From 7693a3ccc06bf21355dd12f999c638a42a59709f Mon Sep 17 00:00:00 2001 From: Clara Dautermann Date: Thu, 17 Apr 2025 19:23:49 +0200 Subject: [PATCH] temporarily deploy forgejo --- .sops.yaml | 3 +- configs/containers/forgejo_container.nix | 19 ++++++ configs/services/forgejo.nix | 6 +- flake.nix | 2 + secrets/all/secrets.yaml | 75 +++++++++++++----------- 5 files changed, 69 insertions(+), 36 deletions(-) create mode 100644 configs/containers/forgejo_container.nix diff --git a/.sops.yaml b/.sops.yaml index 0acce9b..4f59156 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -6,12 +6,13 @@ keys: - &wireguard age12d8mxwnt0a7gl4uu0uwdqaxuqdf5j7zm50qy5qrhj0kd4ny7luaqv7rj4e - &mcserver age1v98yggaarelrp7z8rljzpf3gm70up4q8460trejmptdpv7gjucrqssjz9h - &zammad age14ukkn4plvnjacvjux929qwpeynxk4cfxw285vlwddqakm43kfyysfdg02c + - &forgejo age1vd33efsea2509hm0dwmhkuu7mm2kgw6tsss6lmzsqfg7gat06qyqys3qfh creation_rules: - path_regex: secrets\/all\/* key_groups: - pgp: [*clara] - age: [*wireguard, *mcserver, *zammad] + age: [*wireguard, *mcserver, *zammad, *forgejo] - path_regex: secrets\/wireguard\/* key_groups: - pgp: [*clara] diff --git a/configs/containers/forgejo_container.nix b/configs/containers/forgejo_container.nix new file mode 100644 index 0000000..920fa15 --- /dev/null +++ b/configs/containers/forgejo_container.nix @@ -0,0 +1,19 @@ +{ lib, pkgs, config, ... }: { + + deployment = { + targetHost = "192.168.178.60"; + targetPort = 22; + targetUser = "root"; + }; + networking.hostName = "forgejo"; + networking.interfaces.wgbr.ipv4.addresses = [ + { + address = "10.8.1.4"; + prefixLength = 24; + } + ]; + imports = [ + ../container_config.nix + ../services/forgejo.nix + ]; +} diff --git a/configs/services/forgejo.nix b/configs/services/forgejo.nix index 07e9bae..46935e3 100644 --- a/configs/services/forgejo.nix +++ b/configs/services/forgejo.nix @@ -1,7 +1,8 @@ { lib, pkgs, config, ... }: let dbname = "forgejo"; - ssh_port = 2000; + ssh_port = 2224; + domain = "new.git.cdaut.de"; in { @@ -15,7 +16,8 @@ in settings = { server = { - DOMAIN = "192.168.178.50"; + ROOT_URL = "https://${domain}"; + DOMAIN = domain; SSH_PORT = ssh_port; # important because otherwise ssh doesn't seem to work… START_SSH_SERVER = true; diff --git a/flake.nix b/flake.nix index 5626a7e..3633fa9 100644 --- a/flake.nix +++ b/flake.nix @@ -17,6 +17,8 @@ wireguard = import ./configs/containers/wg_container.nix; zammad = import ./configs/containers/zammad_container.nix; + + forgejo = import ./configs/containers/forgejo_container.nix; }; }; } diff --git a/secrets/all/secrets.yaml b/secrets/all/secrets.yaml index 6da2253..f4d7cba 100644 --- a/secrets/all/secrets.yaml +++ b/secrets/all/secrets.yaml @@ -1,54 +1,63 @@ -initial_password_clara: ENC[AES256_GCM,data:4kTSXy5f6h/crmOOako0puZyxyeitqjSBKxB987Oh3ZatUy0aR+JwEFNVMGwu4nA1xJOrPyKsa1AUBoRY21mpiqX1oZnPChe+w==,iv:inA7Hnnl7rFR0ORTO7rvZJr+IfvoIP+kvlbnTJwLKFk=,tag:1nIJTuwJNhvId+YO4KgIjA==,type:str] +initial_password_clara: ENC[AES256_GCM,data:ux8zKQbsw52SDMjX4wyXFp445vbCV4eFdvAJNzYSb3YMxbVWlBTV3KaEFYW0dKFwUvvserHPfyXmFgXJJ5Lx+D+49b8s8mVZqwVs,iv:2c8I40749+bXnwHJ2Gnjkv8a/AtV1P30sCE113jZcH4=,tag:b8kmLLZ80lytRH4dAl6tpg==,type:str] sops: age: - recipient: age12d8mxwnt0a7gl4uu0uwdqaxuqdf5j7zm50qy5qrhj0kd4ny7luaqv7rj4e enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3cWVDWmx5d3c4MWk4Q1lB - RDBveHR0NGpnTkVxNTJ3S01iaHZTMmJZM25BCklxcDZjbWJReHl3TWxaMVFQUzh2 - TEt0WTlEbG1jL3NJWituWXVjckc1aUEKLS0tIFVaSllUTDZ1cGFuWkNOSWx1TzlL - NGF5cjN4bUxTeHgrM3BJWVF6ZjhudU0KeUkn4/R2kfrLZsAqE8+kiYi1L92U44oT - iQLYfEFVWJW404RsyHrU2hn348g6M5LXICqO5zgN9GeKgIyXRWqBPQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAweHFOQWNaTGxLTTVNWlpw + UUdZYklScktnL3QvM0xLMTkrTmpYTG1ocXdzCnlPNVdkQ1FwZ21wUlhiOXpCSmV2 + R0Q4RGlTNWRybTFRU1ZnK3VEU0NWUVkKLS0tIGFNRzVDMnkvRXhLTzMwVEpONGFr + RGFIVDZyL0dSTWNDMDZEWEJIamxRMDgKBeRdsbub+XhYKyCkpo9x1yXXqha7PP/s + /nzUyMNqDB7Fh5K9xY2BRxwpxIKYWpzFPjybt5mHL1NxbYheGle5hA== -----END AGE ENCRYPTED FILE----- - recipient: age1v98yggaarelrp7z8rljzpf3gm70up4q8460trejmptdpv7gjucrqssjz9h enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwZ3FtekQ1K3JOZjB2bVVu - MGhER3h4RjVVYUx1RW54aXc0Q2JIdFVzR0VFCkRJbkVoNVlSTkJQaTNYNFQ4ak10 - ZDdmN1o2U2t4dnJPcXNaSW4xU1J5SUEKLS0tIGVTUXNWOSsrbUxXWENSRWVDSys3 - UUhENFp4amR5Mzh6ZWxEdjNBSmRZL2MKlMtaMFXYjrRaUBP41prBwrYS6Avqyy2d - aHoU85HdRsfYVu9PC8zjsSSeDrBvL6ByIpA9KpO5yeU8RxvHZOPFqQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzaWxRVVd3bU84bGwrZk5F + blgyRnd3MmdSdGtaWHdnVVVIeUs5dGNkVDJVCmo1MU9PeVRrNEZzcHhKUVk1OXlG + MDNCRCtCOERnQmtmUmt4YXlWTVl1dmcKLS0tIGZiYnlveWlKd2VZaVhNaUtlWlVK + UXkzL3k4YW5ESGRza0hURC9wR0o3RGMKsvc9zCQ323d/eSP9vVDiYTNgZrNmVvfE + +GfDEc/4+OpG+RRmMrXvlvCYRof56ywWZJr9tpAlunZ/t8vHRCUJow== -----END AGE ENCRYPTED FILE----- - recipient: age14ukkn4plvnjacvjux929qwpeynxk4cfxw285vlwddqakm43kfyysfdg02c enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwelB5Y21GdjA0a0JObTIx - b0Voc1Q2cDFLODdFY0k4bXBTdHplWmpFSGkwCisrRG1XenZQWTlNYTBTVnhZVGxt - QzFycWRhRHV3b0xaaUM4QXFnc0dnWTgKLS0tIHkwa2hUQnptejlndDcyZ2lIWERq - ZUZVNjJ2L3dUdDBVZ0NXMzBXTXZVaE0KhG/hY232TkDRcAeQOBthQNZRzEryAcB6 - YiAGzA7LrZvDsDllYZ6riqmts9rZYZhk7N2CQ6hVVJ/p6X6Z3qfMwg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0YjhORkRmWk9pOVV6cUpo + RVRpNmhzWS9pZDMxTXViMDFLSVNYR1F5NkZZCnFCb0Q3QjMzNk5WVkM3K1JYYjJ4 + c1VER25FVUtyWHFpcVpKdUJ0YlhSTEEKLS0tIEF6a1dJY2JmelQyVzd4Mk9SK0R2 + WFZHdVZiMVdaNHFhTVZGMzdYRTl3ZU0K6yMpKKXKIaYHxR1cAHam7jogZShH5xsK + c43sMBz/WxHjvmI9TCNyxnkvgwC6kJUpV9vABduJg2INjkLltjNc/Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-04-15T17:00:20Z" - mac: ENC[AES256_GCM,data:v1UKMevNh/Om1dULmGOADsD6wQ0nhTsMtwT0qqDxtqdgBpmk2vD5VU732ZgQjornPc4ZeCgbfpFK16EVtx9gbwPLRQbgeh8I6BoqcpNkHkZnvGV4hpH2xKeRqOYvSg1ed1j7INLctt1q2O5bHC3ASmidP0zZoqLvgurwTP4t9Zo=,iv:4ji3Ob5mzS6qVWkKce66wZRfASXQi0MSC4m4f1HQlbw=,tag:gSDj3CQTp0NNrexKFxzAmQ==,type:str] + - recipient: age1vd33efsea2509hm0dwmhkuu7mm2kgw6tsss6lmzsqfg7gat06qyqys3qfh + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPelBOdktOV3Naa1ZWdlFv + N1c1clFsZTlkbVlpYU81L3Y3L2UxTTJMaUdNCnJYd3Y0YWpRNTRsTkt4Q0ppblVB + K01HSzgvQ1lIaUNSR2lJZWY4NG1tL28KLS0tIGVjZ0svVlFrK1h1NFViVmV0bk5Q + MW5ZTWQwZy9iQnFNL2dRalM3VSswVkEKcE2M6Ph8d+7BafgjlARITRbxivOajQ3H + 7evjNzFDqga/AZ1rLG+5anuD2giAKVZGok10NvDroCKkobUpsXd6jQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-04-17T14:15:59Z" + mac: ENC[AES256_GCM,data:QBoeoWS2eoUjbXm40OLk8vxpdZRUkLgVLPQ6AX9JaYVLl4+reefFw269yngF2ZATBniuYLBHNhkSjOYttC+J7M2Zt8cQhhj4G2TFt7JkYHQRtkbuoa9ZiP3Oi3Jaj6z0w3cHsyMT+fBBdr02winxf8QggYHGmvcK8QXoayccyl8=,iv:lG94yszjtq1tDYrNM+xt5ehdrNYO6M+oqZg/Qg/cO4g=,tag:K3Cr7DySQ02fgHOaVtYmDA==,type:str] pgp: - - created_at: "2025-04-15T17:00:11Z" + - created_at: "2025-04-17T14:15:33Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMAzwtBoBqH5ZOAQ/+Ph75DuL7rX4Wt+dXW8Gcc4ov2dZSaWKVpVngPrj6YvFu - 1PNAyglOenNTL4zP8g5Xcns4DkbQTRK0+g5HA8UtdpNB/CXNYXWVvzVIx/z2734p - d6QdN003s9b/1y1M/foSHXVdxYfq5OvNYMMukAS/ETAlF8bG/5IWQhGiYsCBaK+2 - Mizr1OSp/XLecJlGuf/2gMfzt6KSeYHe2wcxFntm2HpQgNmmHmCkb6dLTYwOABGH - pOKDBBl530dZOx9DM+XXthsMYvplvvUCSC1w7kLivt1H/F+gwqG+zwyQrKra8Fka - 2+o82eehzQSUzbEQvu9wz7QAmo0uc3vlF9xj3yRSHpmbRxRyVd88i3XlEDXiz9lH - 9G15PdU5XFUCpp6o+qBMpip8n5tvy6+6E/0r6QD74VS3Ha80mLd8jRWdLmehiJYf - FyT9r1XhFemRaPEBVCSWRt2Y6vvBe7x92ed+dIXG1sqcXJBAONs1O8FPCKjgrAfW - QPe0nrXVSYCbvldGS1Wx9ASknc/FU25IJydRcuq9NVd4rylK3C5WjnzLSJmDzkda - +xoCTmwdGAEGqJPrcC3GQrot/sZFK6Gz1ZQ03miABi+Agrr5Eh1bQzgh7e4YoUiL - y89DzlqTWXEvdNS4k0ps1mKg32zzkUkeIl8wiX0e9uil8OHQnL+rcqPe9NN05jDS - XgEi6DfmK0Hh6aYjeJMxKtRKYOQuSheRcrUFCfdr1AjXrWfGjjXX1cbfFU+O45tV - zhps4J5zhcCgPHNN2eWOE3DKMj4CT5x/ZXKFWSxbFcKNKy7hyVI/DR+i5urKVrA= - =UyZz + hQIMAzwtBoBqH5ZOAQ/9Gx1uySXuafWQT/xz2b4yY37t3ZKE5SE4LxKoyOPXRhWR + yVISxG9MBrYeDe7DR4QYJ5KVpKUui/TMKv5+SFiDvlxgQdWVA2PZ2KXgGK0KDDEk + cOn3YNGLHpZL4ZHwAlbgeNWFjT/A99logCnv7D4VocAX9k+AMSh5ZQqI5HLmBHfO + ZQOugRfGDI28D/iH/8LUXoK+l6VDX3CLt0xfQmNN81q2IQzb2NK9GZvj5qyILR3c + MMzGDMU1pw0OWCZWZDRCE5YA71mrvflGOQPo3/JPsVg1Qr8l6TbGjbFwKlYUgGDU + JTSsZ1ATKjzbWg7KSdrBgztWHcSDdrCW1yytUh9uoJks2UHGdfb060k9DH99IYXk + +u5DutiPqiz8xwn5YHetO3SaJjJA9uIODQ+Em7ElZ+XbY81NIlhbdT8DZKdDHmOx + ozFIs5r1glRaojo8Yc9fym0j8cZ6Dr6rkD+nbgwzRCuUucuzOILIPrutdUSgdpbp + LnK8ScJnOBsF3AhKuOB4Qhnb6Q0ooT8Zt+R2uDdezfACFMa6nW95MP4sPYPqy7ee + ZGuWOaMGQ1Cn9Ck3nBCn8hROzHwp9pv56mqVIKu+oWCGsFm9GUZ5XFvZxez6Kq// + SVhH/qbV3RElBj/Q8u4Xcbl3ZNnHbMhvi/Xe2Ji64orZkzjHrsViB6KXR6uzY/7S + XAF4UTbjzSVkqbZ+IKQbkhoM62YQpT1bOgMk9djNFilauKRqD5x3eKTyuooOnMGh + jVjxulE755eSO6qvATN/P7OIXzaPKI+HSPcdm0WH8ZXVTXrZjkeO7D7gCfh/ + =qTot -----END PGP MESSAGE----- fp: 58EF8D71114EF548DEE3320DE6F04916B6EEBD83 unencrypted_suffix: _unencrypted