Compare commits

...

5 commits

Author SHA1 Message Date
e46d6ff044
tsuki: remove drawio
All checks were successful
/ check (push) Successful in 33s
2023-10-07 19:24:42 -04:00
cd144314ab
home: add dig to hosts 2023-10-07 19:24:35 -04:00
da53fd1812
forgejo: allow 2222 2023-10-07 19:24:28 -04:00
9bc1bd3acc
sops: rotate runner token 2023-10-07 19:24:18 -04:00
0e29454b00
forgejo-runner: rename instance, rotate key and use sops 2023-10-07 19:23:31 -04:00
5 changed files with 7 additions and 6 deletions

View file

@ -26,6 +26,7 @@
yt-dlp yt-dlp
cachix cachix
nfs-utils nfs-utils
dig
]; ];
services.gpg-agent = { services.gpg-agent = {

View file

@ -4,6 +4,7 @@
config, config,
... ...
}: { }: {
networking.firewall.allowedTCPPorts = [2222];
services.forgejo = { services.forgejo = {
enable = true; enable = true;
stateDir = "/var/lib/forgejo"; stateDir = "/var/lib/forgejo";

View file

@ -38,7 +38,6 @@
rustypaste-cli rustypaste-cli
playerctl playerctl
obsidian obsidian
drawio
gimp gimp
cryptomator cryptomator
ventoy-bin-full ventoy-bin-full

View file

@ -6,7 +6,7 @@
sops.secrets.forgejo-runner-token = {}; sops.secrets.forgejo-runner-token = {};
services.gitea-actions-runner = { services.gitea-actions-runner = {
package = pkgs.forgejo-actions-runner; package = pkgs.forgejo-actions-runner;
instances.main = { instances.snowflake = {
settings = { settings = {
container = { container = {
network = "host"; network = "host";
@ -14,8 +14,8 @@
}; };
enable = true; enable = true;
name = config.networking.hostName; name = config.networking.hostName;
token = config.sops.secrets.forgejo-runner-token.path;
url = "https://git.flake.sh"; url = "https://git.flake.sh";
token = "gdeEbeUTifa1nK7EfRgBmvm6XRdQE1zZzAatBRSC";
labels = [ labels = [
"debian-latest:docker://node:18-bullseye" "debian-latest:docker://node:18-bullseye"
"ubuntu-latest:docker://node:18-bullseye" "ubuntu-latest:docker://node:18-bullseye"

View file

@ -8,7 +8,7 @@ gluetun: ENC[AES256_GCM,data:yL+LOPpwU+CAtbjc7YWbNUOTpDhq4mH3aJOl3hPYxgbFUba6NVJ
authelia-jwt: ENC[AES256_GCM,data:cAn2uZeSGjG2FqTFgZkupcSutCZLvZXCNBsxuUQvGX4=,iv:1OTDQzQwaPTmnTEB4TfnxU6l8CdBAlHfqFThE8QZa6A=,tag:KJ6aYDczHFajhLJHemfIQw==,type:str] authelia-jwt: ENC[AES256_GCM,data:cAn2uZeSGjG2FqTFgZkupcSutCZLvZXCNBsxuUQvGX4=,iv:1OTDQzQwaPTmnTEB4TfnxU6l8CdBAlHfqFThE8QZa6A=,tag:KJ6aYDczHFajhLJHemfIQw==,type:str]
authelia-sek: ENC[AES256_GCM,data:yWhAvl1AuEcrUCFAv2vcz6A8BLEIMIz9sqbFRAriHpw=,iv:i887EZgqGtRfFs6mHHAJry0XfQzvrTaDliz8PRh7oLs=,tag:dmn2GSG8gZk9CVXMNmH1Dw==,type:str] authelia-sek: ENC[AES256_GCM,data:yWhAvl1AuEcrUCFAv2vcz6A8BLEIMIz9sqbFRAriHpw=,iv:i887EZgqGtRfFs6mHHAJry0XfQzvrTaDliz8PRh7oLs=,tag:dmn2GSG8gZk9CVXMNmH1Dw==,type:str]
cloudflareddns: ENC[AES256_GCM,data:xow7oaqa3QbMPwggx2zmGvLcKmov7isvLLZKuC6jW/SNjst8kicSQmNhrZw8M/eq8TuqxOT4BqMILQ+I7As2ZCOjSbEBxi1DwU/z47qI,iv:W8UH4kWlh9JyxcGkeuOjRZKqjOHDg9vpzXezHYs1kEg=,tag:YgGk7svEQr9sqLJtKWcHqA==,type:str] cloudflareddns: ENC[AES256_GCM,data:xow7oaqa3QbMPwggx2zmGvLcKmov7isvLLZKuC6jW/SNjst8kicSQmNhrZw8M/eq8TuqxOT4BqMILQ+I7As2ZCOjSbEBxi1DwU/z47qI,iv:W8UH4kWlh9JyxcGkeuOjRZKqjOHDg9vpzXezHYs1kEg=,tag:YgGk7svEQr9sqLJtKWcHqA==,type:str]
forgejo-runner-token: ENC[AES256_GCM,data:vv/zMR3qkmSNxA+wnwAzqdc8yNfR+aLMnmncm5lGmq7PhzryNwxDXQ==,iv:HOJMCTAy0C0VMHUAgLJLAZddsTqbM+Alsgo/+BfBNY4=,tag:pIH8SaIdSxvw70rOtbb9yw==,type:str] forgejo-runner-token: ENC[AES256_GCM,data:uHwIBG2Ktdhs2nhfbidHSEkv7bwLnWzHZEa01sfnv2oYvtlHdnTXJQ==,iv:IRS+qLbIFl5GXxChogs6yxsUD4MxnjCw2VF3dxCvSnI=,tag:elTaJSO1ex4qrF9Wu8gx2A==,type:str]
tsauth-sora: ENC[AES256_GCM,data:3jzPB0whb9xHudVl/MhNeCUgjDfzzQpxGJGqfMf2GqEtfEkiynVTLO/TFDt1PorBuUQOjVfxn8c=,iv:5vLHbhY2ZlnsVQbLlu6Hxo32azpfcj6ORAMn3oSdcHY=,tag:zN8qPOSaSMMdJn+zsTXPaA==,type:str] tsauth-sora: ENC[AES256_GCM,data:3jzPB0whb9xHudVl/MhNeCUgjDfzzQpxGJGqfMf2GqEtfEkiynVTLO/TFDt1PorBuUQOjVfxn8c=,iv:5vLHbhY2ZlnsVQbLlu6Hxo32azpfcj6ORAMn3oSdcHY=,tag:zN8qPOSaSMMdJn+zsTXPaA==,type:str]
tsauth-sakura: ENC[AES256_GCM,data:iN77ArKDnltxrWGCz8bMqMHBAp45oGUk+n5ilAE0tY2rz01PGaCmIgPFSDfNaMphH6gX+AbEd5Y=,iv:k/lBIZW7aKT3u+dgcFnQORah2yHZXAmY+PBv53tM1ao=,tag:9/pebj3D9LURTedqkduoaw==,type:str] tsauth-sakura: ENC[AES256_GCM,data:iN77ArKDnltxrWGCz8bMqMHBAp45oGUk+n5ilAE0tY2rz01PGaCmIgPFSDfNaMphH6gX+AbEd5Y=,iv:k/lBIZW7aKT3u+dgcFnQORah2yHZXAmY+PBv53tM1ao=,tag:9/pebj3D9LURTedqkduoaw==,type:str]
sops: sops:
@ -26,8 +26,8 @@ sops:
YWNQcURKMSs2U0pOa3E0cTdCZ3RnalkKGayA7DBUQS+kn+6OYVBc6oTunF0qeZdt YWNQcURKMSs2U0pOa3E0cTdCZ3RnalkKGayA7DBUQS+kn+6OYVBc6oTunF0qeZdt
5b9DLHgh0HRWFm09XGSOog8K315d93Wzblw1My1/dXeEQX/ryinqUQ== 5b9DLHgh0HRWFm09XGSOog8K315d93Wzblw1My1/dXeEQX/ryinqUQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-07T19:39:53Z" lastmodified: "2023-10-07T23:06:24Z"
mac: ENC[AES256_GCM,data:a6G3BdrDCsipNgkG3SNijKM2QCPsQEh9TztF3VlrcUX+jdC5UDpDmh9VCnLHh1MsOTgpRCn4ZXc0QVPSZKxsCra3ipDqLuXATHWzfJFmGDiLnderrRzSmy5MuDJKiVO2wKruYhIfj6VHM92mIvay4JwmqTptmD9DP4g/+5kYkrc=,iv:34XFn2sH3bJjO2O/0oIa23rmiyL4hP+FUYlDqVGiOGA=,tag:A3Qv9uzJ6HXlKoVPHZVjwA==,type:str] mac: ENC[AES256_GCM,data:fQHI7EP2axFgGPFQs5SeTCSH/wdV9753Aaqd1iOf2PAQZX5BnouFI3AHjjyFSe58GUWliQr6D5LAnB1orjeiaq1SdLMAQQgN0ofs5bL0wmALLucbzKK7u14XweI9tbQkd1OaA1VrGGFPRQHBBSjgUyZFWXheNyQfhDApA4WgM3k=,iv:ODfDUUtVKNAm/C6X69gKvJmR47MgMtNI0rJJ3L6q8Og=,tag:vXbuilqInIAvk3LqFunW0A==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.0 version: 3.8.0