0xa/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

add forgejo to proxy net

Browse source
This commit is contained in:
Grisha Shipunov 2025-02-03 19:28:15 +01:00
parent b3d6340134
commit e59677827b
3 changed files with 62 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
hosts/forgejo/default.nix
View file

@ -1,19 +1,19 @@
{ config, lib, ... }:
let
mac = "02:00:00:00:00:04";
mac = "02:00:00:00:00:05";
in
{
# imports = [
# ./forgejo.nix
# ];
# sops.defaultSopsFile = ./secrets.yaml;
# sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
imports = [
./forgejo.nix
];
sops.defaultSopsFile = ./secrets.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# sops.secrets = {
# "wg/0xa-proxy" = {
# owner = config.users.users.systemd-network.name;
# };
# };
sops.secrets = {
"wg/0xa-proxy" = {
owner = config.users.users.systemd-network.name;
};
};
microvm = {
hypervisor = "qemu";
@ -59,7 +59,7 @@ in
networks."11-host" = {
matchConfig.MACAddress = mac;
networkConfig = {
Address = "10.99.99.14/24";
Address = "10.99.99.15/24";
DHCP = "no";
};
routes = [

42
hosts/forgejo/secrets.yaml Normal file
View file

@ -0,0 +1,42 @@
wg:
0xa-proxy: ENC[AES256_GCM,data:DZB/1S2Ev71DbnN+8C/K0mjIf/13Ki1f6vOIOdhsS6qyXKr5OwpbNb9KA0k=,iv:Gnd32DRJtP8LsC1P9GyS98oCLq/MBSCNcxrZngVXF6g=,tag:gyrzJOx9CS+1Kw5JRONIAw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1gknaqevzuq7dtqalng3547w5qflk9a0kugymea5h54eg6twu43pqpkr4zt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyV0ttcmFIeWtCdTFuS0Y1
ZzZHdUJmZ3ZlaUx3d0x5NGVaLzhXZjdtZHk4CkprNUZ5VThydVJ2dTBCdE5OQS8z
c0VtY1Vmd2N3bThEdDBFZWMxUC83RXMKLS0tIFluRjRrNG1Qam9MSjVvUWJjbHdq
VVRSM2JuOHpTYXRmOVRRSUN0NzlZeDQKcZ6ym4DTJqZjRpAUcWBcYXR/nVYZzhLx
vhtZzCmaQc2qYSVtDZE51N3cTqPWJD+l/cr8zp2lo0GCfNWO6BQthg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-03T18:25:04Z"
mac: ENC[AES256_GCM,data:sSG52AUXjzVo5klAx+t9rhWn/alKAETF6bPUSYP5Dz7WH3vcY5bs87RCm+BdxzlueHMTn4HBQ5iZ2V4e34403GPJsQMYgWSkKapbWGBRurT0xBO5aCJhxZWpvjFSPdehOGNODKGtYFgBVd81PwZRWFdx3MrkwIItyYEq4TAtIyI=,iv:p+t0QmQKDaSiwtuHfLzR31AzmmS39NFq1nn1BAG5YTk=,tag:FSm77zDvPbHCarkGZCgtmg==,type:str]
pgp:
- created_at: "2025-02-03T18:24:33Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA7zUOKwzpAE7AQ//fcUVRBuEFENKNck1l2/QVMIRwfZzxJO5fMy/r0GQzKiR
Nl9X4z0HGcxlCwfiUImif1UtQdMWs1RCXQ7HtFK8kKyNgIb07y5306TI/dmkhbP7
nWD0EstGEgbSiVGiFRlT/gy4FIVyKhBPxJqfT/dbAuRZb7NXsl8Rv1fsnZZFcJMu
MKO1S3DivJUS/YVXteoRf3T5DLobSpO7/5ok5LUXuuSpYKk20hUxFdJqhv1hsljZ
kjckGJ2L0OlxVz16nmg8Z1QI0jDfN6dLl/X+di3U2VACDQDMF+K9LCPLfAm295Y5
TAtPSv/yE5os9crJ+MCVKHbEI11Khe3mfdRWvVboVZP6jXoD4ZTe/ccXLZCN8pgE
KdSZWs/L2Ps66KYuxujk/c8khmmrmLpPk0qJo9zW0mAf9TSC8UPnMYAxbroeijIe
PVYOJS2AzySnRtXQY4MBPLqzlQ0tKf8HxaCBpZ6eCMsX0/9IDjJJOhCMuMavL+oJ
DnNQQwtSDXAtXcgvwIccEMzawjyPMS5QBx0hYuH8t0rSJtCYutk2op6yKb1vWmOq
5EDksdNevT3QzGesjtPErh6s3hu3YUAM2k2h4MqXVCbFdchA//FBIHequPul+UMm
JMLsPLAk2FmtWAiOuXxdCPtoY7Jnd8Ziqiemhd961WTiWrCtsv7NSn7x4PIMeLfS
XgFpMQ+15G4NNCDpgJWGUUXc1H+OKj3XepY5EoONnhusT/gJAtxT9vnuJ+T9LDTt
a0Ye2g3jxugeupJ58vbZUifHy/B0OtSeXKkRHZuycCJd3bzxzNxpXLJ23ds40JA=
=/5W1
-----END PGP MESSAGE-----
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
unencrypted_suffix: _unencrypted
version: 3.9.4

8
modules/wg/proxy.nix
View file

@ -55,6 +55,14 @@
publicKey = "2Lvjzg8k5EIR0Y5mlsCHOs1cJl1+1SL0QMxkKUmliE0=";
privateKeyFile = config.sops.secrets."wg/0xa-proxy".path;
};
"forgejo" = {
address = [
"10.89.88.15/24"
"fd31:185d:722f::15/48"
];
publicKey = "pXiOmI3aspl2IvdvLXLddxw76QYMRTACNm42nq+L4D0=";
privateKeyFile = config.sops.secrets."wg/0xa-proxy".path;
};
};
}
];