2025-05-19 19:06:06 -07:00
8 changed files with 17 additions and 105 deletions
--- a/home/dot_config/borgmatic.d/private_torus.yaml
+++ b/home/dot_config/borgmatic.d/private_torus.yaml
@ -1,21 +0,0 @@
 source_directories:
    - .
 exclude_patterns:
    - 'code-server/config/*'
    - 'code-server/workspace/*'
    - 'immich/library/*'
 archive_name_format: 'apps-{now}'
 repositories:
    #- path: ssh://user@backupserver/./sourcehostname.borg
    #  label: backupserver
    - path: /engi/backup/borg/borg-apps
      label: local
 keep_daily: 7
 keep_weekly: 4
 keep_monthly: 6
 encryption_passphrase: "ShineOn-Borg"
--- a/home/private_dot_ssh/config.tmpl
+++ b/home/private_dot_ssh/config.tmpl
@ -10,12 +10,3 @@ Host bulwark
  AddKeysToAgent yes
  IdentityFile /run/agenix/ssh/kestrel/id_ed25519 
 {{- end }}
 {{- if eq .chezmoi.hostname "torus" }}
 Host kestrel
  AddKeysToAgent yes
  IdentityFile /run/agenix/ssh/torus/id_ed25519 
 Host bulwark 
  AddKeysToAgent yes
  IdentityFile /run/agenix/ssh/torus/id_ed25519 
 {{- end }}
--- a/provision/hosts/default/home-configuration.nix
+++ b/provision/hosts/default/home-configuration.nix
@ -11,11 +11,6 @@
      nix-direnv.enable = true;
    };
    programs.vscode = {
      enable = true;
      package = pkgs.vscode.fhs;
    };
    home.packages = with pkgs; [
    ];
--- a/provision/hosts/torus/gitea.nix
+++ b/provision/hosts/torus/gitea.nix
@ -1,47 +1,23 @@
 { config, lib, pkgs, user, ... }:
-let
+{
  stateDir = "/var/lib/gitea";
  dumpFolder = "/engi/backup/dumps/gitea";
  domain = "git.tstarr.us";
 in {
  # Main gitea service
  systemd.tmpfiles.rules = [
    "d ${dumpFolder} 0775 gitea gitea -"
  ];
  environment.systemPackages = [
    (pkgs.writeScriptBin "backup-dump-gitea" ''
      #!/bin/sh
      cd ${dumpFolder}
      [ -e gitea-dump.zip ] && rm gitea-dump.zip
      exec ${pkgs.gitea}/bin/gitea dump --type zip -c ${stateDir}/custom/conf/app.ini --file "gitea-dump.zip"
    '')
  ];
  services.gitea = {
    enable = true;
    lfs.enable = true;
-    stateDir = "${stateDir}";
+    dump = {
-    customDir = "${stateDir}/custom"; 
+      enable = true;
-    settings.server = {
+      interval = "23:05";
      DOMAIN = "${domain}";
      HTTP_PORT = 3001;
      ROOT_URL = "https://${domain}";
    };
    settings.service = {
        DISABLE_REGISTRATION = true;
    };
    settings.server = {
      DOMAIN = "git.tstarr.us";
      HTTP_PORT = 3001;
      ROOT_URL = "https://git.tstarr.us";
    };
  };
-  # Gitea runners
+  # gitea runner secrets
  users.users.gitea-runner = {
    createHome = false;
    isSystemUser = true;
    group = "gitea-runner";
  };
  users.groups.gitea-runner = {};
  age.secrets."git/gitea-runner-1" = {
    file = ../../secrets/git/gitea-runner-1.age;
    owner = "gitea-runner";
@ -51,7 +27,7 @@ in {
  services.gitea-actions-runner.instances = {
    runner1 = {
      enable = true;
-      url = "https://${domain}";
+      url = "https://git.tstarr.us";
      tokenFile = "/run/agenix/git/gitea-runner-1";
      name = "runner1";
      labels = [
@ -71,4 +47,10 @@ in {
      ];
    };
  };
  users.users.gitea-runner = {
    createHome = false;
    isSystemUser = true;
    group = "gitea-runner";
  };
  users.groups.gitea-runner = {};
 }
--- a/provision/modules/system/secrets.nix
+++ b/provision/modules/system/secrets.nix
@ -27,16 +27,6 @@ in {
      owner = "${user}";
      group = "users";
    };
    age.secrets."ssh/torus/id_ed25519" = {
      file = ../../secrets/ssh/torus/id_ed25519.age;
      owner = "${user}";
      group = "users";
    };
    age.secrets."ssh/torus/id_ed25519.pub" = {
      file = ../../secrets/ssh/torus/id_ed25519.pub.age;
      owner = "${user}";
      group = "users";
    };
    # emu secrets
    age.secrets."emu/switch/prod.keys" = {
--- a/provision/secrets/secrets.nix
+++ b/provision/secrets/secrets.nix
@ -19,7 +19,5 @@ in
  "nextcloud/password.age".publicKeys = systems;
  "ssh/kestrel/id_ed25519.age".publicKeys = [ tstarr_kestrel ] ++ systems;
  "ssh/kestrel/id_ed25519.pub.age".publicKeys = [ tstarr_kestrel ] ++ systems;
  "ssh/torus/id_ed25519.age".publicKeys = [ tstarr_torus ] ++ systems;
  "ssh/torus/id_ed25519.pub.age".publicKeys = [ tstarr_torus ] ++ systems;
 }
--- a/provision/secrets/ssh/torus/id_ed25519.age
+++ b/provision/secrets/ssh/torus/id_ed25519.age
@ -1,12 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 6UNP1Q pt+/kwmpzF1ZYUgjfOdR0tCws6Ir/x+WFWQ/u5u2VCM
 6vGNiivMqZGMzxsSjiPM1JyuOOoKeINVc5M2EMc5IQs
 -> ssh-ed25519 Fz/sQw MNIfMtMO3WeP03UdvEs3Ofb+1Ga4FYB7JHzgQmVQRhw
 BnOd8W5SFVtnG42y5z1qWxdBmd/x1bX5K8uz+eJcoEc
 -> ssh-ed25519 47GzQA xo6VwtD5f/YQgM8DL/ZyyNNZdO76sy2ECEdyjeYIuBk
 eeHqX9CnkOCCPGHGjiHdyPqVeM+Rbei/xyzpfGnB6lo
 -> ssh-ed25519 wcI7nQ oviiO/RofHtg7GOuLOgnF0AqTtMvHM/jkaRq2zsPYn4
 7/HQNRTfjZDiDg1rzrAHZ5Ji/Vc/qsHwiioeL5MNkW0
 --- 2pyP4F8yE+BR1xK7mqSC5NdEB9sw/+fyHmrtg3yyiYQ
 P¼ì@“Ð¥}TV=Ð§žk÷&:Âr<C382>‰}Ú¦whq‰]wg²\vÝ‚ôA#?,<2C>’iÎòBdÁHróõ\R€Û:µíÀÑeè!è>æ“Én´5vô…<C3B4>ÍÑu„í°ˆ&¢h¢ YO+Œ‚¯Zˆf„LT¬«!¸NFØr–HªŠî}ðBà“ž/&ëÇH“ùùvÝ)Ë7<C38B>oï)¤Hœ 
 ˜.ù¨>~7dÑ%[nKâyÚŽòèDlÚ{ìDÃÖß˜Ú¢ˆnS¿Ü¿ðËãZ›ú®kú/ÉO~¬¥)×öWþ¸hÂ¬¯j€F˜€ˆbò©!_qîÌÆÛiÕü·³«d†¼W_ûŠQ!äÀ/<2F>u¼<75>‡_•À«
V%®›ÖÐ÷É?'&qS@[!D\–PÅSs†åüdJ=1bAÅ¼Ï"Hñ,V™?&ÀSr>®éÒRKˆ” +ë§”^é åš¯ÄFŠ]©¨ÓU<C393>b-L¬ŠÃY(¹¹•%Wî?Sº(ZËõõ€€!ìe³›æþ<C3A6>7¶{·‰‰frºp<>ÊÂ½„ƒ¯âaŸ<61>Œh’f“RóZÖ¸¯|¶L+Aö^9
--- a/provision/secrets/ssh/torus/id_ed25519.pub.age
+++ b/provision/secrets/ssh/torus/id_ed25519.pub.age
@ -1,11 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 6UNP1Q 9MKiiHjqqjYBm+DsgXcpzu4mKdICA4OGpC9KAnYJMyk
 /vOtXkev3nXDMlrNx1yDmTf8gLPtSwV+QJfoqs6HVyg
 -> ssh-ed25519 Fz/sQw /+NdN1YZtM9t32u6E29IbEQZDOXRt38ahsjoC2g02lU
 c8etDhHvv6F9t/mX264vGa3CDkbpRyAW7pEMEj3KR/M
 -> ssh-ed25519 47GzQA Uhj4JY9UeGLn8MjK1uqvIsoq69RWY0UeKqeT+sEd7GA
 8KmEBgq4CE/kGY+PRnGLEEujIhvdmNGHSViAup4pPJ4
 -> ssh-ed25519 wcI7nQ mCmIzNVQpKtTz+U7GF1ux4vMQJfXH7+p4iZjSPmRNmw
 /njWvPmXafs5Sz+FlSmnh049LZMUQHMLrjbIwVxos88
 --- Ee6yH5YKBP97rw4LVpHDKjPPoPeff2xMDigrg7PMXYU
 ŠÐ·Å\¶<1E>´1+˜Áã…Ø¼i.iÑjJëÄmoØ:<3A>_	Q®]°Qžx€‹ököõ#‡–äFòdßA»T<>E ýeœ~O^%¦^ì“ÈB7±¦ÜWg¯ƒ4ic	´Nèó[!;—~–N×ão‡ñÆL<':6š“òJÎ