adtya/configuration.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: adtya:449b89ffd5d394a377208ebf76d8d712faaa968f
Branches Tags
adtya:main
...
compare: adtya:e8b036a4e7c0761dced12f56b353981faa498c95
Branches Tags
adtya:main

2 commits
449b89ffd5 ... e8b036a4e7

Author SHA1 Message Date
Adithya Nair
e8b036a4e7
fix borked DNS config 2024-11-19 23:35:43 +05:30
Adithya Nair
c48a088200
move forgejo to new domain 🤷 2024-11-19 23:35:28 +05:30
12 changed files with 18 additions and 17 deletions
Show stats Expand all files Collapse all files

6
hosts/bifrost/network/firewall.nix
View file

@ -6,11 +6,11 @@ _: {
ruleset = '' ruleset = ''
table ip nat { table ip nat {
chain PREROUTING { chain PREROUTING {
type nat hook prerouting priority -100 ; type nat hook prerouting priority dstnat;
iifname ens3 tcp dport 42069 dnat to 10.10.10.13 iifname ens3 tcp dport 22 dnat to 10.10.10.13:2222
} }
chain POSTROUTING { chain POSTROUTING {
type nat hook postrouting priority 100 ; type nat hook postrouting priority srcnat;
ip daddr 10.10.10.13 masquerade ip daddr 10.10.10.13 masquerade
}; };
} }

2
hosts/bifrost/network/wireguard.nix
View file

@ -20,7 +20,7 @@ let wireguard-peers = import ../../shared/wireguard-peers.nix; in {
address = [ address = [
"${config.nodeconfig.facts.wireguard-ip}/24" "${config.nodeconfig.facts.wireguard-ip}/24"
]; ];
dns = [ "10.10.10.11" "10.10.10.12" ]; dns = [ "10.10.10.1" ];
peers = with wireguard-peers; [ peers = with wireguard-peers; [
(rico0 // { endpoint = null; }) (rico0 // { endpoint = null; })
(rico1 // { endpoint = null; }) (rico1 // { endpoint = null; })

2
hosts/bifrost/services/apps/forgejo.nix
View file

@ -1,5 +1,5 @@
_: _:
let domainName = "forge.acomputer.lol"; in { let domainName = "git.ironyofprivacy.org"; in {
services = { services = {
caddy.virtualHosts."${domainName}" = { caddy.virtualHosts."${domainName}" = {
extraConfig = '' extraConfig = ''

2
hosts/layne/network/wireguard.nix
View file

@ -20,7 +20,7 @@ let wireguard-peers = import ../../shared/wireguard-peers.nix; in {
address = [ address = [
"${config.nodeconfig.facts.wireguard-ip}/24" "${config.nodeconfig.facts.wireguard-ip}/24"
]; ];
dns = [ "10.10.10.11" "10.10.10.12" ]; dns = [ "10.10.10.1" ];
peers = with wireguard-peers; [ peers = with wireguard-peers; [
(bifrost // { persistentKeepalive = 20; }) (bifrost // { persistentKeepalive = 20; })
rico0 rico0

2
hosts/rico0/network/wireguard.nix
View file

@ -20,7 +20,7 @@ let wireguard-peers = import ../../shared/wireguard-peers.nix; in {
address = [ address = [
"${config.nodeconfig.facts.wireguard-ip}/24" "${config.nodeconfig.facts.wireguard-ip}/24"
]; ];
dns = [ "10.10.10.11" "10.10.10.12" ]; dns = [ "10.10.10.1" ];
peers = with wireguard-peers; [ peers = with wireguard-peers; [
(bifrost // { persistentKeepalive = 20; }) (bifrost // { persistentKeepalive = 20; })
rico1 rico1

2
hosts/rico1/network/wireguard.nix
View file

@ -20,7 +20,7 @@ let wireguard-peers = import ../../shared/wireguard-peers.nix; in {
address = [ address = [
"${config.nodeconfig.facts.wireguard-ip}/24" "${config.nodeconfig.facts.wireguard-ip}/24"
]; ];
dns = [ "10.10.10.11" "10.10.10.12" ]; dns = [ "10.10.10.1" ];
peers = with wireguard-peers; [ peers = with wireguard-peers; [
(bifrost // { persistentKeepalive = 20; }) (bifrost // { persistentKeepalive = 20; })
rico0 rico0

2
hosts/rico2/network/wireguard.nix
View file

@ -20,7 +20,7 @@ let wireguard-peers = import ../../shared/wireguard-peers.nix; in {
address = [ address = [
"${config.nodeconfig.facts.wireguard-ip}/24" "${config.nodeconfig.facts.wireguard-ip}/24"
]; ];
dns = [ "10.10.10.11" "10.10.10.12" ]; dns = [ "10.10.10.1" ];
peers = with wireguard-peers; [ peers = with wireguard-peers; [
(bifrost // { persistentKeepalive = 20; }) (bifrost // { persistentKeepalive = 20; })
rico0 rico0

2
hosts/rico2/services/apps/forgejo-actions-runner.nix
View file

@ -19,7 +19,7 @@
"aarch64-linux:docker://ubuntu:latest" "aarch64-linux:docker://ubuntu:latest"
]; ];
tokenFile = config.sops.secrets."forgejo/runner_registration_token_file".path; tokenFile = config.sops.secrets."forgejo/runner_registration_token_file".path;
url = "https://forge.acomputer.lol"; url = "https://git.ironyofprivacy.org";
settings = { settings = {
log.level = "info"; log.level = "info";
cache = { cache = {

2
hosts/skipper/network/wireguard.nix
View file

@ -22,7 +22,7 @@ in
address = [ address = [
"10.10.10.2/24" "10.10.10.2/24"
]; ];
dns = [ "10.10.10.11" "10.10.10.12" ]; dns = [ "10.10.10.1" ];
peers = with wireguard-peers; [ peers = with wireguard-peers; [
(bifrost // { allowedIPs = [ "10.10.10.0/24" ]; }) (bifrost // { allowedIPs = [ "10.10.10.0/24" ]; })
]; ];

2
hosts/wynne/network/wireguard.nix
View file

@ -20,7 +20,7 @@ let wireguard-peers = import ../../shared/wireguard-peers.nix; in {
address = [ address = [
"${config.nodeconfig.facts.wireguard-ip}/24" "${config.nodeconfig.facts.wireguard-ip}/24"
]; ];
dns = [ "10.10.10.11" "10.10.10.12" ]; dns = [ "10.10.10.1" ];
peers = with wireguard-peers; [ peers = with wireguard-peers; [
(bifrost // { persistentKeepalive = 20; }) (bifrost // { persistentKeepalive = 20; })
rico0 rico0

5
hosts/wynne/services/apps/forgejo.nix
View file

@ -1,7 +1,7 @@
{ pkgs, config, lib, ... }: { pkgs, config, lib, ... }:
let let
cfg = config.services.forgejo; cfg = config.services.forgejo;
domainName = "forge.acomputer.lol"; domainName = "git.ironyofprivacy.org";
in in
{ {
sops.secrets = { sops.secrets = {
@ -52,7 +52,8 @@ in
DISABLE_SSH = false; DISABLE_SSH = false;
START_SSH_SERVER = true; START_SSH_SERVER = true;
BUILTIN_SSH_SERVER_USER = "forge"; BUILTIN_SSH_SERVER_USER = "forge";
SSH_PORT = 42069; SSH_PORT = 22;
SSH_LISTEN_PORT = 2222;
SSH_LISTEN_HOST = "10.10.10.13"; SSH_LISTEN_HOST = "10.10.10.13";
HTTP_ADDR = "10.10.10.13"; HTTP_ADDR = "10.10.10.13";
HTTP_PORT = 3000; HTTP_PORT = 3000;

6
secrets.yaml
View file

@ -19,7 +19,7 @@ wireguard:
caddy: caddy:
env_file: ENC[AES256_GCM,data:PKtILX7o0D3rj78JXIXad9UcQz0ZiihXK1nY/kb08fh3i54hYrFyJyGt04b9mAufxTnhDV4=,iv:I/EtxopCFmRxgsGJIcFDufTiM1JyPPoIQkgKIDiCP24=,tag:5QlGMp839p9RYKB09tr61A==,type:str] env_file: ENC[AES256_GCM,data:PKtILX7o0D3rj78JXIXad9UcQz0ZiihXK1nY/kb08fh3i54hYrFyJyGt04b9mAufxTnhDV4=,iv:I/EtxopCFmRxgsGJIcFDufTiM1JyPPoIQkgKIDiCP24=,tag:5QlGMp839p9RYKB09tr61A==,type:str]
forgejo: forgejo:
runner_registration_token_file: ENC[AES256_GCM,data:CM5hQEd1YHuCpzN6ZVGVzxRgQcUuq/KZ+o5JcB3kRAyVJVYjCyRfNPD2SA/ruw==,iv:L3tLN0C/d3lztvnBHyRzSFdkjtR8bnd5IrROGBSw/0E=,tag:R+o7E47DNvRr8S+hqR+v5w==,type:str] runner_registration_token_file: ENC[AES256_GCM,data:d5XFp9ParWMnh7GWsVNcPeReuO3EdvUSHsXxEm2T9UfQ17q8RHmHCo3qg74zfA==,iv:0JdHc8NexQjIjs07WR+132hcedpvS1w8jOsLSHKIsGU=,tag:UheHd+Hgjs4p9WQsWLU95w==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -98,8 +98,8 @@ sops:
WUc1Tm4wMkxUM2xybjFKK2VqWU9GSFEKVhMLzPF5CT/W0PC5jsNzpIE8wtRrUdfH WUc1Tm4wMkxUM2xybjFKK2VqWU9GSFEKVhMLzPF5CT/W0PC5jsNzpIE8wtRrUdfH
QHKId9QbaEaz8c85iXppJwONJJ2eTWUElj4ZVLUacgiqyS+rBiyuFw== QHKId9QbaEaz8c85iXppJwONJJ2eTWUElj4ZVLUacgiqyS+rBiyuFw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-16T14:09:27Z" lastmodified: "2024-11-19T13:34:08Z"
mac: ENC[AES256_GCM,data:jadem1cX0PbeWeCUxZy8svPB0PbthNfKKomvsEILTbl99rlsQJmeiFtA5eaewu4qjC+UUfJrrLrArJDCDweYrCGMyCnfwh5+xN+q5SF4dCoWon1DeE4G+OZ3R6Kv4XPfdg7l/mDblndIp7WbhlsCEoZM4Sl2e7VheXfnFtacpK4=,iv:v/vEBnnLirIItGiUqAHs5CYzMduw7u3TK5UpiaNCjmE=,tag:t5fKPnJYg9Zm0uAOsi9N/g==,type:str] mac: ENC[AES256_GCM,data:FR3DRBTfCeE5+rjizNqowRhIEv8rVPrxBhbdLy+8EsiK0zZW++CjPEMB8wnJw3T9JD+r4MmnPb+kxb9R26lS/k48uNioexW5PIa7d/Hnwf5k3cKfXeUvCc71RXdmxzdw5/5QRweN8Pm9HTMP00ze1PJGBfUkt79eIS8IiWrSm8I=,iv:m7g4j4Zqp8fqM2LzOR6ChgZ4MSGVZSICLJ3LdiqA+ag=,tag:yL5dNCIue7EGlNdeq+71DQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.1 version: 3.9.1