19w3tP5Nf3ajBVg6sfMuH0ZoOsQjbS290eHkzkF3AZI=,tag:i8eOvJTVvw7B8pH2fDLIkQ==,type:str] +sops: + age: + - recipient: age1a5zz4cyda0aqh0hgf8svpyh9ktwy6z5x3gnnu5ysvpvek9rn03csx7dyqn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWb1B3Qk5lVTRCM2lQUmQx + djVXNVZlOEc1WjR5MmtobDU2OHAxb2FrWVJnCmxTa3pZaDFFeFR3M3lka241WEl5 + RlRBT1M4OXg4UDR2NTYyQyt5UTFFZmcKLS0tIDVzSCtVUjBrdUVYTWxLTForOUtu + aExIeTJKajZvYzcxaGlyZVVvNXBTK2sKVe4bJOmCKWJYvT1ovlE1ChZ+HBtuJK1P + 0nNf6caS2LimPd+8izWUX32mJBxCfk2Yy9gO04h5uk83JC6ei280nw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-09-19T15:47:43Z" + mac: ENC[AES256_GCM,data:qAMi9plVufdFQHoUH+zcLCqkrjAU8duKunl9owdAcdwfgRjTf+/cYK53zlsygu1KHiULO0E1/3TtW8z2yfr4NAMf9BSEwuJuIcCwOOy8fqzaCIN2xPJ4GXG0vQe2D1wnEomnnLa53AmzkuMT3qwV9yeUk68Q+PszS86jK3E2nvk=,iv:ycKcUebVjjSDx5+CSLG06WlUYBapGCbWNkmlQWua/To=,tag:EQM5SET3PX0Uf3vwbZL58Q==,type:str] + pgp: + - created_at: "2025-09-19T15:47:33Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DARdpY4woM6wSAQdAf+jR6oFZ9FpeQWecdJ0tTKwIu/6XfkOPsZGbWC0LkiYw + xqRDU1B/AhsfT8DvVzdu28BlIp8vdSJhZTMXQs5UsYdIBhr0atUWg+HSLh+kHslA + 0l4BDsZLKA9u+TsT3IMU8CMCXwaayxC3FRDUqoaxkzOL+2f2mk12PWXt/ipwgPD8 + w75kknmpPJxZDTgndupgdVm56Ral/jGTtnkJH3BNbwM2uuzux6ViUODDc04PPNqe + =4Cge + -----END PGP MESSAGE----- + fp: 4BE1257015580BAB9F4B9D5FCA5B1C34E649BF92 + unencrypted_suffix: _unencrypted + version: 3.10.2