forked from the-distro/infra
systems: add git.forkos.org
This commit is contained in:
parent
dd069c40d7
commit
ab9caaf520
|
@ -4,6 +4,7 @@
|
||||||
meta01 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM5t9gYorOWgpCFDJgb24pyCKIabGpeI2H/UfdvXODcT";
|
meta01 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM5t9gYorOWgpCFDJgb24pyCKIabGpeI2H/UfdvXODcT";
|
||||||
gerrit01 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+eSZu+u9sCynrMlsmFzQHLIELQAuVg0Cs1pBvwb4+A";
|
gerrit01 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+eSZu+u9sCynrMlsmFzQHLIELQAuVg0Cs1pBvwb4+A";
|
||||||
fodwatch = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFRyTNfvKl5FcSyzGzw+h+bNFNOxdhvI67WdUZ2iIJ1L";
|
fodwatch = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFRyTNfvKl5FcSyzGzw+h+bNFNOxdhvI67WdUZ2iIJ1L";
|
||||||
|
git = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQJcpkCUOx8+5oukMX6lxrYcIX8FyHu8Mc/3+ieKMUn";
|
||||||
builder-0 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBHSNcDGctvlG6BHcJuYIzW9WsBJsts2vpwSketsbXoL";
|
builder-0 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBHSNcDGctvlG6BHcJuYIzW9WsBJsts2vpwSketsbXoL";
|
||||||
builder-1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIQOGUjERK7Mx8UPM/rbOdMqVyn1sbWqYOG6CbOzH2wm";
|
builder-1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIQOGUjERK7Mx8UPM/rbOdMqVyn1sbWqYOG6CbOzH2wm";
|
||||||
builder-2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMKzXIqCoYElEKIYgjbSpqEcDeOvV+Wo3Agq3jba83cB";
|
builder-2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMKzXIqCoYElEKIYgjbSpqEcDeOvV+Wo3Agq3jba83cB";
|
||||||
|
|
|
@ -99,6 +99,7 @@
|
||||||
meta01.imports = commonModules ++ [ ./hosts/meta01 ];
|
meta01.imports = commonModules ++ [ ./hosts/meta01 ];
|
||||||
gerrit01.imports = commonModules ++ [ ./hosts/gerrit01 ];
|
gerrit01.imports = commonModules ++ [ ./hosts/gerrit01 ];
|
||||||
fodwatch.imports = commonModules ++ [ ./hosts/fodwatch ];
|
fodwatch.imports = commonModules ++ [ ./hosts/fodwatch ];
|
||||||
|
git.imports = commonModules ++ [ ./hosts/git ];
|
||||||
wob-vpn-gw.imports = commonModules ++ [ ./hosts/wob-vpn-gw ];
|
wob-vpn-gw.imports = commonModules ++ [ ./hosts/wob-vpn-gw ];
|
||||||
} // builders;
|
} // builders;
|
||||||
|
|
||||||
|
|
43
hosts/git/default.nix
Normal file
43
hosts/git/default.nix
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
let
|
||||||
|
ipv6 = {
|
||||||
|
openssh ="2001:bc8:38ee:100:1000::41";
|
||||||
|
forgejo = "2001:bc8:38ee:100:1000::40";
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
networking.hostName = "git";
|
||||||
|
networking.domain = "infra.forkos.org";
|
||||||
|
|
||||||
|
time.timeZone = "Europe/Paris";
|
||||||
|
|
||||||
|
bagel.sysadmin.enable = true;
|
||||||
|
# Forgejo will be proxied.
|
||||||
|
bagel.raito.v6-proxy-awareness.enable = true;
|
||||||
|
bagel.hardware.raito-vm = {
|
||||||
|
enable = true;
|
||||||
|
networking = {
|
||||||
|
nat-lan-mac = "BC:24:11:83:71:56";
|
||||||
|
wan = {
|
||||||
|
address = "${ipv6.forgejo}/64";
|
||||||
|
mac = "BC:24:11:0B:8A:81";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Add one additional IPv6, so we can have both OpenSSH and
|
||||||
|
# Forgejo's built-in server bind on port :22.
|
||||||
|
systemd.network.networks."10-wan".networkConfig.Address = [ "${ipv6.openssh}/64" ];
|
||||||
|
services.openssh.listenAddresses = [{
|
||||||
|
addr = "[${ipv6.openssh}]";
|
||||||
|
}];
|
||||||
|
|
||||||
|
bagel.services.forgejo = {
|
||||||
|
enable = true;
|
||||||
|
sshBindAddr = ipv6.forgejo;
|
||||||
|
};
|
||||||
|
|
||||||
|
i18n.defaultLocale = "en_US.UTF-8";
|
||||||
|
|
||||||
|
system.stateVersion = "24.05";
|
||||||
|
deployment.targetHost = "git.infra.forkos.org";
|
||||||
|
}
|
Loading…
Reference in a new issue