temporarily deploy forgejo
This commit is contained in:
parent
f51a453c14
commit
7693a3ccc0
GPG key ID:
223391B52FAD4463
5 changed files with 69 additions and 36 deletions
|
|
@ -6,12 +6,13 @@ keys:
|
||||||
- &wireguard age12d8mxwnt0a7gl4uu0uwdqaxuqdf5j7zm50qy5qrhj0kd4ny7luaqv7rj4e
|
- &wireguard age12d8mxwnt0a7gl4uu0uwdqaxuqdf5j7zm50qy5qrhj0kd4ny7luaqv7rj4e
|
||||||
- &mcserver age1v98yggaarelrp7z8rljzpf3gm70up4q8460trejmptdpv7gjucrqssjz9h
|
- &mcserver age1v98yggaarelrp7z8rljzpf3gm70up4q8460trejmptdpv7gjucrqssjz9h
|
||||||
- &zammad age14ukkn4plvnjacvjux929qwpeynxk4cfxw285vlwddqakm43kfyysfdg02c
|
- &zammad age14ukkn4plvnjacvjux929qwpeynxk4cfxw285vlwddqakm43kfyysfdg02c
|
||||||
|
- &forgejo age1vd33efsea2509hm0dwmhkuu7mm2kgw6tsss6lmzsqfg7gat06qyqys3qfh
|
||||||
|
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: secrets\/all\/*
|
- path_regex: secrets\/all\/*
|
||||||
key_groups:
|
key_groups:
|
||||||
- pgp: [*clara]
|
- pgp: [*clara]
|
||||||
age: [*wireguard, *mcserver, *zammad]
|
age: [*wireguard, *mcserver, *zammad, *forgejo]
|
||||||
- path_regex: secrets\/wireguard\/*
|
- path_regex: secrets\/wireguard\/*
|
||||||
key_groups:
|
key_groups:
|
||||||
- pgp: [*clara]
|
- pgp: [*clara]
|
||||||
|
|
|
||||||
19
configs/containers/forgejo_container.nix
Normal file
19
configs/containers/forgejo_container.nix
Normal file
|
|
@ -0,0 +1,19 @@
|
||||||
|
{ lib, pkgs, config, ... }: {
|
||||||
|
|
||||||
|
deployment = {
|
||||||
|
targetHost = "192.168.178.60";
|
||||||
|
targetPort = 22;
|
||||||
|
targetUser = "root";
|
||||||
|
};
|
||||||
|
networking.hostName = "forgejo";
|
||||||
|
networking.interfaces.wgbr.ipv4.addresses = [
|
||||||
|
{
|
||||||
|
address = "10.8.1.4";
|
||||||
|
prefixLength = 24;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
imports = [
|
||||||
|
../container_config.nix
|
||||||
|
../services/forgejo.nix
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
@ -1,7 +1,8 @@
|
||||||
{ lib, pkgs, config, ... }:
|
{ lib, pkgs, config, ... }:
|
||||||
let
|
let
|
||||||
dbname = "forgejo";
|
dbname = "forgejo";
|
||||||
ssh_port = 2000;
|
ssh_port = 2224;
|
||||||
|
domain = "new.git.cdaut.de";
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
|
||||||
|
|
@ -15,7 +16,8 @@ in
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
server = {
|
server = {
|
||||||
DOMAIN = "192.168.178.50";
|
ROOT_URL = "https://${domain}";
|
||||||
|
DOMAIN = domain;
|
||||||
SSH_PORT = ssh_port;
|
SSH_PORT = ssh_port;
|
||||||
# important because otherwise ssh doesn't seem to work…
|
# important because otherwise ssh doesn't seem to work…
|
||||||
START_SSH_SERVER = true;
|
START_SSH_SERVER = true;
|
||||||
|
|
|
||||||
|
|
@ -17,6 +17,8 @@
|
||||||
wireguard = import ./configs/containers/wg_container.nix;
|
wireguard = import ./configs/containers/wg_container.nix;
|
||||||
|
|
||||||
zammad = import ./configs/containers/zammad_container.nix;
|
zammad = import ./configs/containers/zammad_container.nix;
|
||||||
|
|
||||||
|
forgejo = import ./configs/containers/forgejo_container.nix;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,54 +1,63 @@
|
||||||
initial_password_clara: ENC[AES256_GCM,data:4kTSXy5f6h/crmOOako0puZyxyeitqjSBKxB987Oh3ZatUy0aR+JwEFNVMGwu4nA1xJOrPyKsa1AUBoRY21mpiqX1oZnPChe+w==,iv:inA7Hnnl7rFR0ORTO7rvZJr+IfvoIP+kvlbnTJwLKFk=,tag:1nIJTuwJNhvId+YO4KgIjA==,type:str]
|
initial_password_clara: ENC[AES256_GCM,data:ux8zKQbsw52SDMjX4wyXFp445vbCV4eFdvAJNzYSb3YMxbVWlBTV3KaEFYW0dKFwUvvserHPfyXmFgXJJ5Lx+D+49b8s8mVZqwVs,iv:2c8I40749+bXnwHJ2Gnjkv8a/AtV1P30sCE113jZcH4=,tag:b8kmLLZ80lytRH4dAl6tpg==,type:str]
|
||||||
sops:
|
sops:
|
||||||
age:
|
age:
|
||||||
- recipient: age12d8mxwnt0a7gl4uu0uwdqaxuqdf5j7zm50qy5qrhj0kd4ny7luaqv7rj4e
|
- recipient: age12d8mxwnt0a7gl4uu0uwdqaxuqdf5j7zm50qy5qrhj0kd4ny7luaqv7rj4e
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3cWVDWmx5d3c4MWk4Q1lB
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAweHFOQWNaTGxLTTVNWlpw
|
||||||
RDBveHR0NGpnTkVxNTJ3S01iaHZTMmJZM25BCklxcDZjbWJReHl3TWxaMVFQUzh2
|
UUdZYklScktnL3QvM0xLMTkrTmpYTG1ocXdzCnlPNVdkQ1FwZ21wUlhiOXpCSmV2
|
||||||
TEt0WTlEbG1jL3NJWituWXVjckc1aUEKLS0tIFVaSllUTDZ1cGFuWkNOSWx1TzlL
|
R0Q4RGlTNWRybTFRU1ZnK3VEU0NWUVkKLS0tIGFNRzVDMnkvRXhLTzMwVEpONGFr
|
||||||
NGF5cjN4bUxTeHgrM3BJWVF6ZjhudU0KeUkn4/R2kfrLZsAqE8+kiYi1L92U44oT
|
RGFIVDZyL0dSTWNDMDZEWEJIamxRMDgKBeRdsbub+XhYKyCkpo9x1yXXqha7PP/s
|
||||||
iQLYfEFVWJW404RsyHrU2hn348g6M5LXICqO5zgN9GeKgIyXRWqBPQ==
|
/nzUyMNqDB7Fh5K9xY2BRxwpxIKYWpzFPjybt5mHL1NxbYheGle5hA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1v98yggaarelrp7z8rljzpf3gm70up4q8460trejmptdpv7gjucrqssjz9h
|
- recipient: age1v98yggaarelrp7z8rljzpf3gm70up4q8460trejmptdpv7gjucrqssjz9h
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwZ3FtekQ1K3JOZjB2bVVu
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzaWxRVVd3bU84bGwrZk5F
|
||||||
MGhER3h4RjVVYUx1RW54aXc0Q2JIdFVzR0VFCkRJbkVoNVlSTkJQaTNYNFQ4ak10
|
blgyRnd3MmdSdGtaWHdnVVVIeUs5dGNkVDJVCmo1MU9PeVRrNEZzcHhKUVk1OXlG
|
||||||
ZDdmN1o2U2t4dnJPcXNaSW4xU1J5SUEKLS0tIGVTUXNWOSsrbUxXWENSRWVDSys3
|
MDNCRCtCOERnQmtmUmt4YXlWTVl1dmcKLS0tIGZiYnlveWlKd2VZaVhNaUtlWlVK
|
||||||
UUhENFp4amR5Mzh6ZWxEdjNBSmRZL2MKlMtaMFXYjrRaUBP41prBwrYS6Avqyy2d
|
UXkzL3k4YW5ESGRza0hURC9wR0o3RGMKsvc9zCQ323d/eSP9vVDiYTNgZrNmVvfE
|
||||||
aHoU85HdRsfYVu9PC8zjsSSeDrBvL6ByIpA9KpO5yeU8RxvHZOPFqQ==
|
+GfDEc/4+OpG+RRmMrXvlvCYRof56ywWZJr9tpAlunZ/t8vHRCUJow==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age14ukkn4plvnjacvjux929qwpeynxk4cfxw285vlwddqakm43kfyysfdg02c
|
- recipient: age14ukkn4plvnjacvjux929qwpeynxk4cfxw285vlwddqakm43kfyysfdg02c
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwelB5Y21GdjA0a0JObTIx
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0YjhORkRmWk9pOVV6cUpo
|
||||||
b0Voc1Q2cDFLODdFY0k4bXBTdHplWmpFSGkwCisrRG1XenZQWTlNYTBTVnhZVGxt
|
RVRpNmhzWS9pZDMxTXViMDFLSVNYR1F5NkZZCnFCb0Q3QjMzNk5WVkM3K1JYYjJ4
|
||||||
QzFycWRhRHV3b0xaaUM4QXFnc0dnWTgKLS0tIHkwa2hUQnptejlndDcyZ2lIWERq
|
c1VER25FVUtyWHFpcVpKdUJ0YlhSTEEKLS0tIEF6a1dJY2JmelQyVzd4Mk9SK0R2
|
||||||
ZUZVNjJ2L3dUdDBVZ0NXMzBXTXZVaE0KhG/hY232TkDRcAeQOBthQNZRzEryAcB6
|
WFZHdVZiMVdaNHFhTVZGMzdYRTl3ZU0K6yMpKKXKIaYHxR1cAHam7jogZShH5xsK
|
||||||
YiAGzA7LrZvDsDllYZ6riqmts9rZYZhk7N2CQ6hVVJ/p6X6Z3qfMwg==
|
c43sMBz/WxHjvmI9TCNyxnkvgwC6kJUpV9vABduJg2INjkLltjNc/Q==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2025-04-15T17:00:20Z"
|
- recipient: age1vd33efsea2509hm0dwmhkuu7mm2kgw6tsss6lmzsqfg7gat06qyqys3qfh
|
||||||
mac: ENC[AES256_GCM,data:v1UKMevNh/Om1dULmGOADsD6wQ0nhTsMtwT0qqDxtqdgBpmk2vD5VU732ZgQjornPc4ZeCgbfpFK16EVtx9gbwPLRQbgeh8I6BoqcpNkHkZnvGV4hpH2xKeRqOYvSg1ed1j7INLctt1q2O5bHC3ASmidP0zZoqLvgurwTP4t9Zo=,iv:4ji3Ob5mzS6qVWkKce66wZRfASXQi0MSC4m4f1HQlbw=,tag:gSDj3CQTp0NNrexKFxzAmQ==,type:str]
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPelBOdktOV3Naa1ZWdlFv
|
||||||
|
N1c1clFsZTlkbVlpYU81L3Y3L2UxTTJMaUdNCnJYd3Y0YWpRNTRsTkt4Q0ppblVB
|
||||||
|
K01HSzgvQ1lIaUNSR2lJZWY4NG1tL28KLS0tIGVjZ0svVlFrK1h1NFViVmV0bk5Q
|
||||||
|
MW5ZTWQwZy9iQnFNL2dRalM3VSswVkEKcE2M6Ph8d+7BafgjlARITRbxivOajQ3H
|
||||||
|
7evjNzFDqga/AZ1rLG+5anuD2giAKVZGok10NvDroCKkobUpsXd6jQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2025-04-17T14:15:59Z"
|
||||||
|
mac: ENC[AES256_GCM,data:QBoeoWS2eoUjbXm40OLk8vxpdZRUkLgVLPQ6AX9JaYVLl4+reefFw269yngF2ZATBniuYLBHNhkSjOYttC+J7M2Zt8cQhhj4G2TFt7JkYHQRtkbuoa9ZiP3Oi3Jaj6z0w3cHsyMT+fBBdr02winxf8QggYHGmvcK8QXoayccyl8=,iv:lG94yszjtq1tDYrNM+xt5ehdrNYO6M+oqZg/Qg/cO4g=,tag:K3Cr7DySQ02fgHOaVtYmDA==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2025-04-15T17:00:11Z"
|
- created_at: "2025-04-17T14:15:33Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
-----BEGIN PGP MESSAGE-----
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
hQIMAzwtBoBqH5ZOAQ/+Ph75DuL7rX4Wt+dXW8Gcc4ov2dZSaWKVpVngPrj6YvFu
|
hQIMAzwtBoBqH5ZOAQ/9Gx1uySXuafWQT/xz2b4yY37t3ZKE5SE4LxKoyOPXRhWR
|
||||||
1PNAyglOenNTL4zP8g5Xcns4DkbQTRK0+g5HA8UtdpNB/CXNYXWVvzVIx/z2734p
|
yVISxG9MBrYeDe7DR4QYJ5KVpKUui/TMKv5+SFiDvlxgQdWVA2PZ2KXgGK0KDDEk
|
||||||
d6QdN003s9b/1y1M/foSHXVdxYfq5OvNYMMukAS/ETAlF8bG/5IWQhGiYsCBaK+2
|
cOn3YNGLHpZL4ZHwAlbgeNWFjT/A99logCnv7D4VocAX9k+AMSh5ZQqI5HLmBHfO
|
||||||
Mizr1OSp/XLecJlGuf/2gMfzt6KSeYHe2wcxFntm2HpQgNmmHmCkb6dLTYwOABGH
|
ZQOugRfGDI28D/iH/8LUXoK+l6VDX3CLt0xfQmNN81q2IQzb2NK9GZvj5qyILR3c
|
||||||
pOKDBBl530dZOx9DM+XXthsMYvplvvUCSC1w7kLivt1H/F+gwqG+zwyQrKra8Fka
|
MMzGDMU1pw0OWCZWZDRCE5YA71mrvflGOQPo3/JPsVg1Qr8l6TbGjbFwKlYUgGDU
|
||||||
2+o82eehzQSUzbEQvu9wz7QAmo0uc3vlF9xj3yRSHpmbRxRyVd88i3XlEDXiz9lH
|
JTSsZ1ATKjzbWg7KSdrBgztWHcSDdrCW1yytUh9uoJks2UHGdfb060k9DH99IYXk
|
||||||
9G15PdU5XFUCpp6o+qBMpip8n5tvy6+6E/0r6QD74VS3Ha80mLd8jRWdLmehiJYf
|
+u5DutiPqiz8xwn5YHetO3SaJjJA9uIODQ+Em7ElZ+XbY81NIlhbdT8DZKdDHmOx
|
||||||
FyT9r1XhFemRaPEBVCSWRt2Y6vvBe7x92ed+dIXG1sqcXJBAONs1O8FPCKjgrAfW
|
ozFIs5r1glRaojo8Yc9fym0j8cZ6Dr6rkD+nbgwzRCuUucuzOILIPrutdUSgdpbp
|
||||||
QPe0nrXVSYCbvldGS1Wx9ASknc/FU25IJydRcuq9NVd4rylK3C5WjnzLSJmDzkda
|
LnK8ScJnOBsF3AhKuOB4Qhnb6Q0ooT8Zt+R2uDdezfACFMa6nW95MP4sPYPqy7ee
|
||||||
+xoCTmwdGAEGqJPrcC3GQrot/sZFK6Gz1ZQ03miABi+Agrr5Eh1bQzgh7e4YoUiL
|
ZGuWOaMGQ1Cn9Ck3nBCn8hROzHwp9pv56mqVIKu+oWCGsFm9GUZ5XFvZxez6Kq//
|
||||||
y89DzlqTWXEvdNS4k0ps1mKg32zzkUkeIl8wiX0e9uil8OHQnL+rcqPe9NN05jDS
|
SVhH/qbV3RElBj/Q8u4Xcbl3ZNnHbMhvi/Xe2Ji64orZkzjHrsViB6KXR6uzY/7S
|
||||||
XgEi6DfmK0Hh6aYjeJMxKtRKYOQuSheRcrUFCfdr1AjXrWfGjjXX1cbfFU+O45tV
|
XAF4UTbjzSVkqbZ+IKQbkhoM62YQpT1bOgMk9djNFilauKRqD5x3eKTyuooOnMGh
|
||||||
zhps4J5zhcCgPHNN2eWOE3DKMj4CT5x/ZXKFWSxbFcKNKy7hyVI/DR+i5urKVrA=
|
jVjxulE755eSO6qvATN/P7OIXzaPKI+HSPcdm0WH8ZXVTXrZjkeO7D7gCfh/
|
||||||
=UyZz
|
=qTot
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: 58EF8D71114EF548DEE3320DE6F04916B6EEBD83
|
fp: 58EF8D71114EF548DEE3320DE6F04916B6EEBD83
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue