diff --git a/hosts/fw.cloonar.com/modules/gitea-vm.nix b/hosts/fw.cloonar.com/modules/gitea-vm.nix index 6da9b20..b9c65b5 100644 --- a/hosts/fw.cloonar.com/modules/gitea-vm.nix +++ b/hosts/fw.cloonar.com/modules/gitea-vm.nix @@ -1,162 +1,226 @@ -{ nixpkgs, pkgs, ... }: let - hostname = "git-02"; - json = pkgs.formats.json { }; +{ lib, nixpkgs, pkgs, ... }: let + # hostname = "git-02"; + # json = pkgs.formats.json { }; + runners = ["git-runner-1" "git-runner-2"]; + indexedRunners = lib.lists.imap1 (i: v: { name=v; value=i; }) runners; in { - microvm.vms = { - # gitea = { - # config = { - # microvm = { - # hypervisor = "cloud-hypervisor"; - # shares = [ - # { - # source = "/nix/store"; - # mountPoint = "/nix/.ro-store"; - # tag = "ro-store"; - # proto = "virtiofs"; - # } - # { - # source = "/var/lib/acme/git.cloonar.com"; - # mountPoint = "/var/lib/acme/${hostname}.cloonar.com"; - # tag = "ro-cert"; - # proto = "virtiofs"; - # } - # ]; - # interfaces = [ - # { - # type = "tap"; - # id = "vm-${hostname}"; - # mac = "02:00:00:00:00:01"; - # } - # ]; - # }; - # - # imports = [ - # ../fleet.nix - # ]; - # - # environment.systemPackages = with pkgs; [ - # vim # my preferred editor - # ]; - # - # networking = { - # hostName = hostname; - # firewall = { - # enable = true; - # allowedTCPPorts = [ 22 80 443 ]; - # }; - # }; - # - # services.nginx.enable = true; - # services.nginx.virtualHosts."${hostname}.cloonar.com" = { - # sslCertificate = "/var/lib/acme/${hostname}.cloonar.com/fullchain.pem"; - # sslCertificateKey = "/var/lib/acme/${hostname}.cloonar.com/key.pem"; - # sslTrustedCertificate = "/var/lib/acme/${hostname}.cloonar.com/chain.pem"; - # forceSSL = true; - # locations."/" = { - # proxyPass = "http://localhost:3001/"; - # }; - # }; - # - # services.gitea = { - # enable = true; - # appName = "Cloonar Gitea server"; # Give the site a name - # settings = { - # server = { - # ROOT_URL = "https://${hostname}.cloonar.com/"; - # HTTP_PORT = 3001; - # DOMAIN = "${hostname}.cloonar.com"; - # }; - # openid = { - # ENABLE_OPENID_SIGNIN = true; - # ENABLE_OPENID_SIGNUP = true; - # WHITELISTED_URIS = "auth.cloonar.com"; - # }; - # service = { - # DISABLE_REGISTRATION = true; - # ALLOW_ONLY_EXTERNAL_REGISTRATION = true; - # SHOW_REGISTRATION_BUTTON = false; - # }; - # actions.ENABLED=true; - # }; - # }; - # - # services.openssh.enable = true; - # users.users.root.openssh.authorizedKeys.keys = [ - # "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7" - # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius" - # ]; - # - # system.stateVersion = "22.05"; - # }; - # }; - - gitea-runner = { - config = { - microvm = { - mem = 12288; - shares = [ - { - source = "/nix/store"; - mountPoint = "/nix/.ro-store"; - tag = "ro-store"; - proto = "virtiofs"; - } - { - source = "/run/secrets"; - mountPoint = "/run/secrets"; - tag = "ro-token"; - proto = "virtiofs"; - } - ]; - volumes = [ - { - image = "rootfs.img"; - mountPoint = "/"; - size = 102400; - } - ]; - interfaces = [ - { - type = "tap"; - id = "vm-gitea-runner"; - mac = "02:00:00:00:00:02"; - } - ]; - }; - - environment.systemPackages = with pkgs; [ - vim # my preferred editor + microvm.vms = lib.mapAttrs (runner: idx: { + config = { + microvm = { + mem = 4048; + shares = [ + { + source = "/nix/store"; + mountPoint = "/nix/.ro-store"; + tag = "ro-store"; + proto = "virtiofs"; + } + { + source = "/run/secrets"; + mountPoint = "/run/secrets"; + tag = "ro-token"; + proto = "virtiofs"; + } ]; + volumes = [ + { + image = "rootfs.img"; + mountPoint = "/"; + size = 51200; + } + ]; + interfaces = [ + { + type = "tap"; + id = "vm-${runner}"; + mac = "02:00:00:00:00:0${toString idx}"; + } + ]; + }; - networking.hostName = "gitea-runner"; + networking.hostName = runner; - virtualisation.podman.enable = true; + virtualisation.podman.enable = true; - services.gitea-actions-runner.instances.vm = { - enable = true; - url = "https://git.cloonar.com"; - name = "vm"; - tokenFile = "/run/secrets/gitea-runner-token"; - labels = [ - "ubuntu-latest:docker://shivammathur/node:latest" - ]; - settings = { - container = { - network = "podman"; - }; + services.gitea-actions-runner.instances.${runner} = { + enable = true; + url = "https://git.cloonar.com"; + name = runner; + tokenFile = "/run/secrets/gitea-runner-token"; + labels = [ + "ubuntu-latest:docker://shivammathur/node:latest" + ]; + settings = { + container = { + network = "podman"; }; }; - - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius" - ]; - - system.stateVersion = "22.05"; }; + + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7" + ]; + + system.stateVersion = "22.05"; }; - }; + }) (lib.listToAttrs (lib.lists.imap1 (i: v: { name=v; value=i; }) runners)); + + # microvm.vms = { + # gitea = { + # config = { + # microvm = { + # hypervisor = "cloud-hypervisor"; + # shares = [ + # { + # source = "/nix/store"; + # mountPoint = "/nix/.ro-store"; + # tag = "ro-store"; + # proto = "virtiofs"; + # } + # { + # source = "/var/lib/acme/git.cloonar.com"; + # mountPoint = "/var/lib/acme/${hostname}.cloonar.com"; + # tag = "ro-cert"; + # proto = "virtiofs"; + # } + # ]; + # interfaces = [ + # { + # type = "tap"; + # id = "vm-${hostname}"; + # mac = "02:00:00:00:00:01"; + # } + # ]; + # }; + # + # imports = [ + # ../fleet.nix + # ]; + # + # environment.systemPackages = with pkgs; [ + # vim # my preferred editor + # ]; + # + # networking = { + # hostName = hostname; + # firewall = { + # enable = true; + # allowedTCPPorts = [ 22 80 443 ]; + # }; + # }; + # + # services.nginx.enable = true; + # services.nginx.virtualHosts."${hostname}.cloonar.com" = { + # sslCertificate = "/var/lib/acme/${hostname}.cloonar.com/fullchain.pem"; + # sslCertificateKey = "/var/lib/acme/${hostname}.cloonar.com/key.pem"; + # sslTrustedCertificate = "/var/lib/acme/${hostname}.cloonar.com/chain.pem"; + # forceSSL = true; + # locations."/" = { + # proxyPass = "http://localhost:3001/"; + # }; + # }; + # + # services.gitea = { + # enable = true; + # appName = "Cloonar Gitea server"; # Give the site a name + # settings = { + # server = { + # ROOT_URL = "https://${hostname}.cloonar.com/"; + # HTTP_PORT = 3001; + # DOMAIN = "${hostname}.cloonar.com"; + # }; + # openid = { + # ENABLE_OPENID_SIGNIN = true; + # ENABLE_OPENID_SIGNUP = true; + # WHITELISTED_URIS = "auth.cloonar.com"; + # }; + # service = { + # DISABLE_REGISTRATION = true; + # ALLOW_ONLY_EXTERNAL_REGISTRATION = true; + # SHOW_REGISTRATION_BUTTON = false; + # }; + # actions.ENABLED=true; + # }; + # }; + # + # services.openssh.enable = true; + # users.users.root.openssh.authorizedKeys.keys = [ + # "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7" + # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius" + # ]; + # + # system.stateVersion = "22.05"; + # }; + # }; + # + # gitea-runner-1 = { + # config = { + # microvm = { + # mem = 4048; + # shares = [ + # { + # source = "/nix/store"; + # mountPoint = "/nix/.ro-store"; + # tag = "ro-store"; + # proto = "virtiofs"; + # } + # { + # source = "/run/secrets"; + # mountPoint = "/run/secrets"; + # tag = "ro-token"; + # proto = "virtiofs"; + # } + # ]; + # volumes = [ + # { + # image = "rootfs.img"; + # mountPoint = "/"; + # size = 102400; + # } + # ]; + # interfaces = [ + # { + # type = "tap"; + # id = "vm-gitea-runner-1"; + # mac = "02:00:00:00:00:02"; + # } + # ]; + # }; + # + # environment.systemPackages = with pkgs; [ + # vim # my preferred editor + # ]; + # + # networking.hostName = "gitea-runner"; + # + # virtualisation.podman.enable = true; + # + # services.gitea-actions-runner.instances.vm = { + # enable = true; + # url = "https://git.cloonar.com"; + # name = "vm"; + # tokenFile = "/run/secrets/gitea-runner-token"; + # labels = [ + # "ubuntu-latest:docker://shivammathur/node:latest" + # ]; + # settings = { + # container = { + # network = "podman"; + # }; + # }; + # }; + # + # services.openssh.enable = true; + # users.users.root.openssh.authorizedKeys.keys = [ + # "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7" + # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius" + # ]; + # + # system.stateVersion = "22.05"; + # }; + # }; + # }; sops.secrets.gitea-runner-token = {}; diff --git a/hosts/fw.cloonar.com/modules/gitea.nix b/hosts/fw.cloonar.com/modules/gitea.nix index 5d80797..0b48ffc 100644 --- a/hosts/fw.cloonar.com/modules/gitea.nix +++ b/hosts/fw.cloonar.com/modules/gitea.nix @@ -92,6 +92,7 @@ in DISABLE_REGISTRATION = false; ALLOW_ONLY_EXTERNAL_REGISTRATION = true; SHOW_REGISTRATION_BUTTON = false; + ENABLE_NOTIFY_MAIL = true; }; mailer = { ENABLED = true; diff --git a/hosts/fw.cloonar.com/modules/staticids.nix b/hosts/fw.cloonar.com/modules/staticids.nix index 12fee94..498d9db 100644 --- a/hosts/fw.cloonar.com/modules/staticids.nix +++ b/hosts/fw.cloonar.com/modules/staticids.nix @@ -4,11 +4,13 @@ gitea = 10002; gitea-runner = 10003; podman = 10004; + foundry-vtt = 10005; }; gids = { unbound = 10001; gitea = 10002; gitea-runner = 10003; podman = 10004; + foundry-vtt = 10005; }; } diff --git a/hosts/fw.cloonar.com/modules/unbound.nix b/hosts/fw.cloonar.com/modules/unbound.nix index 26dc0f7..c566859 100644 --- a/hosts/fw.cloonar.com/modules/unbound.nix +++ b/hosts/fw.cloonar.com/modules/unbound.nix @@ -111,6 +111,9 @@ let "\"web.hilgenberg-gmbh.de IN A 91.107.197.169\"" + # gaming + "\"foundry-vtt.cloonar.com IN A 10.42.97.5\"" + "\"deconz.cloonar.multimedia IN A 10.42.97.22\"" "\"metz.cloonar.multimedia IN A 10.42.99.10\"" # "\"ps5.cloonar.multimedia IN A 10.42.99.12\"" @@ -270,12 +273,12 @@ in { do if echo "''\${1}" | grep -Eq '.*\.(cloonar.com|cloonar.multimedia|cloonar.smart)'; then echo ''\${hostname} ''\$2 ''\${address} - unbound-control local_data ''\${hostname} ''\$2 ''\${address} + unbound-control local_data ''\${hostname} ''\$2 ''\${address} > /dev/null 2>&1 if [[ "''\$2" == "A" ]] ; then echo ''\${address} | while IFS=. read -r ip0 ip1 ip2 ip3 do - unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.ip4.arpa. PTR ''\${hostname} - unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.in-addr.arpa. PTR ''\${hostname} + unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.ip4.arpa. PTR ''\${hostname} > /dev/null 2>&1 + unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.in-addr.arpa. PTR ''\${hostname} > /dev/null 2>&1 done fi else @@ -291,14 +294,14 @@ in { domain=cloonar.smart fi if [[ "''\${hostname}" != *. ]]; then - unbound-control local_data ''\${hostname}.''\${domain} ''\$2 ''\${address} + unbound-control local_data ''\${hostname}.''\${domain} ''\$2 ''\${address} > /dev/null 2>&1 else - unbound-control local_data ''\${hostname}''\${domain} ''\$2 ''\${address} + unbound-control local_data ''\${hostname}''\${domain} ''\$2 ''\${address} > /dev/null 2>&1 fi fi - unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.ip4.arpa. PTR ''\${hostname} - unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.in-addr.arpa. PTR ''\${hostname} + unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.ip4.arpa. PTR ''\${hostname} > /dev/null 2>&1 + unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.in-addr.arpa. PTR ''\${hostname} > /dev/null 2>&1 done fi fi