add fw-new
This commit is contained in:
@@ -3,92 +3,92 @@
|
||||
json = pkgs.formats.json { };
|
||||
in {
|
||||
microvm.vms = {
|
||||
gitea = {
|
||||
config = {
|
||||
microvm = {
|
||||
hypervisor = "cloud-hypervisor";
|
||||
shares = [
|
||||
{
|
||||
source = "/nix/store";
|
||||
mountPoint = "/nix/.ro-store";
|
||||
tag = "ro-store";
|
||||
proto = "virtiofs";
|
||||
}
|
||||
{
|
||||
source = "/var/lib/acme/git.cloonar.com";
|
||||
mountPoint = "/var/lib/acme/${hostname}.cloonar.com";
|
||||
tag = "ro-cert";
|
||||
proto = "virtiofs";
|
||||
}
|
||||
];
|
||||
interfaces = [
|
||||
{
|
||||
type = "tap";
|
||||
id = "vm-${hostname}";
|
||||
mac = "02:00:00:00:00:01";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
imports = [
|
||||
../fleet.nix
|
||||
];
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
vim # my preferred editor
|
||||
];
|
||||
|
||||
networking = {
|
||||
hostName = hostname;
|
||||
firewall = {
|
||||
enable = true;
|
||||
allowedTCPPorts = [ 22 80 443 ];
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.enable = true;
|
||||
services.nginx.virtualHosts."${hostname}.cloonar.com" = {
|
||||
sslCertificate = "/var/lib/acme/${hostname}.cloonar.com/fullchain.pem";
|
||||
sslCertificateKey = "/var/lib/acme/${hostname}.cloonar.com/key.pem";
|
||||
sslTrustedCertificate = "/var/lib/acme/${hostname}.cloonar.com/chain.pem";
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:3001/";
|
||||
};
|
||||
};
|
||||
|
||||
services.gitea = {
|
||||
enable = true;
|
||||
appName = "Cloonar Gitea server"; # Give the site a name
|
||||
settings = {
|
||||
server = {
|
||||
ROOT_URL = "https://${hostname}.cloonar.com/";
|
||||
HTTP_PORT = 3001;
|
||||
DOMAIN = "${hostname}.cloonar.com";
|
||||
};
|
||||
openid = {
|
||||
ENABLE_OPENID_SIGNIN = true;
|
||||
ENABLE_OPENID_SIGNUP = true;
|
||||
WHITELISTED_URIS = "auth.cloonar.com";
|
||||
};
|
||||
service = {
|
||||
DISABLE_REGISTRATION = true;
|
||||
ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
|
||||
SHOW_REGISTRATION_BUTTON = false;
|
||||
};
|
||||
actions.ENABLED=true;
|
||||
};
|
||||
};
|
||||
|
||||
services.openssh.enable = true;
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius"
|
||||
];
|
||||
|
||||
system.stateVersion = "22.05";
|
||||
};
|
||||
};
|
||||
# gitea = {
|
||||
# config = {
|
||||
# microvm = {
|
||||
# hypervisor = "cloud-hypervisor";
|
||||
# shares = [
|
||||
# {
|
||||
# source = "/nix/store";
|
||||
# mountPoint = "/nix/.ro-store";
|
||||
# tag = "ro-store";
|
||||
# proto = "virtiofs";
|
||||
# }
|
||||
# {
|
||||
# source = "/var/lib/acme/git.cloonar.com";
|
||||
# mountPoint = "/var/lib/acme/${hostname}.cloonar.com";
|
||||
# tag = "ro-cert";
|
||||
# proto = "virtiofs";
|
||||
# }
|
||||
# ];
|
||||
# interfaces = [
|
||||
# {
|
||||
# type = "tap";
|
||||
# id = "vm-${hostname}";
|
||||
# mac = "02:00:00:00:00:01";
|
||||
# }
|
||||
# ];
|
||||
# };
|
||||
#
|
||||
# imports = [
|
||||
# ../fleet.nix
|
||||
# ];
|
||||
#
|
||||
# environment.systemPackages = with pkgs; [
|
||||
# vim # my preferred editor
|
||||
# ];
|
||||
#
|
||||
# networking = {
|
||||
# hostName = hostname;
|
||||
# firewall = {
|
||||
# enable = true;
|
||||
# allowedTCPPorts = [ 22 80 443 ];
|
||||
# };
|
||||
# };
|
||||
#
|
||||
# services.nginx.enable = true;
|
||||
# services.nginx.virtualHosts."${hostname}.cloonar.com" = {
|
||||
# sslCertificate = "/var/lib/acme/${hostname}.cloonar.com/fullchain.pem";
|
||||
# sslCertificateKey = "/var/lib/acme/${hostname}.cloonar.com/key.pem";
|
||||
# sslTrustedCertificate = "/var/lib/acme/${hostname}.cloonar.com/chain.pem";
|
||||
# forceSSL = true;
|
||||
# locations."/" = {
|
||||
# proxyPass = "http://localhost:3001/";
|
||||
# };
|
||||
# };
|
||||
#
|
||||
# services.gitea = {
|
||||
# enable = true;
|
||||
# appName = "Cloonar Gitea server"; # Give the site a name
|
||||
# settings = {
|
||||
# server = {
|
||||
# ROOT_URL = "https://${hostname}.cloonar.com/";
|
||||
# HTTP_PORT = 3001;
|
||||
# DOMAIN = "${hostname}.cloonar.com";
|
||||
# };
|
||||
# openid = {
|
||||
# ENABLE_OPENID_SIGNIN = true;
|
||||
# ENABLE_OPENID_SIGNUP = true;
|
||||
# WHITELISTED_URIS = "auth.cloonar.com";
|
||||
# };
|
||||
# service = {
|
||||
# DISABLE_REGISTRATION = true;
|
||||
# ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
|
||||
# SHOW_REGISTRATION_BUTTON = false;
|
||||
# };
|
||||
# actions.ENABLED=true;
|
||||
# };
|
||||
# };
|
||||
#
|
||||
# services.openssh.enable = true;
|
||||
# users.users.root.openssh.authorizedKeys.keys = [
|
||||
# "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7"
|
||||
# "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius"
|
||||
# ];
|
||||
#
|
||||
# system.stateVersion = "22.05";
|
||||
# };
|
||||
# };
|
||||
|
||||
gitea-runner = {
|
||||
config = {
|
||||
|
||||
Reference in New Issue
Block a user