mirror of
https://gitlab.com/upRootNutrition/dotfiles.git
synced 2025-06-16 18:15:13 -05:00
feat: forgejo test
This commit is contained in:
Nick
parent
a4a6a568d5
commit
19131015db
1 changed files with 42 additions and 35 deletions
|
|
@ -2,17 +2,15 @@
|
||||||
config,
|
config,
|
||||||
flake,
|
flake,
|
||||||
...
|
...
|
||||||
}: let
|
}:
|
||||||
inherit
|
let
|
||||||
(flake.config.people)
|
inherit (flake.config.people)
|
||||||
user0
|
user0
|
||||||
;
|
;
|
||||||
inherit
|
inherit (flake.config.people.users.${user0})
|
||||||
(flake.config.people.users.${user0})
|
|
||||||
email
|
email
|
||||||
;
|
;
|
||||||
inherit
|
inherit (flake.config.services)
|
||||||
(flake.config.services)
|
|
||||||
instances
|
instances
|
||||||
;
|
;
|
||||||
domain0 = instances.web.domains.url0;
|
domain0 = instances.web.domains.url0;
|
||||||
|
|
@ -25,7 +23,8 @@
|
||||||
directory = instances.acme.paths.path0;
|
directory = instances.acme.paths.path0;
|
||||||
environmentFile = config.sops.secrets."dns/namecheap".path;
|
environmentFile = config.sops.secrets."dns/namecheap".path;
|
||||||
};
|
};
|
||||||
in {
|
in
|
||||||
|
{
|
||||||
security.acme = {
|
security.acme = {
|
||||||
acceptTerms = true;
|
acceptTerms = true;
|
||||||
defaults = {
|
defaults = {
|
||||||
|
|
@ -33,7 +32,8 @@ in {
|
||||||
server = "https://acme-v02.api.letsencrypt.org/directory";
|
server = "https://acme-v02.api.letsencrypt.org/directory";
|
||||||
};
|
};
|
||||||
certs = builtins.listToAttrs (
|
certs = builtins.listToAttrs (
|
||||||
(map (service: {
|
(map
|
||||||
|
(service: {
|
||||||
name = "${instanceName service}.${domain0}";
|
name = "${instanceName service}.${domain0}";
|
||||||
value = dnsConfig;
|
value = dnsConfig;
|
||||||
})
|
})
|
||||||
|
|
@ -44,25 +44,31 @@ in {
|
||||||
"ollama"
|
"ollama"
|
||||||
"syncthing"
|
"syncthing"
|
||||||
"vaultwarden"
|
"vaultwarden"
|
||||||
])
|
]
|
||||||
++ (map (service: {
|
)
|
||||||
|
++ (map
|
||||||
|
(service: {
|
||||||
name = "${instanceName service}.${domain1}";
|
name = "${instanceName service}.${domain1}";
|
||||||
value = dnsConfig;
|
value = dnsConfig;
|
||||||
})
|
})
|
||||||
[
|
[
|
||||||
"nextcloud"
|
"nextcloud"
|
||||||
"forgejo"
|
|
||||||
"matrix"
|
"matrix"
|
||||||
"owncast"
|
"owncast"
|
||||||
])
|
]
|
||||||
++ (map (service: {
|
)
|
||||||
|
++ (map
|
||||||
|
(service: {
|
||||||
name = "${instanceName service}.${domain3}";
|
name = "${instanceName service}.${domain3}";
|
||||||
value = dnsConfig;
|
value = dnsConfig;
|
||||||
})
|
})
|
||||||
[
|
[
|
||||||
"peertube"
|
"peertube"
|
||||||
])
|
"forgejo"
|
||||||
++ (map (name: {
|
]
|
||||||
|
)
|
||||||
|
++ (map
|
||||||
|
(name: {
|
||||||
name = name;
|
name = name;
|
||||||
value = dnsConfig;
|
value = dnsConfig;
|
||||||
})
|
})
|
||||||
|
|
@ -70,26 +76,27 @@ in {
|
||||||
domain0
|
domain0
|
||||||
domain1
|
domain1
|
||||||
domain3
|
domain3
|
||||||
])
|
]
|
||||||
|
)
|
||||||
);
|
);
|
||||||
};
|
};
|
||||||
sops = let
|
sops =
|
||||||
sopsSecrets = [
|
let
|
||||||
"pass"
|
sopsSecrets = [
|
||||||
];
|
"pass"
|
||||||
sopsPath = secret: {
|
];
|
||||||
path = "/var/lib/secrets/${instances.acme.name}/${dns}-${secret}";
|
sopsPath = secret: {
|
||||||
owner = "root";
|
path = "/var/lib/secrets/${instances.acme.name}/${dns}-${secret}";
|
||||||
mode = "600";
|
owner = "root";
|
||||||
|
mode = "600";
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
secrets = builtins.listToAttrs (
|
||||||
|
map (secret: {
|
||||||
|
name = "dns/${dns}";
|
||||||
|
value = sopsPath secret;
|
||||||
|
}) sopsSecrets
|
||||||
|
);
|
||||||
};
|
};
|
||||||
in {
|
|
||||||
secrets = builtins.listToAttrs (
|
|
||||||
map
|
|
||||||
(secret: {
|
|
||||||
name = "dns/${dns}";
|
|
||||||
value = sopsPath secret;
|
|
||||||
})
|
|
||||||
sopsSecrets
|
|
||||||
);
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue