Compare commits
7 commits
3465ed4908
...
9b1008814e
| Author | SHA1 | Date | |
|---|---|---|---|
|
9b1008814e | ||
|
|
ceccc167d2 | ||
|
|
bccbc3f313 | ||
|
|
99bb272cc3 | ||
|
|
58ff754204 | ||
|
|
7061e9c14d | ||
|
|
d559b4a8ed |
24
flake.lock
24
flake.lock
|
|
@ -9,11 +9,11 @@
|
|||
"treefmt-nix": "treefmt-nix"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1724150417,
|
||||
"narHash": "sha256-BF7UsEHmXvaVZc4m/pHEKxR122N34NgIpK0CPAXd01M=",
|
||||
"lastModified": 1725761443,
|
||||
"narHash": "sha256-RX3qnLYaFxlvOAYL6WsM5nGjNnMZQIgKIpIxigPmiAU=",
|
||||
"owner": "Mic92",
|
||||
"repo": "buildbot-nix",
|
||||
"rev": "2d1bd50430303caf22bca06069e9f9bf3ff83f82",
|
||||
"rev": "ade5f42d7e56c8298d729aa0e804c8062e7a77ac",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -30,11 +30,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1722555600,
|
||||
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
|
||||
"lastModified": 1725234343,
|
||||
"narHash": "sha256-+ebgonl3NbiKD2UD0x4BszCZQ6sTfL4xioaM49o5B3Y=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
|
||||
"rev": "567b938d64d4b4112ee253b9274472dc3a346eb6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -61,11 +61,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1723991338,
|
||||
"narHash": "sha256-Grh5PF0+gootJfOJFenTTxDTYPidA3V28dqJ/WV7iis=",
|
||||
"lastModified": 1725634671,
|
||||
"narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "8a3354191c0d7144db9756a74755672387b702ba",
|
||||
"rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -90,11 +90,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1723808491,
|
||||
"narHash": "sha256-rhis3qNuGmJmYC/okT7Dkc4M8CeUuRCSvW6kC2f3hBc=",
|
||||
"lastModified": 1725271838,
|
||||
"narHash": "sha256-VcqxWT0O/gMaeWTTjf1r4MOyG49NaNxW4GHTO3xuThE=",
|
||||
"owner": "numtide",
|
||||
"repo": "treefmt-nix",
|
||||
"rev": "1d07739554fdc4f8481068f1b11d6ab4c1a4167a",
|
||||
"rev": "9fb342d14b69aefdf46187f6bb80a4a0d97007cd",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
|
||||
description = "stockholm";
|
||||
|
||||
outputs = { self, nixpkgs, nix-writers, buildbot-nix, ... }@inputs: {
|
||||
outputs = { self, nixpkgs, nix-writers, buildbot-nix, ... }: {
|
||||
nixosConfigurations = nixpkgs.lib.mapAttrs (machineName: _: nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs.stockholm = self;
|
||||
|
|
|
|||
|
|
@ -18,6 +18,30 @@ in {
|
|||
mail = "feliks@flipdot.org";
|
||||
};
|
||||
hosts = mapAttrs hostDefaults {
|
||||
ioka = {
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.10.242";
|
||||
aliases = [ "ioka.r" "ioka.feliks.r" ];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAwmwpsohYq/KJTXvUmacsFqolf3Me2dG5NypdosJT5jIVjQMa5M6U
|
||||
HWpkfOFi3v0NTiUN8OP3714N1hF7x+Lq/EVYSSxT1bB4IWSIyaVLmSjs+sycHRKK
|
||||
zvOL249iOqdyFjAeGVXmLw/zYOH6uzdJpRvlgMcGT5BPL+Jx+G5KUZgeqkDDDpcy
|
||||
1j+6nCyBRn9yK0yfZ5z6LJQqLCJzZ4KE5ym6t8RqgRXWchewQP/aYxtk1dn03GEn
|
||||
NSiJmjb3QtKM1ZWAMNSCJ0xdPNQtMp7Xi4EdwDcyNAmu+Tk48MSV/G4TL5PXAV1p
|
||||
WYWS6KxAc/huwKW/HCGFAj7d7cTMd4XzcN7fMg6gAs4GQTVn7AYelMb6teAGZj5Y
|
||||
ifHmhl5Sy2umuDBhUWAfLDZu97gmF2ZlpO48VG/ZJjKejw9gP8u3Qek3+4iO22wM
|
||||
xrj1ZZEuxhEyJu1OYNr/MES6h5l+FdiVpV6JMpzOCGhiVRN4z4FzUHcUixFIgJni
|
||||
zlr0h6c0fJh4mEmOSu2WwNV7xMmqWe7SAcLOnvRaAqBfAprIvy/rpcB7Ji1gFcMq
|
||||
4k/GkbKD+8/NZxujAJhyUo08JNHb0TACZiVIhbaafsEEgRQZBs9wa0u7MMzqlwXP
|
||||
1ewjfwmfEQa7yEt0BQVjYm2C017IWngXv0dU49gVDGh9MMG9EBcS4scCAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
tinc.pubkey_ed25519 = "jhPsb07ilQDliw8H9lQ1JQ5Potj+//HwNSD7+OHdFvD";
|
||||
};
|
||||
};
|
||||
};
|
||||
papawhakaaro = {
|
||||
nets = {
|
||||
retiolum = {
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=
|
||||
Y6fOW2QDt0SsHT7hSVzzJYQVB3JI/txO4/FDB54Z52A=
|
||||
|
|
|
|||
|
|
@ -391,12 +391,14 @@ let
|
|||
};
|
||||
};
|
||||
|
||||
services.fcgiwrap = {
|
||||
services.fcgiwrap.instances.cgit = {
|
||||
enable = true;
|
||||
user = cfg.cgit.fcgiwrap.user.name;
|
||||
group = cfg.cgit.fcgiwrap.group.name;
|
||||
# socketAddress = "/run/fcgiwrap.sock" (default)
|
||||
# socketType = "unix" (default)
|
||||
process.user = cfg.cgit.fcgiwrap.user.name;
|
||||
socket.user = cfg.cgit.fcgiwrap.user.name;
|
||||
process.group = cfg.cgit.fcgiwrap.group.name;
|
||||
socket.group = cfg.cgit.fcgiwrap.group.name;
|
||||
socket.address = "/run/fcgiwrap.sock";
|
||||
# socket.type = "unix" (default)
|
||||
};
|
||||
|
||||
environment.etc."cgitrc".text = let
|
||||
|
|
|
|||
|
|
@ -108,12 +108,12 @@ let
|
|||
})
|
||||
({
|
||||
krebs.iptables.tables.filter.INPUT.rules = map
|
||||
(portRange: { predicate = "-p tcp --dport ${toString port.from}:${toString port.to}"; target = "ACCEPT"; })
|
||||
(portRange: { predicate = "-p tcp --dport ${toString portRange.from}:${toString portRange.to}"; target = "ACCEPT"; })
|
||||
config.networking.firewall.allowedTCPPortRanges;
|
||||
})
|
||||
({
|
||||
krebs.iptables.tables.filter.INPUT.rules = map
|
||||
(portRange: { predicate = "-p udp --dport ${toString port.from}:${toString port.to}"; target = "ACCEPT"; })
|
||||
(portRange: { predicate = "-p udp --dport ${toString portRange.from}:${toString portRange.to}"; target = "ACCEPT"; })
|
||||
config.networking.firewall.allowedUDPPortRanges;
|
||||
})
|
||||
({
|
||||
|
|
|
|||
Loading…
Reference in a new issue