Compare commits
86 Commits
nextcloud_
...
83de212561
| Author | SHA1 | Date | |
|---|---|---|---|
| 83de212561 | |||
| 024d48a15e | |||
| 2e8db8d1bb | |||
| 9968512975 | |||
| ca53a08e35 | |||
| e582dd2bfe | |||
| 394c0610ce | |||
| 6dee590206 | |||
| b6cd2b57f8 | |||
c80628a1a9
|
|||
|
8cd2eafaa5
|
|||
|
ed19426eb7
|
|||
| 7ff64a5c16 | |||
| 1e540bb39c | |||
| d7278d18dd | |||
| e32ee42ed1 | |||
| 696f1aeb90 | |||
| f385b0318b | |||
| 83c11bb06e | |||
| cd5db6a616 | |||
| e32e4d7774 | |||
| c3474f9c27 | |||
| e021f46b4d | |||
| ff340d69fb | |||
| 56c1ae5332 | |||
| bbf8decea1 | |||
| a1bfa0120c | |||
|
344eeb437b | ||
| d5767508ef | |||
| a07b8ffd68 | |||
| 9d7ab9f901 | |||
| a55b498eaa | |||
|
8afc42d46f
|
|||
|
e32c1f31bc
|
|||
| 66a0433148 | |||
| 04ee3105c1 | |||
| 5a35febf77 | |||
| 5403d97506 | |||
| dabda0ccb9 | |||
| f6dc3d46e9 | |||
| 79fef44bcf | |||
|
6182318a29
|
|||
| 5a517d57fb | |||
|
329305a916
|
|||
| f28125c9a4 | |||
| e46c6bef00 | |||
| 6661357f05 | |||
| b012b89a48 | |||
| 4d101aee29 | |||
| 93fb64b2c6 | |||
| a92336fb30 | |||
|
a90960d7a1
|
|||
|
c73ffe95c5
|
|||
| 7464e0b710 | |||
| 5a12803694 | |||
|
73cc0e3674
|
|||
| 0347fa68c7 | |||
| f0e1f07c3e | |||
| b4d199d00c | |||
| bec232a023 | |||
| 62c92821b4 | |||
| 5517d3b136 | |||
| db9dec5c79 | |||
| 55825fb4b7 | |||
| 2d9e65442e | |||
| 4f6acde34b | |||
| 4be95a53ca | |||
| eb1ec22605 | |||
| cb5e68ef16 | |||
| 058942aa6f | |||
| 449c23eb87 | |||
| f0b9142562 | |||
| 6350e41131 | |||
| 6e144925b2 | |||
| 649249a162 | |||
| 087a8a6220 | |||
| 2fda92f712 | |||
| 6e6448eeca | |||
| 530c0cc5f3 | |||
| 633b2f4dc7 | |||
| af9253b91c | |||
| a2f8d84d96 | |||
| 9899889924 | |||
| b3e93349d1 | |||
| f7d00246e8 | |||
| a79afe7dea |
110
.gitea/workflows/autoupdate.yml
Normal file
110
.gitea/workflows/autoupdate.yml
Normal file
@@ -0,0 +1,110 @@
|
||||
name: Weekly Flake Update
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: "0 0 * * 4"
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: write
|
||||
|
||||
jobs:
|
||||
update_and_check_flake:
|
||||
runs-on: ubuntu-latest
|
||||
env:
|
||||
NIXPKGS_ALLOW_UNFREE: 1
|
||||
steps:
|
||||
- name: Install sudo
|
||||
run: |
|
||||
apt-get update
|
||||
apt-get install -y sudo
|
||||
- name: Install Tea
|
||||
env:
|
||||
TEA_DL_URL: "https://dl.gitea.com/tea/0.9.2/tea-0.9.2-linux-amd64"
|
||||
shell: bash
|
||||
run: |
|
||||
TEA_DIR=$(mktemp -d -t tmp.XXXX)
|
||||
pushd $TEA_DIR
|
||||
wget "$TEA_DL_URL"
|
||||
wget "${TEA_DL_URL}.sha256"
|
||||
if $(sha256sum --quiet -c "tea-0.9.2-linux-amd64.sha256"); then
|
||||
mv "tea-0.9.2-linux-amd64" /usr/bin/tea
|
||||
chmod +x /usr/bin/tea
|
||||
popd
|
||||
rm -rf $TEA_DIR
|
||||
else
|
||||
popd
|
||||
rm -rf $TEA_DIR
|
||||
echo "::error title=⛔ error hint::Tea v0.9.2 Checksum Failed"
|
||||
exit 1
|
||||
fi
|
||||
- uses: https://code.forgejo.org/actions/checkout@v6
|
||||
- name: Set up Nix
|
||||
uses: https://github.com/cachix/install-nix-action@v31
|
||||
with:
|
||||
github_access_token: ${{ secrets.AHTLONS_GITHUB_TOKEN }} #Fuck github
|
||||
|
||||
- name: Run nix flake update
|
||||
run: nix flake update
|
||||
|
||||
- name: Commit flake.lock
|
||||
run: |
|
||||
git config user.name "malobot"
|
||||
git config user.email "malobot@systemli.org"
|
||||
git stash push
|
||||
git branch nixpkgs_bump_$(date +%Y%m%d)
|
||||
git checkout nixpkgs_bump_$(date +%Y%m%d)
|
||||
git stash pop
|
||||
git add flake.lock
|
||||
git diff --staged --quiet || git commit -m "Update flake.lock"
|
||||
|
||||
- name: Check for eval warnings
|
||||
id: commit
|
||||
shell: bash
|
||||
run: |
|
||||
{
|
||||
echo "COMMIT_DESC<<EOF"
|
||||
echo "Date: $(date)"
|
||||
echo "Evaluation warnings:"
|
||||
nix flake check --all-systems --no-build 2>&1 | grep evaluation | awk '!seen[$0]++' || echo "None :)"
|
||||
echo EOF
|
||||
} >> "$GITHUB_OUTPUT"
|
||||
|
||||
|
||||
- name: Login to Gitea
|
||||
shell: bash
|
||||
env:
|
||||
GIT_SERVER_URL: https://git.dynamicdiscord.de
|
||||
GIT_SERVER_TOKEN: ${{ secrets.AHTLONS_GITEA_TOKEN }}
|
||||
run: >-
|
||||
tea login add
|
||||
-u "$GIT_SERVER_URL"
|
||||
-t "$GIT_SERVER_TOKEN"
|
||||
- name: Check for existing pull request
|
||||
id: no-pr
|
||||
continue-on-error: true
|
||||
shell: bash
|
||||
run: >-
|
||||
tea pr -f head -o simple |
|
||||
grep -q ${{ github.ref_name }} &&
|
||||
exit 1 ||
|
||||
exit 0
|
||||
- name: Force push branch
|
||||
run: git push --force -u origin nixpkgs_bump_$(date +%Y%m%d)
|
||||
- name: Create pull request
|
||||
if: steps.no-pr.outcome == 'success'
|
||||
env:
|
||||
COMMIT_MSG: Automatic Nixpkgs update
|
||||
COMMIT_DESC: ${{ steps.commit.outputs.COMMIT_DESC }}
|
||||
shell: bash
|
||||
run: >-
|
||||
tea pr create
|
||||
-L "bump"
|
||||
-t "$COMMIT_MSG"
|
||||
-d "$COMMIT_DESC"
|
||||
- name: Skip pull request
|
||||
if: steps.no-pr.outcome == 'failure'
|
||||
shell: bash
|
||||
run: >
|
||||
echo "::error title=⛔ error hint::
|
||||
A PR already exists for this branch: ${{ github.ref_name }}"
|
||||
29
.gitea/workflows/comment-diff.yml
Normal file
29
.gitea/workflows/comment-diff.yml
Normal file
@@ -0,0 +1,29 @@
|
||||
name: Weekly Flake Update
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
types:
|
||||
- opened
|
||||
- synchronize
|
||||
|
||||
permissions:
|
||||
contents: write
|
||||
|
||||
jobs:
|
||||
Explore-Gitea-Actions:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event."
|
||||
- run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by Gitea!"
|
||||
- run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}."
|
||||
- name: Check out repository code
|
||||
uses: actions/checkout@v3
|
||||
- run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner."
|
||||
- run: echo "🖥️ The workflow is now ready to test your code on the runner."
|
||||
- name: List files in the repository
|
||||
run: |
|
||||
ls ${{ github.workspace }}
|
||||
- run: echo "🍏 This job's status is ${{ job.status }}."
|
||||
- run: echo "Cat HEAD= $(cat .git/HEAD)"
|
||||
- run: echo "Git parse HEAD= $(git rev-parse --abbrev-ref HEAD)"
|
||||
|
||||
75
.hydra/declarative-jobsets.nix
Normal file
75
.hydra/declarative-jobsets.nix
Normal file
@@ -0,0 +1,75 @@
|
||||
{ nixpkgs, pulls, ... }:
|
||||
|
||||
let
|
||||
pkgs = import nixpkgs { };
|
||||
|
||||
prs = builtins.fromJSON (builtins.readFile pulls);
|
||||
prJobsets = pkgs.lib.mapAttrs (num: info: {
|
||||
enabled = 1;
|
||||
hidden = false;
|
||||
description = "PR ${num}: ${info.title}";
|
||||
checkinterval = 300;
|
||||
schedulingshares = 20;
|
||||
enableemail = false;
|
||||
emailoverride = "";
|
||||
keepnr = 1;
|
||||
type = 1;
|
||||
flake = "${info.head.repo.html_url}/archive/${info.head.ref}.tar.gz";
|
||||
inputs = {
|
||||
gitea_repo_name = {
|
||||
type = "string";
|
||||
value = "${info.head.repo.name}";
|
||||
emailresponsible = false;
|
||||
};
|
||||
gitea_repo_owner = {
|
||||
type = "string";
|
||||
value = "${info.head.repo.owner.username}";
|
||||
emailresponsible = false;
|
||||
};
|
||||
gitea_http_url = {
|
||||
type = "string";
|
||||
value = "https://git.dynamicdiscord.de";
|
||||
emailresponsible = false;
|
||||
};
|
||||
gitea_status_repo = {
|
||||
type = "string";
|
||||
value = "${info.head.ref}";
|
||||
emailresponsible = false;
|
||||
};
|
||||
};
|
||||
}) prs;
|
||||
mkFlakeJobset = branch: {
|
||||
description = "Build ${branch} branch of the Malobeo Infrastructure repo";
|
||||
checkinterval = 300;
|
||||
enabled = "1";
|
||||
schedulingshares = 100;
|
||||
enableemail = false;
|
||||
emailoverride = "";
|
||||
keepnr = 3;
|
||||
hidden = false;
|
||||
type = 1;
|
||||
flake = "https://git.dynamicdiscord.de/malobeo/infrastructure/archive/${branch}.tar.gz";
|
||||
};
|
||||
|
||||
desc = prJobsets // {
|
||||
"master" = mkFlakeJobset "master";
|
||||
};
|
||||
|
||||
log = {
|
||||
pulls = prs;
|
||||
jobsets = desc;
|
||||
};
|
||||
|
||||
in
|
||||
{
|
||||
jobsets = pkgs.runCommand "spec-jobsets.json" { } ''
|
||||
cat >$out <<'EOF'
|
||||
${builtins.toJSON desc}
|
||||
EOF
|
||||
# This is to get nice .jobsets build logs on Hydra
|
||||
cat >tmp <<'EOF'
|
||||
${builtins.toJSON log}
|
||||
EOF
|
||||
${pkgs.jq}/bin/jq . tmp
|
||||
'';
|
||||
}
|
||||
30
.hydra/spec.json
Normal file
30
.hydra/spec.json
Normal file
@@ -0,0 +1,30 @@
|
||||
{
|
||||
"enabled": 1,
|
||||
"hidden": false,
|
||||
"description": "Malobeo infrastructure repo",
|
||||
"nixexprinput": "nixexpr",
|
||||
"nixexprpath": ".hydra/declarative-jobsets.nix",
|
||||
"checkinterval": 60,
|
||||
"schedulingshares": 100,
|
||||
"enableemail": false,
|
||||
"emailoverride": "",
|
||||
"keepnr": 5,
|
||||
"type": 0,
|
||||
"inputs": {
|
||||
"nixexpr": {
|
||||
"value": "https://git.dynamicdiscord.de/ahtlon/infrastructure master",
|
||||
"type": "git",
|
||||
"emailresponsible": false
|
||||
},
|
||||
"nixpkgs": {
|
||||
"value": "https://github.com/NixOS/nixpkgs nixos-25.11",
|
||||
"type": "git",
|
||||
"emailresponsible": false
|
||||
},
|
||||
"pulls": {
|
||||
"type": "path",
|
||||
"value": "http://127.0.0.1:27364/gitea-pulls-sorted.json",
|
||||
"emailresponsible": false
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -12,6 +12,7 @@
|
||||
- [musik](./projekte/musik.md)
|
||||
- [TODO](./todo.md)
|
||||
- [Modules]()
|
||||
- [Gitea-translator](./module/gitea-translator.md)
|
||||
- [Initrd-ssh](./module/initssh.md)
|
||||
- [Disks](./module/disks.md)
|
||||
- [How-to]()
|
||||
|
||||
21
doc/src/module/gitea-translator.md
Normal file
21
doc/src/module/gitea-translator.md
Normal file
@@ -0,0 +1,21 @@
|
||||
# Gitea-tanslator
|
||||
The module can be used by importing `inputs.self.nixosModules.malobeo.gitea-translator`
|
||||
|
||||
This module starts a python server that fetches the gitea pull request api and translates it to a file that hydra understands.
|
||||
To use, just set the parameters of the gitea server, then send a GET request to either `http://${host}:${port}/` or `http://${host}:${port}/gitea-pulls-sorted.json`
|
||||
|
||||
## Module config
|
||||
##### enable (default = false) - enables the module
|
||||
##### baseurl (default = "git.dynamicdiscord.de") - Base URL of the Gitea instance
|
||||
##### owner (default = "malobeo") - Repository owner
|
||||
##### repo (default = "infrastructure") - Repository name
|
||||
##### host (default = "127.0.0.1") - Address the server binds to
|
||||
##### port (default = 27364) - Port the server listens on
|
||||
|
||||
## Hydra config
|
||||
If you change the default port or host, the file `.hydra/spec.json` has to be modified accordingly.
|
||||
With the module running on the hydra host, create a new hydra project, then:
|
||||
|
||||
- Set `Declarative spec file` to `.hydra/spec.json`
|
||||
- Change declaritive input type to `Git checkout`
|
||||
- Set your git repo location in the field below that
|
||||
350
dont merge this/gitea2.json
Normal file
350
dont merge this/gitea2.json
Normal file
@@ -0,0 +1,350 @@
|
||||
{
|
||||
"allow_maintainer_edit": false,
|
||||
"assignee": null,
|
||||
"assignees": null,
|
||||
"base": {
|
||||
"label": "master",
|
||||
"ref": "master",
|
||||
"repo": {
|
||||
"allow_fast_forward_only_merge": false,
|
||||
"allow_manual_merge": false,
|
||||
"allow_merge_commits": true,
|
||||
"allow_rebase": true,
|
||||
"allow_rebase_explicit": true,
|
||||
"allow_rebase_update": true,
|
||||
"allow_squash_merge": true,
|
||||
"archived": false,
|
||||
"archived_at": "1970-01-01T01:00:00+01:00",
|
||||
"autodetect_manual_merge": false,
|
||||
"avatar_url": "",
|
||||
"clone_url": "https://git.dynamicdiscord.de/ahtlon/infrastructure.git",
|
||||
"created_at": "2024-10-24T19:38:14+02:00",
|
||||
"default_allow_maintainer_edit": false,
|
||||
"default_branch": "master",
|
||||
"default_delete_branch_after_merge": false,
|
||||
"default_merge_style": "merge",
|
||||
"description": "",
|
||||
"empty": false,
|
||||
"fork": true,
|
||||
"forks_count": 0,
|
||||
"full_name": "ahtlon/infrastructure",
|
||||
"has_actions": true,
|
||||
"has_code": true,
|
||||
"has_issues": false,
|
||||
"has_packages": false,
|
||||
"has_projects": false,
|
||||
"has_pull_requests": true,
|
||||
"has_releases": false,
|
||||
"has_wiki": false,
|
||||
"html_url": "https://git.dynamicdiscord.de/ahtlon/infrastructure",
|
||||
"id": 29,
|
||||
"ignore_whitespace_conflicts": false,
|
||||
"internal": false,
|
||||
"language": "",
|
||||
"languages_url": "https://git.dynamicdiscord.de/api/v1/repos/ahtlon/infrastructure/languages",
|
||||
"licenses": [],
|
||||
"link": "",
|
||||
"mirror": false,
|
||||
"mirror_interval": "",
|
||||
"mirror_updated": "0001-01-01T00:00:00Z",
|
||||
"name": "infrastructure",
|
||||
"object_format_name": "sha1",
|
||||
"open_issues_count": 0,
|
||||
"open_pr_counter": 5,
|
||||
"original_url": "",
|
||||
"owner": {
|
||||
"active": false,
|
||||
"avatar_url": "https://git.dynamicdiscord.de/avatars/7399d018a0bcee0f2da113bdeeafec029316d8e8ce774b829de4125b026c0599",
|
||||
"created": "2024-10-23T17:19:18+02:00",
|
||||
"description": "",
|
||||
"email": "ahtlon@noreply.git.dynamicdiscord.de",
|
||||
"followers_count": 0,
|
||||
"following_count": 0,
|
||||
"full_name": "",
|
||||
"html_url": "https://git.dynamicdiscord.de/ahtlon",
|
||||
"id": 8,
|
||||
"is_admin": false,
|
||||
"language": "",
|
||||
"last_login": "0001-01-01T00:00:00Z",
|
||||
"location": "",
|
||||
"login": "ahtlon",
|
||||
"login_name": "",
|
||||
"prohibit_login": false,
|
||||
"restricted": false,
|
||||
"source_id": 0,
|
||||
"starred_repos_count": 0,
|
||||
"username": "ahtlon",
|
||||
"visibility": "public",
|
||||
"website": ""
|
||||
},
|
||||
"parent": {
|
||||
"allow_fast_forward_only_merge": false,
|
||||
"allow_manual_merge": false,
|
||||
"allow_merge_commits": true,
|
||||
"allow_rebase": true,
|
||||
"allow_rebase_explicit": true,
|
||||
"allow_rebase_update": true,
|
||||
"allow_squash_merge": true,
|
||||
"archived": false,
|
||||
"archived_at": "1970-01-01T01:00:00+01:00",
|
||||
"autodetect_manual_merge": false,
|
||||
"avatar_url": "",
|
||||
"clone_url": "https://git.dynamicdiscord.de/malobeo/infrastructure.git",
|
||||
"created_at": "2022-10-04T18:35:43+02:00",
|
||||
"default_allow_maintainer_edit": false,
|
||||
"default_branch": "master",
|
||||
"default_delete_branch_after_merge": false,
|
||||
"default_merge_style": "merge",
|
||||
"description": "",
|
||||
"empty": false,
|
||||
"fork": false,
|
||||
"forks_count": 1,
|
||||
"full_name": "malobeo/infrastructure",
|
||||
"has_actions": true,
|
||||
"has_code": true,
|
||||
"has_issues": true,
|
||||
"has_packages": false,
|
||||
"has_projects": true,
|
||||
"has_pull_requests": true,
|
||||
"has_releases": true,
|
||||
"has_wiki": true,
|
||||
"html_url": "https://git.dynamicdiscord.de/malobeo/infrastructure",
|
||||
"id": 15,
|
||||
"ignore_whitespace_conflicts": false,
|
||||
"internal": false,
|
||||
"internal_tracker": {
|
||||
"allow_only_contributors_to_track_time": true,
|
||||
"enable_issue_dependencies": true,
|
||||
"enable_time_tracker": true
|
||||
},
|
||||
"language": "",
|
||||
"languages_url": "https://git.dynamicdiscord.de/api/v1/repos/malobeo/infrastructure/languages",
|
||||
"licenses": [],
|
||||
"link": "",
|
||||
"mirror": false,
|
||||
"mirror_interval": "",
|
||||
"mirror_updated": "0001-01-01T00:00:00Z",
|
||||
"name": "infrastructure",
|
||||
"object_format_name": "sha1",
|
||||
"open_issues_count": 40,
|
||||
"open_pr_counter": 4,
|
||||
"original_url": "",
|
||||
"owner": {
|
||||
"active": false,
|
||||
"avatar_url": "https://git.dynamicdiscord.de/avatars/9ea8af20ca015cb078b2971cd4e91e6d",
|
||||
"created": "2023-03-29T17:26:16+02:00",
|
||||
"description": "",
|
||||
"email": "",
|
||||
"followers_count": 0,
|
||||
"following_count": 0,
|
||||
"full_name": "",
|
||||
"html_url": "https://git.dynamicdiscord.de/malobeo",
|
||||
"id": 7,
|
||||
"is_admin": false,
|
||||
"language": "",
|
||||
"last_login": "0001-01-01T00:00:00Z",
|
||||
"location": "",
|
||||
"login": "malobeo",
|
||||
"login_name": "",
|
||||
"prohibit_login": false,
|
||||
"restricted": false,
|
||||
"source_id": 0,
|
||||
"starred_repos_count": 0,
|
||||
"username": "malobeo",
|
||||
"visibility": "public",
|
||||
"website": ""
|
||||
},
|
||||
"permissions": {
|
||||
"admin": false,
|
||||
"pull": true,
|
||||
"push": false
|
||||
},
|
||||
"private": false,
|
||||
"projects_mode": "",
|
||||
"release_counter": 0,
|
||||
"size": 2878,
|
||||
"ssh_url": "ssh://gitea@git.dynamicdiscord.de:23428/malobeo/infrastructure.git",
|
||||
"stars_count": 1,
|
||||
"template": false,
|
||||
"topics": [],
|
||||
"updated_at": "2026-03-12T01:11:13+01:00",
|
||||
"url": "https://git.dynamicdiscord.de/api/v1/repos/malobeo/infrastructure",
|
||||
"watchers_count": 2,
|
||||
"website": ""
|
||||
},
|
||||
"permissions": {
|
||||
"admin": false,
|
||||
"pull": true,
|
||||
"push": false
|
||||
},
|
||||
"private": false,
|
||||
"projects_mode": "all",
|
||||
"release_counter": 0,
|
||||
"size": 14507,
|
||||
"ssh_url": "ssh://gitea@git.dynamicdiscord.de:23428/ahtlon/infrastructure.git",
|
||||
"stars_count": 0,
|
||||
"template": false,
|
||||
"topics": [],
|
||||
"updated_at": "2026-03-12T01:05:43+01:00",
|
||||
"url": "https://git.dynamicdiscord.de/api/v1/repos/ahtlon/infrastructure",
|
||||
"watchers_count": 1,
|
||||
"website": ""
|
||||
},
|
||||
"repo_id": 29,
|
||||
"sha": "dacdb2214ea6ff645c444ce0eaab68c317f0a616"
|
||||
},
|
||||
"body": "",
|
||||
"closed_at": null,
|
||||
"comments": 0,
|
||||
"created_at": "2026-03-11T17:29:55+01:00",
|
||||
"diff_url": "https://git.dynamicdiscord.de/ahtlon/infrastructure/pulls/8.diff",
|
||||
"draft": false,
|
||||
"due_date": null,
|
||||
"head": {
|
||||
"label": "nixpkgs_bump_20260305",
|
||||
"ref": "nixpkgs_bump_20260305",
|
||||
"repo": {
|
||||
"allow_fast_forward_only_merge": false,
|
||||
"allow_manual_merge": false,
|
||||
"allow_merge_commits": true,
|
||||
"allow_rebase": true,
|
||||
"allow_rebase_explicit": true,
|
||||
"allow_rebase_update": true,
|
||||
"allow_squash_merge": true,
|
||||
"archived": false,
|
||||
"archived_at": "1970-01-01T01:00:00+01:00",
|
||||
"autodetect_manual_merge": false,
|
||||
"avatar_url": "",
|
||||
"clone_url": "https://git.dynamicdiscord.de/malobeo/infrastructure.git",
|
||||
"created_at": "2022-10-04T18:35:43+02:00",
|
||||
"default_allow_maintainer_edit": false,
|
||||
"default_branch": "master",
|
||||
"default_delete_branch_after_merge": false,
|
||||
"default_merge_style": "merge",
|
||||
"description": "",
|
||||
"empty": false,
|
||||
"fork": false,
|
||||
"forks_count": 1,
|
||||
"full_name": "malobeo/infrastructure",
|
||||
"has_actions": true,
|
||||
"has_code": true,
|
||||
"has_issues": true,
|
||||
"has_packages": false,
|
||||
"has_projects": true,
|
||||
"has_pull_requests": true,
|
||||
"has_releases": true,
|
||||
"has_wiki": true,
|
||||
"html_url": "https://git.dynamicdiscord.de/malobeo/infrastructure",
|
||||
"id": 15,
|
||||
"ignore_whitespace_conflicts": false,
|
||||
"internal": false,
|
||||
"internal_tracker": {
|
||||
"allow_only_contributors_to_track_time": true,
|
||||
"enable_issue_dependencies": true,
|
||||
"enable_time_tracker": true
|
||||
},
|
||||
"language": "",
|
||||
"languages_url": "https://git.dynamicdiscord.de/api/v1/repos/malobeo/infrastructure/languages",
|
||||
"licenses": [],
|
||||
"link": "",
|
||||
"mirror": false,
|
||||
"mirror_interval": "",
|
||||
"mirror_updated": "0001-01-01T00:00:00Z",
|
||||
"name": "infrastructure",
|
||||
"object_format_name": "sha1",
|
||||
"open_issues_count": 40,
|
||||
"open_pr_counter": 4,
|
||||
"original_url": "",
|
||||
"owner": {
|
||||
"active": false,
|
||||
"avatar_url": "https://git.dynamicdiscord.de/avatars/9ea8af20ca015cb078b2971cd4e91e6d",
|
||||
"created": "2023-03-29T17:26:16+02:00",
|
||||
"description": "",
|
||||
"email": "",
|
||||
"followers_count": 0,
|
||||
"following_count": 0,
|
||||
"full_name": "",
|
||||
"html_url": "https://git.dynamicdiscord.de/malobeo",
|
||||
"id": 7,
|
||||
"is_admin": false,
|
||||
"language": "",
|
||||
"last_login": "0001-01-01T00:00:00Z",
|
||||
"location": "",
|
||||
"login": "malobeo",
|
||||
"login_name": "",
|
||||
"prohibit_login": false,
|
||||
"restricted": false,
|
||||
"source_id": 0,
|
||||
"starred_repos_count": 0,
|
||||
"username": "malobeo",
|
||||
"visibility": "public",
|
||||
"website": ""
|
||||
},
|
||||
"permissions": {
|
||||
"admin": false,
|
||||
"pull": true,
|
||||
"push": false
|
||||
},
|
||||
"private": false,
|
||||
"projects_mode": "",
|
||||
"release_counter": 0,
|
||||
"size": 2878,
|
||||
"ssh_url": "ssh://gitea@git.dynamicdiscord.de:23428/malobeo/infrastructure.git",
|
||||
"stars_count": 1,
|
||||
"template": false,
|
||||
"topics": [],
|
||||
"updated_at": "2026-03-12T01:11:13+01:00",
|
||||
"url": "https://git.dynamicdiscord.de/api/v1/repos/malobeo/infrastructure",
|
||||
"watchers_count": 2,
|
||||
"website": ""
|
||||
},
|
||||
"repo_id": 15,
|
||||
"sha": "7c66a24563d0e95c292aafeaa08056effc6152d9"
|
||||
},
|
||||
"html_url": "https://git.dynamicdiscord.de/ahtlon/infrastructure/pulls/8",
|
||||
"id": 66,
|
||||
"is_locked": false,
|
||||
"labels": [],
|
||||
"merge_base": "344eeb437b0aa29baee1227e48878f987e21e296",
|
||||
"merge_commit_sha": null,
|
||||
"mergeable": true,
|
||||
"merged": false,
|
||||
"merged_at": null,
|
||||
"merged_by": null,
|
||||
"milestone": null,
|
||||
"number": 8,
|
||||
"patch_url": "https://git.dynamicdiscord.de/ahtlon/infrastructure/pulls/8.patch",
|
||||
"pin_order": 0,
|
||||
"requested_reviewers": null,
|
||||
"requested_reviewers_teams": null,
|
||||
"state": "open",
|
||||
"target_repo_url": "https://git.dynamicdiscord.de/ahtlon/infrastructure.git",
|
||||
"title": "Update flake.lock",
|
||||
"updated_at": "2026-03-11T17:29:55+01:00",
|
||||
"url": "https://git.dynamicdiscord.de/ahtlon/infrastructure/pulls/8",
|
||||
"user": {
|
||||
"active": false,
|
||||
"avatar_url": "https://git.dynamicdiscord.de/avatars/7399d018a0bcee0f2da113bdeeafec029316d8e8ce774b829de4125b026c0599",
|
||||
"created": "2024-10-23T17:19:18+02:00",
|
||||
"description": "",
|
||||
"email": "ahtlon@noreply.git.dynamicdiscord.de",
|
||||
"followers_count": 0,
|
||||
"following_count": 0,
|
||||
"full_name": "",
|
||||
"html_url": "https://git.dynamicdiscord.de/ahtlon",
|
||||
"id": 8,
|
||||
"is_admin": false,
|
||||
"language": "",
|
||||
"last_login": "0001-01-01T00:00:00Z",
|
||||
"location": "",
|
||||
"login": "ahtlon",
|
||||
"login_name": "",
|
||||
"prohibit_login": false,
|
||||
"restricted": false,
|
||||
"source_id": 0,
|
||||
"starred_repos_count": 0,
|
||||
"username": "ahtlon",
|
||||
"visibility": "public",
|
||||
"website": ""
|
||||
}
|
||||
}
|
||||
1668
dont merge this/gitea_out.json
Normal file
1668
dont merge this/gitea_out.json
Normal file
File diff suppressed because it is too large
Load Diff
1888
dont merge this/gitlab-pulls-sorted.json
Normal file
1888
dont merge this/gitlab-pulls-sorted.json
Normal file
File diff suppressed because it is too large
Load Diff
1864
dont merge this/pretty_gl_api_out.json
Normal file
1864
dont merge this/pretty_gl_api_out.json
Normal file
File diff suppressed because it is too large
Load Diff
1
dont merge this/raw_gl_api_out.txt
Normal file
1
dont merge this/raw_gl_api_out.txt
Normal file
File diff suppressed because one or more lines are too long
117
flake.lock
generated
117
flake.lock
generated
@@ -7,11 +7,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1746728054,
|
||||
"narHash": "sha256-eDoSOhxGEm2PykZFa/x9QG5eTH0MJdiJ9aR00VAofXE=",
|
||||
"lastModified": 1768920986,
|
||||
"narHash": "sha256-CNzzBsRhq7gg4BMBuTDObiWDH/rFYHEuDRVOwCcwXw4=",
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"rev": "ff442f5d1425feb86344c028298548024f21256d",
|
||||
"rev": "de5708739256238fb912c62f03988815db89ec9a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -21,6 +21,27 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"dns": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1768143854,
|
||||
"narHash": "sha256-E5/kyPz4zAZn/lZdvqlF83jMgCWNxmqYjjWuadngCbk=",
|
||||
"owner": "kirelagin",
|
||||
"repo": "dns.nix",
|
||||
"rev": "a97cf4156e9f044fe4bed5be531061000dfabb07",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "kirelagin",
|
||||
"repo": "dns.nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"ep3-bs": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
@@ -43,15 +64,12 @@
|
||||
}
|
||||
},
|
||||
"flake-utils": {
|
||||
"inputs": {
|
||||
"systems": "systems_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1731533236,
|
||||
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
|
||||
"lastModified": 1614513358,
|
||||
"narHash": "sha256-LakhOx3S1dRjnh0b5Dg3mbZyH0ToC9I8Y2wKSkBaTzU=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
|
||||
"rev": "5466c5bbece17adaab2d82fae80b46e807611bf3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -67,11 +85,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1748226808,
|
||||
"narHash": "sha256-GaBRgxjWO1bAQa8P2+FDxG4ANBVhjnSjBms096qQdxo=",
|
||||
"lastModified": 1763992789,
|
||||
"narHash": "sha256-WHkdBlw6oyxXIra/vQPYLtqY+3G8dUVZM8bEXk0t8x4=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "83665c39fa688bd6a1f7c43cf7997a70f6a109f9",
|
||||
"rev": "44831a7eaba4360fb81f2acc5ea6de5fde90aaa3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -102,18 +120,17 @@
|
||||
},
|
||||
"microvm": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"spectrum": "spectrum"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1748260747,
|
||||
"narHash": "sha256-V3ONd70wm55JxcUa1rE0JU3zD+Cz7KK/iSVhRD7lq68=",
|
||||
"lastModified": 1773018425,
|
||||
"narHash": "sha256-fpgZBmZpKoEXEowBK/6m8g9FcOLWQ4UxhXHqCw2CpSM=",
|
||||
"owner": "astro",
|
||||
"repo": "microvm.nix",
|
||||
"rev": "b6c5dfc2a1c7614c94fd2c5d2e8578fd52396f3b",
|
||||
"rev": "25ebda3c558e923720c965832dc9a04f559a055c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -145,11 +162,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1747663185,
|
||||
"narHash": "sha256-Obh50J+O9jhUM/FgXtI3he/QRNiV9+J53+l+RlKSaAk=",
|
||||
"lastModified": 1769813415,
|
||||
"narHash": "sha256-nnVmNNKBi1YiBNPhKclNYDORoHkuKipoz7EtVnXO50A=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-generators",
|
||||
"rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc",
|
||||
"rev": "8946737ff703382fda7623b9fab071d037e897d5",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -160,11 +177,11 @@
|
||||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1747900541,
|
||||
"narHash": "sha256-dn64Pg9xLETjblwZs9Euu/SsjW80pd6lr5qSiyLY1pg=",
|
||||
"lastModified": 1772972630,
|
||||
"narHash": "sha256-mUJxsNOrBMNOUJzN0pfdVJ1r2pxeqm9gI/yIKXzVVbk=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "11f2d9ea49c3e964315215d6baa73a8d42672f06",
|
||||
"rev": "3966ce987e1a9a164205ac8259a5fe8a64528f72",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -192,11 +209,11 @@
|
||||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1748190013,
|
||||
"narHash": "sha256-R5HJFflOfsP5FBtk+zE8FpL8uqE7n62jqOsADvVshhE=",
|
||||
"lastModified": 1773282481,
|
||||
"narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "62b852f6c6742134ade1abdd2a21685fd617a291",
|
||||
"rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -208,16 +225,16 @@
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1748162331,
|
||||
"narHash": "sha256-rqc2RKYTxP3tbjA+PB3VMRQNnjesrT0pEofXQTrMsS8=",
|
||||
"lastModified": 1773375660,
|
||||
"narHash": "sha256-SEzUWw2Rf5Ki3bcM26nSKgbeoqi2uYy8IHVBqOKjX3w=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "7c43f080a7f28b2774f3b3f43234ca11661bf334",
|
||||
"rev": "3e20095fe3c6cbb1ddcef89b26969a69a1570776",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-25.05",
|
||||
"ref": "nixos-25.11",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
@@ -225,6 +242,7 @@
|
||||
"root": {
|
||||
"inputs": {
|
||||
"disko": "disko",
|
||||
"dns": "dns",
|
||||
"ep3-bs": "ep3-bs",
|
||||
"home-manager": "home-manager",
|
||||
"mfsync": "mfsync",
|
||||
@@ -246,11 +264,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1747603214,
|
||||
"narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=",
|
||||
"lastModified": 1773096132,
|
||||
"narHash": "sha256-M3zEnq9OElB7zqc+mjgPlByPm1O5t2fbUrH3t/Hm5Ag=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd",
|
||||
"rev": "d1ff3b1034d5bab5d7d8086a7803c5a5968cd784",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -262,11 +280,11 @@
|
||||
"spectrum": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1746869549,
|
||||
"narHash": "sha256-BKZ/yZO/qeLKh9YqVkKB6wJiDQJAZNN5rk5NsMImsWs=",
|
||||
"lastModified": 1772189877,
|
||||
"narHash": "sha256-i1p90Rgssb//aNiTDFq46ZG/fk3LmyRLChtp/9lddyA=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "d927e78530892ec8ed389e8fae5f38abee00ad87",
|
||||
"revCount": 862,
|
||||
"rev": "fe39e122d898f66e89ffa17d4f4209989ccb5358",
|
||||
"revCount": 1255,
|
||||
"type": "git",
|
||||
"url": "https://spectrum-os.org/git/spectrum"
|
||||
},
|
||||
@@ -335,21 +353,6 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems_5": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"tasklist": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
@@ -408,7 +411,7 @@
|
||||
},
|
||||
"utils_3": {
|
||||
"inputs": {
|
||||
"systems": "systems_4"
|
||||
"systems": "systems_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1731533236,
|
||||
@@ -426,7 +429,7 @@
|
||||
},
|
||||
"utils_4": {
|
||||
"inputs": {
|
||||
"systems": "systems_5"
|
||||
"systems": "systems_4"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1731533236,
|
||||
@@ -450,11 +453,11 @@
|
||||
"utils": "utils_4"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1751462005,
|
||||
"narHash": "sha256-vhr2GORiXij3mL+QIfnL0sKSbbBIglw1wnHWNmFejiA=",
|
||||
"lastModified": 1768820076,
|
||||
"narHash": "sha256-0vnIYuWvsYasbHZHUjAcK9FR0kxkRRtzYG661VEtoPU=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "f505fb17bf1882cc3683e1e252ce44583cbe58ce",
|
||||
"revCount": 155,
|
||||
"rev": "cfdfae84bb045ae429f0760eba708468871b1738",
|
||||
"revCount": 159,
|
||||
"type": "git",
|
||||
"url": "https://git.dynamicdiscord.de/kalipso/zineshop"
|
||||
},
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
|
||||
inputs = {
|
||||
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
|
||||
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||
sops-nix.url = "github:Mic92/sops-nix";
|
||||
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
|
||||
@@ -13,6 +13,11 @@
|
||||
disko.url = "github:nix-community/disko/latest";
|
||||
disko.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
dns = {
|
||||
url = "github:kirelagin/dns.nix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
utils = {
|
||||
url = "github:numtide/flake-utils";
|
||||
};
|
||||
|
||||
350
gitea2.json
Normal file
350
gitea2.json
Normal file
@@ -0,0 +1,350 @@
|
||||
AAAAAA{
|
||||
"allow_maintainer_edit": false,
|
||||
"assignee": null,
|
||||
"assignees": null,
|
||||
"base": {
|
||||
"label": "master",
|
||||
"ref": "master",dd
|
||||
"repo": {
|
||||
"allow_fast_ddasdad_only_merge": false,
|
||||
"allow_manual_merge": false,
|
||||
"allow_merge_commits": true,
|
||||
"allow_rebase": true,
|
||||
"allow_rebase_explicit": true,
|
||||
"allow_rebase_update": true,
|
||||
"allow_squash_merge": true,
|
||||
"archived": false,
|
||||
"archived_at": "1970-01-01T01:00:00+01:00",
|
||||
"autodetect_manual_merge": false,
|
||||
"avatar_url": "",
|
||||
"clone_url": "https://git.dynamicdiscord.de/ahtlon/infrastructure.git",
|
||||
"created_at": "2024-10-24T19:38:14+02:00",
|
||||
"default_allow_maintainer_edit": false,
|
||||
"default_branch": "master",
|
||||
"default_delete_branch_after_merge": false,
|
||||
"default_merge_style": "merge",
|
||||
"description": "",
|
||||
"empty": false,
|
||||
"fork": true,
|
||||
"forks_count": 0,
|
||||
"full_name": "ahtlon/infrastructure",
|
||||
"has_actions": true,
|
||||
"has_code": true,
|
||||
"has_issues": false,
|
||||
"has_packages": false,
|
||||
"has_projects": false,
|
||||
"has_pull_requests": true,
|
||||
"has_releases": false,
|
||||
"has_wiki": false,
|
||||
"html_url": "https://git.dynamicdiscord.de/ahtlon/infrastructure",
|
||||
"id": 29,
|
||||
"ignore_whitespace_conflicts": false,
|
||||
"internal": false,
|
||||
"language": "",
|
||||
"languages_url": "https://git.dynamicdiscord.de/api/v1/repos/ahtlon/infrastructure/languages",
|
||||
"licenses": [],
|
||||
"link": "",
|
||||
"mirror": false,
|
||||
"mirror_interval": "",
|
||||
"mirror_updated": "0001-01-01T00:00:00Z",
|
||||
"name": "infrastructure",
|
||||
"object_format_name": "sha1",
|
||||
"open_issues_count": 0,
|
||||
"open_pr_counter": 6,
|
||||
"original_url": "",
|
||||
"owner": {
|
||||
"active": false,
|
||||
"avatar_url": "https://git.dynamicdiscord.de/avatars/7399d018a0bcee0f2da113bdeeafec029316d8e8ce774b829de4125b026c0599",
|
||||
"created": "2024-10-23T17:19:18+02:00",
|
||||
"description": "",
|
||||
"email": "ahtlon@noreply.git.dynamicdiscord.de",
|
||||
"followers_count": 0,
|
||||
"following_count": 0,
|
||||
"full_name": "",
|
||||
"html_url": "https://git.dynamicdiscord.de/ahtlon",
|
||||
"id": 8,
|
||||
"is_admin": false,
|
||||
"language": "",
|
||||
"last_login": "0001-01-01T00:00:00Z",
|
||||
"location": "",
|
||||
"login": "ahtlon",
|
||||
"login_name": "",
|
||||
"prohibit_login": false,
|
||||
"restricted": false,
|
||||
"source_id": 0,
|
||||
"starred_repos_count": 0,
|
||||
"username": "ahtlon",
|
||||
"visibility": "public",
|
||||
"website": ""
|
||||
},
|
||||
"parent": {
|
||||
"allow_fast_forward_only_merge": false,
|
||||
"allow_manual_merge": false,
|
||||
"allow_merge_commits": true,
|
||||
"allow_rebase": true,
|
||||
"allow_rebase_explicit": true,
|
||||
"allow_rebase_update": true,
|
||||
"allow_squash_merge": true,
|
||||
"archived": false,
|
||||
"archived_at": "1970-01-01T01:00:00+01:00",
|
||||
"autodetect_manual_merge": false,
|
||||
"avatar_url": "",
|
||||
"clone_url": "https://git.dynamicdiscord.de/malobeo/infrastructure.git",
|
||||
"created_at": "2022-10-04T18:35:43+02:00",
|
||||
"default_allow_maintainer_edit": false,
|
||||
"default_branch": "master",
|
||||
"default_delete_branch_after_merge": false,
|
||||
"default_merge_style": "merge",
|
||||
"description": "",
|
||||
"empty": false,
|
||||
"fork": false,
|
||||
"forks_count": 1,
|
||||
"full_name": "malobeo/infrastructure",
|
||||
"has_actions": true,
|
||||
"has_code": true,
|
||||
"has_issues": true,
|
||||
"has_packages": false,
|
||||
"has_projects": true,
|
||||
"has_pull_requests": true,
|
||||
"has_releases": true,
|
||||
"has_wiki": true,
|
||||
"html_url": "https://git.dynamicdiscord.de/malobeo/infrastructure",
|
||||
"id": 15,
|
||||
"ignore_whitespace_conflicts": false,
|
||||
"internal": false,
|
||||
"internal_tracker": {
|
||||
"allow_only_contributors_to_track_time": true,
|
||||
"enable_issue_dependencies": true,
|
||||
"enable_time_tracker": true
|
||||
},
|
||||
"language": "",
|
||||
"languages_url": "https://git.dynamicdiscord.de/api/v1/repos/malobeo/infrastructure/languages",
|
||||
"licenses": [],
|
||||
"link": "",
|
||||
"mirror": false,
|
||||
"mirror_interval": "",
|
||||
"mirror_updated": "0001-01-01T00:00:00Z",
|
||||
"name": "infrastructure",
|
||||
"object_format_name": "sha1",
|
||||
"open_issues_count": 40,
|
||||
"open_pr_counter": 4,
|
||||
"original_url": "",
|
||||
"owner": {
|
||||
"active": false,
|
||||
"avatar_url": "https://git.dynamicdiscord.de/avatars/9ea8af20ca015cb078b2971cd4e91e6d",
|
||||
"created": "2023-03-29T17:26:16+02:00",
|
||||
"description": "",
|
||||
"email": "",
|
||||
"followers_count": 0,
|
||||
"following_count": 0,
|
||||
"full_name": "",
|
||||
"html_url": "https://git.dynamicdiscord.de/malobeo",
|
||||
"id": 7,
|
||||
"is_admin": false,
|
||||
"language": "",
|
||||
"last_login": "0001-01-01T00:00:00Z",
|
||||
"location": "",
|
||||
"login": "malobeo",
|
||||
"login_name": "",
|
||||
"prohibit_login": false,
|
||||
"restricted": false,
|
||||
"source_id": 0,
|
||||
"starred_repos_count": 0,
|
||||
"username": "malobeo",
|
||||
"visibility": "public",
|
||||
"website": ""
|
||||
},
|
||||
"permissions": {
|
||||
"admin": false,
|
||||
"pull": true,
|
||||
"push": false
|
||||
},
|
||||
"private": false,
|
||||
"projects_mode": "",
|
||||
"release_counter": 0,
|
||||
"size": 2878,
|
||||
"ssh_url": "ssh://gitea@git.dynamicdiscord.de:23428/malobeo/infrastructure.git",
|
||||
"stars_count": 1,
|
||||
"template": false,
|
||||
"topics": [],
|
||||
"updated_at": "2026-03-12T01:11:13+01:00",
|
||||
"url": "https://git.dynamicdiscord.de/api/v1/repos/malobeo/infrastructure",
|
||||
"watchers_count": 2,
|
||||
"website": ""
|
||||
},
|
||||
"permissions": {
|
||||
"admin": false,
|
||||
"pull": true,
|
||||
"push": false
|
||||
},
|
||||
"private": false,
|
||||
"projects_mode": "all",
|
||||
"release_counter": 0,
|
||||
"size": 14584,
|
||||
"ssh_url": "ssh://gitea@git.dynamicdiscord.de:23428/ahtlon/infrastructure.git",
|
||||
"stars_count": 0,
|
||||
"template": false,
|
||||
"topics": [],
|
||||
"updated_at": "2026-03-13T16:33:51+01:00",
|
||||
"url": "https://git.dynamicdiscord.de/api/v1/repos/ahtlon/infrastructure",
|
||||
"watchers_count": 1,
|
||||
"website": ""
|
||||
},
|
||||
"repo_id": 29,
|
||||
"sha": "e73516fbe79022d12608e9616b75b3a388bd0e5f"
|
||||
},
|
||||
"body": "",
|
||||
"closed_at": null,
|
||||
"comments": 0,
|
||||
"created_at": "2026-03-11T17:29:55+01:00",
|
||||
"diff_url": "https://git.dynamicdiscord.de/ahtlon/infrastructure/pulls/8.diff",
|
||||
"draft": false,
|
||||
"due_date": null,
|
||||
"head": {
|
||||
"label": "nixpkgs_bump_20260305",
|
||||
"ref": "nixpkgs_bump_20260305",
|
||||
"repo": {
|
||||
"allow_fast_forward_only_merge": false,
|
||||
"allow_manual_merge": false,
|
||||
"allow_merge_commits": true,
|
||||
"allow_rebase": true,
|
||||
"allow_rebase_explicit": true,
|
||||
"allow_rebase_update": true,
|
||||
"allow_squash_merge": true,
|
||||
"archived": false,
|
||||
"archived_at": "1970-01-01T01:00:00+01:00",
|
||||
"autodetect_manual_merge": false,
|
||||
"avatar_url": "",
|
||||
"clone_url": "https://git.dynamicdiscord.de/malobeo/infrastructure.git",
|
||||
"created_at": "2022-10-04T18:35:43+02:00",
|
||||
"default_allow_maintainer_edit": false,
|
||||
"default_branch": "master",
|
||||
"default_delete_branch_after_merge": false,
|
||||
"default_merge_style": "merge",
|
||||
"description": "",
|
||||
"empty": false,
|
||||
"fork": false,
|
||||
"forks_count": 1,
|
||||
"full_name": "malobeo/infrastructure",
|
||||
"has_actions": true,
|
||||
"has_code": true,
|
||||
"has_issues": true,
|
||||
"has_packages": false,
|
||||
"has_projects": true,
|
||||
"has_pull_requests": true,
|
||||
"has_releases": true,
|
||||
"has_wiki": true,
|
||||
"html_url": "https://git.dynamicdiscord.de/malobeo/infrastructure",
|
||||
"id": 15,
|
||||
"ignore_whitespace_conflicts": false,
|
||||
"internal": false,
|
||||
"internal_tracker": {
|
||||
"allow_only_contributors_to_track_time": true,
|
||||
"enable_issue_dependencies": true,
|
||||
"enable_time_tracker": true
|
||||
},
|
||||
"language": "",
|
||||
"languages_url": "https://git.dynamicdiscord.de/api/v1/repos/malobeo/infrastructure/languages",
|
||||
"licenses": [],
|
||||
"link": "",
|
||||
"mirror": false,
|
||||
"mirror_interval": "",
|
||||
"mirror_updated": "0001-01-01T00:00:00Z",
|
||||
"name": "infrastructure",
|
||||
"object_format_name": "sha1",
|
||||
"open_issues_count": 40,
|
||||
"open_pr_counter": 4,
|
||||
"original_url": "",
|
||||
"owner": {
|
||||
"active": false,
|
||||
"avatar_url": "https://git.dynamicdiscord.de/avatars/9ea8af20ca015cb078b2971cd4e91e6d",
|
||||
"created": "2023-03-29T17:26:16+02:00",
|
||||
"description": "",
|
||||
"email": "",
|
||||
"followers_count": 0,
|
||||
"following_count": 0,
|
||||
"full_name": "",
|
||||
"html_url": "https://git.dynamicdiscord.de/malobeo",
|
||||
"id": 7,
|
||||
"is_admin": false,
|
||||
"language": "",
|
||||
"last_login": "0001-01-01T00:00:00Z",
|
||||
"location": "",
|
||||
"login": "malobeo",
|
||||
"login_name": "",
|
||||
"prohibit_login": false,
|
||||
"restricted": false,
|
||||
"source_id": 0,
|
||||
"starred_repos_count": 0,
|
||||
"username": "malobeo",
|
||||
"visibility": "public",
|
||||
"website": ""
|
||||
},
|
||||
"permissions": {
|
||||
"admin": false,
|
||||
"pull": true,
|
||||
"push": false
|
||||
},
|
||||
"private": false,
|
||||
"projects_mode": "",
|
||||
"release_counter": 0,
|
||||
"size": 2878,
|
||||
"ssh_url": "ssh://gitea@git.dynamicdiscord.de:23428/malobeo/infrastructure.git",
|
||||
"stars_count": 1,
|
||||
"template": false,
|
||||
"topics": [],
|
||||
"updated_at": "2026-03-12T01:11:13+01:00",
|
||||
"url": "https://git.dynamicdiscord.de/api/v1/repos/malobeo/infrastructure",
|
||||
"watchers_count": 2,
|
||||
"website": ""
|
||||
},
|
||||
"repo_id": 15,
|
||||
"sha": "7c66a24563d0e95c292aafeaa08056effc6152d9"
|
||||
},
|
||||
"html_url": "https://git.dynamicdiscord.de/ahtlon/infrastructure/pulls/8",
|
||||
"id": 66,
|
||||
"is_locked": false,
|
||||
"labels": [],
|
||||
"merge_base": "344eeb437b0aa29baee1227e48878f987e21e296",
|
||||
"merge_commit_sha": null,
|
||||
"mergeable": true,
|
||||
"merged": false,
|
||||
"merged_at": null,
|
||||
"merged_by": null,
|
||||
"milestone": null,
|
||||
"number": 8,
|
||||
"patch_url": "https://git.dynamicdiscord.de/ahtlon/infrastructure/pulls/8.patch",
|
||||
"pin_order": 0,
|
||||
"requested_reviewers": null,
|
||||
"requested_reviewers_teams": null,
|
||||
"state": "open",
|
||||
"target_repo_url": "https://git.dynamicdiscord.de/ahtlon/infrastructure.git",
|
||||
"title": "Update flake.lock",
|
||||
"updated_at": "2026-03-11T17:29:55+01:00",
|
||||
"url": "https://git.dynamicdiscord.de/ahtlon/infrastructure/pulls/8",
|
||||
"user": {
|
||||
"active": false,
|
||||
"avatar_url": "https://git.dynamicdiscord.de/avatars/7399d018a0bcee0f2da113bdeeafec029316d8e8ce774b829de4125b026c0599",
|
||||
"created": "2024-10-23T17:19:18+02:00",
|
||||
"description": "",
|
||||
"email": "ahtlon@noreply.git.dynamicdiscord.de",
|
||||
"followers_count": 0,
|
||||
"following_count": 0,
|
||||
"full_name": "",
|
||||
"html_url": "https://git.dynamicdiscord.de/ahtlon",
|
||||
"id": 8,
|
||||
"is_admin": false,
|
||||
"language": "",
|
||||
"last_login": "0001-01-01T00:00:00Z",
|
||||
"location": "",
|
||||
"login": "ahtlon",
|
||||
"login_name": "",
|
||||
"prohibit_login": false,
|
||||
"restricted": false,
|
||||
"source_id": 0,
|
||||
"starred_repos_count": 0,
|
||||
"username": "ahtlon",
|
||||
"visibility": "public",
|
||||
"website": ""
|
||||
}
|
||||
}
|
||||
@@ -14,6 +14,8 @@ keys:
|
||||
- &machine_vpn age1v6uxwej4nlrpfanr9js7x6059mtvyg4fw50pzt0a2kt3ahk7edlslafeuh
|
||||
- &machine_fanny age136sz3lzhxf74ryruvq34d4tmmxnezkqkgu6zqa3dm582c22fgejqagrqxk
|
||||
- &machine_nextcloud age1g084sl230x94mkd2wq92s03mw0e8mnpjdjfx9uzaxw6psm8neyzqqwpnqe
|
||||
- &machine_vaultwarden age1zs9puemeevc5kt84w9d2mc5396w0t9p60qxymkpatwvwxunzs5usmxr3an
|
||||
- &machine_pretalx age1y04q8n7mgk82c87rfddm0u72h0ny6sfzktjsk0cc3gu93kezudfqdp9v9g
|
||||
#this dummy key is used for testing.
|
||||
- &machine_dummy age18jn5mrfs4gqrnv0e2sxsgh3kq4sgxx39hwr8z7mz9kt7wlgaasjqlr88ng
|
||||
creation_rules:
|
||||
@@ -95,6 +97,23 @@ creation_rules:
|
||||
- *admin_kalipso_dsktp
|
||||
age:
|
||||
- *admin_atlan
|
||||
- *machine_overwatch
|
||||
- path_regex: vaultwarden/secrets.yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *admin_kalipso
|
||||
- *admin_kalipso_dsktp
|
||||
age:
|
||||
- *admin_atlan
|
||||
- *machine_vaultwarden
|
||||
- path_regex: pretalx/secrets.yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *admin_kalipso
|
||||
- *admin_kalipso_dsktp
|
||||
age:
|
||||
- *admin_atlan
|
||||
- *machine_pretalx
|
||||
- path_regex: .*/secrets/.*
|
||||
key_groups:
|
||||
- pgp:
|
||||
|
||||
@@ -48,7 +48,7 @@ in
|
||||
firefox
|
||||
thunderbird
|
||||
telegram-desktop
|
||||
tor-browser-bundle-bin
|
||||
tor-browser
|
||||
keepassxc
|
||||
libreoffice
|
||||
gimp
|
||||
|
||||
@@ -29,7 +29,6 @@ with lib;
|
||||
enable = true;
|
||||
enablePromtail = true;
|
||||
logNginx = true;
|
||||
lokiHost = "10.0.0.14";
|
||||
};
|
||||
|
||||
services.malobeo-tasklist.enable = true;
|
||||
|
||||
@@ -43,7 +43,7 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."cloud.malobeo.org" = {
|
||||
services.nginx.virtualHosts."keys.malobeo.org" = {
|
||||
forceSSL = true;
|
||||
enableACME= true;
|
||||
locations."/" = {
|
||||
@@ -63,7 +63,7 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."tasklist.malobeo.org" = {
|
||||
services.nginx.virtualHosts."events.malobeo.org" = {
|
||||
forceSSL = true;
|
||||
enableACME= true;
|
||||
locations."/" = {
|
||||
@@ -73,20 +73,12 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
services.nginx.virtualHosts."zines.malobeo.org" = {
|
||||
services.nginx.virtualHosts."tasklist.malobeo.org" = {
|
||||
forceSSL = true;
|
||||
enableACME= true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://10.0.0.10";
|
||||
extraConfig = ''
|
||||
client_body_in_file_only clean;
|
||||
client_body_buffer_size 32K;
|
||||
|
||||
client_max_body_size 50M;
|
||||
|
||||
sendfile on;
|
||||
send_timeout 300s;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
@@ -2,11 +2,13 @@
|
||||
let
|
||||
sshKeys = import ../ssh_keys.nix;
|
||||
peers = import ../modules/malobeo/peers.nix;
|
||||
hosts = import ../hosts.nix {};
|
||||
in
|
||||
{
|
||||
sops.defaultSopsFile = ./secrets.yaml;
|
||||
sops.secrets.wg_private = {};
|
||||
sops.secrets.shop_auth = {};
|
||||
sops.secrets.njala_api_key = {};
|
||||
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
@@ -21,6 +23,7 @@ in
|
||||
inputs.self.nixosModules.malobeo.metrics
|
||||
inputs.self.nixosModules.malobeo.users
|
||||
inputs.self.nixosModules.malobeo.backup
|
||||
./dyndns.nix
|
||||
];
|
||||
|
||||
virtualisation.vmVariantWithDisko = {
|
||||
@@ -34,7 +37,7 @@ in
|
||||
enable = true;
|
||||
enablePromtail = true;
|
||||
logNginx = true;
|
||||
lokiHost = "10.0.0.14";
|
||||
lokiHost = hosts.malobeo.hosts.overwatch.network.address;
|
||||
};
|
||||
|
||||
malobeo.autoUpdate = {
|
||||
@@ -128,13 +131,21 @@ in
|
||||
privateKeyFile = config.sops.secrets.wg_private.path;
|
||||
};
|
||||
|
||||
services.malobeo.microvm.enableHostBridge = true;
|
||||
services.malobeo.microvm = {
|
||||
enableHostBridge = true;
|
||||
interface = "enp1s0";
|
||||
gateway = "192.168.1.1";
|
||||
address = "192.168.1.103/24";
|
||||
};
|
||||
|
||||
services.malobeo.microvm.deployHosts = [
|
||||
"overwatch"
|
||||
"infradocs"
|
||||
"nextcloud"
|
||||
"durruti"
|
||||
"zineshop"
|
||||
"vaultwarden"
|
||||
"pretalx"
|
||||
];
|
||||
|
||||
networking = {
|
||||
@@ -145,7 +156,17 @@ in
|
||||
};
|
||||
|
||||
firewall = {
|
||||
allowedTCPPorts = [ 80 ];
|
||||
allowedTCPPorts = [ 80 443 ];
|
||||
};
|
||||
};
|
||||
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults.email = "malobeo@systemli.org";
|
||||
defaults = {
|
||||
dnsProvider = "njalla";
|
||||
credentialsFile = config.sops.secrets.njala_api_key.path;
|
||||
dnsPropagationCheck = false;
|
||||
};
|
||||
};
|
||||
|
||||
@@ -153,26 +174,65 @@ in
|
||||
enable = true;
|
||||
virtualHosts."docs.malobeo.org" = {
|
||||
locations."/" = {
|
||||
proxyPass = "http://10.0.0.11:9000";
|
||||
proxyPass = "http://${hosts.malobeo.hosts.infradocs.network.address}:9000";
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
virtualHosts."cloud.malobeo.org" = {
|
||||
virtualHosts."cloud.hq.malobeo.org" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
acmeRoot = null;
|
||||
locations."/" = {
|
||||
proxyPass = "http://10.0.0.13";
|
||||
proxyPass = "http://${hosts.malobeo.hosts.nextcloud.network.address}";
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
client_max_body_size ${inputs.self.nixosConfigurations.nextcloud.config.services.nextcloud.maxUploadSize};
|
||||
client_body_timeout 3600s;
|
||||
send_timeout 3600s;
|
||||
fastcgi_buffers 64 4K;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
virtualHosts."cloud.malobeo.org" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://${hosts.malobeo.hosts.nextcloud.network.address}";
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
client_max_body_size ${inputs.self.nixosConfigurations.nextcloud.config.services.nextcloud.maxUploadSize};
|
||||
client_body_timeout 3600s;
|
||||
send_timeout 3600s;
|
||||
fastcgi_buffers 64 4K;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
virtualHosts."keys.malobeo.org" = {
|
||||
locations."/" = {
|
||||
proxyPass = "http://${hosts.malobeo.hosts.vaultwarden.network.address}";
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
client_max_body_size 10G;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
virtualHosts."grafana.malobeo.org" = {
|
||||
locations."/" = {
|
||||
proxyPass = "http://10.0.0.14";
|
||||
proxyPass = "http://${hosts.malobeo.hosts.overwatch.network.address}";
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
virtualHosts."events.malobeo.org" = {
|
||||
locations."/" = {
|
||||
proxyPass = "http://${hosts.malobeo.hosts.pretalx.network.address}";
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
'';
|
||||
@@ -181,19 +241,19 @@ in
|
||||
|
||||
virtualHosts."tasklist.malobeo.org" = {
|
||||
locations."/" = {
|
||||
proxyPass = "http://10.0.0.5:8080";
|
||||
proxyPass = "http://${hosts.malobeo.hosts.durruti.network.address}:8080";
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
virtualHosts."zines.malobeo.org" = {
|
||||
# created with: nix-shell --packages apacheHttpd --run 'htpasswd -B -c foo.txt malobeo'
|
||||
# then content of foo.txt put into sops
|
||||
# basicAuthFile = config.sops.secrets.shop_auth.path;
|
||||
virtualHosts."zines.hq.malobeo.org" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
acmeRoot = null;
|
||||
locations."/" = {
|
||||
proxyPass = "http://10.0.0.15:8080";
|
||||
proxyPass = "http://${hosts.malobeo.hosts.zineshop.network.address}:8080";
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
|
||||
@@ -207,6 +267,25 @@ in
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
virtualHosts."zines.malobeo.org" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://${hosts.malobeo.hosts.zineshop.network.address}:8080";
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
|
||||
client_body_in_file_only clean;
|
||||
client_body_buffer_size 32K;
|
||||
|
||||
client_max_body_size 500M;
|
||||
|
||||
sendfile on;
|
||||
send_timeout 300s;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.tor = {
|
||||
|
||||
@@ -1,9 +1,8 @@
|
||||
wg_private: ENC[AES256_GCM,data:YEmIfgtyHE9msYijva0Ye2w7shVmYBPZ3mcKRF7Cy20xa6yHEUQ0kC2OWnM=,iv:ouK6fHcrxrEtsmiPmtCz9Ca8Ec1algOifrgZSBNHi74=,tag:524e/SQt++hwVyeWruCsLg==,type:str]
|
||||
njala_api_key: ENC[AES256_GCM,data:uEzx7KeI7ZZP63Igu5vHmuvASVxJai8bezM40UZVobQMr7r6opjnVTc0BPyIGfnG2mx/6Bo=,iv:lch04oGn6bkqtBGVzYlz6B97FGXlGOoxkiT1IplSxm4=,tag:bzXx2jSqFBv1hgJO1r5i+w==,type:str]
|
||||
njalacloud: ENC[AES256_GCM,data:Xg85D9LMMYd8po8vrpxHZA==,iv:L5Gsm3bX61WW1PAdWswFNrScFoBipS2qDGU7iTubt1U=,tag:M2PCfE1h4IkW/iFq8XeIrA==,type:str]
|
||||
njalazines: ENC[AES256_GCM,data:ooDRj4HqKVFrgRyzgFGQjg==,iv:9X8r1eY+6FqXv19mO0uMRd5A2tpvtmT11P77t9BQaCk=,tag:4BE55c8x66/UxyTCpCmdUg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age18jn5mrfs4gqrnv0e2sxsgh3kq4sgxx39hwr8z7mz9kt7wlgaasjqlr88ng
|
||||
enc: |
|
||||
@@ -23,8 +22,8 @@ sops:
|
||||
NjJ5cFdTVS9NZmVWMjcrcHo2WDZEZDgKiDwkuUn90cDmidwYGZBb5qp+4R1HafV0
|
||||
vMQfjT9GrwB5K/O1GumOmvbzLNhvO2vRZJhfVHzyHLzQK64abQgF5Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-01-19T22:46:09Z"
|
||||
mac: ENC[AES256_GCM,data:eU3SIqAGrgbO2tz4zH1tgYcif7oe5j+/wmdYl2xXXI+D6IhiKrTJGvzE3rd3ElEpb+Bg0UQId952U2Ut0yPTfxGLtdlbJA66CmhLAksByoJ8lOXUcp/qDyA4yMRSuwYG2v7uF2crvue9fyRfZ7hl7abE/Q7Z2UjOKqhSZC5cO3U=,iv:NmCVvtBWZRzhpr5nMLy+98VuQZWoUms7xFSxq8PMvBA=,tag:UWjA7oqoNWh4wb0myNg7FA==,type:str]
|
||||
lastmodified: "2026-02-20T19:26:21Z"
|
||||
mac: ENC[AES256_GCM,data:D8ZOgcDCY+I2rFc6+GSRj53QjnhZP0oz5wPgG2x4dOfVRWYMEgR2pnb/IIF95Dq0XR6ja9PLgw42PfdI1dS7vITb1jW5IExcnkB/Pa/RjB3GFeXPFTV6QCAQcK9cLct6yhB/pPbHdt8qHQt7kddiN162RlMHDyR6BAh4gO0Rf3w=,iv:f1RWrxbqNNUdANDR6V+OFuEYJ2ZLVde+5GTcFmSXYSQ=,tag:IBEdkSEz/w4Rxwb6uSBpTw==,type:str]
|
||||
pgp:
|
||||
- created_at: "2025-01-19T22:45:26Z"
|
||||
enc: |-
|
||||
@@ -65,4 +64,4 @@ sops:
|
||||
-----END PGP MESSAGE-----
|
||||
fp: aef8d6c7e4761fc297cda833df13aebb1011b5d4
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.2
|
||||
version: 3.11.0
|
||||
|
||||
25
machines/fanny/dyndns.nix
Normal file
25
machines/fanny/dyndns.nix
Normal file
@@ -0,0 +1,25 @@
|
||||
{pkgs, ...}:
|
||||
{
|
||||
sops.secrets.njalacloud = {};
|
||||
sops.secrets.njalazines = {};
|
||||
systemd.services."dyndns" = {
|
||||
script = ''
|
||||
KEYCLOUD=$(cat /run/secrets/njalacloud)
|
||||
KEYZINES=$(cat /run/secrets/njalazines)
|
||||
${pkgs.curl}/bin/curl --fail --silent --show-error "https://njal.la/update/?h=cloud.malobeo.org&k="$KEYCLOUD"&auto"
|
||||
${pkgs.curl}/bin/curl --fail --silent --show-error "https://njal.la/update/?h=zines.malobeo.org&k="$KEYZINES"&auto"
|
||||
'';
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
User = "root";
|
||||
};
|
||||
};
|
||||
systemd.timers."dyndns" = {
|
||||
wantedBy = ["timers.target"];
|
||||
timerConfig = {
|
||||
OnBootSec = "100s";
|
||||
OnUnitActiveSec = "10m";
|
||||
Unit = "dyndns.service";
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,11 +1,10 @@
|
||||
wg_private: ENC[AES256_GCM,data:kFuLzZz9lmtUccQUIYiXvJRf7WBg5iCq1xxCiI76J3TaIBELqgbEmUtPR4g=,iv:0S0uzX4OVxQCKDOl1zB6nDo8152oE7ymBWdVkPkKlro=,tag:gg1n1BsnjNPikMBNB60F5Q==,type:str]
|
||||
shop_cleartext: ENC[AES256_GCM,data:sifpX/R6JCcNKgwN2M4Dbflgnfs5CqB8ez5fULPohuFS6k36BLemWzEk,iv:1lRYausj7V/53sfSO9UnJ2OC/Si94JXgIo81Ld74BE8=,tag:5osQU/67bvFeUGA90BSiIA==,type:str]
|
||||
shop_auth: ENC[AES256_GCM,data:0NDIRjmGwlSFls12sCb5OlgyGTCHpPQIjycEJGhYlZsWKhEYXV2u3g1RHMkF8Ny913jarjf0BgwSq5pBD9rgPL9t8X8=,iv:3jgCv/Gg93Mhdm4eYzwF9QrK14QL2bcC4wwSajCA88o=,tag:h8dhMK46hABv9gYW4johkA==,type:str]
|
||||
njalacloud: ENC[AES256_GCM,data:sp79Ij1vd9pQZuPUR1phmw==,iv:AWKZoOfBA/n16pWQCfA0dZmH1KajCztnLvYItoZZbgA=,tag:BIUrobBoO96pxUz1sjIYIw==,type:str]
|
||||
njalazines: ENC[AES256_GCM,data:fnObUEnXYvdj9HtkZNzXVA==,iv:0Zj2n2we9w4fj/n7e1ayd9XgFEMAGCHk4QLTu1IlRnQ=,tag:zeOLAB0oE6XbxqdqhdRNxw==,type:str]
|
||||
njala_api_key: ENC[AES256_GCM,data:ohSVzQUvFjia/s9WceqnZCdLyk3N1Lm2BCBmXeBlkWD2dyrohKCnd9GiJ499IORpuYcOXyM=,iv:Uczk8op5mgqe8gefxgU9YuTqOsYvjzHCKvzA7GDsgio=,tag:XA7JRq/LsGkpHcQSO36Whg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age136sz3lzhxf74ryruvq34d4tmmxnezkqkgu6zqa3dm582c22fgejqagrqxk
|
||||
enc: |
|
||||
@@ -25,8 +24,8 @@ sops:
|
||||
QVZyNWVOMTh3ejBha21Qb2xCRkFERGMKH9nMQUoS5bGcLUx2T1dOmKd9jshttTrP
|
||||
SKFx7MXcjFRLKS2Ij12V8ftjL3Uod6be5zoMibkxK19KmXY/514Jww==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-04-14T10:34:55Z"
|
||||
mac: ENC[AES256_GCM,data:vcDXtTi0bpqhHnL6XanJo+6a8f5LAE628HazDVaNO34Ll3eRyhi95eYGXQDDkVk2WUn9NJ5oCMPltnU82bpLtskzTfQDuXHaPZJq5gtOuMH/bAKrY0dfShrdyx71LkA4AFlcI1P5hchpbyY1FK3iqe4D0miBv+Q8lCMgQMVrfxI=,iv:1lMzH899K0CnEtm16nyq8FL/aCkSYJVoj7HSKCyUnPg=,tag:mEbkmFNg5VZtSKqq80NrCw==,type:str]
|
||||
lastmodified: "2026-02-20T19:25:05Z"
|
||||
mac: ENC[AES256_GCM,data:g+bFYqJN1X8F52tpIO60S2WKxLG27ZrP399fsfE6o7rPtIMimZou/4oUo7i+kpNtygEuCr3+suP8TPas4x5zMXhRjnjJuwJwL/NwdciHZU0O3rPJgucCEWqr9OdAtxezDM9c2vv+jzqZxWT9t0fIpB9RxO5oy1pHZs0RCgjAJR4=,iv:v6RdTMeQUxSdjIVNFbx2HtxCsdVgFTQTzMXS5Fj62is=,tag:pLoZMBRIXYElO5rY+xX9zg==,type:str]
|
||||
pgp:
|
||||
- created_at: "2025-02-11T18:32:49Z"
|
||||
enc: |-
|
||||
@@ -67,4 +66,4 @@ sops:
|
||||
-----END PGP MESSAGE-----
|
||||
fp: aef8d6c7e4761fc297cda833df13aebb1011b5d4
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.4
|
||||
version: 3.11.0
|
||||
|
||||
@@ -1,82 +1,112 @@
|
||||
{ ... }:
|
||||
|
||||
let
|
||||
createMaloNet = hostId: mac: {
|
||||
local = true;
|
||||
hostId = hostId;
|
||||
address = "192.168.1.${hostId}";
|
||||
gateway = "192.168.1.1";
|
||||
nameservers = [ "192.168.1.1" "1.1.1.1" ]; #setting ns1 as nameserver
|
||||
mac = mac;
|
||||
};
|
||||
|
||||
createOffsiteNet = hostId: mac: {
|
||||
local = false;
|
||||
hostId = hostId;
|
||||
address = "10.0.0.${hostId}";
|
||||
gateway = "10.0.0.1";
|
||||
nameservers = [ "1.1.1.1" ];
|
||||
mac = mac;
|
||||
};
|
||||
in
|
||||
{
|
||||
#TODO: fix local 192.168.1.0/24 addresses they are just palceholders!
|
||||
malobeo = {
|
||||
hosts = {
|
||||
louise = {
|
||||
type = "host";
|
||||
network = {
|
||||
local = true;
|
||||
hostId = "11";
|
||||
address = "192.168.1.101";
|
||||
};
|
||||
};
|
||||
|
||||
bakunin = {
|
||||
type = "host";
|
||||
network = {
|
||||
local = true;
|
||||
hostId = "12";
|
||||
address = "192.168.1.102";
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
fanny = {
|
||||
type = "host";
|
||||
network = {
|
||||
local = true;
|
||||
hostId = "13";
|
||||
address = "192.168.1.103";
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
lucia = {
|
||||
type = "rpi";
|
||||
network = {
|
||||
local = true;
|
||||
hostId = "15";
|
||||
address = "192.168.1.105";
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
durruti = {
|
||||
type = "microvm";
|
||||
network = {
|
||||
address = "10.0.0.5";
|
||||
mac = "52:DA:0D:F9:EF:F9";
|
||||
};
|
||||
network = createMaloNet "5" "52:DA:0D:F9:EF:F9";
|
||||
};
|
||||
|
||||
|
||||
vpn = {
|
||||
type = "microvm";
|
||||
network = {
|
||||
address = "10.0.0.10";
|
||||
mac = "D0:E5:CA:F0:D7:E6";
|
||||
};
|
||||
network = createOffsiteNet "10" "52:DA:0D:F9:EF:E6";
|
||||
};
|
||||
|
||||
|
||||
infradocs = {
|
||||
type = "microvm";
|
||||
network = {
|
||||
address = "10.0.0.11";
|
||||
mac = "D0:E5:CA:F0:D7:E7";
|
||||
};
|
||||
network = createMaloNet "11" "52:DA:0D:F9:EF:E7";
|
||||
};
|
||||
|
||||
|
||||
uptimekuma = {
|
||||
type = "microvm";
|
||||
network = {
|
||||
address = "10.0.0.12";
|
||||
mac = "D0:E5:CA:F0:D7:E8";
|
||||
};
|
||||
network = createOffsiteNet "12" "52:DA:0D:F9:EF:E8";
|
||||
};
|
||||
|
||||
|
||||
nextcloud = {
|
||||
type = "microvm";
|
||||
network = {
|
||||
address = "10.0.0.13";
|
||||
mac = "D0:E5:CA:F0:D7:E9";
|
||||
};
|
||||
network = createMaloNet "13" "52:DA:0D:F9:EF:E9";
|
||||
};
|
||||
|
||||
|
||||
overwatch = {
|
||||
type = "microvm";
|
||||
network = {
|
||||
address = "10.0.0.14";
|
||||
mac = "D0:E5:CA:F0:D7:E0";
|
||||
};
|
||||
network = createMaloNet "14" "52:DA:0D:F9:EF:E0";
|
||||
};
|
||||
|
||||
|
||||
zineshop = {
|
||||
type = "microvm";
|
||||
network = {
|
||||
address = "10.0.0.15";
|
||||
mac = "D0:E5:CA:F0:D7:F1";
|
||||
};
|
||||
network = createMaloNet "15" "52:DA:0D:F9:EF:F1";
|
||||
};
|
||||
|
||||
testvm = {
|
||||
type = "host";
|
||||
vaultwarden = {
|
||||
type = "microvm";
|
||||
network = createMaloNet "16" "D0:E5:CA:F0:D7:F2";
|
||||
};
|
||||
|
||||
ns1 = {
|
||||
type = "microvm";
|
||||
network = createMaloNet "17" "52:DA:0D:F9:EF:F3";
|
||||
};
|
||||
|
||||
pretalx = {
|
||||
type = "microvm";
|
||||
network = createMaloNet "18" "52:DA:0D:F9:EF:F4";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@@ -19,7 +19,6 @@ with lib;
|
||||
enable = true;
|
||||
enablePromtail = true;
|
||||
logNginx = true;
|
||||
lokiHost = "10.0.0.14";
|
||||
};
|
||||
|
||||
system.stateVersion = "22.11"; # Did you read the comment?
|
||||
|
||||
@@ -31,7 +31,7 @@
|
||||
firefox
|
||||
thunderbird
|
||||
telegram-desktop
|
||||
tor-browser-bundle-bin
|
||||
tor-browser
|
||||
keepassxc
|
||||
libreoffice
|
||||
gimp
|
||||
@@ -42,6 +42,7 @@
|
||||
mpv
|
||||
vlc
|
||||
simple-scan
|
||||
bitwarden-desktop
|
||||
];
|
||||
};
|
||||
|
||||
|
||||
@@ -43,7 +43,7 @@ rec {
|
||||
];
|
||||
defaultModules = baseModules;
|
||||
|
||||
makeMicroVM = hostName: ipv4Addr: macAddr: modules: [
|
||||
makeMicroVM = hostName: network: modules: [
|
||||
{
|
||||
microvm = {
|
||||
hypervisor = "cloud-hypervisor";
|
||||
@@ -83,7 +83,7 @@ rec {
|
||||
{
|
||||
type = "tap";
|
||||
id = "vm-${hostName}";
|
||||
mac = "${macAddr}";
|
||||
mac = "${network.mac}";
|
||||
}
|
||||
];
|
||||
};
|
||||
@@ -93,9 +93,9 @@ rec {
|
||||
systemd.network.networks."20-lan" = {
|
||||
matchConfig.Type = "ether";
|
||||
networkConfig = {
|
||||
Address = [ "${ipv4Addr}/24" ];
|
||||
Gateway = "10.0.0.1";
|
||||
DNS = ["1.1.1.1"];
|
||||
Address = [ "${network.address}/24" ];
|
||||
Gateway = "${network.gateway}";
|
||||
DNS = network.nameservers;
|
||||
DHCP = "no";
|
||||
};
|
||||
};
|
||||
@@ -165,6 +165,16 @@ rec {
|
||||
});
|
||||
};
|
||||
|
||||
systemd.network.networks."20-lan" = pkgs.lib.mkForce {
|
||||
matchConfig.Type = "ether";
|
||||
networkConfig = {
|
||||
Address = [ "10.0.0.${hosts.malobeo.hosts.${hostname}.network.hostId}/24" ];
|
||||
Gateway = "10.0.0.1";
|
||||
DNS = [ "1.1.1.1" ];
|
||||
DHCP = "no";
|
||||
};
|
||||
};
|
||||
|
||||
boot.isContainer = pkgs.lib.mkForce false;
|
||||
services.timesyncd.enable = false;
|
||||
users.users.root.password = "";
|
||||
@@ -210,8 +220,7 @@ rec {
|
||||
specialArgs.self = self;
|
||||
config = {
|
||||
imports = (makeMicroVM "${name}"
|
||||
"${hosts.malobeo.hosts.${name}.network.address}"
|
||||
"${hosts.malobeo.hosts.${name}.network.mac}" [
|
||||
hosts.malobeo.hosts.${name}.network [
|
||||
../${name}/configuration.nix
|
||||
(vmMicroVMOverwrites name {
|
||||
withNetworking = true;
|
||||
@@ -250,7 +259,7 @@ rec {
|
||||
modules = (if (settings.type != "microvm") then
|
||||
defaultModules ++ [ ../${host}/configuration.nix ]
|
||||
else
|
||||
makeMicroVM "${host}" "${settings.network.address}" "${settings.network.mac}" [
|
||||
makeMicroVM "${host}" settings.network [
|
||||
inputs.microvm.nixosModules.microvm
|
||||
../${host}/configuration.nix
|
||||
]);
|
||||
|
||||
78
machines/modules/malobeo/gitea_translator.nix
Normal file
78
machines/modules/malobeo/gitea_translator.nix
Normal file
@@ -0,0 +1,78 @@
|
||||
{ config, self, lib, inputs, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.malobeo.gitea-translator;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.malobeo.gitea-translator = {
|
||||
enable = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = lib.mdDoc "Start a webserver for hydra to use the gitea pull request api.";
|
||||
};
|
||||
|
||||
baseurl = mkOption {
|
||||
type = types.str;
|
||||
default = "git.dynamicdiscord.de";
|
||||
description = lib.mdDoc "Base URL of the Gitea instance.";
|
||||
};
|
||||
|
||||
owner = mkOption {
|
||||
type = types.str;
|
||||
default = "malobeo";
|
||||
description = lib.mdDoc "Repository owner on the Gitea instance.";
|
||||
};
|
||||
|
||||
repo = mkOption {
|
||||
type = types.str;
|
||||
default = "infrastructure";
|
||||
description = lib.mdDoc "Repository name on the Gitea instance.";
|
||||
};
|
||||
|
||||
host = mkOption {
|
||||
type = types.str;
|
||||
default = "127.0.0.1";
|
||||
description = lib.mdDoc "Address the server binds to.";
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
default = 27364;
|
||||
description = lib.mdDoc "Port the server listens on.";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
systemd.services.gitea-translator = {
|
||||
description = "Gitea Pull Request Translator for Hydra";
|
||||
after = [ "network-online.target" ];
|
||||
wants = [ "network-online.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = ''
|
||||
${pkgs.python3}/bin/python3 ${inputs.self + /scripts/gitea_hydra_server.py} \
|
||||
--baseurl ${cfg.baseurl} \
|
||||
--owner ${cfg.owner} \
|
||||
--repo ${cfg.repo} \
|
||||
--host ${cfg.host} \
|
||||
--port ${toString cfg.port}
|
||||
'';
|
||||
Restart = "on-failure";
|
||||
RestartSec = 5;
|
||||
|
||||
# Hardening because why not
|
||||
DynamicUser = true;
|
||||
NoNewPrivileges = true;
|
||||
ProtectSystem = "strict";
|
||||
ProtectHome = true;
|
||||
PrivateTmp = true;
|
||||
PrivateDevices = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,6 +1,7 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
cfg = config.malobeo.metrics;
|
||||
hosts = import ../../hosts.nix {};
|
||||
in
|
||||
{
|
||||
options.malobeo.metrics = {
|
||||
@@ -21,7 +22,7 @@ in
|
||||
};
|
||||
lokiHost = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "10.0.0.14";
|
||||
default = hosts.malobeo.hosts.overwatch.network.address;
|
||||
description = "Address of loki host";
|
||||
};
|
||||
};
|
||||
|
||||
@@ -14,6 +14,32 @@ in
|
||||
description = lib.mdDoc "Setup bridge device for microvms.";
|
||||
};
|
||||
|
||||
testHost = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = lib.mdDoc "Enable when the host is used for development and testing using run-vm";
|
||||
};
|
||||
|
||||
interface = mkOption {
|
||||
default = "eno1";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
gateway = mkOption {
|
||||
default = "10.0.0.1";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
address = mkOption {
|
||||
default = "10.0.0.1/24";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
dns = mkOption {
|
||||
default = [ "1.1.1.1" ];
|
||||
type = types.listOf types.str;
|
||||
};
|
||||
|
||||
enableHostBridgeUnstable = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
@@ -47,14 +73,31 @@ in
|
||||
|
||||
systemd.network = mkIf (cfg.enableHostBridge || cfg.enableHostBridgeUnstable) {
|
||||
enable = true;
|
||||
# create a bride device that all the microvms will be connected to
|
||||
netdevs."10-microvm".netdevConfig = {
|
||||
Kind = "bridge";
|
||||
Name = "microvm";
|
||||
networks."10-lan" = {
|
||||
matchConfig.Name = ["vm-*"] ++ (if !cfg.testHost then [ "${cfg.interface}" ] else [ ]);
|
||||
networkConfig = {
|
||||
Bridge = "malobeo0";
|
||||
};
|
||||
};
|
||||
|
||||
networks."10-microvm" = {
|
||||
matchConfig.Name = "microvm";
|
||||
|
||||
netdevs."malobeo0" = {
|
||||
netdevConfig = {
|
||||
Name = "malobeo0";
|
||||
Kind = "bridge";
|
||||
};
|
||||
};
|
||||
|
||||
networks."10-lan-bridge" = if !cfg.testHost then {
|
||||
matchConfig.Name = "malobeo0";
|
||||
networkConfig = {
|
||||
Address = [ "${cfg.address}" ];
|
||||
Gateway = "${cfg.gateway}";
|
||||
DNS = cfg.dns;
|
||||
IPv6AcceptRA = true;
|
||||
};
|
||||
linkConfig.RequiredForOnline = "routable";
|
||||
} else {
|
||||
matchConfig.Name = "malobeo0";
|
||||
networkConfig = {
|
||||
DHCPServer = true;
|
||||
IPv6SendRA = true;
|
||||
@@ -65,12 +108,6 @@ in
|
||||
{ Address = "10.0.0.1/24"; }
|
||||
];
|
||||
};
|
||||
|
||||
# connect the vms to the bridge
|
||||
networks."11-microvm" = {
|
||||
matchConfig.Name = "vm-*";
|
||||
networkConfig.Bridge = "microvm";
|
||||
};
|
||||
};
|
||||
|
||||
microvm.vms =
|
||||
@@ -81,7 +118,7 @@ in
|
||||
# under nixosConfigurations
|
||||
flake = inputs.malobeo;
|
||||
# Specify from where to let `microvm -u` update later on
|
||||
updateFlake = "git+https://git.dynamicdiscord.de/kalipso/infrastructure";
|
||||
updateFlake = "git+https://git.dynamicdiscord.de/malobeo/infrastructure";
|
||||
}; };
|
||||
in
|
||||
builtins.listToAttrs (map mapperFunc cfg.deployHosts);
|
||||
|
||||
@@ -32,7 +32,7 @@
|
||||
|
||||
"hetzner" = {
|
||||
role = "client";
|
||||
address = "10.100.0.6";
|
||||
address = "10.100.0.7";
|
||||
allowedIPs = [ "10.100.0.6/32" ];
|
||||
publicKey = "csRzgwtnzmSLeLkSwTwEOrdKq55UOxZacR5D3GopCTQ=";
|
||||
};
|
||||
|
||||
41
machines/modules/malobeo/zones.nix
Normal file
41
machines/modules/malobeo/zones.nix
Normal file
@@ -0,0 +1,41 @@
|
||||
{ inputs }:
|
||||
|
||||
let
|
||||
vpnNS = "vpn";
|
||||
localNS = "hq";
|
||||
peers = import ./peers.nix;
|
||||
hosts = ((import ../../hosts.nix ) {}).malobeo.hosts;
|
||||
|
||||
in
|
||||
{
|
||||
SOA = {
|
||||
nameServer = "ns1";
|
||||
adminEmail = "admin@malobeo.org";
|
||||
serial = 2019030801;
|
||||
};
|
||||
useOrigin = false;
|
||||
|
||||
NS = [
|
||||
"ns1.malobeo.org."
|
||||
];
|
||||
|
||||
subdomains = {
|
||||
ns1 = {
|
||||
A = [ hosts.ns1.network.address ];
|
||||
};
|
||||
|
||||
${localNS} = {
|
||||
A = [ hosts.fanny.network.address ];
|
||||
subdomains = builtins.mapAttrs (name: value: if value.network.local == true then {
|
||||
A = [ value.network.address ];
|
||||
} else {}) hosts;
|
||||
};
|
||||
|
||||
${vpnNS} = {
|
||||
A = [ peers.vpn.address ];
|
||||
subdomains = builtins.mapAttrs (name: value: if value.role != "server" then {
|
||||
A = [ value.address ];
|
||||
} else {}) peers;
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -2,6 +2,9 @@
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
hosts = import ../hosts.nix {};
|
||||
in
|
||||
{
|
||||
sops.defaultSopsFile = ./secrets.yaml;
|
||||
sops.secrets = {
|
||||
@@ -28,12 +31,15 @@ with lib;
|
||||
enable = true;
|
||||
enablePromtail = true;
|
||||
logNginx = true;
|
||||
lokiHost = "10.0.0.14";
|
||||
};
|
||||
|
||||
services.postgresqlBackup = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
services.nextcloud = {
|
||||
enable = true;
|
||||
package = pkgs.nextcloud31;
|
||||
package = pkgs.nextcloud32;
|
||||
hostName = "cloud.malobeo.org";
|
||||
config.adminpassFile = config.sops.secrets.nextcloudAdminPass.path;
|
||||
maxUploadSize = "10G";
|
||||
@@ -48,20 +54,15 @@ with lib;
|
||||
extraAppsEnable = true;
|
||||
extraApps = {
|
||||
inherit (config.services.nextcloud.package.packages.apps) contacts calendar polls registration collectives forms;
|
||||
appointments = pkgs.fetchNextcloudApp {
|
||||
sha256 = "sha256-ls1rLnsX7U9wo2WkEtzhrvliTcWUl6LWXolE/9etJ78=";
|
||||
url = "https://github.com/SergeyMosin/Appointments/raw/refs/tags/v2.4.3/build/artifacts/appstore/appointments.tar.gz";
|
||||
license = "agpl3Plus";
|
||||
};
|
||||
deck = pkgs.fetchNextcloudApp {
|
||||
sha256 = "sha256-1sqDmJpM9SffMY2aaxwzqntdjdcUaRySyaUDv9VHuiE=";
|
||||
url = "https://link.storjshare.io/raw/jw7pf6gct34j3pcqvlq6ddasvdwq/mal/deck.tar.gz";
|
||||
sha256 = "sha256-epjwIANb6vTNx9KqaG6jZc14YPoFMBTCj+/c9JHcWkA=";
|
||||
url = "https://link.storjshare.io/raw/jvrl62dakd6htpyxohjkiiqiw5ma/mal/deck32.tar.gz";
|
||||
license = "agpl3Plus";
|
||||
};
|
||||
};
|
||||
settings = {
|
||||
trusted_domains = ["10.0.0.13"];
|
||||
trusted_proxies = [ "10.0.0.1" ];
|
||||
trusted_domains = [ "cloud.malobeo.org" "cloud.hq.malobeo.org" ];
|
||||
trusted_proxies = [ hosts.malobeo.hosts.fanny.network.address ];
|
||||
"maintenance_window_start" = "1";
|
||||
"default_phone_region" = "DE";
|
||||
};
|
||||
|
||||
52
machines/ns1/configuration.nix
Normal file
52
machines/ns1/configuration.nix
Normal file
@@ -0,0 +1,52 @@
|
||||
{ config, self, lib, inputs, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
with inputs;
|
||||
|
||||
let
|
||||
dns = inputs.dns;
|
||||
in
|
||||
{
|
||||
networking = {
|
||||
hostName = mkDefault "ns1";
|
||||
useDHCP = false;
|
||||
};
|
||||
|
||||
imports = [
|
||||
../modules/malobeo_user.nix
|
||||
../modules/sshd.nix
|
||||
../modules/minimal_tools.nix
|
||||
../modules/autoupdate.nix
|
||||
];
|
||||
|
||||
networking.firewall = {
|
||||
enable = true;
|
||||
allowedTCPPorts = [ 53 ];
|
||||
allowedUDPPorts = [ 53 ];
|
||||
};
|
||||
|
||||
services.bind = {
|
||||
enable = true;
|
||||
forwarders = [
|
||||
"1.1.1.1"
|
||||
"1.0.0.1"
|
||||
];
|
||||
|
||||
cacheNetworks = [
|
||||
"127.0.0.0/24"
|
||||
"10.0.0.0/24"
|
||||
"192.168.1.0/24"
|
||||
"10.100.0.0/24"
|
||||
];
|
||||
|
||||
zones = {
|
||||
"malobeo.org" = {
|
||||
master = true;
|
||||
file = pkgs.writeText "zone-malobeo.org" (dns.lib.toString "malobeo.org" (import ../modules/malobeo/zones.nix { inherit inputs; }));
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
system.stateVersion = "22.11"; # Did you read the comment?
|
||||
}
|
||||
|
||||
@@ -2,7 +2,18 @@
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
hosts = import ../hosts.nix {};
|
||||
in
|
||||
{
|
||||
sops.defaultSopsFile = ./secrets.yaml;
|
||||
sops.secrets = {
|
||||
grafana_smtp = {
|
||||
owner = "grafana";
|
||||
group = "grafana";
|
||||
};
|
||||
};
|
||||
|
||||
networking = {
|
||||
hostName = mkDefault "overwatch";
|
||||
useDHCP = false;
|
||||
@@ -21,15 +32,25 @@ with lib;
|
||||
enable = true;
|
||||
enablePromtail = true;
|
||||
logNginx = false;
|
||||
lokiHost = "10.0.0.14";
|
||||
};
|
||||
|
||||
services.grafana = {
|
||||
enable = true;
|
||||
settings.server = {
|
||||
domain = "grafana.malobeo.org";
|
||||
http_port = 2342;
|
||||
http_addr = "127.0.0.1";
|
||||
settings = {
|
||||
server = {
|
||||
domain = "grafana.malobeo.org";
|
||||
http_port = 2342;
|
||||
http_addr = "127.0.0.1";
|
||||
};
|
||||
|
||||
smtp = {
|
||||
enabled = true;
|
||||
host = "mail.systemli.org:465";
|
||||
user = "malobot@systemli.org";
|
||||
from_address = "malobot@systemli.org";
|
||||
from_name = "malobot";
|
||||
password = "$__file{${config.sops.secrets.grafana_smtp.path}}";
|
||||
};
|
||||
};
|
||||
|
||||
provision.datasources.settings = {
|
||||
@@ -83,6 +104,7 @@ with lib;
|
||||
|
||||
services.prometheus = {
|
||||
enable = true;
|
||||
retentionTime = "1y";
|
||||
port = 9001;
|
||||
|
||||
scrapeConfigs = [
|
||||
@@ -101,31 +123,43 @@ with lib;
|
||||
{
|
||||
job_name = "durruti";
|
||||
static_configs = [{
|
||||
targets = [ "10.0.0.5:9002" ];
|
||||
targets = [ "${hosts.malobeo.hosts.durruti.network.address}:9002" ];
|
||||
}];
|
||||
}
|
||||
{
|
||||
job_name = "infradocs";
|
||||
static_configs = [{
|
||||
targets = [ "10.0.0.11:9002" ];
|
||||
targets = [ "${hosts.malobeo.hosts.infradocs.network.address}:9002" ];
|
||||
}];
|
||||
}
|
||||
{
|
||||
job_name = "nextcloud";
|
||||
static_configs = [{
|
||||
targets = [ "10.0.0.13:9002" ];
|
||||
targets = [ "${hosts.malobeo.hosts.nextcloud.network.address}:9002" ];
|
||||
}];
|
||||
}
|
||||
{
|
||||
job_name = "zineshop";
|
||||
static_configs = [{
|
||||
targets = [ "10.0.0.15:9002" ];
|
||||
targets = [ "${hosts.malobeo.hosts.zineshop.network.address}:9002" ];
|
||||
}];
|
||||
}
|
||||
{
|
||||
job_name = "vaultwarden";
|
||||
static_configs = [{
|
||||
targets = [ "${hosts.malobeo.hosts.vaultwarden.network.address}:9002" ];
|
||||
}];
|
||||
}
|
||||
{
|
||||
job_name = "pretalx";
|
||||
static_configs = [{
|
||||
targets = [ "${hosts.malobeo.hosts.pretalx.network.address}:9002" ];
|
||||
}];
|
||||
}
|
||||
{
|
||||
job_name = "fanny";
|
||||
static_configs = [{
|
||||
targets = [ "10.0.0.1:9002" ];
|
||||
targets = [ "${hosts.malobeo.hosts.fanny.network.address}:9002" ];
|
||||
}];
|
||||
}
|
||||
# add vpn - check how to reach it first. most probably 10.100.0.1
|
||||
|
||||
@@ -23750,8 +23750,8 @@
|
||||
},
|
||||
{
|
||||
"current": {
|
||||
"text": "10.0.0.13:9002",
|
||||
"value": "10.0.0.13:9002"
|
||||
"text": "192.168.1.13:9002",
|
||||
"value": "192.168.1.13:9002"
|
||||
},
|
||||
"datasource": {
|
||||
"type": "prometheus",
|
||||
|
||||
65
machines/overwatch/dummy.yaml
Normal file
65
machines/overwatch/dummy.yaml
Normal file
@@ -0,0 +1,65 @@
|
||||
grafana_admin: ENC[AES256_GCM,data:zO7Tfmo=,iv:xa456cUb14VjJPEKClqGJiYR7cSsjQPIld+O2E0YNM8=,tag:dFgGtqMYhg4uweoLZPu48Q==,type:str]
|
||||
grafana_smtp: ENC[AES256_GCM,data:xndLMw==,iv:0P4INbDD2/Teo8Dv6lIfLhXvNAkcneEDCeB5OAY25wI=,tag:ilE0Noleb+uL5gqF4bU70w==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age18jn5mrfs4gqrnv0e2sxsgh3kq4sgxx39hwr8z7mz9kt7wlgaasjqlr88ng
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPMXlEbWlabzVUNlRkVFFC
|
||||
ZktpQUx2alRNN01qYmhFYnhMRDBkYmFRdzNnCi9YbjBDUlRhc1kwVjZWY0NGZERQ
|
||||
U05BMlFpemVhR29VZWJUdGJYNWhMdVUKLS0tIFU5dEEvaFdvelpqZGg5a1BHb1Bn
|
||||
eDFDVStZS0o0WVh4cmJPa2o3eWNseGMKc0ydK8/2Gzxe2IYG96saVosJTrRcWizR
|
||||
lcMbsh8mKlVCt5Fx9EQOtj50ylOGk2h2Itk4uLYG4UAySDU/Aw3iQw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1QmsxNERCclRBeFo0WGZ1
|
||||
OGlHTGxDMURsWXdDRXpoUk10S0JpeGk2QURvCjBkaVFHTHo1eGtKbERPWmhNZEpL
|
||||
SHlFR3FPMG1XY0VBRzI0RWhHYno1RnMKLS0tIFAwSFBhcWRrZG9MQ1FjRFVlVTZB
|
||||
QXZwTVd5NnNSdUxRSzNLMHk2SWYxVnMKZyZvZV5qhJj4KATFV2eh9aN9XMbSQL7i
|
||||
kRGQI9y5ADv6UsLh/y+rWe0xF4BPOGF0xL8JUnHfTy/RsKfhB3aTYQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2026-01-24T17:01:57Z"
|
||||
mac: ENC[AES256_GCM,data:KySo9sJgOLBPtxQZ1gXY8aCmCHbn44aiLKiK1mGziKsBoPkBdEivCT7dDQ1tXQj9wz3gly6raS4FEmR6ikcbtAE2EN86cDLNuu9sSiW2OYiJRe5iZvet2veqtA00K7TtPZgAX+ccsUE5iy0W55bu+kpK3J8MPNy3LUK0EbSKW8I=,iv:7BQKCNyWe4azTelyKlV6XvvgPIrspVbwITyycsW/c44=,tag:1XbSxju44GCKcGw8Ln9iuQ==,type:str]
|
||||
pgp:
|
||||
- created_at: "2026-01-24T17:01:26Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQGMA5HdvEwzh/H7AQv6AsOXbgAIOqhQIwmq/t0uUTq77bI2Z96n49kdUqVG0AAr
|
||||
OdnArcAe8J80gr1FUkjhU8jxO1cwh0N6bQdEO5S/MHo156+tToB64l858sxRBeSK
|
||||
V5Ko7Pc0JulgQ5MFgD3SMaOVO9G0pvZJjU+E/WJCkoYnh4HBWWiCx4+OoxeSDFma
|
||||
hvLiAciH6eB5wlKeLeMt9L80stIeSxXSDL/r/5QHg7qI8Fy5YWCtBmlRDQ3Lma3Q
|
||||
erU5M5iVh7nr4P11lsGjgnPPalxuD0bdLQxm3zOXFK4nVJE1dI4zov386IjI57Ur
|
||||
Hzl7LF7fUoaiGZNskfZzt38cdx0EJL2WV71DD5jlEgaPBUom1sRP4pPDSlDi4oFL
|
||||
A3+AK2GvH6xlExagDevtsn7IgA3Dm/ummGpCE12y4To4Heq0uh0nRmRsnpQlzfGx
|
||||
40Ka06u+xM8tLIuyhLFeaVq0IfEtRRo0GeMQYOX/GQS8ns5+WGguhOamDlAf4Tcw
|
||||
UmDn4HEaObHAiQJC50pl0lgBJroiCV4kljDFALv8nKTuu1l/l+X9ULNImtRp0z0K
|
||||
+U+DcuWb+8mNj3WRXEA+zLqxI34pLohZPys85GbUOo1J+OwXrajujuOofOInUfNt
|
||||
OYrcItXgSqZp
|
||||
=8n3V
|
||||
-----END PGP MESSAGE-----
|
||||
fp: c4639370c41133a738f643a591ddbc4c3387f1fb
|
||||
- created_at: "2026-01-24T17:01:26Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA98TrrsQEbXUAQ//Z44dVz5B2l72NhkoxAzaUIvqnluoJw59hbNyfss6ia3m
|
||||
uAFJcz4Vf30AO1CnIWRbGaGvL3hn+qbHr+VDWLJ5gmL8+PLX2LRHhtQnISsFhGRd
|
||||
spXfVr7NpqdWxjTy8EIoWJ2Ucpz6pzwFHh2FhCadKZlz8orvOB+SvmIe3o9LdORV
|
||||
lqqelNASlHjPwyck7xOB71evtfvoFwfWw3CNR3hxE3zkZ55F776Fypi1VxfxRpbx
|
||||
sWPze7LD6/kV04wXZMBDvlQQUShdXfCRSF3SujAWIEhuJu0UsmIdV9omnhGbSOoe
|
||||
LyAyCdryjYmYGUn4MBmFQOf9k/FWnN8OMmLx2lNbXLopCLTM3UA4YY8411CgQd9X
|
||||
RzM8M7YjbfAptvI1sf1DCrxOaKF0tcN6l44bPDkzy1lErKsPcR9N9HfV3cdWii26
|
||||
JDyz+MtYj8DvxofRqsyjJL/qyP/4w+trvnIttbJPW3GZ6LCulJVQupXWvr6Q1lJ1
|
||||
2g3Lyyv4/xwPMRP4/Vt6olOrwkn5H1fcj7w9Dl0osuG2VEnR0sFs33u76kTLMHum
|
||||
7EDT8Dq480SLQ7g4JTCk2ElFBJBdAf8TTX+1rQ+2aUu94IihKHDeXbuxd+MdTyrV
|
||||
q13QAOzLjjeQTYSKwxq9sZlMw5TPU5CJ4lXQ7UGAJ7efH6A/Rd23TMv2stTFyA3S
|
||||
WAGVYDwKP7S49KkwMCC6Dvi0rjYD9fVnk19bQ/SdO/eiKQ5mb4DcOxx+KXxnKDTr
|
||||
GI8pUz9lmOcLZB7umDHR5WnqtG0q1EgASQrvGDGQqORHqEpL343+wBg=
|
||||
=0JXx
|
||||
-----END PGP MESSAGE-----
|
||||
fp: aef8d6c7e4761fc297cda833df13aebb1011b5d4
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.11.0
|
||||
@@ -6,7 +6,7 @@ positions:
|
||||
filename: /tmp/positions.yaml
|
||||
|
||||
clients:
|
||||
- url: http://10.0.0.13:3100/loki/api/v1/push
|
||||
- url: http://192.168.1.13:3100/loki/api/v1/push
|
||||
|
||||
|
||||
scrape_configs:
|
||||
|
||||
@@ -1,59 +1,65 @@
|
||||
grafana_admin: ENC[AES256_GCM,data:c+ZnOyxSXrG4eiK8ETKHheadiSz98LLHYwxb,iv:Ut2qFD2p6OmKDWjLMjFxyISxzTdJpZpgIB7obW5bgkY=,tag:HdayzjXQ1Zc7w9ITLzKLxA==,type:str]
|
||||
grafana_smtp: ENC[AES256_GCM,data:gOER9SzqRACIWe3PchyKguX3RdW6xhSZDzLd727CK1w=,iv:KDOyXGYGXnUu92hvt6eBqI8zeKP+JRDsF8Ir5X/9TDk=,tag:wRexcIJp8XEURKcZnHCRtQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxN1VURXJuMENJV1Z2eEtS
|
||||
bUR2cTNmNUdhU1B4SHZNMW9KRDV2dW5VNmlNCjdmYXpZb05mMEdPdjN4c0VWOUhV
|
||||
RW4vV05CMno1MmJmYzdESjN5MFVFcjQKLS0tIDNxTE1KaW1EVGhtOEQwWXZndk53
|
||||
bFBCMExGdEdMb2Z0TzF0Yk02MUpkN0kKIUm9iUvU/xu1Xl6yoYSVGcIXKnGsp/D/
|
||||
RjVQ7tgJIbrupubny/fg4v2sz5HOs5uzmEq4ZKgBWrBeMPss4gYstA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWdVhpdTdJNnh5VCtmNHh5
|
||||
M1ZTKzk1WlVYYmRWKzJxd1ZUTi9IMW1ta1VvCjVZQVQ1K1lFeC9QZkI2MGZXNk81
|
||||
MGlibVFCYXZ0RFEzNUQxUm5PcWdadTgKLS0tIHFJNXFieVd4TXc4ck9VT3cxWDFs
|
||||
NmRNSit1TkRRbUFQNzUvYThUczAxRzAKvpDK4R7m/GpfOzM4nU5vSYDXZGUy4D+c
|
||||
xouTxOguMdId8GiKb1AJnVv2q/YYdr2M9yA/FpKn7kBfuQw/Hrj1rg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-01-22T00:51:32Z"
|
||||
mac: ENC[AES256_GCM,data:TEEyPmVxIJxC49hDqDbwzTZZ/tNymFr0dMvWn6DRli70Kp5XXNCLTpicAbiFh3WoyzbDpN/5c2yxVNGjhB8nXgKpCZdffdONMY6eSCpPbblYwJS7hNsjW+u2wysSFPDAk5apwbNXJcKnlI1tBcGQRHlym9ShSw6fT7K7afWYWqo=,iv:583DWNug8yNF/vZZN4btT6P1yUa0b1UN4frvAX4UKv0=,tag:YI5KIAe5P5Bx0TZU4wG8ag==,type:str]
|
||||
- recipient: age1hq75x3dpnfqat9sgtfjf8lep49qvkdgza3xwp7ugft3kd74pdfnqfsmmdn
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0bEhCQitwNVpYSHRJOEMr
|
||||
ZnZLQ3lELzdtREVpSHVGd3BHZ3p6WU9BK3lFCkFlYXNsa2JWZmZFVjRmK3BTejc1
|
||||
K0JVSlZPbFh0VklvZHFaOUwyVHlibFUKLS0tIDFMcU8wc01lT3g0bUw3VHBmd3Zv
|
||||
VnRIYVVIZktISENseEVLVWlsenFhcVkKvj8i349iNX2YNL5G0w7F9IuW/5ZRP6Z7
|
||||
XC8TrYzCSOEOXt5nMnZg2yQUJHi6Qq8Wu2e2KV7Cd9J8Q/39dRv2cg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2026-01-24T16:52:54Z"
|
||||
mac: ENC[AES256_GCM,data:BoJwPldIVZf2NZALbeMTq6DvuBMwOwyvmr5UjsPvQrdbbzYjLTl5dplkhT6QRHPDCFDT4Ibd1UfJ8pQYRkGdO2EjlUyuk3hvAYdR+PUmVz8afFE07sNsGw2EDGVHmsFjUVHLT69YqXtGpVNTW6KjqYuRhz/Ik0wEZLxzDSiy86c=,iv:TQU0si/AYaMpShF4l3CzUN3qajQpE0ZWa7mLOqhRP00=,tag:Oyapkoo4+Q7x08m6RTXfcQ==,type:str]
|
||||
pgp:
|
||||
- created_at: "2025-01-22T00:51:09Z"
|
||||
- created_at: "2026-01-24T18:05:47Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQGMA5HdvEwzh/H7AQv+PxajhJgXHcxwJ7Mk0gjqFV0dGmNJ1m0eY3gPyIS38GSB
|
||||
Rjto1zUd6EARu1GnxSrVrSZYlQaL6x3l2DuFIP7mtymvlFrmhiAoDz/si0zlzsJp
|
||||
WZyQZdepnt9FyYJAwTzbmfVdpZDYajuMI38byMJqzUhS7SEOsPwiU1KRoTHcf4se
|
||||
2E+9v8OwTVT2UoDxyiVJuDAA+K+Jh2RjHk3p/uVnZDqqQpI9UAI8LrCpun9uALpH
|
||||
+29wyhkCZ9RIHU7nDQNVvwHkbYCyRUwR44bciSwITpjp7GuZCcZvzSSimPktkC9q
|
||||
VZkHA6rHgHgcu6mnMfpP0+j4gB0dU0t4hGF41klV3YpEGfYcFIsKV10lfa6aMNmW
|
||||
08RuLdCtnQyplYhgBm1zQvYHJsIuwK9s1B2dz3Z8l3o2eg8AqFuIL+MlZOvf5A/2
|
||||
MOXffyXbOM5Dhy7DdUckTOYYfwWe1mStw3vx3I3mAFzuOOR7HQuzlc9Bf1oxh36T
|
||||
6e/qOijjPPqkLeR2mufo0lgBBFTQFt2jVvMo1lrCB8Amj4yj/4noXTzglkYTYBKs
|
||||
S513kUdhAGtWoNrqcItOYAn/gl+CPGY2Op3tJBVCWM6aT/KO6M/LPJ7wiQk2zlOL
|
||||
pp7SnCKvv9eQ
|
||||
=N+uj
|
||||
hQGMA5HdvEwzh/H7AQwApRb25y9gYvAV1XvhhnazjaFKPeNkL47Rou9fNySfa1fg
|
||||
WOh/m0Pu1RUK6QHhnQhLvwQeVV/eQc4M3RWccSKdSmhDJGN3WdfZZAgDXT7ovifD
|
||||
oMEwstACzCCKwNQ1TRc2KyTUGOudWuFQzt1TnOv+jdByScDwRXVItWHoIBk0B4T9
|
||||
qq+sLjdWDNXQpED609kkYm0Ge6IApDN9kt8ZXylFDnsSEu9dRWNUY4fBjfMK8Nfp
|
||||
aPpGfRUrlAEK87ApPtD1I3SBNkz73KSXSieUeCGqra5c/W6oRY8nzUljvHAD4Zr2
|
||||
aGer5lLujih5nR+QybaNnREGrlNDh7SEhBk3p7Nuj/bH2f4Pyto2J+9WaLPZ8UzW
|
||||
/nnhIZmPvcRm6z0++tJtKRhloutSNiuv1emM7XpGk4zjeW4f8hg+eld6c/ngZ5vw
|
||||
tv2RH75AuOfkkychZJwBPy2hhmBgPEoY5Z1qPkqv/2m8utO9vuHeFn+pxgSsijF1
|
||||
Q70noa9SQSoeqDVGmldF0lYBPT8ldR5RleLKnYj0vdyLSWgQUBUlx/CbWl7JoNzc
|
||||
eCRp16b0MmfSWqBwtmHfhZSb5g2qVwsw6LlfeyshngNUJNc9Mc4HqBtQZivAjQCI
|
||||
9lYbc+2rDw==
|
||||
=b4hD
|
||||
-----END PGP MESSAGE-----
|
||||
fp: c4639370c41133a738f643a591ddbc4c3387f1fb
|
||||
- created_at: "2025-01-22T00:51:09Z"
|
||||
- created_at: "2026-01-24T18:05:47Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA98TrrsQEbXUAQ//fm/TcxgsAMY6P8jvOQMcRBmjjVwfLP1UTTnkRUa36Mmn
|
||||
2V9619zsH1dzTp0gUVV8mvIKUtpz2nCBTZBJw803wW9KorxW6f4e3+mIWelZT5WM
|
||||
sLcQPFWAYKDVnSfk5j8kRSmpM6k2xFRB9DTEMIyFH9PZL99Fztp2hjTn553YTQOo
|
||||
pdw+AMzgptYQghW/Pl/32wXHwCO+bL8tyk62VIQO13l3tX83oSslXNkFzNQYt3jv
|
||||
xXFUaQEGD/1lFLeFnIuJZzfjWt6n0fShJboUcuk/ZIcYdwrbG0pyLLoBoObSRQtG
|
||||
t+7VpWpfl3rnk822SU9z9YcaMNy9HD3Kz9Qh0BRQiN3scCMzm1LyzlXLqlc/gPiq
|
||||
JyCxy98vJXIxmlLQZpDFfTMe3xsc8jSsHI6av+wEFKGEJAOUkDtRYvLfZdgDTfiB
|
||||
XTAhQ3ixnlBxdZZ9DjBXyVfM8q9iB8bggFi7g2SjO32LKhXRFUqZR+avddCyKR/V
|
||||
hRpWjDRn+eX2tl7LPawvX6tIow3aZiezkMVyeRXfcZCvpicq64b80LrYR+JJUfJE
|
||||
vxHaekKImrdJ9ocii0wW91ZmESJwL6m5lt3ZsCY5GTlEDt4wBse5uhj48mtuK8sh
|
||||
g8uQMKp7SiiCtV5a6O1SQLDJeAt6VCcRyudLToO9S4gwrGXNPcGxsHj07XAN2PHS
|
||||
WAE6wUhufXfpa8UgSWy7fmEZt4L03XlRfC7bm/ycwaFww3A7w4+B1gkW6gOon6sy
|
||||
nOyIxUZfU6abZWKzH+OIuViKH7xPiULDy75gEmkRHjKu5BiC3Tx0eO4=
|
||||
=+PPr
|
||||
hQIMA98TrrsQEbXUARAAmL5wfXTStuu0hFz6E3sEfGdWrV+O5ZmP79Bu+1BgCzkQ
|
||||
iIp18D/e6vsCoWrTGtgEWfqWe0i1B2Iq5sPxPvSg356nfxuNEWxWjsjK6yVziAos
|
||||
On6HQJyEnSs7yfnQ1BXNVPVa3dCXfAhlz4zJ6kfSFuKV2WhDs6y0azNCD0QdE6d3
|
||||
YHd/WOPr726u1prQDMKsyYKHQd5QyjAl+egXyrlbqwQowYdS4hYpGYeZbdiVPsCo
|
||||
cKHvfq+3cS3bdzzwJ1RadBg+sR9zmKlsWCkRTyMB/uL3bhVomtsSU3U8CN09QOpG
|
||||
+eJjk3T07B23lzH6t214CZRFJ8dudgMyseMUnsWngWfn3VfCW10wciaxvhKqMcE7
|
||||
4VLAPCjJNh8IQcmYE0+fFrpUya3CR1cQo3nwx9Hc/BPuXrjJXzbDyeMPWJAJgwbK
|
||||
Hxuer4x25LWRFCu/EkICxRPIbFqymLVXr/ZTsxwve8lTJnpGMTsZd4H93BMZ48sc
|
||||
U7V9ZoLlVp9mSCM4jbrhpoDOz96YoH0rt00+5SW9EaFEsqeLzTrSZinKSnRaR5+6
|
||||
G04oOyG9eSHWMTHqlZihR68ut6qUQK2GJMiv7ZIimYgbNaWG4tU/ExkUZY7rTGgq
|
||||
d1swV52fPbFhwk8PfXxeVep0VYUfjHk9GVJRRgUEoqc93NhDwWSBZuZR7FJNCM/S
|
||||
VgFYepBIOp1J5DaeZ5jquRRIFVtFa3+nf1ceHR2GbCUy+7xGhEtIMBUsgRwDF4Wu
|
||||
pbwb8T4EreK1C9XlEfWwF44WJXuqU2Rzx3oq6FcNUfAksIk6y+SA
|
||||
=9zQv
|
||||
-----END PGP MESSAGE-----
|
||||
fp: aef8d6c7e4761fc297cda833df13aebb1011b5d4
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.2
|
||||
version: 3.11.0
|
||||
|
||||
99
machines/pretalx/configuration.nix
Normal file
99
machines/pretalx/configuration.nix
Normal file
@@ -0,0 +1,99 @@
|
||||
{ config, self, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
hosts = import ../hosts.nix {};
|
||||
in
|
||||
{
|
||||
sops.defaultSopsFile = ./secrets.yaml;
|
||||
sops.secrets = {
|
||||
pretalx_smtp = {
|
||||
owner = "pretalx";
|
||||
group = "pretalx";
|
||||
};
|
||||
};
|
||||
|
||||
networking = {
|
||||
hostName = mkDefault "pretalx";
|
||||
useDHCP = false;
|
||||
};
|
||||
|
||||
imports = [
|
||||
self.nixosModules.malobeo.metrics
|
||||
self.nixosModules.malobeo.users
|
||||
../modules/sshd.nix
|
||||
../modules/minimal_tools.nix
|
||||
../modules/autoupdate.nix
|
||||
];
|
||||
|
||||
malobeo.metrics = {
|
||||
enable = true;
|
||||
enablePromtail = true;
|
||||
logNginx = true;
|
||||
};
|
||||
|
||||
malobeo.users = {
|
||||
admin = true;
|
||||
};
|
||||
|
||||
|
||||
services.postgresqlBackup = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
commonHttpConfig = /* nginx */ ''
|
||||
proxy_headers_hash_bucket_size 64;
|
||||
'';
|
||||
virtualHosts = {
|
||||
"events.malobeo.org" = {
|
||||
forceSSL = false;
|
||||
enableACME = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
services.pretalx = {
|
||||
enable = true;
|
||||
celery.extraArgs = [
|
||||
"--concurrency=${toString config.microvm.vcpu}"
|
||||
];
|
||||
gunicorn.extraArgs = [
|
||||
# https://docs.pretalx.org/administrator/installation/#step-6-starting-pretalx-as-a-service
|
||||
"--log-level=info"
|
||||
"--max-requests-jitter=50"
|
||||
"--max-requests=1200"
|
||||
"--workers=${toString config.microvm.vcpu}"
|
||||
|
||||
# TODO: 25.11 upstream
|
||||
"--name=pretalx"
|
||||
"--preload"
|
||||
];
|
||||
nginx.domain = "events.malobeo.org";
|
||||
environmentFiles = [
|
||||
config.sops.secrets.pretalx_smtp.path
|
||||
];
|
||||
settings = {
|
||||
locale = {
|
||||
language_code = "de";
|
||||
};
|
||||
mail = {
|
||||
from = "malobot@systemli.org";
|
||||
user = "malobot@systemli.org";
|
||||
host = "mail.systemli.org";
|
||||
port = "465";
|
||||
ssl = true;
|
||||
tls = false;
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
||||
system.stateVersion = "22.11"; # Did you read the comment?
|
||||
}
|
||||
|
||||
64
machines/pretalx/dummy.yaml
Normal file
64
machines/pretalx/dummy.yaml
Normal file
@@ -0,0 +1,64 @@
|
||||
pretalx_smtp: ENC[AES256_GCM,data:zYnhuulpJAEEacXxpqNG2GEVrV21H0UZfx3sqZaZxWYL2HW6WwFMZ2PeGL8bWCv92+iZ2DGkhg==,iv:kMJLfeQ+9ZZFc6T+HnS64p9BJUy38nXrakAOXdQ0gIU=,tag:l8/eSrcOtt9MLnqcif5v2A==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age18jn5mrfs4gqrnv0e2sxsgh3kq4sgxx39hwr8z7mz9kt7wlgaasjqlr88ng
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNZXExRE14NDF6cnFRSE9G
|
||||
RjdxV09UMXUvczBQai9GQW5PT2g0eUZhSUVvClRZL1dJVlpKUTArTkhhR2JCV1VG
|
||||
cktFb21wNDZiZC9oc2l5VS9hdzVhbFUKLS0tIGZZa2Z2R0Nvd3RUbWRHMkFJMjVK
|
||||
QXdRdkVwSFg2TVRBYU1qWFJ2bE9hWFUK8HuJ9ErFU0yH3QlXl1tnmawNX0fHDOFb
|
||||
g+DpDYKccGcC6PxNOE/CsftJqGLtFlToYHOYWG18bFjNZawUoaOfLQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3S0s4UlZuSWc3K3cvTDBR
|
||||
WEt2L3hYSGRVWHBYbEtoci9rYkJEK1hYSkRZCkM5S25YNGM2Y3R0MG9lWUNJem9P
|
||||
bnJXbTRFZUpUVmhWVVVqeVhjdDV2SWMKLS0tIEdXbXU0RkJ6ZzBTcTdiZlJPbG83
|
||||
RW8zUzBkNjViYnVFY3MyM1ZENmZXVmcK4144dF921EuNaofNhaYw9Yh56KHdfQD/
|
||||
vxPkp5jC02Wbb6hjImd+oMUg3jgCbWC4j3Qpvaky8Ig2AaJRhtqlxg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2026-03-09T11:58:41Z"
|
||||
mac: ENC[AES256_GCM,data:n11H0rFtXvCeleTKXnQ8tORm3YH11tvjRd/PYSRof8EIUpQ7ZtyVqdYqPZCUuck12LG8hh9+GBBpXIRDhwEJlteC61Vl0syW9bQvCbfETvIgRZsoIZr+mofYHe1twm73sd7YaGzC6xxVm5HZG/qS1LflHah6jFO6NkgQ0GpLPTE=,iv:np3bKJIbVwn96rMBeedLmw6f1him35waUWN6LJ5MLNk=,tag:fs8rmrSkK1REaUKJHxeSbw==,type:str]
|
||||
pgp:
|
||||
- created_at: "2026-03-09T11:58:34Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQGMA5HdvEwzh/H7AQv/VMIZlsBZPEolTd0yUfHyZ5PRsQDirt4hOuVFGXdKi8tb
|
||||
Pk+L3y69ynfF+ZJsu41+GdVgaNX58bbdqJfnEgE+k35IrJxYmVlNuUmd5s79rOHQ
|
||||
b1dn6SdoVrKTAgtrnicO0n0F41XZBSpqP4wKVHigsWgfHkaUUsI+5d/T/2F+VCcS
|
||||
slhvveCMKNjDlK9sukp5TBiX+xrWTq4QIbMS7L6VSlwHod72bp73o7RV9PgoO4vy
|
||||
aodYiPmJqDjF0Az7JXdu2UdWJGUYxNWb5jHCT3qpcZyX1kVSmZvcRjxtVVCySFx+
|
||||
agcavtdlEV3t8JOOvVmYoxwNOGjDvJ83k6wdueFpoJFE4Z1pHy/XCVCHykmWH/+m
|
||||
nYADzmg+GiOSrTR2xWEmkesrByOMucYiZngDV3RLuZraE+8PJbqX2aAAip1Ol6AX
|
||||
eYGCtLw/cXvDM1ngdj/4vaelek/TMLRRmuDyzVHevnqMGhdgAp4Ns6+ihZajSYkK
|
||||
4YqUSKOMHrfEwbZgGYGW0lgB4cv1uzPgyufcPWzg8oAS0/2jW6KjZPLIx4SYcp41
|
||||
C3BE/osbnyzGhzmabNstFbVmBYF1iK73O/Np2PGj3glBsE7PNMmcDu4ASaEI1nNw
|
||||
CpOmQCR9jRGi
|
||||
=6itD
|
||||
-----END PGP MESSAGE-----
|
||||
fp: c4639370c41133a738f643a591ddbc4c3387f1fb
|
||||
- created_at: "2026-03-09T11:58:34Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA98TrrsQEbXUAQ//aQNOD855rikMtrXENG/XA5dZeKGaLQAv0kWUHuJbRddn
|
||||
IB9pW+Y8AgyB6xc9A4oKOKgjT8TCSYvGI6zDchf5tjrvQwmiMlpQouflcjR+UgDy
|
||||
mANqL2+7GLFVcTuQfRPbEdK54Q78KciQ2bxMeh0WDZ5vV8fCTz+aPsvlNT8AJBcq
|
||||
BO4dyG1oqCT13ln7g7LoHPn22wAj+H93F8aqyFk6YjgomKRf0j9gAW/NI1w8TIsg
|
||||
etgMBrn0AupANrADQHAij1zSS+GaK8ZMBVgCoInc9gAQl97ytMLp/eQj4Ll69r+z
|
||||
JRhFdFDZgP0UIIFurAU5eFixNq8IZnFYvFRGpR/XzAiOh8JfgWUDs5HSLyRcADi9
|
||||
XxLsEnTFm1kfoI+lpma0WtlAIXg2WpCoaU3B2kB15T4giVs6LWGmssux5t8uKTFR
|
||||
DySHvdl9o78zBFPVxhW+j9h04fAeUmCWZYKpnEdFwKpBmGWtnC5rvz22Xwu3Q/wT
|
||||
HioLzvETqVn+knc/ErR6Axw4A9zeLi1AccJdceVopR7rEq+0DjpLV/zYqwGruQaa
|
||||
q1qtQIgPf888TKtNgAGSxQ2nUfkMM2oK2cC6r2juhxwbmTFcz6FUV41To9/hCo1c
|
||||
1SE4ZiRu7R8i+KFn4K2y6RGRkJo75trJkxuwGvAYuo6gGUmj50EeimFx0rKRddfS
|
||||
WAH8JPQH6ohAqaA1hdrQRM7lPtwjPCfJW/fUqPHAR5Ytwn9xmt0A+jQYvmubH9dR
|
||||
UT8OMUOIh2XC2JDYt4P4pFXXODB6WPb3Fdft6S95+vLhx6eHuo7PvVM=
|
||||
=KkYj
|
||||
-----END PGP MESSAGE-----
|
||||
fp: aef8d6c7e4761fc297cda833df13aebb1011b5d4
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.11.0
|
||||
64
machines/pretalx/secrets.yaml
Normal file
64
machines/pretalx/secrets.yaml
Normal file
@@ -0,0 +1,64 @@
|
||||
pretalx_smtp: ENC[AES256_GCM,data:Jrgx1/AsgTb1KxtgiTPGRkgtl5EHPWHPde4ItwOHH9lcmakAb1b2n4JP70vF53uuKIfiyCPeVQ==,iv:fcVFgjKSGTaFxC1DAX2Sb6WD/IbJO0s1A63wrQkLWbg=,tag:NjcNwa+6h/boRemEg1j9ng==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxb1dGalUyNzVtYjFFNm9T
|
||||
a3ord2NSTEE3UkhrTm1TbHdMV3lITHJRLzJvCnAxeUZib0d0dCtUZ0x3NUtsdzdD
|
||||
SjVYY0Y4MXhGRVZGZTRiNHJHSHNkb0kKLS0tIGtCL0puTDRZcUsrc2VRUU1URERs
|
||||
Y084Z0tGR3JPZkw5ci9icFVSd051bE0KXaT1mPUBFUorZ/zgYjDyqWGbnHAkcjmZ
|
||||
KVZJae9HC35+mq9mme7XOH96NX6tq69Hg+TUFoQg1m2Ifz27GKD3bQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1y04q8n7mgk82c87rfddm0u72h0ny6sfzktjsk0cc3gu93kezudfqdp9v9g
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWVVJyZFZCTVZhUXN0WFJu
|
||||
UWU2UWxTY3ErWHVhMGNGU0t3N0c2ekM5a0NvCkVtTDdyeEVMQzY5RUg1NnVZVHd1
|
||||
a1U4cytPSjU3K0NaSmJDdk5peHM5emMKLS0tIGhTemxzbjBzNkFILy9QRG53V0lX
|
||||
dEZTQVpCOUNDSW0yRS9rYkZkVjZPRG8K/Hea01veMQ0Gxo//24PRhDcncYUuExpQ
|
||||
T4ff4CNXF2vDYDsSIPDlhHdmSRGmoCw00ChCZ8vvIlHl2O86Qmd0Ng==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2026-03-09T11:58:07Z"
|
||||
mac: ENC[AES256_GCM,data:QWFdEg+I1YUH65qPUQvOwwb7i+X+HYKdhYJiLoku+XcvYq4xFaoBvFTW3eZ/S2i20yK1SQcAVjUe7JQEgZDtqzPdZH6w4YIZJVvQdDMPy99xdXXEZrnW+rHOy60XFS7WiyeUdLA3TQ4+Ec1f2kkQw7MhbDbOoOh0obsvfhtz3OE=,iv:h4Qn/LpayhXCWWsO/nm18Rapz6WXQcjItF9YwyiFJJ0=,tag:bxtQQMNgVyFkHp+pbSP3UQ==,type:str]
|
||||
pgp:
|
||||
- created_at: "2026-03-09T11:57:24Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQGMA5HdvEwzh/H7AQwAkahLpq8vqQn6N5EyrbC+33Ohl61ZbBPR6NnQaLvU3s+i
|
||||
WJ3xe7T+LP0jv2C2t//VhYvVNolQ2LBA+yLE3Cvjw6JCyVhu54ZRDJciY2w/wY5J
|
||||
MN++Bqac6avoEYHkvoN6m1/F8JK46fzgQT7xXFTGix+g1W48aSC70GRZUmsg469p
|
||||
ZFYbj/mEseG1ICxhZANU2NgRgW7kA/La/fe3/+YE8tkNHSXF2ZevQvluarm7kXT9
|
||||
KWani1wMlUMwZoCpwbfNwKpXPL0jW48FJsFIlxPbDrDCkR1gih1PHFVyqd45am9g
|
||||
Uo0hJ1NOKzm5Cy5c/3xJzaP62UWyNJf+v5VojEg2XfSGqtaZDFQsLK0of5G/XArn
|
||||
C7k7UbQJqz15rHWPznIppv2h+cTIsVDQcz77es1/qaOQyCMHdYqdkzi5YV7DJBZS
|
||||
K6PP3Nt77uL4LGRL0vFtBgdhKFtXAAf8lhRfZJcJ2P9BYvaFdRUfjm/r0TNfCref
|
||||
k2WCesk4F/pQSyB3ofuR0lYBJzlZ3iNpl7DlfyZ6DRZ/+aVFceRf9A8QKtkVmdMt
|
||||
noqBJfLzhWgVmUUh3DO97mJV5pNOx8238vqVTxWrUqZXjXdXaUDaFUDXvgwg3GOA
|
||||
N28ZjLy1XA==
|
||||
=mIVi
|
||||
-----END PGP MESSAGE-----
|
||||
fp: c4639370c41133a738f643a591ddbc4c3387f1fb
|
||||
- created_at: "2026-03-09T11:57:24Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA98TrrsQEbXUAQ//cnVHHJEwQn+W8Jkt+jwgnKCgbRutvG3U8hlXizzdk2RI
|
||||
j6nVPpv2DwuXvX3ktnng8XrmWwXf9rFRRltVs7alenEnHLxiDd5w+WYeH4NCHOFr
|
||||
+vvFwxNOxzLDj5B2Fjod4El70jUdrP6Mqzy37DPu1Gb2qIUEwdF1LEzM4FMWdeWL
|
||||
BA0wCJzlTXzdlb0shw7xEsqvmnL11u+aQ8AVU3kgWxSkn0VZJIYYkwegUYfflSIr
|
||||
wZsNsh8k+wG58f5IVr8SqnzkfxRfJSoxNKWV9dK3a9hJnnD3DUhqnOgvCnPCRKSP
|
||||
drH+7KxqmNBxqQK3f2iJvgcyLQwyEEqF2Rt6gXwyDByHy3ewupAQD0aQwi5HMWcK
|
||||
iEUVSQVZ6jRfAIyDs3sBnBHceB9BShFr+NN9eUjKJWm2QD4TdQamnpMLsQGpdZv5
|
||||
Lomk9VfdZPNw7DAKJs1oDeBRmhAP/crlOW/ZZho9mewKHr7Htu3VZP812GVupJns
|
||||
IK9mMnpwAhgCtChcOj/ule9NcA/AWKcrtdAyId11SvjtMO+ZjRFrOCK1wKgIif3p
|
||||
ogjaK38v/7gy4/8CDyVgru+luNklsRHfZr+BuPGBDDL8M7umXilK+GyGO1CnrjxW
|
||||
DJXdvMe+u75OsYvGv7eX0tqd+ePanCEoDXxFJbMc2QZigD2kZgq+qRM9CxJ2jCXS
|
||||
VgEEHybyGrOo5RcJkpk+UQpb2aTMLgFNqkTn0PRQSMFeXVQIt584a9xZs1TQ7ZsT
|
||||
5H4jaFXFcS+GG09CORbkf2fkQI2KpaqBAGFct21K2hY17Tpm7kgC
|
||||
=yGms
|
||||
-----END PGP MESSAGE-----
|
||||
fp: aef8d6c7e4761fc297cda833df13aebb1011b5d4
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.11.0
|
||||
67
machines/vaultwarden/configuration.nix
Normal file
67
machines/vaultwarden/configuration.nix
Normal file
@@ -0,0 +1,67 @@
|
||||
{ config, lib, pkgs, inputs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
{
|
||||
sops.defaultSopsFile = ./secrets.yaml;
|
||||
sops.secrets = {
|
||||
vaultwarden_env = {
|
||||
owner = "vaultwarden";
|
||||
group = "vaultwarden";
|
||||
};
|
||||
};
|
||||
networking = {
|
||||
hostName = mkDefault "vaultwarden";
|
||||
useDHCP = false;
|
||||
};
|
||||
|
||||
imports = [
|
||||
../modules/malobeo_user.nix
|
||||
../modules/sshd.nix
|
||||
inputs.self.nixosModules.malobeo.metrics
|
||||
];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||
|
||||
malobeo.metrics = {
|
||||
enable = true;
|
||||
enablePromtail = true;
|
||||
logNginx = true;
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts."keys.malobeo.org" = {
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
|
||||
extraConfig = ''
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.vaultwarden = {
|
||||
enable = true;
|
||||
backupDir = "/var/local/vaultwarden/backup";
|
||||
environmentFile = config.sops.secrets.vaultwarden_env.path;
|
||||
config = {
|
||||
DOMAIN = "https://keys.malobeo.org";
|
||||
SIGNUPS_ALLOWED = true;
|
||||
#WEBSERVER
|
||||
ROCKET_ADDRESS = "127.0.0.1";
|
||||
ROCKET_PORT = 8222;
|
||||
ROCKET_LOG = "critical";
|
||||
#EMAIL
|
||||
SMTP_HOST = "mail.systemli.org";
|
||||
SMTP_PORT = 465;
|
||||
SMTP_SECURITY = "force_tls";
|
||||
SMTP_USERNAME = "malobot@systemli.org";
|
||||
|
||||
SMTP_FROM = "malobot@systemli.org";
|
||||
SMTP_FROM_NAME = "Malobeo Vaultwarden Server";
|
||||
};
|
||||
};
|
||||
|
||||
system.stateVersion = "22.11"; # Did you read the comment?
|
||||
}
|
||||
|
||||
64
machines/vaultwarden/dummy.yaml
Normal file
64
machines/vaultwarden/dummy.yaml
Normal file
@@ -0,0 +1,64 @@
|
||||
vaultwarden_env: ENC[AES256_GCM,data:dgEYC2VcGKrIvts9sw60kmEemhRdaaLWvsEQjAE52mAfhA29iLpB/sKXt3bxRGV8gpSF8OQoXdniWwCrDhOWUihawy2WFhLENamIyY4tVBOKkEtkhQDkoAhZ1VCShb1fgN+BzfM=,iv:zvg1uh8fxeHNFOq/DpicwAk+5j1fDogrnpTX5Ua0yDQ=,tag:rcyLE928+DQF41y4ztvMbQ==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age18jn5mrfs4gqrnv0e2sxsgh3kq4sgxx39hwr8z7mz9kt7wlgaasjqlr88ng
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1ZE9qK2tmTWxERklOSFdZ
|
||||
bVVUbW5aajFrWkVBREZtallvS1dreGNFVjJFCmdBdGNQQzZkMUp4dzZUYTg1Tmgr
|
||||
K3BmajYxY01jdVVubmRUUy8rNm9oVTgKLS0tIGNtTTQwWUdzaXpjVGt5aTEvUFZy
|
||||
UWlGRzhPcDlVb0s2OGJTOTBVS2RKVDAKKyFK+ISjqbwOftiDn5uuIJfAl3fkX4C9
|
||||
iNHl84utfFyeUnJJK59uX3YGY8B4wEG7L3/hPt9gLtuX6Ey64yusIA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0Y1l4Uzd1TjlKbHpuQ01v
|
||||
YnFFWWRNNU1relVHSTk4ZjE5eXdnS2czZWpBCnJwbmRhdUtkVDUrcnFJSmVmcjBJ
|
||||
eVBDd0l5bEovZEpRdEZMTlFMUFJ1UjAKLS0tIGo5bEQ3Tis0aXcyc1JxSVRCeXFU
|
||||
OXFDMHExSWQ4U0RleXBqaXBGcnhEUmsKmBGLpusD28V406Gz9uHV0N43J9wEWkY3
|
||||
WJ8R2OjVeRfMmOriWLzEkHHJw+3DJc9abzSOoIS/ViN30MkhdqzOMA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2026-02-03T20:56:51Z"
|
||||
mac: ENC[AES256_GCM,data:zkykMvBMjSmyhSPFTvyeUVZZwu0Fb4cgXD4m4lWQWKEXiHeCHQEy6YIxqutdW6vjaO/P64Hk72OH4Dh/gDl+riMbWIpFwtkzIWvclqui+PmdMoRG7u8oLa7wE9C/zypTw0yzbREyeoouIZq4zzWZsCmljfgcYSpMpQxdWgYkkbU=,iv:WbW7NAZUb2B7421chzK9LDUEkpGJ9rvnuA3jW3VjlZs=,tag:HiOV2LSLqsv+XGrVB0MugQ==,type:str]
|
||||
pgp:
|
||||
- created_at: "2026-02-03T20:09:53Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQGMA5HdvEwzh/H7AQwAmyshbidzh+sGpxfFEAbvcLv02pt31PopMM9XzceV0z17
|
||||
7MaJ8+qZpif1SMpyjNmrZ4vvBa/nGF55tHLGQ+jijsEqqOqnR1+MihxLBX71wRVj
|
||||
G9VdoaSnlKTgXLbtimo7qRjNIm4UaONLIw9M7l4DwhUNxYucNEr2eFy2wzrNgmDF
|
||||
As5NswJXap0maBb78ieevqlTa7mE5I9FyBgTDsMubBZpD9CU6+vav9KrYLwgDuKj
|
||||
X2SFfIo3SJdZFHDTTS3e/DTpRRf80bJ5PDChiDZ3Qr3SmaV7m+0V2EMRT7duoZ7J
|
||||
bremMsVJo+0RhuncLgIWXFDiqU43VVfriQJeTFFTaqzqqnWTn+1Nx1ORH5NmhBhk
|
||||
qMi2Eqc7K15Q/0AU8lHYOOvYdn62OjdyJciCBq/hTSscEpRxJNvz5G+WChMJyU6X
|
||||
PytHqw2mFNs3jx3DleAZat+SBD8aa1e4ORC5AIVVAaVdsT4a1lFJ5V1jlk5ddg55
|
||||
tFPh2qOqGX4V6HBBZS740lgBo7EYNFeKleDKCN8jjJYyUUfC13JnaWJy/5/9xMyi
|
||||
YtTh7w5lTFV349zlBZSLqPuunanGN+dylWSZZrp5XTw7Q/rpa7za5LwjcDQpwaY1
|
||||
FaFNoImglFKQ
|
||||
=C4re
|
||||
-----END PGP MESSAGE-----
|
||||
fp: c4639370c41133a738f643a591ddbc4c3387f1fb
|
||||
- created_at: "2026-02-03T20:09:53Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA98TrrsQEbXUAQ//Z6puWp6MFQZgNp95JMkCJyVMKAYDUJ4d/WRMWWxaA8pt
|
||||
dtWokpON0st30dhXBGsicUGjAsM15gIuN3d5I2hDQqGA5Dt2LchBjdt392FoTpij
|
||||
fdwUKpwhi91j71PrbRP1iCS6+66t5rDmUk8AWNv+9eA/4xJ+JQKgZWpBv19qbc9i
|
||||
sb6IjhuZ3/m1Yooh7LywKUM/5qeWSeH5QFfpbhrCLLEmpL6W4/6LMl/HcF+on4h6
|
||||
6bMZQoT+cFInBw9N3Rq4B8ffwahlkf2bv17k8sjEBvrH+rpFi85Kh0pBB8elPiUr
|
||||
4zMJkuZZcv4YfUFoxSqVcUee5uen8RtoOHMM2tSuEq8Mjo86oIA95JkROhGLq9qz
|
||||
NPq7k4DyotMf/2T6fZJ1nQOWAoH9ZJp4Q10qTc/Xg4xzWBlpwZh9oaLBw+HdUsYm
|
||||
mP2ZvPw1/FHJuP2RhMz/kbEoeABm3JMGFPg1BmvVudZsr7kLpByPRGcKtm3qjARW
|
||||
9+6fp0AYXw3C1fpYsQC+CwaSaw57GiiITtGTHCWR70yuV+G3ev/uqsFjj+96c8gy
|
||||
h7hJaI0Ff2bFakkuwRb64UsY4FjJel1oyvDbW6y2IIswwYpzBEMV5ANzPGMIvw/G
|
||||
x1+olgWwhXTaLZ9jIaVDfcZ2SL6v6VcMoOBhiWbeqdm+BFEkZsOitZARDIcl1trS
|
||||
WAGu6rvESbtRp/G1ATxmP9xHCTfjNHKRj8D1eHfkObjFFG2DSL9BXozBBuvkJi8H
|
||||
CPqVEOQZMheyU2ZnH1JNXQyANBAllEJ++XdFB5RvcTNxxeJS/APS9NM=
|
||||
=zSyS
|
||||
-----END PGP MESSAGE-----
|
||||
fp: aef8d6c7e4761fc297cda833df13aebb1011b5d4
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.11.0
|
||||
64
machines/vaultwarden/secrets.yaml
Normal file
64
machines/vaultwarden/secrets.yaml
Normal file
@@ -0,0 +1,64 @@
|
||||
vaultwarden_env: ENC[AES256_GCM,data:AsgpcUGW8y5WKL+9pOYemupgB6eVlMSLYj7uCFtYQFisjGcCwBFcGTKRpzMysroo32Ugicl8WImGybrmqdJ/Xht9lAx2ralNHrgSpps3QFg+c34LFVP/F1FO3Vk+jjU00XcV1uVghxpRh95HSTEVuu9kgjYeWpAQVqp68Ku2Dww=,iv:/9l4smzqPpB5Qr+mcroiLUnRg+9GQ+pmxF523N1bOIU=,tag:jBmrxvfA8HG1Gp1KHgwssw==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsMk9xN1ZLSFc2QWQza3Zp
|
||||
R0ladFBENFpXYWdjOE9XZm9Eek91dGxGOGdvCnpVaXU1RTZpVXYrZThGOEdnNytn
|
||||
Vi95MTJNS09EMU5WMWwvRGlLUUdudEEKLS0tIGtUOWlWSSs0STA5ZkU0RzZpQ1c1
|
||||
bGpVcVJJWk0vMUNoaEJvY3ZLNTRacWcKLkRr+vi2oIPiB1BbSTX71FFKuxysxE0n
|
||||
0+0aHEFAj8LX3hyEiDzQA3IkX9GP9ba/x+XUMBdWwyw25MnUMVFKTQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1zs9puemeevc5kt84w9d2mc5396w0t9p60qxymkpatwvwxunzs5usmxr3an
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwS0ZHOXJSUTdlMGIzU0Nh
|
||||
SzJDcHdvb3dmZ3dTWFJkaE9wZXFmVE9ZUkJBCjk4eTRhb3RkTlJRSUVSK2RWbDc0
|
||||
cEtycnFOZlU5ellTSFZXc2ZVZ3lwZU0KLS0tIHpyQ1NCR2dWNURxT0pxcmxMWTlo
|
||||
NGJqai9HNjdkc1NOTGRtSFZWWDIvQkEKe3GqRFTdMQwPbavO6bDobWMf7FwJx1OA
|
||||
7JufIAMJORTfDTyC2fN3bpcZ+UcbPm2pplyzJ6T5p4wOFqQhRrHHyQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2026-02-03T20:58:16Z"
|
||||
mac: ENC[AES256_GCM,data:zxM4GRwlcYoJF51Hbe0VfWvO9PrHQeCUTrGgiVgrP91qX51WTGWfCQfAVAouT3sEvE6Ie5bnAMUWjVjIrnRS6WUCQwUBwFYYUKIkJPooKwlvXRAuZ9UGZERi0/i43WKwB3/xSyVqRb9T5M6exjlkYCuE4Yv3lSEUiIn8fu/Zaas=,iv:D6f3V19E+4qukW8i9wKtNPKfYgD3OXztkICMhD24IzY=,tag:e97txZiaqDPxCLQUbNHwwg==,type:str]
|
||||
pgp:
|
||||
- created_at: "2026-02-05T17:22:42Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQGMA5HdvEwzh/H7AQv/XLqprcMEI3EYKJw/DA5w64lHAXKzkf8bKpFPWYSnbqMT
|
||||
ajDkcOhA+KMRt1Qgr8aCW7cnWLfy6Ff7U2rSFQ4uBgGKChmYSiMiPdEokYQuYbFE
|
||||
pJh/j4qGcewVpQDVe6N+obqZ0n5oQImn0mO8KkXjrcBhrhuLThAeNxFl7RILOfD0
|
||||
HPFYwy6vMIVPFYCAm4CqIjsMo4feCPYcpxJJwO4aRISkR8vcGAgu9/wWhQIxvdPf
|
||||
O4gTcRshfX6C+TwnwW6Ac7D1rDS5HBnQF4pD4wfYEI00qHKHgeYC4TrEnmta6MG2
|
||||
bvOQBbAUDSf3heEcQ3CwqcRDHzIssAlbW3p9nBRUVOuOta+3rV29lSuz8cbEqVOs
|
||||
MOwN/atluA1jhWgZbt+8SuoleHnbR+hJNJnplvoKN2PmJ3tEbpSCaRaZVaaRFEhm
|
||||
K1tLG2B5IaKMY4n0N1bPnFcvL7s1xS0INPodXzJITyvuJssEL5Dc+YEWxNvEmHGJ
|
||||
ttlyHBJCxWOHsPMh2UcB0lgBBtJt+O2lcAIpwky9T2ufj1EFzLkXV4Sf39S6J/PI
|
||||
814IQE1Bmuy1qqkGhc6WthiooVf/udtWgehwQFwrpY+35GaNQHluFJOrthqraYXK
|
||||
shMbX3AZdLuu
|
||||
=w602
|
||||
-----END PGP MESSAGE-----
|
||||
fp: c4639370c41133a738f643a591ddbc4c3387f1fb
|
||||
- created_at: "2026-02-05T17:22:42Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA98TrrsQEbXUARAAiZsUiicVpIDdSF/XSuZOITPwmL0P1Nyc1LI9QpyQw2fj
|
||||
uaoJV3xO+MW4ovDcJRms/6T5b4IG740s19l/iryd2jhPwn+94EkzhR1cRydvCimU
|
||||
Zexf+y793kKe0TbcNvakAnpArI5RPdAIoPB7V2aa0vweABaxE5XoDedJA646wMbl
|
||||
+pgzVxoE7i6+uxWHGw3MitCneiBcljg9g04FVj9doJfG6LQxfpx01pjiRLVsTGfV
|
||||
LXPLKVJOToEusFz1hLaFMLxPkvFbgQD1YQz82OOJasHr9YGCzitqhA+EV4U4Y9AH
|
||||
bzPlz1qractUIz8pawhKcTUd8Xw+WOZ6kFX3EdUUnD46jMf12j2fe9Axw8v+Cujx
|
||||
jb8+mSbRNH8Tx/phbhWyBhTNhNXoMLW/2nTSJjTUvdjNlIJi3Ntu4AyPpZ9Z2LwM
|
||||
azvzHRC20gEsf25YKAv2/EnOAi7/jx9uknj3pATdaAAS5hKcMutVdiBAPS37695W
|
||||
Fh8aaoCb4ieuHmHFAt0SQ30z/oR2psurwaurGcLQz9IR9uUlCFU9uVifDaSCNiwF
|
||||
EVsRQZAslLqGPDf7c/r8efsMcHRfVVCJvvuvyRZNSHIpOnR/QGLOeNY+B59IdTCJ
|
||||
fk2dMvZpyM1AdLkW2jT0qXj4vKAvVPlEbIXmq9bu/jJER35MzMRWfMmbBzek9t3S
|
||||
WAGL4Zf96omkP7Z9j1UYGv4xcGksajbA6HvCHfjI+mUKV4QxGieeJhicaPYLuo7x
|
||||
wKZqzMZGPpy1dPq75t0RAmnRzHaB9VEUWfO+KYIY/+1qRxOANYl+uZA=
|
||||
=K3Hh
|
||||
-----END PGP MESSAGE-----
|
||||
fp: aef8d6c7e4761fc297cda833df13aebb1011b5d4
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.11.0
|
||||
@@ -40,7 +40,7 @@ with lib;
|
||||
};
|
||||
};
|
||||
|
||||
virtualHosts."cloud.malobeo.org" = {
|
||||
virtualHosts."keys.malobeo.org" = {
|
||||
locations."/" = {
|
||||
proxyPass = "http://10.100.0.101";
|
||||
extraConfig = ''
|
||||
@@ -58,6 +58,15 @@ with lib;
|
||||
};
|
||||
};
|
||||
|
||||
virtualHosts."events.malobeo.org" = {
|
||||
locations."/" = {
|
||||
proxyPass = "http://10.100.0.101";
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
virtualHosts."tasklist.malobeo.org" = {
|
||||
locations."/" = {
|
||||
proxyPass = "http://10.100.0.101";
|
||||
@@ -66,28 +75,6 @@ with lib;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
virtualHosts."zines.malobeo.org" = {
|
||||
locations."/" = {
|
||||
proxyPass = "http://10.100.0.101";
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Authorization $http_authorization; # Pass the Authorization header
|
||||
proxy_pass_header Authorization;
|
||||
|
||||
client_body_in_file_only clean;
|
||||
client_body_buffer_size 32K;
|
||||
|
||||
client_max_body_size 50M;
|
||||
|
||||
sendfile on;
|
||||
send_timeout 300s;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
system.stateVersion = "22.11"; # Did you read the comment?
|
||||
|
||||
@@ -20,7 +20,6 @@ with lib;
|
||||
enable = true;
|
||||
enablePromtail = true;
|
||||
logNginx = true;
|
||||
lokiHost = "10.0.0.14";
|
||||
};
|
||||
|
||||
services.printing.enable = true;
|
||||
|
||||
107
scripts/gitea_hydra_server.py
Normal file
107
scripts/gitea_hydra_server.py
Normal file
@@ -0,0 +1,107 @@
|
||||
#!/usr/bin/env python3
|
||||
|
||||
#imports
|
||||
import os
|
||||
import json
|
||||
import argparse
|
||||
from http.server import BaseHTTPRequestHandler, HTTPServer
|
||||
import urllib.request
|
||||
|
||||
def _get_api_response(baseurl, owner, repo):
|
||||
###https://docs.gitea.com/api/1.21/#tag/repository/operation/repoListPullRequests
|
||||
###GET /api/v1/repos/{owner}/{repo}/pulls
|
||||
url=(f"https://{baseurl}/api/v1/repos/{owner}/{repo}/pulls?state=open")
|
||||
headers={"Accept": "application/json"}
|
||||
req=urllib.request.Request(url, headers=headers)
|
||||
with urllib.request.urlopen(req) as resp:
|
||||
return json.loads(resp.read().decode("utf-8"))
|
||||
|
||||
def _parse_response(baseurl, owner, repo):
|
||||
target_repo_url=f"https://{baseurl}/{owner}/{repo}.git"
|
||||
pulls: dict={}
|
||||
response=_get_api_response(baseurl, owner, repo)
|
||||
for pr in response:
|
||||
pr["target_repo_url"]=target_repo_url
|
||||
pulls[str(pr["number"])]=pr
|
||||
return pulls
|
||||
|
||||
class PullsHandler(BaseHTTPRequestHandler):
|
||||
_VALID_PATHS={"/", "/gitea-pulls-sorted.json"}
|
||||
|
||||
# Class variables to store configuration
|
||||
baseurl = None
|
||||
owner = None
|
||||
repo = None
|
||||
|
||||
def do_GET(self):
|
||||
if self.path not in self._VALID_PATHS:
|
||||
self.send_error(404, "Not Found")
|
||||
return
|
||||
|
||||
answer=dict(_parse_response(self.baseurl, self.owner, self.repo))
|
||||
|
||||
body=json.dumps(answer, indent=2, sort_keys=True).encode("utf-8")
|
||||
|
||||
self.send_response(200)
|
||||
self.send_header("Content-Type", "application/json; charset=utf-8")
|
||||
self.send_header("Content-Length", str(len(body)))
|
||||
self.end_headers()
|
||||
self.wfile.write(body)
|
||||
|
||||
def log_message(self, fmt, *args):
|
||||
print(
|
||||
f"[gitea-translator] {self.address_string()} - {fmt % args}",
|
||||
flush=True,
|
||||
)
|
||||
|
||||
def main():
|
||||
parser = argparse.ArgumentParser(
|
||||
description="Hydra Server to Gitea-pull-request translator"
|
||||
)
|
||||
parser.add_argument(
|
||||
"--baseurl",
|
||||
default="git.dynamicdiscord.de",
|
||||
help="Base URL of Gitea instance (default: git.dynamicdiscord.de)"
|
||||
)
|
||||
parser.add_argument(
|
||||
"--owner",
|
||||
default="malobeo",
|
||||
help="Repository owner (default: malobeo)"
|
||||
)
|
||||
parser.add_argument(
|
||||
"--repo",
|
||||
default="infrastructure",
|
||||
help="Repository name (default: infrastructure)"
|
||||
)
|
||||
parser.add_argument(
|
||||
"--host",
|
||||
default="127.0.0.1",
|
||||
help="Host to bind to (default: 127.0.0.1)"
|
||||
)
|
||||
parser.add_argument(
|
||||
"--port",
|
||||
type=int,
|
||||
default=27364,
|
||||
help="Port to bind to (default: 27364)"
|
||||
)
|
||||
|
||||
args = parser.parse_args()
|
||||
|
||||
# Set class variables so they're accessible in request handlers
|
||||
PullsHandler.baseurl = args.baseurl
|
||||
PullsHandler.owner = args.owner
|
||||
PullsHandler.repo = args.repo
|
||||
|
||||
print(
|
||||
f"[gitea-translator] Starting, pulling from {args.baseurl}/{args.owner}/{args.repo}",
|
||||
flush=True,
|
||||
)
|
||||
server=HTTPServer((args.host, args.port), PullsHandler)
|
||||
print(
|
||||
f"[gitea-translator] online @ {args.host}:{args.port}",
|
||||
flush=True,
|
||||
)
|
||||
server.serve_forever()
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
Reference in New Issue
Block a user