Merge

2023-06-09 15:07:00 +02:00 · 2023-06-09 15:07:00 +02:00 · c1ab40ec04
commit c1ab40ec04
parent 7e0a7fb1bc 1e394c925b
15 changed files with 135 additions and 59 deletions
--- a/nixos/hosts/hades/attic/configuration.nix
+++ b/nixos/hosts/hades/attic/configuration.nix
@ -18,10 +18,21 @@ in {
  # Additional packages
  environment.systemPackages = with pkgs; [ ];

-  vault-secrets.secrets.attic = {
-    services = [ "atticd" ];
-   };
+  vault-secrets.secrets.attic = { services = [ "atticd" ]; };

+  services.postgresql = {
+    enable = true;
+    package = pkgs.postgresql_15;
+    ensureDatabases = [ "atticd" ];
+    ensureUsers = [{
+      name = "atticd";
+      ensurePermissions = {
+        "DATABASE atticd" = "ALL PRIVILEGES";
+        "schema public" = "ALL";
+      };
+    }];
+
+  };

  services.atticd = {
    enable = true;
@ -44,6 +55,8 @@ in {
        level = 8;
      };

+      database.url = "postgresql://atticd?host=/run/postgresql";
+
      storage = {
        type = "s3";
        region = "hades";
--- a/nixos/hosts/hades/dns/configuration.nix
+++ b/nixos/hosts/hades/dns/configuration.nix
@ -21,7 +21,10 @@
  services.unbound.settings.server = {
    local-zone = [
      "xirion.net typetransparent"
+      "attic.xirion.net typetransparent"
      "o.xirion.net typetransparent"
+      "attic.xirion.net typetransparent"
+      "g.xirion.net typetransparent"
      "fedi-media.xirion.net typetransparent"
      "hades.xirion.net typetransparent"
      "requests.xirion.net typetransparent"
@ -31,8 +34,11 @@

    local-data = [
      ''"xirion.net A 192.168.0.122"''
+      ''"attic.xirion.net A 192.168.0.122"''
      ''"hades.xirion.net A 192.168.0.122"''
      ''"o.xirion.net A 192.168.0.122"''
+      ''"attic.xirion.net A 192.168.0.122"''
+      ''"g.xirion.net A 192.168.0.122"''
      ''"fedi-media.xirion.net A 192.168.0.122"''
      ''"requests.xirion.net A 192.168.0.122"''
      ''"ha.xirion.net A 192.168.0.122"''
--- a/nixos/hosts/hades/nginx/configuration.nix
+++ b/nixos/hosts/hades/nginx/configuration.nix
@ -36,7 +36,7 @@ in {
    recommendedTlsSettings = true;
    recommendedOptimisation = true;
    recommendedBrotliSettings = true;
-    clientMaxBodySize = "500m";
+    clientMaxBodySize = "1024m";

    package = pkgs.nginxMainline;

@ -59,6 +59,7 @@ in {
    virtualHosts."git.xirion.net" = proxy "http://10.10.10.12";
    virtualHosts."mail.xirion.net" = proxy "http://192.168.0.118";
    virtualHosts."o.xirion.net" = proxy "http://192.168.0.112:9000";
+    virtualHosts."g.xirion.net" = proxy "http://garage.hades:3900";
    virtualHosts."requests.xirion.net" = proxy "http://overseerr.hades:5055";
    virtualHosts."pass.xirion.net" = proxy "http://bitwarden_rs";
    virtualHosts."repo.xirion.net" = proxy "http://archlinux";
--- a/nixos/hosts/hades/rtorrent/configuration.nix
+++ b/nixos/hosts/hades/rtorrent/configuration.nix
@ -34,12 +34,20 @@ in {
      privateKeyFile = "${vs.rtorrent}/wireguardKey";
      postUp = "${postUpScript}/bin/post_up || true";

-      peers = [{
-        publicKey = "DVui+5aifNFRIVDjH3v2y+dQ+uwI+HFZOd21ajbEpBo=";
-        allowedIPs = [ "0.0.0.0/0" "::/0" ];
-        endpoint = "185.65.134.82:51820";
-        persistentKeepalive = 25;
-      }];
+      peers = [
+        {
+          publicKey = "33BoONMGCm2vknq2eq72eozRsHmHQY6ZHEEZ4851TkY=";
+          allowedIPs = [ "0.0.0.0/0" "::/0"];
+          endpoint = "193.32.249.70:51820";
+          persistentKeepalive = 25;
+        }
+        # {
+        # publicKey = "DVui+5aifNFRIVDjH3v2y+dQ+uwI+HFZOd21ajbEpBo=";
+        # allowedIPs = [ "0.0.0.0/0" "::/0" ];
+        # endpoint = "185.65.134.82:51820";
+        # persistentKeepalive = 25;
+        # }
+      ];
    };
  };
 }
--- a/nixos/hosts/olympus/ci/configuration.nix
+++ b/nixos/hosts/olympus/ci/configuration.nix
@ -40,6 +40,15 @@ in {
  };

  services.gitea-actions-runner.instances = {
+    runner_1 = {
+      name = "runner_1";
+      enable = true;
+      labels = [
+        "docker:docker://node:16-bullseye"
+      ];
+      url = "https://git.0x76.dev";
+      tokenFile = "${vs.gitea_runner}/token_runner_1";
+    };
    nix-native = {
      enable = true;
      name = "nix-native";
--- a/nixos/hosts/olympus/mailserver/configuration.nix
+++ b/nixos/hosts/olympus/mailserver/configuration.nix
@ -27,20 +27,37 @@ in {
  mailserver = {
    enable = true;
    fqdn = "mail.0x76.dev";
-    domains = [ "0x76.dev" "meowy.tech" ];
+    domains = [ "0x76.dev" "meowy.tech" "xirion.net" ];
    certificateScheme = "acme-nginx";
+    enableManageSieve = true;
+
+    monitoring = {
+      alertAddress = "v@0x76.dev";
+      enable = true;
+    };

    loginAccounts = {
      # People
      "v@0x76.dev" = {
        hashedPasswordFile = "${vs.mailserver}/v@0x76.dev";
-        aliases =
-          [ "v@meowy.tech" "postmaster@0x76.dev" "postmaster@meowy.tech" ];
+        catchAll = [ "xirion.net" "0x76.dev" ];
+        aliases = [
+          "postmaster@0x76.dev"
+          "abuse@0x76.dev"
+
+          "v@meowy.tech"
+          "abuse@meowy.tech"
+          "postmaster@meowy.tech"
+
+          "@xirion.net"
+          "@0x76.dev"
+        ];
      };
      "laura@meowy.tech" = {
        hashedPasswordFile = "${vs.mailserver}/laura@meowy.tech";
        aliases = [ "lau@meowy.tech" ];
      };
+
      # Services
      "gitea@0x76.dev" = {
        hashedPasswordFile = "${vs.mailserver}/gitea@0x76.dev";
@ -82,6 +99,7 @@ in {
      pkgs.roundcube.withPlugins (plugins: [ plugins.persistent_login ]);
    plugins = [
      "archive"
+      "managesieve"
      # "enigma"
      # "markasjunk"
      "persistent_login"