Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Kabbone:21ecad4db0c1656f63404f7852ddd39da9cf081c
Branches Tags
Kabbone:main
Kabbone:dev
Kabbone:refactor
...
compare: Kabbone:ed60b8cc2bd2583631763ba4cd0445e516056354
Branches Tags
Kabbone:main
Kabbone:dev
Kabbone:refactor

2 Commits
21ecad4db0 ... ed60b8cc2b

Author SHA1 Message Date
Kabbone
ed60b8cc2b
hosts: dmz: remove testpassword 2024-04-13 12:01:09 +02:00
Kabbone
9ee26c983e
hosts: server: fix gitea runner 2024-04-13 12:00:44 +02:00
4 changed files with 58 additions and 33 deletions
Show Stats Expand all files Collapse all files

1
modules/services/dmz/microvm.nix
View File

@ -42,7 +42,6 @@ in
users.users.${user} = { # System User users.users.${user} = { # System User
isNormalUser = true; isNormalUser = true;
initialPassword = "runnertest";
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
uid = 2000; uid = 2000;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [

29
modules/services/server/gitea_runner.nix
View File

@ -6,7 +6,10 @@
enable = true; enable = true;
autoPrune.enable = true; autoPrune.enable = true;
dockerCompat = true; dockerCompat = true;
#defaultNetwork.settings.dns_enabled = true; };
containers.containersConf.settings = {
# podman seems to not work with systemd-resolved
containers.dns_servers = [ "8.8.8.8" "8.8.4.4" ];
}; };
}; };
@ -17,17 +20,35 @@
name = "Server runner"; name = "Server runner";
tokenFile = config.age.secrets."services/gitea/serverrunner-token".path; tokenFile = config.age.secrets."services/gitea/serverrunner-token".path;
labels = [ labels = [
"server"
"debian-latest:docker://node:18-bullseye" "debian-latest:docker://node:18-bullseye"
"ubuntu-latest:docker://node:16-bullseye"
"ubuntu-22.04:docker://node:16-bullseye"
"ubuntu-20.04:docker://node:16-bullseye"
"ubuntu-18.04:docker://node:16-buster"
"native:host" "native:host"
]; ];
hostPackages = with pkgs; [ hostPackages = with pkgs; [
bash bash
curl
gitMinimal
coreutils coreutils
wget curl
gawk
gitMinimal
gnused gnused
nodejs
wget
]; ];
settings = {
# container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm";
# the default network that also respects our dns server settings
container.network = "host";
container.privileged = false;
# container.valid_volumes = [
# "/nix"
# "${storeDeps}/bin"
# "${storeDeps}/etc/ssl"
# ];
};
}; };
}; };

23
modules/services/server/microvm.nix
View File

@ -3,7 +3,6 @@ let
name = "gitea-runner"; name = "gitea-runner";
in in
{ {
microvm = { microvm = {
autostart = [ autostart = [
name name
@ -14,11 +13,6 @@ in
inherit pkgs; inherit pkgs;
config = { config = {
#pkgs = import nixpkgs {
# system = "x86_64-linux";
# config.allowUnfree = true;
#};
imports = imports =
[ agenix.nixosModules.default ] ++ [ agenix.nixosModules.default ] ++
[ impermanence.nixosModules.impermanence ] ++ [ impermanence.nixosModules.impermanence ] ++
@ -46,7 +40,6 @@ in
}; };
}; };
users.users.${user} = { # System User users.users.${user} = { # System User
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
@ -77,15 +70,27 @@ in
fileSystems."/persist".neededForBoot = lib.mkForce true; fileSystems."/persist".neededForBoot = lib.mkForce true;
environment.persistence."/persist" = { environment = {
systemPackages = with pkgs; [ # Default packages install system-wide
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
];
persistence."/persist" = {
directories = [ directories = [
"/var/log" "/var/log"
"/var/lib" "/var/lib/private"
]; ];
files = [ files = [
"/etc/machine-id" "/etc/machine-id"
]; ];
};
}; };
microvm = { microvm = {

38
secrets/services/gitea/serverrunner-token.age
View File

@ -1,21 +1,21 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 URAPyw JQs3uKo7cvzQEu/AqNfV7aN/TqvA5FNx5BG63ptPECg -> ssh-ed25519 URAPyw q6GBwPiLV9mwXNkJxMR0HKczC+8UELrc2lFMXYtn4l8
kOfPejoVuW6HRJr7qrOG2ozwcRRcA+cmo3y7Sa5t29E Fg1LWxdM4A65xlrpuUmtw4sUEzyFWvUiV3SmYToNKNA
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
VltuY1KoOB8plcWoRuFl45bYb4HgquALbQDeT3XbsiI3AP4q1+QEfpIJ0ICh2HqD QZLsrgM1xwq9eN+4U+0B5FosDV+uB/ySfXHz4bCeDpN7rGO9TJnKHI99bRWc3XZw
IB6hAW7Awl1cmBawZu5NwH56QIVmSLL5vA8dvrY3LRP+m/ahLo1g4G82+p9Crg7s ooc5FM+jti8/nIU/Gyk4WOHLPYduPe+BOw5xPEGCVd2rn3bm42V/KckDYuAl09FJ
dnSp64mgMX/TcbjqRHhi0lyj8hB01iipps2VYvWXuun8kqBstXRyKOc1iiD3UdGC vP1W1zDkvpHJbFiO7ad8c9iK5kr7KU60AtSN4kJyoIesL9s6K+kCMZ1odbrE3pJ7
9dX3siCn6tiEk4BCbxCc3OxA2Dsl+i0yKZGoe7iXVeM7BkZl+1MaCMY7yPc1oIbG VPCj4HhaV3nL42tHnupsFmWuU6GencUCWWlqi92s0mgWrGsOHqB/qR6eSzBGy4a5
3J2kLNcbtMRiq3tfS23nCTll/1f0B05Q5kR0Mz57VmCm/irMRtHUrUCTc2VTVamo saNKSE5f7uXOGEtN/bGvulShs77uD801Uc7FCjpvPN84bzIwY+VScE5xlONwIfXV
TgGP2ZY4BQFmNx8GBfTsvL5V/hYjy3Fxh9y0uj+/q5HTDzBsjEaaXLCMJwtB6kD+ ayQAtRDlNdsYcPw7NY5nE+o8TDUT29qH84Xn7c1qeC1/9FygEUoHFJpuqI7zDnw5
OtfALz0pOt/BeqWwfTlkMvEp/iak/p5ns5xsKWKDDLfDiFa/bf8uaV68xJXAEVby 6dyWzSQeOqPJTcOVlKwr2IltTL4MOJdy+u36awNflW5y6wcNakziGoZUqxKm84sz
PYxg5yJFrt/gAMm6cFfLzrVrvVkq0SqQ3+pmxpBZzdB1ZrMjek39mco1TvCEYCvO UigfilWrzPfOT48IikFG5ToJuvYz2VyUCzq0KgVqkifIljWd0AALotqAxJOdzy+s
gLc1h1xyKHzmPk8UjLiLsHMB18dvxbI4Bodf0AVUYCsZun0AHSTLi21vMOf5Yhlg iOycsVQzI5BcaSqtBLXgt2t8OAo+wgZyAjCKTZDF5mPhk7U1QF0z0/NOcIrxSR+D
vSqS+yM6tTTz9fgGUV4y7HBgo8atYNSMYZ9rHA6VtLfzi7VG45/RedhspOazJRQp otIF+EIttBDC3t2HAdIxglMxM7ibE6bCwebCDuNpnQlLoY0rvfxGuU0f30f1XVyE
5eRKtKRrUPrGQ6TBCmaz+z8JabI4yNNDhY9ob5ACayc VRSN/icUkMLa1hm1A7W3T4De3N2z+kBN86xBVrpdILM
-> piv-p256 grR75w AveH9FxNRzVWdwR4PevHqBCkk37b/4Dvs1antAtgmQea -> piv-p256 grR75w A5n1qH04NhMjwh2mNoGOJN9Ofpi0GOzWcTfCW1krNrGe
lwfq0AnKfsOzF1SyhsaIpp5LkpstbcGGfGU8f1RxX8U 8L4b+0n8ufby6d5lzDTLNxgNCtw/mkLyh0aZn4mzo3g
-> piv-p256 RQguQQ Aog+1JgXJYipVlfKFY17xd9cBIv+y25hYklOcaZyjWWk -> piv-p256 RQguQQ Ayx2cPaemr6ww5LBQW/0fvEkap3iQhpFXgMwBCrYnuhg
niOBZVUWnm8sfiO0l4VfIMDFGxgYCwHaBSipnFb1YtI nnUREYSDvSFX6mP8Ml3KuhJQZpkOC81PjYt804WB2Mg
--- puDx58zDjk0OTX0irQm9zEMM+xuas4i2qlYRewznB54 --- dF24BThWb7swXtgAyxu/B49foT/AAEWVcNimdd1qeSA
Q V<¸iü;IZá^~9FõЙ¶£,$láÙ²|èCQ ñÄS¶öŽõDªú¯í7¾EX.÷=°>Fº˜c<CB9C>Õ{¦ƒ°ôñDÈË W0e«´ÝQ©el{S”F*Ç09MBégZF|PøzdÙcy¾ûÍ^ßyï$š'áHBçY<C3A7>÷î ÿéÏA‘íȃ—¤\