diff --git a/modules/hosts/dnsc-vps-sm/default.nix b/modules/hosts/dnsc-vps-sm/default.nix index f5ea706..a6b66ff 100644 --- a/modules/hosts/dnsc-vps-sm/default.nix +++ b/modules/hosts/dnsc-vps-sm/default.nix @@ -21,9 +21,11 @@ in uptime-kuma homepage actual-server + memos + forgejo ( - { config, ... }: + { config, lib, ... }: { imports = [ ./_hardware-configuration.nix @@ -43,6 +45,8 @@ in }; system.stateVersion = "24.11"; + boot.loader.systemd-boot.enable = lib.mkForce false; + boot.loader.efi.canTouchEfiVariables = lib.mkForce false; boot.tmp.cleanOnBoot = true; zramSwap.enable = true; # Fix due to https://github.com/NixOS/nixpkgs/issues/180175 @@ -54,19 +58,25 @@ in "${config.users.users.dennis.home}/.ssh/id_ed25519" ]; secrets."vaultwarden/env" = { - file = "${secretsDir}/vaultwarden/env"; + file = "${secretsDir}/vaultwarden/env.age"; }; secrets."restic/password" = { file = "${secretsDir}/restic/password.age"; }; + secrets."forgejo/mail-password" = { + file = "${secretsDir}/forgejo/mail-password.age"; + }; }; # Custom Module Options restic.repository = "sftp:dnsc-storage:restic/dnsc-server"; restic.backupPaths = [ "/var/backup/vaultwarden" - "/data/actual-server" - # TODO: Include memos path, maybe uptime kuma + "/var/lib/vaultwarden" + "/var/lib/actual-server" + "/var/lib/memos" + "/var/lib/uptime-kuma" + "/var/lib/forgejo" ]; } ) diff --git a/modules/selfhosted/caddy/default.nix b/modules/selfhosted/caddy/default.nix index b7da834..efca4e8 100644 --- a/modules/selfhosted/caddy/default.nix +++ b/modules/selfhosted/caddy/default.nix @@ -35,6 +35,9 @@ virtualHosts."notes.dnsc.io".extraConfig = '' reverse_proxy localhost:9003 ''; + virtualHosts."git.dnsc.io".extraConfig = '' + reverse_proxy localhost:9004 + ''; }; }; } diff --git a/modules/selfhosted/forgejo/default.nix b/modules/selfhosted/forgejo/default.nix new file mode 100644 index 0000000..cc7f5bc --- /dev/null +++ b/modules/selfhosted/forgejo/default.nix @@ -0,0 +1,32 @@ +{ ... }: +{ + flake.modules.nixos.forgejo = + { + pkgs, + config, + lib, + ... + }: + { + services.forgejo = { + enable = true; + lfs.enable = true; + settings = { + server = { + DOMAIN = "git.dnsc.io"; + ROOT_URL = "https://git.dnsc.io/"; + HTTP_PORT = 9004; + SSH_PORT = lib.head config.services.openssh.ports; + }; + service.DISABLE_REGISTRATION = true; + mailer = { + ENABLED = true; + SMTP_ADDR = "me@dnsc.io"; + FROM = "git@dnsc.io"; + USER = "git@dnsc.io"; + }; + }; + secrets.mailer.PASSWD = config.age.secrets."forgejo/mail-password".path; + }; + }; +} diff --git a/modules/selfhosted/homepage/default.nix b/modules/selfhosted/homepage/default.nix index e55d206..9131164 100644 --- a/modules/selfhosted/homepage/default.nix +++ b/modules/selfhosted/homepage/default.nix @@ -49,10 +49,15 @@ url = "https://vault.dnsc.io"; icon = "si:vaultwarden"; } + { + title = "Forgejo"; + url = "https://git.dnsc.io"; + icon = "si:forgejo"; + } { title = "Notes"; url = "https://notes.dnsc.io"; - icon = "si:memos"; + icon = "si:parrotsecurity"; } { title = "Uptime Kuma"; diff --git a/modules/selfhosted/memos/default.nix b/modules/selfhosted/memos/default.nix new file mode 100644 index 0000000..24b6c3f --- /dev/null +++ b/modules/selfhosted/memos/default.nix @@ -0,0 +1,17 @@ +{ ... }: +{ + flake.modules.nixos.memos = + { pkgs, config, ... }: + { + services.memos = { + enable = true; + settings = { + MEMOS_MODE = "prod"; + MEMOS_PORT = "9003"; + MEMOS_DATA = "/var/lib/memos"; + MEMOS_DRIVER = "sqlite"; + MEMOS_INSTANCE_URL = "https://notes.dnsc.io"; + }; + }; + }; +} diff --git a/secrets/forgejo/mail-password.age b/secrets/forgejo/mail-password.age new file mode 100644 index 0000000..ec441e8 --- /dev/null +++ b/secrets/forgejo/mail-password.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 JIw3cQ 6dRa6cCY05awbR5Ypq89K9nAPN1SBcoz67RrZ2PLvWE +yYJn+UHJHt+DX34+EHneLuCWDs4qw7l/+LUVe3DaVEo +-> ssh-ed25519 HufN+g Avtl/q3JuMecU5fFnGHqByHg5y/ZMVN90UDB325Mhi4 +7Mw+QqltaEDAOCCSlAG/aBOayGBxtOeiJwRfdXGX2ow +-> ssh-ed25519 cTYF0w 8VwH3Yz2dUAhAVBHeeZL7leSmyUQfMusiAEFLGnafhQ +mtc13Xfnc7X42iMgrxGVdLWk54H9IjjmTI2T26jWMXQ +--- bVcpPfFruDRU3VEipqVt6ztjsOon71V38jKdDQkhvQA +v'?cg܉ 8`neo *V GJ vNBSoC \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index cedfc8a..b15d5f3 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -2,9 +2,11 @@ let dnsc-air = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvXWZOPOJJDAoF+Sx/ZLoAVu6G/7/MAWoknBgMAzjul dennis@dnsc-mac"; dnsc-vps-sm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF/sUA38t7TI1LYADLBn898Hh0MTR4maiHVwEtDoN9W5 dnsc-vps-sm"; dnsc-server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM3mkEgvHrwjsEReHQHpLbMP71JLvp6XxMPyW7PTaLCd dennis@dnsc-server"; + dnsc-vps-sm-r = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKCIgMI4LjpYuVcFEhSM3VIYvOEb94jW/fJS+HZwPog8 root@dnsc-vps-sm"; systems = [ dnsc-air dnsc-vps-sm + dnsc-vps-sm-r dnsc-server ]; in @@ -12,6 +14,7 @@ in # Add like this: "secret1.age".publicKeys = systems; "vaultwarden/env.age".publicKeys = systems; "restic/password.age".publicKeys = systems; + "forgejo/mail-password.age".publicKeys = systems; } # 1. Create a file with secret