upRootNutrition/dotfiles
upRootNutrition/dotfiles
1
0
Fork 0
mirror of https://gitlab.com/upRootNutrition/dotfiles.git synced 2025-12-06 21:17:14 -06:00
Code Issues Projects 1 Releases Packages Wiki Activity Actions

test: forgejo microVM

Browse source
This commit is contained in:
Nick 2025-11-09 04:00:09 -06:00
parent 6d83b2b2f5
commit bb9a102fd9
3 changed files with 13 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

14
modules/nixos/services/forgejo/default.nix
View file

@ -32,11 +32,9 @@ in
services = {
forgejo = {
enable = true;
database.type = "postgres";
lfs.enable = true;
secrets = {
mailer.PASSWD = "/run/secrets/${serviceCfg.name}-smtp";
database.PASSWD = "/run/secrets/${serviceCfg.name}-database";
mailer.PASSWD = "/run/secrets/smtp";
};
dump = {
interval = "5:00";
@ -164,7 +162,7 @@ in
{
mountPoint = "/run/secrets";
proto = "virtiofs";
source = "/run/secrets";
source = "/run/secrets/${serviceCfg.name}";
tag = "host_secrets";
}
];
@ -173,7 +171,7 @@ in
};
systemd.tmpfiles.rules = [
"d ${serviceCfg.mntPaths.path0} 0755 root root -"
"d ${serviceCfg.mntPaths.path0} 0777 root root -"
];
services.caddy.virtualHosts."${host}" = {
@ -189,15 +187,13 @@ in
};
sops.secrets = {
"${serviceCfg.name}-smtp" = {
"${serviceCfg.name}/smtp" = {
owner = "root";
mode = "0600";
};
"${serviceCfg.name}-database" = {
"${serviceCfg.name}/database" = {
owner = "root";
mode = "0600";
};
};
}

6
modules/nixos/services/vaultwarden/default.nix
View file

@ -57,7 +57,7 @@ in
};
# Environment file with secrets (mounted from host)
environmentFile = "/run/secrets/${serviceCfg.name}/env";
environmentFile = "/run/secrets/env";
};
openssh = {
enable = true;
@ -140,7 +140,7 @@ in
{
mountPoint = "/run/secrets";
proto = "virtiofs";
source = "/run/secrets";
source = "/run/secrets/${serviceCfg.name}";
tag = "host_secrets";
}
];
@ -171,7 +171,7 @@ in
users.users.caddy.extraGroups = [ "acme" ];
systemd.tmpfiles.rules = [
"d ${serviceCfg.mntPaths.path0} 0755 root root -"
"d ${serviceCfg.mntPaths.path0} 0777 root root -"
];
sops.secrets = {

9
secrets/secrets.yaml
View file

@ -14,8 +14,9 @@ peertube-database: ENC[AES256_GCM,data:nm0bHwTcT+ROZc2BC9jx+tXWjZ3689rdn4fdYW+7J
peertube-redis: ENC[AES256_GCM,data:SQoPzPjgf4YN9dhvO0wo2DEra7cTgfZBx4vCBpNVSXI=,iv:mcCwYtE9E/Mb4V0j9NnU9WhaUMeBpX7BOcc8HGDiEvI=,tag:CsSiS4peZhnZ22uNtUC44w==,type:str]
peertube-root: ENC[AES256_GCM,data:BR0pmqEYYJuDqK7fstyW/hvh8V1GQXVHP24iz2eDeho500IbWaMuDxkNQyfInmIfjC3YvfsHME3S,iv:EgaLKBHYrklF+q5jBPvGKFYJosZxFFMXElTcyKU0ypQ=,tag:PztyBdK5OzeEDvQi/yqRIg==,type:str]
peertube-secret: ENC[AES256_GCM,data:Of4UsWGTXd+uzHE4XkxQOLKBbDd0sQHWQrLgxmn8C9bHgEB85ZnSqOe04IZ4chYKheuzBQ4Vg7pYfGFVBDjx8Q==,iv:cXuVrmQOEHtq7Q6+vzPXKdiuYjLx9hjsd3bCHpBQBqw=,tag:xL8us1XLJsdON/O+BG+xpQ==,type:str]
forgejo-database: ENC[AES256_GCM,data:Stnd+vsoBDK0eLmfgaNaSdO6qY0vF1d0WgrAw1U451I=,iv:7CHPXUPXkTXP0GVqHPK3KavysbSOKuUhJ5EoeAh5Mp4=,tag:iqASITas49wrqCRN8TjLIQ==,type:str]
forgejo-smtp: ENC[AES256_GCM,data:oCLcZWPHqEOZxrg7YHG9tdE5uNNkv68AEEWVzE1d/1U=,iv:vy30yl6R5zoL1PGwgd8fYPer2hqMi2ynQ8ErnPzZ7dU=,tag:YmqlOXksx2YBcITGeeWDWA==,type:str]
forgejo:
database: ENC[AES256_GCM,data:KhwJNJdICaZpnouDecDQM/ShL60nzqzPuyTCO7reilJc,iv:LQord5Bkfhuq/13DqEk51EB+qtunWpJ+g5fFXbhXV90=,tag:TG/fsyXerdy+MEnsjBbuBg==,type:str]
smtp: ENC[AES256_GCM,data:rL1loo/yKrIPmZVpa6S8ka9lX2bwkgCNYRCZ1Np07ANp,iv:Si2sqBNlVQzi8rlfp8WQFUoyu4xJGfPYc9N6V6jrry4=,tag:SdPIRaiiIaHe1DnOxp1Y0Q==,type:str]
discord-token: ENC[AES256_GCM,data:KnG6hy6X4WmOyHm7B/P0wfp99zZMWd/T+qnwx2z0QvgAtJSswG+5r1YQug8G8xbCF2gV1YfKIqcklNhnwW9x/JW4+IWN3Kib,iv:Rmeh5PKvl0DZJbZ+8xXpLRZZmZJw900b1LkHP7ldM0U=,tag:CgEMcuFpWpL/oAW3Ozc7Ww==,type:str]
minecraft-pass: ENC[AES256_GCM,data:0natV6dEpItFp5zsUKqgVMZLLmqRLBEf,iv:Bc7RTXnpdec0wn25Rb7SkVTf5BjXzq3YCXcjwrC7V9k=,tag:Og5qN94G6pHdpIk6YDg1ZA==,type:str]
vaultwarden:
@ -60,7 +61,7 @@ sops:
bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD
aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-08T20:52:41Z"
mac: ENC[AES256_GCM,data:Hh8TQJH8MGbTFYbWiMfiAorvf4X7mN6Nnmm1lgGnahE5ZSMTZloIIWguDplroWTdgpLHtfSntbVzWozFL1PvGtcwUSEpfuGZ5HEDsBehPrdQ3MfulA7ClhBkx4GrJDmNoJSJlOpaSvA5R4Iwl/xO5+udHSB3DPleP/TZZndk4Ho=,iv:QNgZvvdYL/z9kVGRWoMJhBGSJi3gEBa8fBZeTnmGbrg=,tag:7muXvZcekqRnN8DSVxU2fw==,type:str]
lastmodified: "2025-11-09T09:28:13Z"
mac: ENC[AES256_GCM,data:JRE3egK93AnFH+d7MJIZ9a0URE2BV/BJIdfbAWZqdfhicOVYb3zg3iJ2EhLIQ2Nm6UnqZe/t27bveQ222orZ3XmD0K8afS+dakEhGy+TcdBuehUiKQ4WNn8cVmahBWc7cy/WaTY4l9L9YzD5N5v7gJgpPknMpdr6qyyzf+i1vj8=,iv:BVunX3YbWzxqPAScme/5RFka7Lyi6gjZ5miSky61kss=,tag:7ont6bHzZuAxHvctsnUN8A==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0