rpqt/flocon
rpqt/flocon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

create radicle node on genepi

Browse source
This commit is contained in:
Romain Paquet 2025-02-04 22:30:11 +01:00
parent 9bc510fb52
commit 3f72ad6ac9
6 changed files with 67 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

18
hosts/crocus/default.nix
View file

@ -7,8 +7,10 @@
{ {
imports = [ imports = [
(modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/profiles/qemu-guest.nix")
inputs.agenix.nixosModules.default
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
./disk.nix ./disk.nix
./radicle.nix
]; ];
networking.hostName = "crocus"; networking.hostName = "crocus";
@ -53,4 +55,20 @@
} }
]; ];
}; };
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
networking.firewall.allowedTCPPorts = [
80
443
];
security.acme = {
acceptTerms = true;
defaults.email = "admin@rpqt.fr";
};
} }

21
hosts/crocus/radicle.nix Normal file
View file

@ -0,0 +1,21 @@
{ config, keys, ... }:
{
services.radicle = {
enable = true;
privateKeyFile = config.age.secrets.radicle-private-key.path;
publicKey = keys.services.radicle;
node = {
openFirewall = true;
};
httpd = {
enable = true;
nginx = {
serverName = "radicle.rpqt.fr";
enableACME = true;
forceSSL = true;
};
};
};
age.secrets.radicle-private-key.file = ../../secrets/radicle-private-key.age;
}

8
infra/crocus.tf
View file

@ -41,4 +41,12 @@ resource "hcloud_firewall" "crocus_firewall" {
port = "443" port = "443"
source_ips = ["0.0.0.0/0", "::/0"] source_ips = ["0.0.0.0/0", "::/0"]
} }
# radicle-node
rule {
direction = "in"
protocol = "tcp"
port = "8776"
source_ips = ["0.0.0.0/0", "::/0"]
}
} }

5
parts/keys.nix
View file

@ -4,7 +4,12 @@
hosts = { hosts = {
haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKga5V0H602RsBESBXf5kwRCnI1yfBPOHmjGsM4Rxf5r root@haze"; haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKga5V0H602RsBESBXf5kwRCnI1yfBPOHmjGsM4Rxf5r root@haze";
genepi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQUzjid5mfMYginIUCVWTF7rWvWz0mUZBZsl5EhDIDl root@genepi"; genepi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQUzjid5mfMYginIUCVWTF7rWvWz0mUZBZsl5EhDIDl root@genepi";
crocus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAiz3nzuJGO5tRka2Y/kzqKa68wF7wwHr4hAympLNb9F root@crocus";
storagebox = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs"; storagebox = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs";
storagebox-rsa = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5EB5p/5Hp3hGW1oHok+PIOH9Pbn7cnUiGmUEBrCVjnAw+HrKyN8bYVV0dIGllswYXwkG/+bgiBlE6IVIBAq+JwVWu1Sss3KarHY3OvFJUXZoZyRRg/Gc/+LRCE7lyKpwWQ70dbelGRyyJFH36eNv6ySXoUYtGkwlU5IVaHPApOxe4LHPZa/qhSRbPo2hwoh0orCtgejRebNtW5nlx00DNFgsvn8Svz2cIYLxsPVzKgUxs8Zxsxgn+Q/UvR7uq4AbAhyBMLxv7DjJ1pc7PJocuTno2Rw9uMZi1gkjbnmiOh6TTXIEWbnroyIhwc8555uto9melEUmWNQ+C+PwAK+MPw=="; storagebox-rsa = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5EB5p/5Hp3hGW1oHok+PIOH9Pbn7cnUiGmUEBrCVjnAw+HrKyN8bYVV0dIGllswYXwkG/+bgiBlE6IVIBAq+JwVWu1Sss3KarHY3OvFJUXZoZyRRg/Gc/+LRCE7lyKpwWQ70dbelGRyyJFH36eNv6ySXoUYtGkwlU5IVaHPApOxe4LHPZa/qhSRbPo2hwoh0orCtgejRebNtW5nlx00DNFgsvn8Svz2cIYLxsPVzKgUxs8Zxsxgn+Q/UvR7uq4AbAhyBMLxv7DjJ1pc7PJocuTno2Rw9uMZi1gkjbnmiOh6TTXIEWbnroyIhwc8555uto9melEUmWNQ+C+PwAK+MPw==";
}; };
services = {
radicle = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBuoHC4P0h88OAL5PJmiqkbkvQR1cwfkjaevWbwdKOU7 radicle@rpqt.fr";
};
} }

8
secrets/radicle-private-key.age Normal file
View file

@ -0,0 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 M/D1Cg YfbyictbASsHxNw6wLCn39IrkNtbpVM8QZNczMArVkw
om2OLtWnWYLvUm7L4tSDDXHtUKd1O+wqwKO78QZ/6cg
-> ssh-ed25519 8TpKTA vtuEudd4t+4kzeztRImB1QqGtH7QJiCppBzSngEzKm4
qUgxtzght+zL/PVuBKbD3S+B4H3siZveg7n0mqJQqDQ
--- 8xbzXxMfsk2mfLI25fp+xtzTfjJr2t6nSQWa69Ua9Mw
!™n<0F>ýÙù:ùŽŸ=Ä`\iý€§ˆÛMti³ðö°ÙÄÞ:ŸA'ñp®õ¾wwª^râ€Ûâøo¶ò ,NMC„úqÚ˜âÚ¿zYÉ\<ÒÞ•lSÒ+<2B>d^YŒϹ1rº}ï€ëã¾Z®ÇØfm¼ÉÒ@äДèåc —3Ä|MÜìÎÕV÷Kåa½Ûå?EðAÃ+ès<C3A8>q,…÷ØÃ…VÄ$|N I TÄ ¤-xÜ<>k÷€µ$¬¢A~•WÈ'<k˜|¶—×Sh+hƒÞ§Ç,J¹Wùhƒ¢öE¢&K‰ù&ø@ëp”P§p¿¿ðAÃÄLûbðÌÆ$íJÈ2nk%|Y,! t >„ünM ¯¯þÑÀ˜<p¡{ÊDØå órßeù¦ûå²7PyQùì:©¸¹;9XÖ nu6Si剞x î˜FÔ5•Í b<C2A0>œŠHYÿ[æÿgþÓžmt×è£cjÛY„<DIQ˜|ÿMFá#˜+<2B>Öè#æ+9bb±«6Ô…§D3<02>ˆ.]eŽm(ŠïoWù¤
8˜ô

7
secrets/secrets.nix
View file

@ -5,6 +5,11 @@ let
keys.hosts.genepi keys.hosts.genepi
keys.rpqt.haze keys.rpqt.haze
]; ];
keysForCrocus = [
keys.hosts.crocus
keys.rpqt.haze
];
in in
{ {
"gandi.age".publicKeys = keysForGenepi; "gandi.age".publicKeys = keysForGenepi;
@ -17,4 +22,6 @@ in
# Password of the default user # Password of the default user
"freshrss.age".publicKeys = keysForGenepi; "freshrss.age".publicKeys = keysForGenepi;
"radicle-private-key.age".publicKeys = keysForCrocus;
} }