diff --git a/config/hosts/public-web-static/virtualHosts/element-admin.hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/element-admin.hamburg.ccc.de.nix index f30e9a7..8ee4336 100644 --- a/config/hosts/public-web-static/virtualHosts/element-admin.hamburg.ccc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/element-admin.hamburg.ccc.de.nix @@ -1,14 +1,14 @@ { config, pkgs, ... }: let - elementAdminVersion = "0.1.10"; + elementAdminVersion = "0.1.11"; elementAdmin = pkgs.stdenv.mkDerivation (finalAttrs: { pname = "element-admin"; version = elementAdminVersion; src = pkgs.fetchzip { url = "https://github.com/element-hq/element-admin/archive/refs/tags/v${elementAdminVersion}.zip"; - sha256 = "sha256-dh7tmzAaTfKB9FuOVhLHpOIsTZK1qMvNq16HeObHOqI="; + sha256 = "sha256-tSUTDPspQJjvP1KN4nUr4LYyjNQFj4pKMMA8JmavIxo="; }; nativeBuildInputs = [ @@ -19,7 +19,7 @@ let pnpmDeps = pkgs.pnpm.fetchDeps { inherit (finalAttrs) pname version src; fetcherVersion = 2; - hash = "sha256-S/MdfUv6q+PaAKWYHxVY80BcpL81dOfpPVhNxEPQVE4="; + hash = "sha256-Hf4PWey5bczSNbc3QQ9z9X3OVUZ7VHXw7BHGQqJWPac="; }; buildPhase = '' diff --git a/config/hosts/public-web-static/virtualHosts/element.hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/element.hamburg.ccc.de.nix index b8a014f..f781dc0 100644 --- a/config/hosts/public-web-static/virtualHosts/element.hamburg.ccc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/element.hamburg.ccc.de.nix @@ -1,10 +1,10 @@ { pkgs, ... }: let - elementWebVersion = "1.12.0"; + elementWebVersion = "1.12.18"; element-web = pkgs.fetchzip { url = "https://github.com/element-hq/element-web/releases/download/v${elementWebVersion}/element-v${elementWebVersion}.tar.gz"; - sha256 = "sha256-2kXQFUhLYyEKuXYw+n94JGlTN2VJHRpjmu78u8gdaro="; + sha256 = "sha256-RvPJg28hgOgFs0GFZ9EPypQkUPkAns0alXYJeNst4Bk="; }; elementSecurityHeaders = '' # Configuration best practices diff --git a/config/hosts/woodpecker/configuration.nix b/config/hosts/woodpecker/configuration.nix deleted file mode 100644 index 45e228e..0000000 --- a/config/hosts/woodpecker/configuration.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ config, pkgs, ... }: - -{ - networking.hostName = "woodpecker"; - - system.stateVersion = "24.05"; -} diff --git a/config/hosts/woodpecker/default.nix b/config/hosts/woodpecker/default.nix deleted file mode 100644 index 1db0c8c..0000000 --- a/config/hosts/woodpecker/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ - ./woodpecker-agent - ./woodpecker-server - ./configuration.nix - ./networking.nix - ./sops.nix - ]; -} diff --git a/config/hosts/woodpecker/networking.nix b/config/hosts/woodpecker/networking.nix deleted file mode 100644 index 3301812..0000000 --- a/config/hosts/woodpecker/networking.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ ... }: - -{ - networking = { - interfaces.net0 = { - ipv4.addresses = [ - { - address = "172.31.17.160"; - prefixLength = 25; - } - ]; - }; - defaultGateway = "172.31.17.129"; - nameservers = [ "212.12.50.158" "192.76.134.90" ]; - search = [ "hamburg.ccc.de" ]; - }; - - systemd.network.links."10-net0" = { - matchConfig.MACAddress = "BC:24:11:5F:A9:B7"; - linkConfig.Name = "net0"; - }; -} diff --git a/config/hosts/woodpecker/secrets.yaml b/config/hosts/woodpecker/secrets.yaml deleted file mode 100644 index 5fae897..0000000 --- a/config/hosts/woodpecker/secrets.yaml +++ /dev/null @@ -1,149 +0,0 @@ -woodpecker_server_environment_file: ENC[AES256_GCM,data:68Wu0UOHBAGZHSJ0x4wbeDLm626jpumv9w6A65FNKsmzYp6P4/c4g1MF1agQd7l9nKMTRrgyJyfoEZYFQRX6lYSmcsQLfn++uh1JpFoClT5p/5hBkiDq4owUFU+NGUiyl6yjYlEiaxLwC4ZdyISHeEYpbrvGyIXLsFgdrQ0rVX3cCRwIMxFcyCG6d3MZVoqAw1A=,iv:y/+X02aRPBOoR57P9s7y/SijvXVLuiBBfFYqeJLvQEU=,tag:DNwK+M6s3moglkMkrWccyA==,type:str] -woodpecker_agent_environment_file: ENC[AES256_GCM,data:rwp6TYYFJ/IZH+3pGhPxjdZMLoyPMr/W1RXm4IkUGn+SmIjHZcdFZ8nEhvOfnkfrXNPc2MR+X6NXUmVOcBjSCbcBjh9sC653UpKimt9I3/Ec,iv:X9JH7dmTayw8BaEsXYil3PrykCdd+/ANGHVfEyRvc7A=,tag:/ErkX1WnruanNgTTBUT6LA==,type:str] -sops: - age: - - recipient: age19h7xtfmt3py3ydgl8d8fgh8uakxqxjr74flrxev3pgmvvx94kvtq5d932d - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWdUhjQUJIS2QvWk1Yc3pR - M1daYlRubnlsQk9tcytBNWdYMUU4bG1DVHhZCnVKK00ySDdBZFhzRXlaQ2xVaTBh - bVVVNzRraUpHSFFuRStzWFprUGRoMGcKLS0tIEVBUWh4STBIaGdTelFKcnB0TkNR - SEd1VTZQZWlkYXVKcVRPbVA1U3VWbFUKnuaPGc29kKE86nh+xEto0Jb6BQ0uH3pr - Q1QPgfiOCYGkuUewy3LlGnLTuMxHBBWAjg4zgaYPHU2F/HCS5DB5nw== - -----END AGE ENCRYPTED FILE----- - - recipient: age1klxtcr23hers0lh4f5zdd53tyrtg0jud35rhydstyjq9fjymf9hsn2a8ch - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArdVJNK1ljNWwrTy9qc1p1 - N1MweERxdkNXZVZITWRRdGFQRHRQeTNFTTI4CjFkSVJQMFBKY2tRWE1DeXdMOUZY - Qm5oYTU1azFzVEpYZUptcTVhRCsxL28KLS0tIEI0czljekgvQlc1SlVGSUpGb1N3 - NytOaE5nQ3E4bFhCQ1ZDU3MyM3p5cmcK3LGva0vDjitqOBqBo6jHqRBaH8T8cOim - IF8ygc0i/dbaec59ZcCMhS0n8yv0lVHO2WiUwPaKTh5hkti9LhKlaA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-22T15:55:25Z" - mac: ENC[AES256_GCM,data:UmDbmxSRj8YfCkKEelQNMJ8mzbu5aQdB9yOr9JfUh5TB9r5Z5ttZ1wgJDJqHNtsII3JGXUvbgHbsmbPikkrj4Ege1rrgr4UttN1rtgeaAKlZIlqb9pOnV4//GJL8jbxCgFp2h2O80G05nAXG54DaY//4Y5hfTyPzgyDlGQ6jlhg=,iv:5e8lpFfGAJh8lTFcY4MlZG7PgnzM0UycsU0tB2KN+zQ=,tag:4xUEHg04wjDbhc9MOItzuQ==,type:str] - pgp: - - created_at: "2026-02-17T22:22:03Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMAz5uSgHG2iMJAQ/+NzRul1VZa2BLnjCsdUP7YErHvLsJqc/KwEFgGX8yN1Bg - VOHgm0MBYC14KtMu0Zb+Cm6ypqyaa4j+MXNVWLDTOLt1aLibashBmyPbwHNr0XwO - 6tr9qYAPixaoWFeiCtATKLUzWzQ68eDv9JHNNQvKGNjet9E1yOIxWHj6RxyV/EeZ - 50nf+7AO7cFkqRGFxrGKAYchzetajNPLtbS2htFCc3Vt9m38jusafvYdjeG+HQHe - 6INzdNqvM7vhfWJlIiTPCXGKvx0NhLg6sVvcXpq5mKbMAhja80KyUdl772L8Kr6P - ZYvmj+Ey8+GM+opGGxcaSBmgw3ZLRIZ1tks3LlRf/UiAZD5MqJoRL1DEJMtHzYnp - IqxOEiuMLAL1/TxG4KhJfT5Gs9Kf3Cnr6djhhsYg3GYXSQdhiyaBDaLpu68nEIRN - JSdA/7pCjxhvlgFl9XvPaMzQD5GZNlVapJPn1c9Ambi9cs4kB8nds+Xx4KgIN3li - 85flJnEtQWRI2DL8qJgoYJ1cXevkPVzKLFnQEHfLuozIzfPl1Wq1Sb3EQk9YZer9 - yfVHRngBBhmfNMtFy9gq8FLod0Odas3KQDAa7ndPMMx6oL5DoNeI3DpuYW4eQIZK - EbT5iHLMrTXHb2XKTHfXdjl6ttED+12GAby69jdGXjt6UVAM6b0UorWfSLLoqabS - XgG1w128eegSl4tqdYO/KDL30c9J1K8LqaJmg+9eFAi9Da/zmPAck+DlS7XUkeiX - OqZiOXLul0N2Qe/tWkpJD8F3HV+K6Xt0MSx8VsmeliicG4Rpme1Xysau+7kht3U= - =KUjN - -----END PGP MESSAGE----- - fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 - - created_at: "2026-02-17T22:22:03Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMAw5vwmoEJHQ1ARAAxH+TtzvFlUZfD3U7BNRr9SyWVxnkR3U2zvvDG5A3I28K - fI1U1am6Z+gSvYdId38hiMPxDmDIMl2wCYCXd17q+PSycsJ1Bbzy1zaht6KcpSJb - s9jmNmf+5mazSRZ/COBy4mMq+2mam4/vu+xS85IsgxyxK9ygnCurmzMqn3lxatm0 - ICxvoLMAamA+tAfxtw+a5lEMok7pHdKndZmrKvxO7nLXM0292sJ3VHp5Uy9k487W - PznpjM1st/f/0gTu1mgb8rnUkSszw1odBeQ+xw2JvcDHE6Ow7PpCk83oTWXil6c4 - bEsrtvaFLWXN9/gssnayoMWHb/TCHKVe4AGrMevFkRdEFDRV5FRZGqzuGDP++X10 - KYyMN0/Wo/XU7Rn3+7HmKvz0qeaAI/IRTrhdXUDtQQ13/waxGrJEquwS5Xuwea6l - LlA6hwnAERSVrVkMQ60ITOD6n7lvAPA7jD/HhI3P2Xy4mDFW9ZnfnWi0xI9pRCsk - w+ZnQ1Ckacv0gJUirvsVSdUYHwvEvpFEVSsZsv5QbNsaWi5jn5XDH0eqlXQE80aO - o3vPFTNCHNixspiaIO4V8etyv6nSh7BxwDvIH4nZVxr8HmxILs0Occw9anvA81md - roF3pyb+ZFRIwcBh72VSdAm1D/n4h14lnmMj+19HEA3zvbPnZQejtGFMY1Oe2VTS - XgHMI0aRJANXczMA7LSg9vxDYvWXE2KR526oBsC1E7otCNGkxj3hhmng25K3tmIU - E2AAaAIk/RukMnydb93XGciPquCZsWlmpwlTGXCqoqiNBilvIE1lXH6rhym78ko= - =nRW4 - -----END PGP MESSAGE----- - fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 - - created_at: "2026-02-17T22:22:03Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hF4DerEtaFuTeewSAQdAPWizx2khKtlshnLwE5PRszAdTvTlsEEiWVV5xJx3PnAw - 9Gj2lZZX4F0AXoKInElg2N02FXpIo24ZZUPXGqpswfSv93NFNNK+FWwqUCRZhuCM - 0l4Blkyy4PthGwIAtXqZ8GGxjoDGBLIAE/zrY9tdNB5XAnkiy7J82kora0dphpkq - Llb1Jgh0+ZK8RQzaf5wcgWf867MhJLhv0N+qLsFVutGpqFy1W/1vaLQ5au5Ty2Tw - =460I - -----END PGP MESSAGE----- - fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912 - - created_at: "2026-02-17T22:22:03Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMAxjNhCKPP69fAQ//Rzcsq0Yay/3g/MzqHI1izkSWsdycz3LE6qM4qhX4f7wZ - 4Ymzu2jbSq43IavCjGPOLIKVJ4nlnPd7rcprYNV5DOcGAkXG5x7PbnVta3SPI300 - CXnSGQB1KHUCCYZN1BkL9ZSQyTx0ex19mnsSEtZh8NB97cCZx9zMowdHKd5ySu/O - +CMFkQ6Uoh2FxBtqM1y1YbDiuDJnAlAQSKlDIVdCdMssutWRs9Nf6eiLtcmb4U5l - sNyKQnPrr3vjkaTbVdBKQjjMSa8Z/1Tf95GxNhzrUGm2APLKVYdHkMVlQwcr/ZfH - jGiZqxgBmrtNe3EypdKCDnlPvlxs8mnO5whxzDZW2NFV3piMmOmvLI/Po1ASi/t1 - PW9h05Foh2764Jfp74BkRTvhBfi465wKkON0VOckwWBkl/n7w7POfHCXdK1/AnGj - 9ywj6P4zg50vKiTMkZStq6YKXAEkVcN6YzhVVDFwDwAE1VKFCMKlmwuYT1FuKXBp - 7maF578qVyb0lXP9jaX10Y9dhC4vU2rJB3vtRhxjqeMEe/WOyhEyalrC9phPfBKS - wVKzdd3vvaNGfQSAwseFAn1upvELFwccPw1aRIqqLhzWTY2m48yyW2aEN6+7SqkR - dOBJpZDE4NxOhbQl0rllZdeLUznIgeOKM2iNg/3kM7cWcsLZRm3+l1ZuiCEy5XPS - XgHbwfJlyZYoQyKCntbdA/5VRS/5s0oPJIjuofoBZb35fIqtYPIpUeNccpklXYsO - atiSRwJeiluCFUag0uV3nq0zltOlqdS6piEVqU6xiGLAZe04jkaMBxL6VQQHYU0= - =811X - -----END PGP MESSAGE----- - fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 - - created_at: "2026-02-17T22:22:03Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMA1Hthzn+T1OoAQ/9EvULxQSjfO/V600iqRhsQsuuHWY5IfVN+XBCmzmeUX2a - 8qFN8L5gk3pYEoIu4khSCSeIpVyOdX1XeWMMNB15C/pAvgi7emH0y8UxAvCLfW5L - CzP3qLQsbpKUGntPlHaye/G16M/+m4QPc6Y7qwEtUThOei9haPhIU06Tb61IpfLk - AKticUro4ap3Xt/fjDH0NHZsGG33V6LprTt+8LaEcpcwZK/yOWdG4wTV4j6X8LbA - ueCmKunAr1skJrd+hVuwP2e8UkasYgo33pcupsS5jcyXJT9Kf3p/nqOJ3QGlwOtP - lf0DUifdd/QrEXWcMBu+zc9HgtUzpyU3KAoVrxo4JQLaoRlq3kwk3mOOFA0Fzd16 - neuJL2wp/RPuL47StHwA9HxQP+3znXkNxmt9yXGzeyeOBpK4O9qoQ9y7Rbd/FR2u - wEl5uAjhhH2xmAUnIKp5Y1UAFSLqZEaiJjjCHMHycaTpCucjEcChpaBGDAXYS1h+ - x/r6R46UgIzMvjpd2vy+C1aQg0p1Z6P65ifOkdAYIghpSkp+F6SUHHkL3w/kRRjE - dBF8YWFm/yl9P9qenakC5NsAA+bR4ZpNWpv32sYuVjIuoV20GdS7UIVQnvos8bBK - NfqoFmz4n8Eo1jLRcCJ376ow7bSEhRIJlJxdq7bFjZ/3Wtk9vt9dG6XV7wLdJwXS - XgGRxjv94TYLFowYA8/uu9fWxvf2i2lLqctjrvbZkW0Rdn2Ym5GXjg6St3Diug6r - y87PJPSN7CYE4jzCDPaSnGcBvwDHrQsLHLAmenfrAi2Jnweg/THpm9UAftoC7AY= - =Fxot - -----END PGP MESSAGE----- - fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD - - created_at: "2026-02-17T22:22:03Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMA46L6MuPqfJqARAAnZq75P7GPcuBCBLUOVPK8w1IBxd4XzoEWW3+T80bFTZE - ZjPAvfiGcOqIfc8CPzpS1drviWiRkuEV4EKCuDmX9GReI0SUlvaoiddUA9V62f4b - akBrzqR0nNnWWvjph4/5PRAQO+xO4wQy2r9thCw4oej3QgvKtLRRRY35TkGqlS0t - ej4d80KaqGGsfIPQ5L9f+lqarrKvYx3DMK6CujN13Kot44Uom4L5TeIdPSAW14jS - 13fa/I1Irq56ME9kNctsuAkRkhrW+KchFJqkYXSS82SbXUDDNcVA7knXSzxVR+iU - NJXb8bQO4Ymi8sWPWKHW/GXUkReiTLl8MkLi+mCwL7qo5fMQcBg/KWo0hReQYCj3 - G9DZPs3xWYFcwcmrSV86LSqjMt5g8ZKjPm6ODQcZVA/ZsGlmdTkjsWNn6WRZI55m - 8kkg7BoRMq7p6b15tW4e/w2rr/bTmGQ9dV03KIpmBG6+OUzwgfB2/w2dGmB7Vor6 - JMzvt+1I/PSHsCC/7GurTurAP63x8NO/9HYX2Qg0qzsOusnTKrCoo4lX/tA5YfIt - OKr6zqy8s5Dv/lGUhofkJrhHr/QTRHFVrFtPNn4yfSzo+8uhomHGsmxBGOOiY83L - 3zwYm+9BlzO/ve7PIvs54hIHQaKsP9Ktsgq/+dM7PVlIb5qfwGNvgoS2QXFqCF/S - XgHWy41J0zTGoyEpooGkheVKvgEPvv6YIlm9oTucYP03AkKWxBr9MTNq/+JcLRvw - Zey10uVJnYPUuH2b9f8N8lNBZlkQCBq/AEu0MsygsK8bcVfQL1Qs58xh1uA7gL8= - =wduB - -----END PGP MESSAGE----- - fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A - - created_at: "2026-02-17T22:22:03Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hF4DQrf1tCqiJxoSAQdA4Y8j9A4ECAds0oJlP50Td1HpYIhywjXKi+pT7CTPXQ8w - 95+hUucTE8WQO/9u4HV2Y2nuyQPwmaYK0iGbNV3YxgI3Zdtf1T680hQxT4y55E1/ - 0l4B+70h9ojiHZkpVKVmFFZdY+tS/jQIFIRxqTW1AAfDf+chO3sUxbRe2qZhOXoY - b/QKU11wFpmOZmzznurOoxkqdNgGNcFm9+Ntb4ZSLSYzx7wrjzmWsaTdFd+coO1j - =V+rP - -----END PGP MESSAGE----- - fp: B71138A6A8964A3C3B8899857B4F70C356765BAB - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/config/hosts/woodpecker/sops.nix b/config/hosts/woodpecker/sops.nix deleted file mode 100644 index b4548ed..0000000 --- a/config/hosts/woodpecker/sops.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ ... }: - -{ - sops = { - defaultSopsFile = ./secrets.yaml; - }; -} diff --git a/config/hosts/woodpecker/woodpecker-agent/default.nix b/config/hosts/woodpecker/woodpecker-agent/default.nix deleted file mode 100644 index 279d2bb..0000000 --- a/config/hosts/woodpecker/woodpecker-agent/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ - ./docker.nix - ./woodpecker-agent.nix - ]; -} diff --git a/config/hosts/woodpecker/woodpecker-agent/docker.nix b/config/hosts/woodpecker/woodpecker-agent/docker.nix deleted file mode 100644 index af13f4c..0000000 --- a/config/hosts/woodpecker/woodpecker-agent/docker.nix +++ /dev/null @@ -1,12 +0,0 @@ -# Sources for this configuration: -# - https://woodpecker-ci.org/docs/administration/deployment/nixos -# - https://woodpecker-ci.org/docs/administration/backends/docker -# - https://nixos.wiki/wiki/Docker - -{ config, pkgs, ... }: - -{ - virtualisation.docker = { - enable = true; - }; -} diff --git a/config/hosts/woodpecker/woodpecker-agent/woodpecker-agent.nix b/config/hosts/woodpecker/woodpecker-agent/woodpecker-agent.nix deleted file mode 100644 index 8c6847b..0000000 --- a/config/hosts/woodpecker/woodpecker-agent/woodpecker-agent.nix +++ /dev/null @@ -1,29 +0,0 @@ -# Sources for this configuration: -# - https://woodpecker-ci.org/docs/administration/deployment/nixos -# - https://woodpecker-ci.org/docs/administration/agent-config -# - https://woodpecker-ci.org/docs/administration/backends/docker - -{ config, pkgs, ... }: - -{ - services.woodpecker-agents.agents."docker" = { - enable = true; - package = pkgs.woodpecker-agent; - extraGroups = [ "docker" ]; - environment = { - WOODPECKER_SERVER = "localhost${config.services.woodpecker-server.environment.WOODPECKER_GRPC_ADDR}"; - WOODPECKER_MAX_WORKFLOWS = "4"; - WOODPECKER_BACKEND = "docker"; - # Set via enviornmentFile: - # WOODPECKER_AGENT_SECRET - }; - environmentFile = [ "/run/secrets/woodpecker_agent_environment_file" ]; - }; - - sops.secrets."woodpecker_agent_environment_file" = { - mode = "0440"; - owner = "root"; - group = "root"; - restartUnits = [ "woodpecker-agent-docker.service" ]; - }; -} diff --git a/config/hosts/woodpecker/woodpecker-server/default.nix b/config/hosts/woodpecker/woodpecker-server/default.nix deleted file mode 100644 index a713746..0000000 --- a/config/hosts/woodpecker/woodpecker-server/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ - ./nginx.nix - ./postgresql.nix - ./woodpecker-server.nix - ]; -} diff --git a/config/hosts/woodpecker/woodpecker-server/nginx.nix b/config/hosts/woodpecker/woodpecker-server/nginx.nix deleted file mode 100644 index 962183c..0000000 --- a/config/hosts/woodpecker/woodpecker-server/nginx.nix +++ /dev/null @@ -1,57 +0,0 @@ -# Sources for this configuration: -# - https://woodpecker-ci.org/docs/administration/deployment/nixos -# - https://woodpecker-ci.org/docs/administration/proxy - -{ config, pkgs, ... }: - -{ - services.nginx = { - enable = true; - - virtualHosts."acme-woodpecker.hamburg.ccc.de" = { - default = true; - enableACME = true; - serverName = "woodpecker.hamburg.ccc.de"; - - listen = [ - { - addr = "0.0.0.0"; - port = 31820; - } - ]; - }; - - virtualHosts."woodpecker.hamburg.ccc.de" = { - default = true; - forceSSL = true; - useACMEHost = "woodpecker.hamburg.ccc.de"; - - listen = [ - { - addr = "0.0.0.0"; - port = 8443; - ssl = true; - proxyProtocol = true; - } - ]; - - locations."/" = { - proxyPass = "http://localhost${config.services.woodpecker-server.environment.WOODPECKER_SERVER_ADDR}"; - }; - - extraConfig = '' - # Make use of the ngx_http_realip_module to set the $remote_addr and - # $remote_port to the client address and client port, when using proxy - # protocol. - # First set our proxy protocol proxy as trusted. - set_real_ip_from 172.31.17.140; - # Then tell the realip_module to get the addreses from the proxy protocol - # header. - real_ip_header proxy_protocol; - ''; - }; - }; - - networking.firewall.allowedTCPPorts = [ 8443 31820 ]; - networking.firewall.allowedUDPPorts = [ 8443 ]; -} diff --git a/config/hosts/woodpecker/woodpecker-server/postgresql.nix b/config/hosts/woodpecker/woodpecker-server/postgresql.nix deleted file mode 100644 index e715650..0000000 --- a/config/hosts/woodpecker/woodpecker-server/postgresql.nix +++ /dev/null @@ -1,18 +0,0 @@ -# Sources for this configuration: -# - https://github.com/NixOS/nixpkgs/blob/dce84c46d780b20c064d5dfb10d0686e0584a198/nixos/modules/services/web-apps/nextcloud.nix#L1069 - -{ config, pkgs, ... }: - -{ - services.postgresql = { - enable = true; - package = pkgs.postgresql_15; - ensureDatabases = [ "woodpecker-server" ]; - ensureUsers = [ - { - name = "woodpecker-server"; - ensureDBOwnership = true; - } - ]; - }; -} diff --git a/config/hosts/woodpecker/woodpecker-server/woodpecker-server.nix b/config/hosts/woodpecker/woodpecker-server/woodpecker-server.nix deleted file mode 100644 index 1836b73..0000000 --- a/config/hosts/woodpecker/woodpecker-server/woodpecker-server.nix +++ /dev/null @@ -1,44 +0,0 @@ -# Sources for this configuration: -# - https://woodpecker-ci.org/docs/administration/deployment/nixos -# - https://woodpecker-ci.org/docs/administration/server-config -# - https://woodpecker-ci.org/docs/administration/database -# - https://woodpecker-ci.org/docs/administration/forges/forgejo -# - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING - -{ config, pkgs, ... }: - -{ - services.woodpecker-server = { - enable = true; - package = pkgs.woodpecker-server; - environment = { - WOODPECKER_HOST = "https://woodpecker.hamburg.ccc.de"; - WOODPECKER_SERVER_ADDR = ":8001"; - WOODPECKER_GRPC_ADDR = ":9000"; - WOODPECKER_ADMIN = "june"; - WOODPECKER_OPEN = "true"; - WOODPECKER_ORGS = "CCCHH"; - WOODPECKER_DATABASE_DRIVER = "postgres"; - WOODPECKER_DATABASE_DATASOURCE = "postgresql://woodpecker-server@/woodpecker-server?host=/run/postgresql"; - WOODPECKER_FORGEJO = "true"; - WOODPECKER_FORGEJO_URL = "https://git.hamburg.ccc.de"; - WOODPECKER_LIMIT_MEM = "6442450944"; # 6GB - # Set via enviornmentFile: - # WOODPECKER_FORGEJO_CLIENT - # WOODPECKER_FORGEJO_SECRET - }; - environmentFile = [ "/run/secrets/woodpecker_server_environment_file" ]; - }; - - systemd.services.woodpecker-server.serviceConfig = { - User = "woodpecker-server"; - Group = "woodpecker-server"; - }; - - sops.secrets."woodpecker_server_environment_file" = { - mode = "0440"; - owner = "root"; - group = "root"; - restartUnits = [ "woodpecker-server.service" ]; - }; -} diff --git a/flake.lock b/flake.lock index ed279ac..b2142ed 100644 --- a/flake.lock +++ b/flake.lock @@ -19,11 +19,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1777077449, - "narHash": "sha256-AIiMJiqvGrN4HyLEbKAoCSRRYn0rnlW5VbKNIMIYqm4=", + "lastModified": 1778430510, + "narHash": "sha256-Ti+ZBvW6yrWWAg2szExVTwCd4qOJ3KlVr1tFHfyfi8Q=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a4bf06618f0b5ee50f14ed8f0da77d34ecc19160", + "rev": "8fd9daa3db09ced9700431c5b7ad0e8ba199b575", "type": "github" }, "original": { @@ -35,11 +35,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1776949667, - "narHash": "sha256-GMSVw35Q+294GlrTUKlx087E31z7KurReQ1YHSKp5iw=", + "lastModified": 1778672786, + "narHash": "sha256-Blg88K1jwG+P0Mr27+rKMFCufdrWkV3wWh9AdYtz0FQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "01fbdeef22b76df85ea168fbfe1bfd9e63681b30", + "rev": "eef00dfd8a712b34af845f9350bac681b1228bd1", "type": "github" }, "original": { @@ -64,11 +64,11 @@ ] }, "locked": { - "lastModified": 1776771786, - "narHash": "sha256-DRFGPfFV6hbrfO9a1PH1FkCi7qR5FgjSqsQGGvk1rdI=", + "lastModified": 1777944972, + "narHash": "sha256-VfGRo1qTBKOe3s2gOv8LSoA6Fk19PvBlwQ1ECN0Evn8=", "owner": "Mic92", "repo": "sops-nix", - "rev": "bef289e2248991f7afeb95965c82fbcd8ff72598", + "rev": "c591bf665727040c6cc5cb409079acb22dcce33c", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 3b28ef2..f16409b 100644 --- a/flake.nix +++ b/flake.nix @@ -159,17 +159,6 @@ ]; }; - woodpecker = nixpkgs.lib.nixosSystem { - inherit system specialArgs; - modules = [ - self.nixosModules.common - self.nixosModules.proxmox-vm - sops-nix.nixosModules.sops - self.nixosModules.prometheus-exporter - ./config/hosts/woodpecker - ]; - }; - penpot = nixpkgs.lib.nixosSystem { inherit system specialArgs; modules = [