pub-solar/os
5
0
Fork 2
Code Issues 4 Pull requests Packages Projects 1 Releases Wiki Activity

Compare commits

base: pub-solar:5ade1c028ff92b167e6aa34ebcc7ba6a6fb858e6
Branches Tags
pub-solar:main
pub-solar:hensoko-no-digga
pub-solar:momo/fix-lib-deploy-rs
pub-solar:momo/main
pub-solar:flora-6-forgejo-actions-ci
pub-solar:teutat3s
pub-solar:infra
pub-solar:hensoko
pub-solar:b12f
pub-solar:pub.solar/nougat-2
pub-solar:momo/keycloak
pub-solar:feature/fix-modules
pub-solar:momo/infra-poc
pub-solar:b12f-bash
pub-solar:update/gitea-docker
pub-solar:feature/fix-correct-unit
pub-solar:fix/nvfetcher-rebuild
pub-solar:feature/ci-runner-experiment
pub-solar:adr/01-lvm-on-luks
pub-solar:teutat3s-drone-exec-runner
pub-solar:feature/fake-branch
pub-solar:hensoko-pre-rebase-bak
pub-solar:feature/ci-runner
pub-solar:vlalentim
pub-solar:feature/swaynotificationcenter
pub-solar:feature/wayvnc
pub-solar:feature/atomic-pre-commit
pub-solar:devos
pub-solar:pkg/wlstreamer
pub-solar:t36
pub-solar:t35
pub-solar:t34
pub-solar:t33
pub-solar:t32
pub-solar:t31
pub-solar:t30
pub-solar:t29
pub-solar:t28
pub-solar:t27
pub-solar:t26
pub-solar:t25
pub-solar:t24
pub-solar:t23
pub-solar:t22
pub-solar:t21
pub-solar:t20
pub-solar:t19
pub-solar:t18
pub-solar:t17
pub-solar:t16
pub-solar:t15
pub-solar:t14
pub-solar:t13
pub-solar:t12
pub-solar:t11
pub-solar:t10
pub-solar:t9
pub-solar:t8
pub-solar:t7
pub-solar:t6
pub-solar:t5
pub-solar:t4
pub-solar:t3
pub-solar:t2
pub-solar:t1
pub-solar:test
pub-solar:v0.10.0
pub-solar:v0.9.0
pub-solar:v0.8.0
pub-solar:0.7.0
pub-solar:12052020
pub-solar:07092020
..
compare: pub-solar:a7d684e1f87499b67fea8b4f41b11dc945578dea
Branches Tags
pub-solar:hensoko-no-digga
pub-solar:momo/fix-lib-deploy-rs
pub-solar:momo/main
pub-solar:flora-6-forgejo-actions-ci
pub-solar:teutat3s
pub-solar:infra
pub-solar:main
pub-solar:hensoko
pub-solar:b12f
pub-solar:pub.solar/nougat-2
pub-solar:momo/keycloak
pub-solar:feature/fix-modules
pub-solar:momo/infra-poc
pub-solar:b12f-bash
pub-solar:update/gitea-docker
pub-solar:feature/fix-correct-unit
pub-solar:fix/nvfetcher-rebuild
pub-solar:feature/ci-runner-experiment
pub-solar:adr/01-lvm-on-luks
pub-solar:teutat3s-drone-exec-runner
pub-solar:feature/fake-branch
pub-solar:hensoko-pre-rebase-bak
pub-solar:feature/ci-runner
pub-solar:vlalentim
pub-solar:feature/swaynotificationcenter
pub-solar:feature/wayvnc
pub-solar:feature/atomic-pre-commit
pub-solar:devos
pub-solar:pkg/wlstreamer
pub-solar:t36
pub-solar:t35
pub-solar:t34
pub-solar:t33
pub-solar:t32
pub-solar:t31
pub-solar:t30
pub-solar:t29
pub-solar:t28
pub-solar:t27
pub-solar:t26
pub-solar:t25
pub-solar:t24
pub-solar:t23
pub-solar:t22
pub-solar:t21
pub-solar:t20
pub-solar:t19
pub-solar:t18
pub-solar:t17
pub-solar:t16
pub-solar:t15
pub-solar:t14
pub-solar:t13
pub-solar:t12
pub-solar:t11
pub-solar:t10
pub-solar:t9
pub-solar:t8
pub-solar:t7
pub-solar:t6
pub-solar:t5
pub-solar:t4
pub-solar:t3
pub-solar:t2
pub-solar:t1
pub-solar:test
pub-solar:v0.10.0
pub-solar:v0.9.0
pub-solar:v0.8.0
pub-solar:0.7.0
pub-solar:12052020
pub-solar:07092020

No commits in common. "5ade1c028ff92b167e6aa34ebcc7ba6a6fb858e6" and "a7d684e1f87499b67fea8b4f41b11dc945578dea" have entirely different histories.
5ade1c028f ... a7d684e1f8

7 changed files with 5 additions and 167 deletions
Show stats Expand all files Collapse all files

13
hosts/flora-6/caddy.nix
View file

@ -72,19 +72,6 @@
reverse_proxy :4000 reverse_proxy :4000
''; '';
}; };
"list.pub.solar" = {
logFormat = lib.mkForce ''
output discard
'';
extraConfig = ''
handle_path /static/* {
root * /var/lib/mailman/web
file_server
}
reverse_proxy :8000
'';
};
"obs-portal.pub.solar" = { "obs-portal.pub.solar" = {
logFormat = lib.mkForce '' logFormat = lib.mkForce ''
output discard output discard

1
hosts/flora-6/flora-6.nix
View file

@ -19,7 +19,6 @@ in {
./drone.nix ./drone.nix
./keycloak.nix ./keycloak.nix
./gitea.nix ./gitea.nix
./mailman.nix
profiles.base-user profiles.base-user
profiles.users.root # make sure to configure ssh keys profiles.users.root # make sure to configure ssh keys

114
hosts/flora-6/mailman.nix
View file

@ -1,114 +0,0 @@
{
config,
lib,
pkgs,
self,
...
}: {
system.activationScripts.mkMailmanNet = let
docker = config.virtualisation.oci-containers.backend;
dockerBin = "${pkgs.${docker}}/bin/${docker}";
in ''
${dockerBin} network inspect mailman-net >/dev/null 2>&1 || ${dockerBin} network create mailman-net --subnet 172.20.1.0/24
'';
users.users.mailman = {
description = "Mailman Service";
home = "/var/lib/mailman";
useDefaultShell = true;
uid = 993;
# Group hakkonaut so caddy can serve the static files from mailman-web directly
group = "hakkonaut";
isSystemUser = true;
};
age.secrets.mailman-core-secrets = {
file = "${self}/secrets/mailman-core-secrets.age";
mode = "600";
owner = "mailman";
};
age.secrets.mailman-web-secrets = {
file = "${self}/secrets/mailman-web-secrets.age";
mode = "600";
owner = "mailman";
};
age.secrets.mailman-db-secrets = {
file = "${self}/secrets/mailman-db-secrets.age";
mode = "600";
owner = "mailman";
};
virtualisation = {
docker = {
enable = true;
};
oci-containers = {
backend = "docker";
containers."mailman-core" = {
image = "maxking/mailman-core:0.4";
autoStart = true;
user = "993";
volumes = [
"/var/lib/mailman/core:/opt/mailman/"
];
extraOptions = [
"--network=mailman-net"
];
environment = {
DATABASE_TYPE = "postgres";
DATABASE_CLASS = "mailman.database.postgresql.PostgreSQLDatabase";
};
environmentFiles = [
config.age.secrets.mailman-core-secrets.path
];
ports = [
"127.0.0.1:8001:8001" # API
"127.0.0.1:8024:8024" # LMTP - incoming emails
];
};
containers."mailman-web" = {
image = "maxking/mailman-web:0.4";
autoStart = true;
user = "993";
volumes = [
"/var/lib/mailman/web:/opt/mailman-web-data"
];
extraOptions = [
"--network=mailman-net"
];
environment = {
DATABASE_TYPE = "postgres";
SERVE_FROM_DOMAIN = "list.pub.solar";
MAILMAN_ADMIN_USER = "admin";
MAILMAN_ADMIN_EMAIL = "admins@pub.solar";
};
environmentFiles = [
config.age.secrets.mailman-web-secrets.path
];
ports = [
"127.0.0.1:8000:8000" # HTTP
# "127.0.0.1:8080:8080" # uwsgi
];
};
containers."mailman-db" = {
image = "postgres:14-alpine";
autoStart = true;
user = "993";
extraOptions = [
"--network=mailman-net"
];
volumes = [
"/var/lib/mailman/database:/var/lib/postgresql/data"
];
environmentFiles = [
config.age.secrets.mailman-db-secrets.path
];
};
};
};
}

BIN
secrets/mailman-core-secrets.age
View file

Binary file not shown.

23
secrets/mailman-db-secrets.age
View file

@ -1,23 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 Y0ZZaw WqfbigFDHy0nh/B8SjJk2MCKKRQ1Jt/gXxRz2neNvlc
5wJjaxa1sOPPQfg4n6n6HurhkN/+ARVhthxoK8bzOWE
-> ssh-ed25519 BVsyTA Lvki0R7gZediS9KnQGerUtVZQ7qZYUXaUbPvqv2zmgM
YTLaJM1UqpL+avMZz0mMKz1i9LSalbTQkC6xFbYbyAw
-> ssh-rsa kFDS0A
Xcm7KqiO5yK5RUwhJPrJ3fk/GTVK0OJlsGouc71p35o5AgqBrbW0HiNBGMl24oUP
jMU9nSlATq4VaQWKHCqnGOeJCw83C1AON7sVHhoT3vzFWKs9TO0TDR0Gm0fCBTm1
hk2fQZ/sMe8lGuSyISDg1QmEkC7ow/FwXmMlW5xw0honj1ca+mZ8w5YeWVCMLpGg
pob/79odfVMtlk4uqcjboto6X6aY/W43yG8VQUJwZ3hK/4wVn16Os+RlNH6GAFr0
aZ6SS4cJR9uTd/y9rQIg9rgQ95qTusg66ClBRdMCy7fvXbfMAMvmtmwBQJQdpO2q
tURAN4Id3+j+vuqk0nqnj0oXx61mIlutbADbkoRlhB9VFVffSu/KeMFVOtSMD0AN
Sp0q4nhv5BSaOP/D0YwOMPmCuS2M6aVfWvPQvrQ5YE4MEWK2qs4A3vZRn2d8o5hh
mvH+y+Foxt69D+k32DWFMCbZCSxlBKW1aGZ6AexFXx6zYyzBoYE9zB6QSI8ZbqN0
LfBpz2YNCix+6y5qUsCYsY9aa9m4azpsKD7M5IFgmkLqUGvsH7Xx7PC/Z9B4zTgs
MHMJPPR/yRZ8PzbnXIUen4/PnO4j7AbgYDv4FCAAfWJjufC7v+vTI0m80Y/7uZCu
dk6DPZaUMbJFYXPNUNODP/6Dn5RL8hy74IjdLtNIbzg
-> ejJ:5Us-grease
fWwlxnUaotXS0iwGa0zkPyoHuNjTBBgFJUO8cVMNfB2vxoPKraJ+weyTXbu8Fa7i
WVehDudiKTfaK4Ruy6hbUZBjZ+Aq3LDpezw
--- XjN/bkA+YEfIro1w01fcKA7n0xMq6raWxpXoedRIw/g
EC†í³dtyaè¢(QqÆ.j²H 6¾‰®i[M
sº”Çm0 ©])Õ±TTäo½<6F>=¹¢Ì¢ å¡7£DýA¯Ô}±&HàÞ=OâRæ6·>ª°?<3F>ý$ŒO¥‰¸öÇg…‰ÿê´AF£™YqÜ°Ì~ô½kƒàâi¾ú2iu1!U?2<Ä©$eÜ6×ë­ï3·µ

BIN
secrets/mailman-web-secrets.age
View file

Binary file not shown.

21
secrets/secrets.nix
View file

@ -1,26 +1,15 @@
let let
# set ssh public keys here for your system and user # set ssh public keys here for your system and user
b12f-bbcom = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmXpOU6vzQiVSSYCoxHYv7wDxC63Qg3dxlAMR6AOzwIABCU5PFFNcO0NWYms/YR7MOViorl+19LCLRABar9JgHU1n+uqxKV6eGph3OPeMp5sN8LAh7C9N+TZj8iJzBxQ3ch+Z/LdmLRwYNJ7KSUI+gwGK6xRS3+z1022Y4P0G0sx7IeCBl4lealQEIIF10ZOfjUdBcLQar7XTc5AxyGKnHCerXHRtccCoadLQujk0AvPXbv3Ma4JwX9X++AnCWRWakqS5UInu2tGuZ/6Hrjd2a9AKWjTaBVDcbYqCvY4XVuMj2/A2bCceFBaoi41apybSk26FSFTU4qiEUNQ6lxeOwG4+1NCXyHe2bGI4VyoxinDYa8vLLzXIRfTRA0qoGfCweXNeWPf0jMqASkUKaSOH5Ot7O5ps34r0j9pWzavDid8QeKJPyhxKuF1a5G4iBEZ0O9vuti60dPSjJPci9oTxbune2/jb7Sa0yO06DtLFJ2ncr5f70s/BDxKk4XIwQLy+KsvzlQEGdY8yA6xv28bOGxL3sQ0HE2pDTsvIbAisVOKzdJeolStL9MM5W8Hg0r/KkGj2bg0TfoRp1xHV9hjKkvJrsQ6okaPvNFeZq0HXzPhWMOVQ+/46z80uaQ1ByRLr3FTwuWJ7F/73ndfxiq6bDE4z2Ji0vOjeWJm6HCxTdGw=="; b12f-main = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHx4A8rLYmFgTOp1fDGbbONN8SOT0l5wWrUSYFUcVzMPTyfdT23ZVIdVD5yZCySgi/7PSh5mVmyLIZVIXlNrZJg=";
teutat3s-dumpyourvms = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms"; b12f-backup = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEST9eyAY3nzGYNnqDYfWHu+89LZsOjyKHMqCFvtP7vrgB7F7JbbECjdjAXEOfPDSCVwtMMpq8JJXeRMjpsD0rw=";
teutat3s = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms";
flora-6 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP1InpTBN4AlF/4V8HHumAMLJzeO8DpzjUv9Co/+J09 root@pub-solar-infra-vm-1"; flora-6 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP1InpTBN4AlF/4V8HHumAMLJzeO8DpzjUv9Co/+J09 root@pub-solar-infra-vm-1";
allKeys = [flora-6 teutat3s b12f-main b12f-backup];
allKeys = [ deployKeys = [flora-6 teutat3s b12f-main b12f-backup];
flora-6
teutat3s-dumpyourvms
b12f-bbcom
];
deployKeys = [
flora-6
teutat3s-dumpyourvms
b12f-bbcom
];
in { in {
"gitea-database-password.age".publicKeys = deployKeys; "gitea-database-password.age".publicKeys = deployKeys;
"gitea-mailer-password.age".publicKeys = deployKeys; "gitea-mailer-password.age".publicKeys = deployKeys;
"keycloak-database-password.age".publicKeys = deployKeys; "keycloak-database-password.age".publicKeys = deployKeys;
"drone-secrets.age".publicKeys = deployKeys; "drone-secrets.age".publicKeys = deployKeys;
"drone-db-secrets.age".publicKeys = deployKeys; "drone-db-secrets.age".publicKeys = deployKeys;
"mailman-core-secrets.age".publicKeys = deployKeys;
"mailman-web-secrets.age".publicKeys = deployKeys;
"mailman-db-secrets.age".publicKeys = deployKeys;
} }