Merge branch 'main' of ssh://git.ghoscht.com:2222/ghoscht/nix-config
This commit is contained in:
commit
6a73e54b73
5 changed files with 35 additions and 8 deletions
|
@ -7,8 +7,5 @@
|
|||
|
||||
# Fix containers not being able to use pihole as dns
|
||||
networking.resolvconf.useLocalResolver = true;
|
||||
networking.firewall = {
|
||||
enable = true;
|
||||
allowedTCPPorts = [80 443];
|
||||
};
|
||||
networking.firewall.allowedTCPPorts = [80 443];
|
||||
}
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
|
||||
services = {
|
||||
forgejo.service = {
|
||||
image = "codeberg.org/forgejo/forgejo:7.0.1";
|
||||
image = "codeberg.org/forgejo/forgejo:7.0.3";
|
||||
container_name = "forgejo";
|
||||
useHostStore = true;
|
||||
labels = {
|
||||
|
|
|
@ -25,6 +25,7 @@ in {
|
|||
./sops.nix
|
||||
./restic.nix
|
||||
./arion
|
||||
./hydra.nix
|
||||
];
|
||||
|
||||
# Enable ZFS
|
||||
|
@ -32,6 +33,7 @@ in {
|
|||
networking.hostId = "f014fc43";
|
||||
|
||||
systemd.enableEmergencyMode = false;
|
||||
networking.firewall.enable = true;
|
||||
|
||||
# Prevent zfs from being automounted by fstab auto discovery & zfs
|
||||
fileSystems."/storage/dataset".options = ["noauto"];
|
||||
|
|
28
hosts/franz/hydra.nix
Normal file
28
hosts/franz/hydra.nix
Normal file
|
@ -0,0 +1,28 @@
|
|||
{config, ...}: {
|
||||
services.hydra = {
|
||||
enable = true;
|
||||
hydraURL = "http://localhost:3000"; # externally visible URL
|
||||
notificationSender = "hydra@localhost"; # e-mail of hydra service
|
||||
# a standalone hydra will require you to unset the buildMachinesFiles list to avoid using a nonexistant /etc/nix/machines
|
||||
buildMachinesFiles = [];
|
||||
# you will probably also want, otherwise *everything* will be built from scratch
|
||||
useSubstitutes = true;
|
||||
};
|
||||
nix.settings.allowed-uris = [
|
||||
"github:"
|
||||
"git+https://github.com/"
|
||||
"git+ssh://github.com/"
|
||||
"git+https://git.ghoscht.com/"
|
||||
"git+ssh://git.ghoscht.com/"
|
||||
"https://git.ghoscht.com/"
|
||||
];
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [config.services.hydra.port];
|
||||
};
|
||||
# nix.gc = {
|
||||
# automatic = true;
|
||||
# dates = "15 3 * * *"; # [1]
|
||||
# };
|
||||
#
|
||||
nix.autoOptimiseStore = true;
|
||||
}
|
|
@ -36,7 +36,7 @@ matrix:
|
|||
postgres_user: ENC[AES256_GCM,data:S9ksmTOAbBg=,iv:q/6Oo9JhiSAqQq3ZKa0dbQGtfYAuD0oeiDLR4YwV0nk=,tag:RIc/1UVs88Jg8+4zGnW6vQ==,type:str]
|
||||
postgres_password: ENC[AES256_GCM,data:sKlU4HKDDNERv4LZK9/M2+kvnNht1uxQ7+pQSIZWPkk=,iv:fD98XPUMjo+eZOmE/cVOh5TFkmTY/KDCjfZcf5fSWOg=,tag:B5zsxgjvs7+czDWcCst/eg==,type:str]
|
||||
dyndns:
|
||||
cloudflare_api_key: ENC[AES256_GCM,data:O8biURYpw+joKm5A+7E9ARKlFRcnwFaqrbLPHevOXvYTFED1NdMSGQ==,iv:Vm1DreqdaFd1owN7zci242gzpGEZqE57Yn9XAzVxXoQ=,tag:KdQtVvZCypAYIghtuM5kjw==,type:str]
|
||||
cloudflare_api_key: ENC[AES256_GCM,data:UR+MUI3TiiytVh93MxlUHW/fj9pwKoxOkxMXdMedKH/mGp5UbUIubw==,iv:SRHhFjwcbWf/bIe/z6Z0vz/cXnfmn88VFoSQ+9VGDbQ=,tag:K46d/QLlGZBKT91A34FGJQ==,type:str]
|
||||
auth:
|
||||
postgres_db: ENC[AES256_GCM,data:zRDkvA5+p57YMW/J,iv:2LQ5f+uZ15rd6b+c/z9iaVrRNrtMnjj411guxzOke+c=,tag:5VgnajLXvte6FHKNM+mRsw==,type:str]
|
||||
postgres_user: ENC[AES256_GCM,data:Cuw3XEY419FOoguYvyQ=,iv:spERtcJschAfYKjH2W5mgcDbPM2O3GT39lCbcfSK60Y=,tag:nT2LOywbjtSIqSiyPgA2Mw==,type:str]
|
||||
|
@ -60,8 +60,8 @@ sops:
|
|||
VUUxcEhvYi8zeXlCUUViUTl0eWdhcU0KXOfbnDc+zc8lnBcyEAV5EiJSjcSU6AgI
|
||||
EfeRw8qVqwChrYn1agslcNnDbE0WQsOCBuA6cE4V3kRofp9HU949ig==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-05-03T14:23:12Z"
|
||||
mac: ENC[AES256_GCM,data:uYIv6amV4Yy9SqObBnvOLRTqNrHg9QmE3i+DaYr/CEeKvQ8diT/ia9bB6wi0aV7vN015Q7fXF+gynYUGhQ/7uYEXnXkBkKX5Ueyj0TUvlG9ztoegKVOLTlOTB16iImZRgFnlJYFJb3mtMpar9OH0ERpEl6GKXqEb+UGNecGrof0=,iv:/GBblSgWHTRKMeee1Zo/0BRiGrvgO6mmo9Wp2kY2QYY=,tag:jc1oT6qTCPno0GLQ7ADBsw==,type:str]
|
||||
lastmodified: "2024-05-18T21:12:01Z"
|
||||
mac: ENC[AES256_GCM,data:kBGP7V4f8d8JWdMdwPEYM1L2zZ4p6eHfwiepfLpBAr0VyhE9YOpPIdt9Tl+ky3mRyfn/DnX03ThiAKQtTrls3/lJEmJRd1dswRd+Mtls3j1QlxhorHYb8g6QvlmyepNf5j5Egqm9hNX+L3aV29mKoO42VxvfaopKduNGt1BrSFo=,iv:Uq+hQUMF+PBV5f6V9AsnxIxX0fKn84MAPEfTFtOtsus=,tag:6LtblCK7FLnhfS0dHsrcnQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
Loading…
Reference in a new issue