From 588ad5d50a1a658194c054a30d2e6a2c2d9fae8d Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Sat, 2 Nov 2024 12:33:44 +0000 Subject: [PATCH] bvm-forgejo: init --- ops/nixos/bvm-forgejo/default.nix | 71 +++++++++++++++++++ ops/nixos/default.nix | 1 + ops/nixos/installcd/default.nix | 2 +- .../coredns/zones/db.1.4.4.a.9.0.a.2.ip6.arpa | 4 +- .../coredns/zones/db.28.118.92.in-addr.arpa | 4 +- ops/nixos/lib/coredns/zones/db.as205479.net | 9 +-- 6 files changed, 82 insertions(+), 9 deletions(-) create mode 100644 ops/nixos/bvm-forgejo/default.nix diff --git a/ops/nixos/bvm-forgejo/default.nix b/ops/nixos/bvm-forgejo/default.nix new file mode 100644 index 0000000000..cb42b5575b --- /dev/null +++ b/ops/nixos/bvm-forgejo/default.nix @@ -0,0 +1,71 @@ +# SPDX-FileCopyrightText: 2020 Luke Granger-Brown +# +# SPDX-License-Identifier: Apache-2.0 + +{ config, depot, lib, pkgs, ... }: +let + inherit (depot.ops) secrets; + systemConfig = config; +in { + imports = [ + ../lib/bvm.nix + ]; + + # Networking! + networking = { + hostName = "bvm-forgejo"; + hostId = "9cdd4290"; + tempAddresses = "disabled"; + + interfaces.enp1s0 = { + ipv4.addresses = [{ address = "10.100.0.208"; prefixLength = 23; }]; + }; + interfaces.enp2s0 = { + ipv4.addresses = [{ address = "92.118.28.7"; prefixLength = 24; }]; + ipv6.addresses = [{ address = "2a09:a441::7"; prefixLength = 32; }]; + }; + interfaces.lo = { + ipv4.addresses = [ + { address = "127.0.0.1"; prefixLength = 8; } + ]; + ipv6.addresses = [ + { address = "::1"; prefixLength = 128; } + ]; + }; + defaultGateway = { address = "92.118.28.1"; interface = "enp2s0"; }; + defaultGateway6 = { address = "2a09:a441::1"; interface = "enp2s0"; }; + + firewall = { + allowedTCPPorts = [ 22 80 443 20022 ]; + allowedUDPPorts = [ 443 ]; + }; + }; + #my.ip.tailscale = "100.94.23.105"; + #my.ip.tailscale6 = "fd7a:115c:a1e0:ab12:4843:cd96:625e:1769"; + + services.openssh.ports = [ 20022 ]; + my.deploy.args = "-p 20022"; + my.rundeck.hostname = "${config.networking.fqdn}:20022"; + + users.users.postfix.extraGroups = [ "opendkim" ]; + + services.postfix = { + enable = true; + domain = "hg.lukegb.com"; + hostname = "hg.lukegb.com"; + extraConfig = '' + milter_protocol = 2 + milter_default_action = accept + smtpd_milters = ${config.services.opendkim.socket} + non_smtpd_milters = ${config.services.opendkim.socket} + ''; + networks = [ "172.17.0.0/16" ]; + }; + services.opendkim = { + enable = true; + domains = "csl:hg.lukegb.com"; + selector = "bvm-forgejo"; + }; + + system.stateVersion = "24.11"; +} diff --git a/ops/nixos/default.nix b/ops/nixos/default.nix index 2fc3f6b04b..10598bc6da 100644 --- a/ops/nixos/default.nix +++ b/ops/nixos/default.nix @@ -38,6 +38,7 @@ let "bvm-heptapod" "bvm-logger" "bvm-paperless" + "bvm-forgejo" "oracle-lon01" "kerrigan" "cofractal-ams01" diff --git a/ops/nixos/installcd/default.nix b/ops/nixos/installcd/default.nix index 825653c9a4..d9a5bfa53d 100644 --- a/ops/nixos/installcd/default.nix +++ b/ops/nixos/installcd/default.nix @@ -13,7 +13,7 @@ in { isoImage.isoName = lib.mkForce "nixos-${depot.version}-${pkgs.stdenv.hostPlatform.system}.iso"; isoImage.storeContents = [ - depot.ops.nixos.systems.rexxar + depot.ops.nixos.systems.bvm-forgejo ]; system.disableInstallerTools = false; diff --git a/ops/nixos/lib/coredns/zones/db.1.4.4.a.9.0.a.2.ip6.arpa b/ops/nixos/lib/coredns/zones/db.1.4.4.a.9.0.a.2.ip6.arpa index 9b6998d7ce..bdb8bf9618 100644 --- a/ops/nixos/lib/coredns/zones/db.1.4.4.a.9.0.a.2.ip6.arpa +++ b/ops/nixos/lib/coredns/zones/db.1.4.4.a.9.0.a.2.ip6.arpa @@ -3,7 +3,7 @@ ; SPDX-License-Identifier: Apache-2.0 ; MNAME RNAME SERIAL REFRESH RETRY EXPIRE TTL -@ 600 IN SOA frantech-lux01.as205479.net. hostmaster.lukegb.com. 15 600 450 3600 300 +@ 600 IN SOA frantech-lux01.as205479.net. hostmaster.lukegb.com. 16 600 450 3600 300 $INCLUDE tmpl.ns @@ -12,7 +12,7 @@ $INCLUDE tmpl.ns 4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR bvm-ipfs.public.as205479.net. 5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR bvm-nixosmgmt.public.as205479.net. 6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR bvm-matrix.public.as205479.net. -7.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR bvm-minecraft.public.as205479.net. +7.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR bvm-forgejo.public.as205479.net. 8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR bvm-netbox.public.as205479.net. 9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR bvm-radius.public.as205479.net. 0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR bvm-heptapod.public.as205479.net. diff --git a/ops/nixos/lib/coredns/zones/db.28.118.92.in-addr.arpa b/ops/nixos/lib/coredns/zones/db.28.118.92.in-addr.arpa index f6b53acee7..a60c2c2459 100644 --- a/ops/nixos/lib/coredns/zones/db.28.118.92.in-addr.arpa +++ b/ops/nixos/lib/coredns/zones/db.28.118.92.in-addr.arpa @@ -3,7 +3,7 @@ ; SPDX-License-Identifier: Apache-2.0 ; MNAME RNAME SERIAL REFRESH RETRY EXPIRE TTL -@ 600 IN SOA frantech-lux01.as205479.net. hostmaster.lukegb.com. 18 600 450 3600 300 +@ 600 IN SOA frantech-lux01.as205479.net. hostmaster.lukegb.com. 19 600 450 3600 300 $INCLUDE tmpl.ns @@ -14,7 +14,7 @@ $INCLUDE tmpl.ns 4 600 IN PTR bvm-ipfs.as205479.net. 5 600 IN PTR bvm-nixosmgmt.as205479.net. 6 600 IN PTR bvm-matrix.as205479.net. -7 600 IN PTR bvm-minecraft.as205479.net. +7 600 IN PTR bvm-forgejo.as205479.net. 8 600 IN PTR bvm-netbox.as205479.net. 9 600 IN PTR bvm-radius.as205479.net. 10 600 IN PTR bvm-heptapod.as205479.net. diff --git a/ops/nixos/lib/coredns/zones/db.as205479.net b/ops/nixos/lib/coredns/zones/db.as205479.net index 93d66ce8c5..d2c5ebd0eb 100644 --- a/ops/nixos/lib/coredns/zones/db.as205479.net +++ b/ops/nixos/lib/coredns/zones/db.as205479.net @@ -3,7 +3,7 @@ ; SPDX-License-Identifier: Apache-2.0 ; MNAME RNAME SERIAL REFRESH RETRY EXPIRE TTL -@ 600 IN SOA frantech-lux01.as205479.net. hostmaster.lukegb.com. 58 600 450 3600 300 +@ 600 IN SOA frantech-lux01.as205479.net. hostmaster.lukegb.com. 59 600 450 3600 300 ; NB: this are also glue records in Google Domains. $INCLUDE tmpl.ns @@ -160,6 +160,7 @@ bvm-heptapod.blade 3600 IN A 10.100.0.208 bvm-logger.blade 3600 IN A 10.100.0.209 ; bvm-oliver-snipeit.blade 3600 IN A 10.100.0.210 bvm-paperless.blade 3600 IN A 10.100.0.211 +bvm-forgejo.blade 3600 IN A 10.100.0.212 ; services @@ -186,9 +187,9 @@ bvm-nixosmgmt 3600 IN AAAA 2a09:a441::5 bvm-matrix.public 3600 IN CNAME bvm-matrix.as205479.net. bvm-matrix 3600 IN A 92.118.28.6 bvm-matrix 3600 IN AAAA 2a09:a441::6 -bvm-minecraft.public 3600 IN CNAME bvm-minecraft.as205479.net. -bvm-minecraft 3600 IN A 92.118.28.7 -bvm-minecraft 3600 IN AAAA 2a09:a441::7 +bvm-forgejo.public 3600 IN CNAME bvm-forgejo.as205479.net. +bvm-forgejo 3600 IN A 92.118.28.7 +bvm-forgejo 3600 IN AAAA 2a09:a441::7 bvm-netbox.public 3600 IN CNAME bvm-netbox.as205479.net. bvm-netbox 3600 IN A 92.118.28.8 bvm-netbox 3600 IN AAAA 2a09:a441::8