rpqt/flocon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

create radicle node on genepi

Browse Source
This commit is contained in:
Romain Paquet
2025-02-04 22:30:11 +01:00
parent 9bc510fb52
commit 3f72ad6ac9
6 changed files with 67 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
hosts/crocus/default.nix
View File

@@ -7,8 +7,10 @@
{ {
imports = [ imports = [
(modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/profiles/qemu-guest.nix")
inputs.agenix.nixosModules.default
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
./disk.nix ./disk.nix
./radicle.nix
]; ];
networking.hostName = "crocus"; networking.hostName = "crocus";
@@ -53,4 +55,20 @@
} }
]; ];
}; };
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
networking.firewall.allowedTCPPorts = [
80
443
];
security.acme = {
acceptTerms = true;
defaults.email = "admin@rpqt.fr";
};
} }

21
hosts/crocus/radicle.nix Normal file
View File

@@ -0,0 +1,21 @@
{ config, keys, ... }:
{
services.radicle = {
enable = true;
privateKeyFile = config.age.secrets.radicle-private-key.path;
publicKey = keys.services.radicle;
node = {
openFirewall = true;
};
httpd = {
enable = true;
nginx = {
serverName = "radicle.rpqt.fr";
enableACME = true;
forceSSL = true;
};
};
};
age.secrets.radicle-private-key.file = ../../secrets/radicle-private-key.age;
}

8
infra/crocus.tf
View File

@@ -41,4 +41,12 @@ resource "hcloud_firewall" "crocus_firewall" {
port = "443" port = "443"
source_ips = ["0.0.0.0/0", "::/0"] source_ips = ["0.0.0.0/0", "::/0"]
} }
# radicle-node
rule {
direction = "in"
protocol = "tcp"
port = "8776"
source_ips = ["0.0.0.0/0", "::/0"]
}
} }

5
parts/keys.nix
View File

@@ -4,7 +4,12 @@
hosts = { hosts = {
haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKga5V0H602RsBESBXf5kwRCnI1yfBPOHmjGsM4Rxf5r root@haze"; haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKga5V0H602RsBESBXf5kwRCnI1yfBPOHmjGsM4Rxf5r root@haze";
genepi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQUzjid5mfMYginIUCVWTF7rWvWz0mUZBZsl5EhDIDl root@genepi"; genepi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQUzjid5mfMYginIUCVWTF7rWvWz0mUZBZsl5EhDIDl root@genepi";
crocus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAiz3nzuJGO5tRka2Y/kzqKa68wF7wwHr4hAympLNb9F root@crocus";
storagebox = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs"; storagebox = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs";
storagebox-rsa = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5EB5p/5Hp3hGW1oHok+PIOH9Pbn7cnUiGmUEBrCVjnAw+HrKyN8bYVV0dIGllswYXwkG/+bgiBlE6IVIBAq+JwVWu1Sss3KarHY3OvFJUXZoZyRRg/Gc/+LRCE7lyKpwWQ70dbelGRyyJFH36eNv6ySXoUYtGkwlU5IVaHPApOxe4LHPZa/qhSRbPo2hwoh0orCtgejRebNtW5nlx00DNFgsvn8Svz2cIYLxsPVzKgUxs8Zxsxgn+Q/UvR7uq4AbAhyBMLxv7DjJ1pc7PJocuTno2Rw9uMZi1gkjbnmiOh6TTXIEWbnroyIhwc8555uto9melEUmWNQ+C+PwAK+MPw=="; storagebox-rsa = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5EB5p/5Hp3hGW1oHok+PIOH9Pbn7cnUiGmUEBrCVjnAw+HrKyN8bYVV0dIGllswYXwkG/+bgiBlE6IVIBAq+JwVWu1Sss3KarHY3OvFJUXZoZyRRg/Gc/+LRCE7lyKpwWQ70dbelGRyyJFH36eNv6ySXoUYtGkwlU5IVaHPApOxe4LHPZa/qhSRbPo2hwoh0orCtgejRebNtW5nlx00DNFgsvn8Svz2cIYLxsPVzKgUxs8Zxsxgn+Q/UvR7uq4AbAhyBMLxv7DjJ1pc7PJocuTno2Rw9uMZi1gkjbnmiOh6TTXIEWbnroyIhwc8555uto9melEUmWNQ+C+PwAK+MPw==";
}; };
services = {
radicle = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBuoHC4P0h88OAL5PJmiqkbkvQR1cwfkjaevWbwdKOU7 radicle@rpqt.fr";
};
} }

8
secrets/radicle-private-key.age Normal file
View File

@@ -0,0 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 M/D1Cg YfbyictbASsHxNw6wLCn39IrkNtbpVM8QZNczMArVkw
om2OLtWnWYLvUm7L4tSDDXHtUKd1O+wqwKO78QZ/6cg
-> ssh-ed25519 8TpKTA vtuEudd4t+4kzeztRImB1QqGtH7QJiCppBzSngEzKm4
qUgxtzght+zL/PVuBKbD3S+B4H3siZveg7n0mqJQqDQ
--- 8xbzXxMfsk2mfLI25fp+xtzTfjJr2t6nSQWa69Ua9Mw
!<21>n<1B><0F><><EFBFBD><EFBFBD>:<3A><><10>=<3D>`\i<><69><EFBFBD><EFBFBD><EFBFBD>Mti<04><><EFBFBD><1D><><EFBFBD><EFBFBD>:<3A>A'<27>p<EFBFBD><70><EFBFBD><EFBFBD><EFBFBD>ww<77>^r<><72><EFBFBD><EFBFBD><EFBFBD>o<EFBFBD><6F>
,NMC<4D><43><71>ڿz<DABF>Y<EFBFBD>\<<3C>ޕlS<6C>+<2B>d^Y<>Ϲ1r<31>}<05><><EFBFBD><1D><>Z<EFBFBD><5A><EFBFBD><EFBFBD>fm<66><6D><EFBFBD>@<40><><EFBFBD>Д<EFBFBD><D094>c <0C>3<EFBFBD>|M<><4D><EFBFBD><EFBFBD>V<>K<EFBFBD>a<EFBFBD><61><EFBFBD>?E<>A<EFBFBD>+<2B>s<EFBFBD>q,<2C><><02><1F>ÅV<C385>$|N<>I T<> <02>-xܐk<DC90><6B><EFBFBD>$<03><>A~<7E>W<EFBFBD>'<k<>|<7C><><EFBFBD>Sh+h<><68><1A><>,J<>W<EFBFBD>h<EFBFBD><68><EFBFBD>E<EFBFBD>&K<><4B>&<26>@<40>p<EFBFBD>P<EFBFBD>p<EFBFBD><70><EFBFBD><EFBFBD>A<EFBFBD><41>L<>b<0E><><EFBFBD>$<24>J<EFBFBD>2nk%|Y,! t ><3E><>nM <09><><EFBFBD><1B><><EFBFBD><p<>{<7B>D<EFBFBD><44> <0C>r<13>e<1E><><EFBFBD><1F>R<><19>7PyQ<06><>:<3A><><EFBFBD>;9X<39> nu6Si剞x <1A><>F<EFBFBD>5<EFBFBD><05>MҠb<D2A0><03><>HY<48>[<5B><>g<EFBFBD>Ӟmt<6D><74><EFBFBD>cj<63>Y<EFBFBD><DIQ<>|<7C>MF<4D>#<23>+<2B><><EFBFBD>#<23>+9bb<62><62><36>D3<02><>.<2E>]e<>m(<28><08>oW<6F><57>

7
secrets/secrets.nix
View File

@@ -5,6 +5,11 @@ let
keys.hosts.genepi keys.hosts.genepi
keys.rpqt.haze keys.rpqt.haze
]; ];
keysForCrocus = [
keys.hosts.crocus
keys.rpqt.haze
];
in in
{ {
"gandi.age".publicKeys = keysForGenepi; "gandi.age".publicKeys = keysForGenepi;
@@ -17,4 +22,6 @@ in
# Password of the default user # Password of the default user
"freshrss.age".publicKeys = keysForGenepi; "freshrss.age".publicKeys = keysForGenepi;
"radicle-private-key.age".publicKeys = keysForCrocus;
} }