From 22eb62df236f7990d019570821cf5eeaafdbd02b Mon Sep 17 00:00:00 2001 From: GHOSCHT <31184695+GHOSCHT@users.noreply.github.com> Date: Thu, 23 May 2024 23:55:30 +0200 Subject: [PATCH 1/4] Arion: Bump Forgejo to 7.0.3 7.0.1 -> 7.0.3 --- hosts/franz/arion/git/arion-compose.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/franz/arion/git/arion-compose.nix b/hosts/franz/arion/git/arion-compose.nix index 77a8389..f4dcf8c 100644 --- a/hosts/franz/arion/git/arion-compose.nix +++ b/hosts/franz/arion/git/arion-compose.nix @@ -10,7 +10,7 @@ services = { forgejo.service = { - image = "codeberg.org/forgejo/forgejo:7.0.1"; + image = "codeberg.org/forgejo/forgejo:7.0.3"; container_name = "forgejo"; useHostStore = true; labels = { From ef886a63a4aea7235c3c268c379a66313a7a86b3 Mon Sep 17 00:00:00 2001 From: GHOSCHT <31184695+GHOSCHT@users.noreply.github.com> Date: Thu, 23 May 2024 23:56:05 +0200 Subject: [PATCH 2/4] Remove conflicting firewall enable option --- hosts/franz/arion/dns/default.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/hosts/franz/arion/dns/default.nix b/hosts/franz/arion/dns/default.nix index ef548b2..70de270 100644 --- a/hosts/franz/arion/dns/default.nix +++ b/hosts/franz/arion/dns/default.nix @@ -7,8 +7,5 @@ # Fix containers not being able to use pihole as dns networking.resolvconf.useLocalResolver = true; - networking.firewall = { - enable = true; - allowedTCPPorts = [80 443]; - }; + networking.firewall.allowedTCPPorts = [80 443]; } From f01d6cccb9580a0f5db1e175a557ce86c241c078 Mon Sep 17 00:00:00 2001 From: GHOSCHT <31184695+GHOSCHT@users.noreply.github.com> Date: Thu, 23 May 2024 23:56:57 +0200 Subject: [PATCH 3/4] DynDNS: Update cloudflare api key --- secrets/franz.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/secrets/franz.yaml b/secrets/franz.yaml index 06b556e..4c5c5c2 100644 --- a/secrets/franz.yaml +++ b/secrets/franz.yaml @@ -36,7 +36,7 @@ matrix: postgres_user: ENC[AES256_GCM,data:S9ksmTOAbBg=,iv:q/6Oo9JhiSAqQq3ZKa0dbQGtfYAuD0oeiDLR4YwV0nk=,tag:RIc/1UVs88Jg8+4zGnW6vQ==,type:str] postgres_password: ENC[AES256_GCM,data:sKlU4HKDDNERv4LZK9/M2+kvnNht1uxQ7+pQSIZWPkk=,iv:fD98XPUMjo+eZOmE/cVOh5TFkmTY/KDCjfZcf5fSWOg=,tag:B5zsxgjvs7+czDWcCst/eg==,type:str] dyndns: - cloudflare_api_key: ENC[AES256_GCM,data:O8biURYpw+joKm5A+7E9ARKlFRcnwFaqrbLPHevOXvYTFED1NdMSGQ==,iv:Vm1DreqdaFd1owN7zci242gzpGEZqE57Yn9XAzVxXoQ=,tag:KdQtVvZCypAYIghtuM5kjw==,type:str] + cloudflare_api_key: ENC[AES256_GCM,data:UR+MUI3TiiytVh93MxlUHW/fj9pwKoxOkxMXdMedKH/mGp5UbUIubw==,iv:SRHhFjwcbWf/bIe/z6Z0vz/cXnfmn88VFoSQ+9VGDbQ=,tag:K46d/QLlGZBKT91A34FGJQ==,type:str] auth: postgres_db: ENC[AES256_GCM,data:zRDkvA5+p57YMW/J,iv:2LQ5f+uZ15rd6b+c/z9iaVrRNrtMnjj411guxzOke+c=,tag:5VgnajLXvte6FHKNM+mRsw==,type:str] postgres_user: ENC[AES256_GCM,data:Cuw3XEY419FOoguYvyQ=,iv:spERtcJschAfYKjH2W5mgcDbPM2O3GT39lCbcfSK60Y=,tag:nT2LOywbjtSIqSiyPgA2Mw==,type:str] @@ -60,8 +60,8 @@ sops: VUUxcEhvYi8zeXlCUUViUTl0eWdhcU0KXOfbnDc+zc8lnBcyEAV5EiJSjcSU6AgI EfeRw8qVqwChrYn1agslcNnDbE0WQsOCBuA6cE4V3kRofp9HU949ig== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-05-03T14:23:12Z" - mac: ENC[AES256_GCM,data:uYIv6amV4Yy9SqObBnvOLRTqNrHg9QmE3i+DaYr/CEeKvQ8diT/ia9bB6wi0aV7vN015Q7fXF+gynYUGhQ/7uYEXnXkBkKX5Ueyj0TUvlG9ztoegKVOLTlOTB16iImZRgFnlJYFJb3mtMpar9OH0ERpEl6GKXqEb+UGNecGrof0=,iv:/GBblSgWHTRKMeee1Zo/0BRiGrvgO6mmo9Wp2kY2QYY=,tag:jc1oT6qTCPno0GLQ7ADBsw==,type:str] + lastmodified: "2024-05-18T21:12:01Z" + mac: ENC[AES256_GCM,data:kBGP7V4f8d8JWdMdwPEYM1L2zZ4p6eHfwiepfLpBAr0VyhE9YOpPIdt9Tl+ky3mRyfn/DnX03ThiAKQtTrls3/lJEmJRd1dswRd+Mtls3j1QlxhorHYb8g6QvlmyepNf5j5Egqm9hNX+L3aV29mKoO42VxvfaopKduNGt1BrSFo=,iv:Uq+hQUMF+PBV5f6V9AsnxIxX0fKn84MAPEfTFtOtsus=,tag:6LtblCK7FLnhfS0dHsrcnQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 From 241dc3e053440b32e000d093722a1b7a215b1fa1 Mon Sep 17 00:00:00 2001 From: GHOSCHT <31184695+GHOSCHT@users.noreply.github.com> Date: Thu, 23 May 2024 23:57:47 +0200 Subject: [PATCH 4/4] Add basic hydra ci Add basic hydra ci --- hosts/franz/default.nix | 2 ++ hosts/franz/hydra.nix | 28 ++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+) create mode 100644 hosts/franz/hydra.nix diff --git a/hosts/franz/default.nix b/hosts/franz/default.nix index 9d9a129..8c7302e 100644 --- a/hosts/franz/default.nix +++ b/hosts/franz/default.nix @@ -25,6 +25,7 @@ in { ./sops.nix ./restic.nix ./arion + ./hydra.nix ]; # Enable ZFS @@ -32,6 +33,7 @@ in { networking.hostId = "f014fc43"; systemd.enableEmergencyMode = false; + networking.firewall.enable = true; # Prevent zfs from being automounted by fstab auto discovery & zfs fileSystems."/storage/dataset".options = ["noauto"]; diff --git a/hosts/franz/hydra.nix b/hosts/franz/hydra.nix new file mode 100644 index 0000000..1e72c15 --- /dev/null +++ b/hosts/franz/hydra.nix @@ -0,0 +1,28 @@ +{config, ...}: { + services.hydra = { + enable = true; + hydraURL = "http://localhost:3000"; # externally visible URL + notificationSender = "hydra@localhost"; # e-mail of hydra service + # a standalone hydra will require you to unset the buildMachinesFiles list to avoid using a nonexistant /etc/nix/machines + buildMachinesFiles = []; + # you will probably also want, otherwise *everything* will be built from scratch + useSubstitutes = true; + }; + nix.settings.allowed-uris = [ + "github:" + "git+https://github.com/" + "git+ssh://github.com/" + "git+https://git.ghoscht.com/" + "git+ssh://git.ghoscht.com/" + "https://git.ghoscht.com/" + ]; + networking.firewall = { + allowedTCPPorts = [config.services.hydra.port]; + }; + # nix.gc = { + # automatic = true; + # dates = "15 3 * * *"; # [1] + # }; + # + nix.autoOptimiseStore = true; +}