Compare commits
No commits in common. "d140a20ed95e8f6a00823ca446050f184a7fab2b" and "25580ded3bbb9ff805e036fb32b62d2205570315" have entirely different histories.
d140a20ed9
...
25580ded3b
10 changed files with 35 additions and 31 deletions
|
|
@ -51,10 +51,6 @@
|
|||
username = "nas";
|
||||
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICS6b97LPUpr7/kWvOcI40s5e+gfbfz0I2/hAPL6zTmU";
|
||||
}
|
||||
{
|
||||
username = "dev";
|
||||
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICS6b97LPUpr7/kWvOcI40s5e+gfbfz0I2/hAPL6zTmU";
|
||||
}
|
||||
|
||||
{
|
||||
username = "amzebs-01";
|
||||
|
|
|
|||
|
|
@ -55,18 +55,13 @@ in
|
|||
programs.zsh.enable = true;
|
||||
users.defaultUserShell = pkgs.zsh;
|
||||
|
||||
# Welcome message with Claude Code reminder
|
||||
users.motd = ''
|
||||
Welcome to dev
|
||||
|
||||
Claude Code: claude or cr (resume last session)
|
||||
# Auto-attach to tmux on SSH login
|
||||
environment.interactiveShellInit = ''
|
||||
if [[ -n "$SSH_CONNECTION" ]] && [[ -z "$TMUX" ]]; then
|
||||
tmux attach-session -t main 2>/dev/null || tmux new-session -s main
|
||||
fi
|
||||
'';
|
||||
|
||||
# Short alias for resuming Claude sessions
|
||||
programs.zsh.shellAliases = {
|
||||
cr = "claude --resume";
|
||||
};
|
||||
|
||||
# Passwordless sudo for dominik
|
||||
security.sudo.extraRules = [{
|
||||
users = [ "dominik" ];
|
||||
|
|
|
|||
|
|
@ -32,6 +32,7 @@
|
|||
|
||||
# microvm
|
||||
./modules/microvm.nix
|
||||
./modules/gitea-vm.nix
|
||||
./modules/forgejo-runner.nix
|
||||
./modules/dev-microvm.nix
|
||||
# ./modules/vscode-server.nix # Add VS Code Server microvm
|
||||
|
|
@ -44,7 +45,8 @@
|
|||
./modules/web
|
||||
|
||||
# git
|
||||
./modules/forgejo.nix
|
||||
./modules/gitea.nix
|
||||
./modules/forgejo.nix # Migration: autoStart=false, start after migration script
|
||||
# ./modules/fwmetrics.nix
|
||||
|
||||
# ha customers
|
||||
|
|
@ -79,7 +81,7 @@
|
|||
networkPrefix = "10.42";
|
||||
|
||||
# Systemd services to monitor
|
||||
services.victoriametrics.monitoredServices = [ "ai-mailer" "container@forgejo" "microvm@fj-runner-" ];
|
||||
services.victoriametrics.monitoredServices = [ "ai-mailer" "container@git" "microvm@git-runner-" "microvm@fj-runner-" ];
|
||||
|
||||
nixpkgs.overlays = [
|
||||
(import ./utils/overlays/packages.nix)
|
||||
|
|
|
|||
|
|
@ -103,7 +103,8 @@
|
|||
"/mopidy.cloonar.com/${config.networkPrefix}.97.21"
|
||||
"/snapcast.cloonar.com/${config.networkPrefix}.97.21"
|
||||
"/lms.cloonar.com/${config.networkPrefix}.97.21"
|
||||
"/git.cloonar.com/${config.networkPrefix}.97.55"
|
||||
"/git.cloonar.com/${config.networkPrefix}.97.50"
|
||||
"/forgejo.cloonar.com/${config.networkPrefix}.97.55"
|
||||
"/feeds.cloonar.com/188.34.191.144"
|
||||
"/nukibridge1a753f72.cloonar.smart/${config.networkPrefix}.100.112"
|
||||
"/allywatch.cloonar.com/${config.networkPrefix}.97.5"
|
||||
|
|
|
|||
|
|
@ -118,7 +118,7 @@
|
|||
iifname "smart" oifname "server" ip daddr ${config.networkPrefix}.97.20/32 tcp dport { 1883 } counter accept
|
||||
|
||||
# Forward to git server
|
||||
oifname "server" ip daddr ${config.networkPrefix}.97.55 tcp dport { 22 } counter accept
|
||||
oifname "server" ip daddr ${config.networkPrefix}.97.50 tcp dport { 22 } counter accept
|
||||
oifname "server" ip daddr ${config.networkPrefix}.97.5 tcp dport { 80, 443 } counter accept
|
||||
|
||||
# lan and vpn to any
|
||||
|
|
@ -167,7 +167,7 @@
|
|||
chain prerouting {
|
||||
type nat hook prerouting priority filter; policy accept;
|
||||
iifname "server" ip daddr ${config.networkPrefix}.96.255 udp dport { 9 } dnat to ${config.networkPrefix}.96.255
|
||||
iifname "wan" tcp dport { 22 } dnat to ${config.networkPrefix}.97.55
|
||||
iifname "wan" tcp dport { 22 } dnat to ${config.networkPrefix}.97.50
|
||||
iifname "wan" tcp dport { 80, 443 } dnat to ${config.networkPrefix}.97.5
|
||||
iifname "wan" tcp dport { 5000 } dnat to ${config.networkPrefix}.97.51
|
||||
iifname { "wan", "lan" } udp dport { 7777, 7778, 27015 } dnat to ${config.networkPrefix}.97.201
|
||||
|
|
|
|||
|
|
@ -51,7 +51,7 @@ in {
|
|||
|
||||
services.gitea-actions-runner.instances.${runner} = {
|
||||
enable = true;
|
||||
url = "https://git.cloonar.com";
|
||||
url = "https://forgejo.cloonar.com";
|
||||
name = runner;
|
||||
tokenFile = "/run/secrets/forgejo-runner-token";
|
||||
labels = [
|
||||
|
|
|
|||
|
|
@ -19,12 +19,13 @@ in
|
|||
users.users.forgejo = user;
|
||||
users.groups.forgejo = group;
|
||||
|
||||
security.acme.certs."git.cloonar.com" = {
|
||||
# Reuse the existing git.cloonar.com ACME cert from gitea.nix
|
||||
security.acme.certs."forgejo.cloonar.com" = {
|
||||
group = "nginx";
|
||||
};
|
||||
|
||||
containers.forgejo = {
|
||||
autoStart = true;
|
||||
autoStart = false; # Don't start until migration is complete
|
||||
ephemeral = false; # because of ssh key
|
||||
privateNetwork = true;
|
||||
hostBridge = "server";
|
||||
|
|
@ -36,7 +37,8 @@ in
|
|||
isReadOnly = false;
|
||||
};
|
||||
"/var/lib/acme/forgejo/" = {
|
||||
hostPath = config.security.acme.certs.${domain}.directory;
|
||||
# hostPath = config.security.acme.certs.${domain}.directory;
|
||||
hostPath = config.security.acme.certs."forgejo.cloonar.com".directory;
|
||||
isReadOnly = true;
|
||||
};
|
||||
"/run/secrets/forgejo-mailer-password" = {
|
||||
|
|
@ -144,6 +146,7 @@ in
|
|||
|
||||
sops.secrets.forgejo-mailer-password = {
|
||||
owner = "forgejo";
|
||||
restartUnits = [ "container@forgejo.service" ];
|
||||
# restartUnits removed - would start the container even with autoStart=false
|
||||
# Re-add after migration: restartUnits = [ "container@forgejo.service" ];
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,13 @@
|
|||
{ config, lib, ... }: {
|
||||
services.nginx.virtualHosts."git.cloonar.com" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
acmeRoot = null;
|
||||
locations."/" = {
|
||||
proxyPass = "https://git.cloonar.com/";
|
||||
};
|
||||
};
|
||||
services.nginx.virtualHosts."forgejo.cloonar.com" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
acmeRoot = null;
|
||||
|
|
|
|||
|
|
@ -7,9 +7,8 @@ let
|
|||
{ name = "Postfix"; service = "postfix.service"; instance = "mail:9100"; }
|
||||
{ name = "Dovecot"; service = "dovecot.service"; instance = "mail:9100"; }
|
||||
{ name = "OpenLDAP"; service = "openldap.service"; instance = "mail:9100"; }
|
||||
{ name = "Forgejo"; service = "container@forgejo.service"; instance = "fw:9100"; }
|
||||
{ name = "Forgejo Runner 1"; service = "microvm@fj-runner-1.service"; instance = "fw:9100"; }
|
||||
{ name = "Forgejo Runner 2"; service = "microvm@fj-runner-2.service"; instance = "fw:9100"; }
|
||||
{ name = "Gitea"; service = "container@git.service"; instance = "fw:9100"; }
|
||||
{ name = "Gitea Runner"; service = "microvm@git-runner-1.service"; instance = "fw:9100"; }
|
||||
{ name = "WireGuard"; service = "wireguard-wg_cloonar.service"; instance = "fw:9100"; }
|
||||
{ name = "MySQL"; service = "mysql.service"; instance = "amzebs-01:9100"; }
|
||||
{ name = "Nginx"; service = "nginx.service"; instance = "amzebs-01:9100"; }
|
||||
|
|
|
|||
|
|
@ -118,10 +118,10 @@
|
|||
description="homeassistant notification {{$labels.entity}} ({{$labels.friendly_name}}): {{$value}}"
|
||||
}
|
||||
|
||||
ALERT forgejo
|
||||
IF rate(promhttp_metric_handler_requests_total{job="forgejo", code="500"}[5m]) > 3
|
||||
ALERT gitea
|
||||
IF rate(promhttp_metric_handler_requests_total{job="gitea", code="500"}[5m]) > 3
|
||||
ANNOTATIONS {
|
||||
description="{{$labels.instance}}: forgejo instances error rate went up: {{$value}} errors in 5 minutes"
|
||||
description="{{$labels.instance}}: gitea instances error rate went up: {{$value}} errors in 5 minutes"
|
||||
}
|
||||
''
|
||||
];
|
||||
|
|
@ -198,7 +198,7 @@
|
|||
];
|
||||
}
|
||||
{
|
||||
job_name = "forgejo";
|
||||
job_name = "gitea";
|
||||
scrape_interval = "60s";
|
||||
metrics_path = "/metrics";
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue