diff options
Diffstat (limited to 'hosts')
17 files changed, 322 insertions, 64 deletions
diff --git a/hosts/by-name/server1/configuration.nix b/hosts/by-name/server1/configuration.nix deleted file mode 100644 index 6bb1067..0000000 --- a/hosts/by-name/server1/configuration.nix +++ /dev/null @@ -1,46 +0,0 @@ -{config, ...}: { - imports = [ - ./networking.nix # network configuration that just works - ./hardware.nix - - ../../../system - ]; - - vhack = { - back = { - enable = true; - repositories = { - "${config.services.gitolite.dataDir}/vhack.eu/nixos-config.git" = { - domain = "issues.vhack.eu"; - port = 9220; - }; - }; - }; - etesync.enable = true; - git-server.enable = true; - nginx.enable = true; - nix-sync.enable = true; - openssh.enable = true; - peertube.enable = true; - postgresql.enable = true; - redlib.enable = true; - users.enable = true; - persist = { - enable = true; - directories = [ - "/var/log" - - # TODO(@bpeetz): Instead of persisting that, encode each uid/gid directly in the - # config. <2024-12-24> - "/var/lib/nixos" - ]; - }; - }; - - boot.tmp.cleanOnBoot = true; - zramSwap.enable = true; - networking.hostName = "server1"; - networking.domain = "vhack.eu"; - - system.stateVersion = "22.11"; -} diff --git a/hosts/by-name/server2/configuration.nix b/hosts/by-name/server2/configuration.nix index 07b78c3..c373d28 100644 --- a/hosts/by-name/server2/configuration.nix +++ b/hosts/by-name/server2/configuration.nix @@ -4,28 +4,58 @@ ./hardware.nix ]; + sils = { + gallery = { + enable = true; + domain = "gallery.s-schoeffel.de"; + }; + }; + vhack = { back = { enable = true; - repositories = { - "${config.services.gitolite.dataDir}/repositories/vhack.eu/nixos-server.git" = { - domain = "issues.foss-syndicate.org"; - port = 9220; - }; + domain = "issues.foss-syndicate.org"; + settings = { + scan_path = "${config.services.gitolite.dataDir}/repositories"; + project_list = "${config.services.gitolite.dataDir}/projects.list"; }; }; + backup = { + enable = true; + privateSshKey = ./secrets/backup/backupssh.age; + privatePassword = ./secrets/backup/backuppass.age; + user = "u384702-sub3"; + }; + etesync = { + enable = true; + secretFile = ./secrets/etesync/secret_file.age; + }; fail2ban.enable = true; git-server = { enable = true; domain = "git.foss-syndicate.org"; gitolite.adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIME4ZVa+IoZf6T3U08JG93i6QIAJ4amm7mkBzO14JSkz cardno:000F_18F83532"; }; + invidious-router = { + enable = true; + domain = "invidious-router.vhack.eu"; + extraDomains = [ + "video.fosswelt.org" + "invidious-router.sils.li" + ]; + }; + mail = { + enable = true; + fqdn = "mail.foss-syndicate.org"; + }; nginx = { enable = true; redirects = { "source.foss-syndicate.org" = "https://git.foss-syndicate.org/vhack.eu/nixos-server"; + "source.vhack.eu" = "https://source.foss-syndicate.org"; }; }; + nixconfig.enable = true; openssh.enable = true; persist = { enable = true; @@ -33,6 +63,7 @@ "/var/log" ]; }; + redlib.enable = true; rust-motd.enable = true; users.enable = true; }; diff --git a/hosts/by-name/server2/secrets/backup/backuppass.age b/hosts/by-name/server2/secrets/backup/backuppass.age new file mode 100644 index 0000000..5fd5568 --- /dev/null +++ b/hosts/by-name/server2/secrets/backup/backuppass.age @@ -0,0 +1,14 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2R1JQczJDblhnWmZQMkJU +SVNwS2RNSkMwNHVGdHg4U1dsdXdXUTVOanlVCjNPQWxST2pnYXdIVjl1TExQNzlt +V0QwTzdWcTNJM0lJNW1OaExHcjlhWU0KLT4gWDI1NTE5IG10Y01KcDJWUUV5SVo2 +RmlMbHNWcS82enAvckZSWUVQbFdyMTdtY2NqR1kKbmVtSzRGYVdiTWdyMTA0SWQy +M1FYWTZidWI5UGIvVmxYbUphQkhJWUt4SQotPiBzc2gtZWQyNTUxOSBYUG94RFEg +WTd4ekxiWUR0WVoybU5VVy9TenpldDRMSTduQm5idzJZSWVCMHRlZmVEbwpqamps +Q2tuUHc0bU1kcHIvZ3FQalVMMWZ6aThsRDRNOHpUOTVGbkZ6TnR3Ci0+IDttZ2VJ +RzMtZ3JlYXNlIDFXIEpeIicqID1JLSFZaDcgd0ZzOjUKc3dCbDdjNmEzRUtjc0VN +SHM2MU4zVkFhQWdHd0JxVnpFVDN0UHpQYVE0d2s0QmQwbzRZZHpzanQzYnZRCi0t +LSBpR0E0V3FiV2pjVWt2OFY5UE1BQlpteXZWekZNK1lHSFV4TzFQVVV0em9RChir ++4/eHcBC2sNJgSssV4Zh/7p2GZrN7fyuxc29lhhGAQsRZ+VE9xSy08q2vIPRlqjf +nG72bAKGPiviFpH+uCWWllwoERST1QkkcqpyPjXzVpHrElSXHeE= +-----END AGE ENCRYPTED FILE----- diff --git a/hosts/by-name/server2/secrets/backup/backupssh.age b/hosts/by-name/server2/secrets/backup/backupssh.age new file mode 100644 index 0000000..c2d3abb --- /dev/null +++ b/hosts/by-name/server2/secrets/backup/backupssh.age @@ -0,0 +1,22 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjclNCOGsxNUNEWEJDSGpQ +MW8vc2FnakpTczhVbEFFenk5V2tSZm5IdGpvCkVzejlwT2svT2pLRExDbTdXajEy +elp5QTBTRGErL3NkRmJIU2lVNTI5V00KLT4gWDI1NTE5IFRjamhzdlhDUVl2RkhY +ZUhwTmg2V2NCeHFUb2hWdFMxL0czUWZteE5tSFkKaWNFa2NhdzQrZUNWMVFKRzNP +QVJzdEJZRXZlRUFQMTBscGZRNC83Rk55RQotPiBzc2gtZWQyNTUxOSBYUG94RFEg +R1JVdEU0SGJNak16ZmRaNzdlaTd5ZUdjUjYzZ3ljQ3J2cGkxUDV3TE93bwpQbDlE +SUFBblNvUmR4N09MUHFuamtiUVh0M244SGluZmFzenc0OS9uakNZCi0+IEwtZ3Jl +YXNlICp6IDp6OEJTIW43IHNaUih6YApuUmRZeWZwdFRCOTFTSXlMVkZxYW52azd4 +ZisrSmR6SEhJTWlGNWxtVzJBRWdmMnBhWVRuc1J0QUgxZ0lKZ0dLCm1KdklXL2xn +M3Y0NUVmeDhLWHRHWlhSbzhmNGNUU3R0OFdBCi0tLSB3UHphWkpuU1RENU16Nkln +V2k5TjRhejdCd2VCMXBaU0JSaEtuTmdvWTBnCpLTtP020Vy7Rldly79rARfETmam +kbRUCWiyHeKnFUWeraVr1R/l4Rt5QJh9Y6hxEBudymbyOy0VMZiQPZv7jq/pmDiB +ULnSnfRVZM7gmU09loxf9S4LatDT/Rjf/B8uMef7Ru89DH0fnewmSGcn0KkQMUNg ++ZNtg1Qti3R1baF7ZyXZfi1UY2oIbVe1T4iZQm7n0RdP/+taCm4EfNmX3QQely/R +CTRWl3An28JTWUePAO5qJWlvisRjNWFlsFGA+UZSRQVfWmiSnMlZ1PNbnNAo9+K4 +lIn2LNLZAOh0Cp+Rl38pusLlVLefyXhomdrp6vfE6mxBTk3scVfipDrChyt8jvbM +2CxUA2zhZ63kNDsQmrEbH375XKzOy2vIPMTzohQx3uN0fFBIQW9pPJcNCN7jJOQU +8CCL0R56Q5nQbNI+oz4oBuolhszkYPaiIzBlcHjjJUjxnUa5RX0SXTI7gCkqlIqZ +niS9z1Vql3QUTdPEyrhfzwOqDcGWr6B/edNHE6D5ILUm5mis/mJgRcEiF0Y/BlZi +mHPTGVdzkhtIIGEqiSlWMvB6zoL4uTru+yiB +-----END AGE ENCRYPTED FILE----- diff --git a/hosts/by-name/server2/secrets/etesync/secret_file.age b/hosts/by-name/server2/secrets/etesync/secret_file.age new file mode 100644 index 0000000..ac578a4 --- /dev/null +++ b/hosts/by-name/server2/secrets/etesync/secret_file.age @@ -0,0 +1,17 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBheEs5eGhURk1DY2RpczNV +RUNzREpUdFZpdXBzMlhMbW8zT3BGUzJMT0ZBClBqRUhEdU9VY1FzYkxnN3NpY3Ew +Wk1tRmVxaDJoL1dySDBKWndmOGNtaGsKLT4gWDI1NTE5IHJXWk5mYjFBczVyWnNN +S1B5WWVnaGdhVXRXMGxuY3NrL3VyQXJteUkvUncKSENKVkQramxwU2E1S3dvN0du +cUFzQktMdFVGdjRuaFNaUHBxV3ZaWThvawotPiBzc2gtZWQyNTUxOSBYUG94RFEg +Z2t3TVN6R1p5UDNHNS9LbklKKyszcUI3bHNTZjBOeGQ3ektNeGt6ekpWZwpoZ1Vo +Z0laeStlMDFQRlE1T25Td1pGRFhlWVg5L1JxTG8wU3dwZXpQQlFRCi0+IFRWeScp +KC1ncmVhc2UKbk14RXlNNW5lZXNFNXJoM1ptMHFWTTZmTk5LVnZOcGhRNVIvZjd2 +aTFhRHViWU0KLS0tICt2TnhuME1yUUxqckRacSthQThYOWxkbnl4R2tMc3B4TjRv +WnJMZUhXWmsKwIbI3Wixb/DAac1pHDpRIf+kznq7RKoO/FrSeR6J3gjntMtS8lwW +c+D2NWYqlURR68o5+kJ5dzCpa+oOHy3fnU9yV18fzhOaqz8bWjYpjl1pAxjEIDMO +p5hNsry2WGegLe3dAFwj+c0f52qHCZhcqBvaizUssIN0wkugK6Uq+JtgHMOWMLxg +2qJPc11soq/CfWJvKMzQWMN2ndnjD4s0ZOVLFHuL6/kSFnPlN/1SP3/3Z8cEerm0 +C4GEjDwRei7iHdBuILStgjneJoaxXLZth4ZdsgH/Jd0wmaERg+DytIDqE5ryRG6f +Jo2VR/wUvq+UGgJuCAo6L6vGtBHuwTo7X5azQQwlRCdg +-----END AGE ENCRYPTED FILE----- diff --git a/hosts/by-name/server3/configuration.nix b/hosts/by-name/server3/configuration.nix new file mode 100644 index 0000000..d819e81 --- /dev/null +++ b/hosts/by-name/server3/configuration.nix @@ -0,0 +1,72 @@ +{...}: { + imports = [ + ./networking.nix # network configuration that just works + ./hardware.nix + ]; + + vhack = { + backup = { + enable = true; + privateSshKey = ./secrets/backup/backupssh.age; + privatePassword = ./secrets/backup/backuppass.age; + user = "u384702-sub4"; + }; + fail2ban.enable = true; + nix-sync = { + enable = true; + domains = import ./websites.nix {}; + }; + mastodon = { + enable = true; + domain = "mastodon.vhack.eu"; + enableTLD = false; + tld = "vhack.eu"; + mailPwFile = ./secrets/mastodon/mail.age; + }; + matrix = { + enable = true; + fqdn = "matrix.vhack.eu"; + url = "vhack.eu"; + sharedSecretFile = ./secrets/matrix/passwd.age; + }; + miniflux = { + enable = true; + domain = "miniflux.foss-syndicate.org"; + extraDomains = [ + "rss.foss-syndicate.org" + "rss.vhack.eu" + "miniflux.vhack.eu" + ]; + adminCredentialsFile = ./secrets/miniflux/admin.age; + }; + murmur = { + enable = true; + host = "mumble.vhack.eu"; + name = "vhack"; + url = "vhack.eu"; + }; + nixconfig.enable = true; + openssh.enable = true; + peertube = { + enable = true; + peertubeGeneral = ./secrets/peertube/general.age; + smtpPasswordFile = ./secrets/peertube/smtp.age; + }; + persist = { + enable = true; + directories = [ + "/var/log" + ]; + }; + postgresql.enable = true; + rust-motd.enable = true; + users.enable = true; + }; + + boot.tmp.cleanOnBoot = true; + zramSwap.enable = true; + networking.hostName = "server3"; + networking.domain = "vhack.eu"; + + system.stateVersion = "24.11"; +} diff --git a/hosts/by-name/server1/hardware.nix b/hosts/by-name/server3/hardware.nix index 9abc64c..a6e4e40 100644 --- a/hosts/by-name/server1/hardware.nix +++ b/hosts/by-name/server3/hardware.nix @@ -9,6 +9,7 @@ # FIXME: Find a better way to specify the disk disk = "/dev/vda"; }; + boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"]; - boot.initrd.kernelModules = []; + nixpkgs.hostPlatform = "x86_64-linux"; } diff --git a/hosts/by-name/server1/networking.nix b/hosts/by-name/server3/networking.nix index dd9b9af..9f4eb27 100644 --- a/hosts/by-name/server1/networking.nix +++ b/hosts/by-name/server3/networking.nix @@ -3,12 +3,11 @@ # details gathered from the active system. networking = { nameservers = [ - "8.8.8.8" + "46.38.225.230" + "46.38.252.230" + "2a03:4000:0:1::e1e6" ]; - defaultGateway = { - address = "89.58.56.1"; - interface = "eth0"; - }; + defaultGateway = "92.60.36.1"; defaultGateway6 = { address = "fe80::1"; interface = "eth0"; @@ -19,19 +18,23 @@ eth0 = { ipv4.addresses = [ { - address = "89.58.58.33"; + address = "92.60.38.179"; prefixLength = 22; } ]; ipv6.addresses = [ { - address = "2a03:4000:6a:3f3::1"; + address = "2a03:4000:33:25b::4f4e"; + prefixLength = 64; + } + { + address = "fe80::98ed:a0ff:fecb:ea48"; prefixLength = 64; } ]; ipv4.routes = [ { - address = "89.58.56.1"; + address = "92.60.36.1"; prefixLength = 32; } ]; @@ -44,9 +47,8 @@ }; }; }; - - # cat /sys/class/net/eth0/address services.udev.extraRules = '' - ATTR{address}=="66:22:6d:82:93:9b", NAME="eth0" + ATTR{address}=="9a:ed:a0:cb:ea:48", NAME="eth0" + ''; } diff --git a/hosts/by-name/server3/secrets/backup/backuppass.age b/hosts/by-name/server3/secrets/backup/backuppass.age new file mode 100644 index 0000000..e7eea19 --- /dev/null +++ b/hosts/by-name/server3/secrets/backup/backuppass.age @@ -0,0 +1,13 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6cUM5S1FKZis0R0o2czRs +cnVCQXlqdXNDWjMvSVlwUEF5S1pTKzNNR2w0ClgycUdEc1EyMjhJZ2lBMjhXVk5n +V3djaVduV3Q4RWw1KzJNQXNYdmhjR1UKLT4gWDI1NTE5IG44TU9lcGc2NkRmczVS +R1hkd0xyVUZwYWVRM05PZzhCK3BkMGFkUDJobXcKejhGMHpQWG4zdnU3WmFBNkhG +Wk5kZy9UWThQcUdRLzBNbEE1c3VrTXdURQotPiBzc2gtZWQyNTUxOSBweXU5Ymcg +RkMwdENYRUFSRHoxTDRHK2xsQndTekJSZ3NmWnlMMW11TjkxTWpMQnJTTQpOSVF5 +RzQ0aXpIeUkyeWJPdlFoWHJPSy9lU2tVUFNOQUVPNXRrZUE4SnN3Ci0+IEEjQUVl +XGxgLWdyZWFzZSA9WVwxaU4hTgpkbTIyMDBuSWhsSEJueGMKLS0tIEh3ZEhoN0FI +NnlUa2ZHdVFmWkVQY3h2ejM4ZkUzcEc1MEcydlRzdVA5UGcKhFaeVepKkQHcbhHS +uxZnlCZoJHEFhc4vCK0w588WJIfkilDk7b5uH/Cn8kWFWLsX0FFe/kk350gEVVm7 +UUndM/+sAEoVzQR8HO1XWGZDd1T70myysBsutA== +-----END AGE ENCRYPTED FILE----- diff --git a/hosts/by-name/server3/secrets/backup/backupssh.age b/hosts/by-name/server3/secrets/backup/backupssh.age new file mode 100644 index 0000000..ae8c5ec --- /dev/null +++ b/hosts/by-name/server3/secrets/backup/backupssh.age @@ -0,0 +1,22 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTNjNnRUMzK1FWWFNEQUtC +ZjF0dFVVTllrYW0ySEt3eHNyL1RhbkZDeWowCnBldm9oSHhuUm1EM3JXbnRZc3JB +WGVNZGdSNm45L3JEenNlcEZqSXdaS0EKLT4gWDI1NTE5IGpZaTA3RUNGbXF4a1Ji +MWJwRkZkM3dqaldMN2d5Wm9mbmxoQmhKeldNeUEKZ0dQZlU1MVhTLzlGMVNSZEhG +MEo2cGxZUXhnbEF2OXFiWjk4bmZIaVdSNAotPiBzc2gtZWQyNTUxOSBweXU5Ymcg +UEg4a05hMGQxUmZPMExzOXZtTVMySWdibHdudDFSWkFuUXlveFFOQnl3Zwp0QkZY +QStEeCtKMXZFd3hmVkd3NXZuK0hKdWxSMzBoMjhuV2thd0dxR0IwCi0+IGtfJFgt +Z3JlYXNlIFJgYHggfTh8QEogJDx+J2tcCjhja3owNWtBVmhSeFIyK0xIcWplMG1m +RiszK05oZktPTVlpSXFRTFVTaWVBeEFCdTZuRWMvdHJFYU10NlNpVGYKYnhkOEor +c1c2ZwotLS0gMmR1djFRTGJ2Qy9hODdGa1RFSVRxQk4rTFB6WW1YZnN2bFhrRDF3 +ZENqNAoTSBXv8NPsyt2RH+qJcbsMMhJ0qqCmyeUWF3Uicv6fiN99TB7xjD6lRXdB +utfLiuBr0gt73QEb44AQFAGzG3Jig9Ql/UFubeKaMRVBscQ4FJXYnHlEK8aB7sVs +k6VgI/Uvs6YH3YDlATfCaD8d/ASG30whH1TcgH6KF3GPX112uUqkIscGifFz4wxu +Fa8Av9XmkBdIQAPS3ze10O866m5Fv4vWeJZ1KEhzV+0nSrBZKPS9a2JqI1c63kz8 +2txZHm26gS4duDqncwnL41jmZ5GX7+TWTj3adIBQrXVSlUPb9h4t5NX2IMS1Fuj8 +UuvKDZplTGEmIJZGoF79VOqOhoCUg9+lqEd53BaAKlLSuHrUeZ1v0IhhquMiOMSt +TrtuhEvdhiH92eWOBNkDNeoEzxU1wCLc1YOk7QCAQEOy0HM5oMntlbMDc+4QmZXz +1QYQKEEMVAi4B53Mm4OFwHTi6GMqDT2r6PsP86uzCB1F8V7q2LDmPnD1rGTQ46al +N8XFq/3uEqd/yNaZU6kffpdK25ibytmvLhjWQ+0LNrUtfftqeTZzaxApQc6bGW5K +KbBnN1A= +-----END AGE ENCRYPTED FILE----- diff --git a/hosts/by-name/server3/secrets/mastodon/mail.age b/hosts/by-name/server3/secrets/mastodon/mail.age new file mode 100644 index 0000000..882ade9 --- /dev/null +++ b/hosts/by-name/server3/secrets/mastodon/mail.age @@ -0,0 +1,14 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPeTFoTjB6RTZHbDVzUzg2 +SzNnSE9aSi9yZUNSWWVKNlQxWUo1Y2M1R1h3CjR0RW8xdEtUTlBTcU9DWWE2OVVX +WEJVVkF2bmtQaUxrK0Vpb21qSCtUcncKLT4gWDI1NTE5IG1JY25Jdmo3UWt4aXJK +VTRFZVNja2R6MzlJcVMvdHhqZTY0WS91Vnp3Vk0KUG4xbVR2V3k0OFJCVFplODcw +R0ZDSExRTzVpRWVyM0E4VVRvMXE5cHpWUQotPiBzc2gtZWQyNTUxOSBweXU5Ymcg +RFFHaXFrS0IyWnVYdDE5aFhHNnZFSFY3S1ZVZHovRTRrV3VKV3JBQnJVTQordzJ5 +V0hpZ3dsdDVHODluNnRzWlBHRFBBcnVya0dMNTU3T2Z3NkpVZHBvCi0+IFB7LX5l +Vm5wLWdyZWFzZSA8NVIgV08zU3lBIGBZJSAnRQpwbDZTUTNqdVd4MHFNNVRVZ1pQ +MG1qcUtjVGRreU9zMwotLS0gMVJ4eldEQlRTTmdraDJDM2pzbkZOY0t6Wnl6TDd1 +cFRXZXJmS1FTMEtyNApWNUWWIXokgwgI+2GT+sBkTzFbXM4CPpIq2QOGRWMrRMmw +dHoK5NJEI7uw9mP9t6PI04THBqVL5YotJtZkAk1Sx00SWvyLPpZRsSBdH11YiRAb +jIx0T573hbbFoMNlZHoJ +-----END AGE ENCRYPTED FILE----- diff --git a/hosts/by-name/server3/secrets/matrix/passwd.age b/hosts/by-name/server3/secrets/matrix/passwd.age new file mode 100644 index 0000000..6386ed6 --- /dev/null +++ b/hosts/by-name/server3/secrets/matrix/passwd.age @@ -0,0 +1,15 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrRFcxajBUb2s4dDVKeVZF +bFE1NUNwS2p0NjhZd2Y0MWNNbFFDcE1VSTJ3Cmdsdmh1MFJ2bWcxVWZlVm1idGdC +aXU3bnlmVkpydXpMYnh2djNURjd6L0UKLT4gWDI1NTE5IHRidGtkVGZDV0Npck9q +Y1pRYjVUVWVYMkZxcCtyTGRkQWRGQXB1dEhVR3cKQzNwQndqZTBHTVBnbUg5bWNk +ZFpOSG1UZzZXQ2kxQjRXUS80Tmx0ZURiMAotPiBzc2gtZWQyNTUxOSBweXU5Ymcg +YmNaeGV2WTJqZFFSTXhDS1hScDZrV1ZWU1FyYWRtSGNoR3NGUjZ0WmpqSQptRnR5 +cDI4VDFXL2t3VzdnSGF5VzBIbzhzU1NuQmNuUXhReHNVNGd4bnFJCi0+ICJ9OUlg +LWdyZWFzZQpDYks4Y2dUeEowTHh6cnJsNmpXRGpDYWU1RkRwbC9nYjB2RmtMZjhy +dTBhVEU1ak04U0VYUkh0WUJsK3h5cXBRCmZ4ekRRczFDZWptWkJQbXZ6NDU0dUh3 +RTlkVkxxQ00xeHNmMkZSS0JIZGpmOU5UYSt1bWdRNlZWbC9ZdQotLS0gbG9RR0Iv +OTBleHBTS1ZVYjZSODEranR5cGxsTkh1elZwQi9Gd21VbUxkRQoJ+dUdl1CVle6A +sLVikThgDKKpMekZeLhx97gC6Vxfxd9oJiw1SS7xOjMZz6xcOCG1l1NidrNHmhnK +4xQMcvHU+5Ogw3YUnPcL1sGjYWkvgUcwie+WEKZFXkCaJwz91ria +-----END AGE ENCRYPTED FILE----- diff --git a/hosts/by-name/server3/secrets/miniflux/admin.age b/hosts/by-name/server3/secrets/miniflux/admin.age new file mode 100644 index 0000000..12944a5 --- /dev/null +++ b/hosts/by-name/server3/secrets/miniflux/admin.age @@ -0,0 +1,14 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2NlhidUNjVkM2UjRxUTFU +K0gzT1BoR0lTUWRpelo2cEU4UnI2YnZmOGhFCmJwTmh5bmVZVVoxSThucnNWY2dX +NnBBTmFUcXR2TE1VT1ROaUFjeFpjRUkKLT4gWDI1NTE5IDZGUnRNYjFRSERwZlM5 +YnRETzY5MkVFaHpVdnFwTlpQQWxFVlc1dnVVV1kKMlFmVUZkYWhFNGpkMGp0NHQv +Mnd3YTlhaFRGVGp3OXVSNDZCNys1cTZuawotPiBzc2gtZWQyNTUxOSBweXU5Ymcg +ZTBYTGFncjZuRzVSZDFjL2IweCtQeExMOEEvcFhrREFTbTlnZm5kMnZpOApmcnRX +MXVOMHpya1hlaHNMOUI0bmlTVXRwTVFhbGJid3FuUTJkK2NsdkZjCi0+IGx5QDor +OCstZ3JlYXNlCkJ0TkJneDdrMTBxWXVYdk9zRFJCCi0tLSA0TEQvQWpTZldXQjZx +NmlaZnJGL3hCbjM4UzVHTTlrTWJPTm5xRE9aMFMwClDs64cTlulCxY4R+9YtpxSA +0WGrPCpKyS0JVhuO+WgXLm34k+xjSWSER0Uiqu+fotyiX3KSMyjZDAyWMsiDiAlq +CaOHTlpbDZuIIqfmrHsqH5dM4MPHvwigL2zBrXcbarYxVagJk89k31ah+5YJhMsa +kOmNpZlQK/CmrhqIKNFzVYZp+q5Sr6ZTJVo= +-----END AGE ENCRYPTED FILE----- diff --git a/hosts/by-name/server3/secrets/peertube/general.age b/hosts/by-name/server3/secrets/peertube/general.age new file mode 100644 index 0000000..f3cba8b --- /dev/null +++ b/hosts/by-name/server3/secrets/peertube/general.age @@ -0,0 +1,16 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTYkJyN1JhNnZQRlNDK3hy +aHFwSnVBSWFLK0lhU0hUSE4wLysrcmxlTkhJClpHa2hzSTZobmh5eHNuR0FST2pv +eGJtVmZSSjBGTUVCZ05PdStZRGZjTU0KLT4gWDI1NTE5IGg3ZmZXMTdlTEFBVmt2 +OVExVld0Qkc2bFMyV1NZZTd4bUtkOWdNY0N1M1EKU1UxR2V1emtyeDdkQ0RwUGVv +cVJLcWllK2x4K3JNOExGSktIOW5SbldCbwotPiBzc2gtZWQyNTUxOSBweXU5Ymcg +MGZMUHNCWUFESVVERzN3Q0krUGZ3Z1QwTUdUc0NCRkg4UFdKa2l1ZGJSRQo5YXlB +aENyTW1idUxvVW5vRHp3L2dPVUtZS0dRa0JpaWo5RjdTcEsrK2VRCi0+ICN2bC1n +cmVhc2UgPF0qV3N2IEZ0XTEnRSBxMDc7SWBCCnNJMGNWQkxZOFU0SzJSUUtoK3FI +Ulp0T3FGeDdOUVZVRXRXRWRzSEdkWmFGeEF3RStWU1RMS3BLTlpxU0N1UmkKV3lJ +a05yWm1GMC90VTFFcWpPTlliOUZoUGtMVlJsbTRSbGRyVi9kZDhxM0x4Qk82RUM4 +enZVT1RLNmd5SkEKLS0tIGRucFFNTFNSWnNtamlZTE9hM0k4QzRhZ21FZ2t5Ynpo +Rno5UjVzRUFhcmMKWa8uscZL8FWMZ5zPstM7LraYV4PyuVhOHq3f3BBRr5rkptmK +DHAye+FmVX7+Fqqk0ynyK92v2ti86i/iuWiNzImLWI6xkBruFEo3lpnnc8rAdslR +c+8e2ntLGIRHbTVMwg== +-----END AGE ENCRYPTED FILE----- diff --git a/hosts/by-name/server3/secrets/peertube/smtp.age b/hosts/by-name/server3/secrets/peertube/smtp.age new file mode 100644 index 0000000..e0af2d1 --- /dev/null +++ b/hosts/by-name/server3/secrets/peertube/smtp.age @@ -0,0 +1,15 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBncFdORy9uSXJabkJFVVc5 +QXJnS3FZQzJmTXdsckNxNjU3SGRTUEdnZ3hRCm5DNDVJbEw5VVlTS2k2Y2p6aEhX +QzdKbXVTV3dzSHBYN0RkN1NnL0RTR0kKLT4gWDI1NTE5IEdudmllbmRud1ZVTzI3 +TWQ0cWhKSTkrbkJyelZUUThwNkdoVFhRZW12MFEKUXczc0w3ZjRUTE83UGY5d2gx +YmpHUlJacXAyY2hXSy9aWkxOZmJwaHRqOAotPiBzc2gtZWQyNTUxOSBweXU5Ymcg +Z3ZNSUY2NFA1L0lad3FJWDlvLzVJZDlrdS9Nc3RxZGZHWEk1SlBIeGhRMAo2WnVL +WXcxYWd1aGN0ZVAxb3ZEOXFKMTRFNjcwVFhmRVN0TXJrYXFsV0VzCi0+ID90SSE+ +LWdyZWFzZSA5XjlPCjlENzA2TmkreUZpYllXZ290RHMKLS0tIE0zMHAvWDVWYWdG +S1pGVFdMVWp1R0QzSzVpczhrSGJUNVdKTlpHT0JZRGcKlqZQsbkUV/cp+xQvzQKA +AtBpJl9Fho5Szb+GOL2xEKH6KV6LTI8xaOE2KWRyhNSwH682InD5ilCaCYbHz5aW +u7SfKWTBGj6gjwUlIJEvBzJWIXgXPcoMqgIZNe1HH52IQWJfZN5H01dHjic7mYrm +nW5S5EEczDR6nHTKf7dsZLmbTctb90lM80rlDS5Q16QrR4VPElTJGySu/hLtl1ep +r0w= +-----END AGE ENCRYPTED FILE----- diff --git a/hosts/by-name/server3/websites.nix b/hosts/by-name/server3/websites.nix new file mode 100644 index 0000000..466f1e9 --- /dev/null +++ b/hosts/by-name/server3/websites.nix @@ -0,0 +1,36 @@ +{...}: let + mkWkd = domain: { + domain = "openpgpkey.${domain}"; + repositoryUrl = "https://git.foss-syndicate.org/vhack.eu/pgp-wkd.git"; + extraSettings = { + locations."/.well-known/openpgpkey/".extraConfig = '' + default_type application/octet-stream; + + # Came from: https://www.uriports.com/blog/setting-up-openpgp-web-key-directory/ + # No idea if it is actually necessary + # add_header Access-Control-Allow-Origin * always; + ''; + }; + }; +in [ + { + domain = "vhack.eu"; + repositoryUrl = "https://codeberg.org/vhack.eu/website.git"; + } + { + domain = "b-peetz.de"; + repositoryUrl = "https://git.foss-syndicate.org/bpeetz/b-peetz.de.git"; + } + + # Trinitrix + { + domain = "trinitrix.vhack.eu"; + repositoryUrl = "https://codeberg.org/trinitrix/website.git"; + } + + # WKD + (mkWkd "b-peetz.de") + (mkWkd "s-schoeffel.de") + (mkWkd "sils.li") + (mkWkd "vhack.eu") +] diff --git a/hosts/host-names.toml b/hosts/host-names.toml index fd5b960..2cf2833 100644 --- a/hosts/host-names.toml +++ b/hosts/host-names.toml @@ -1,2 +1,2 @@ -server1 = "server1.vhack.eu" server2 = "server2.vhack.eu" +server3 = "server3.vhack.eu" |