vps-www: Rename from vps-public

2026-03-22 23:29:08 +01:00 · 2026-03-03 22:46:14 +01:00 · 2026-03-03 22:46:14 +01:00 · 0a6ad857e0
commit 0a6ad857e0
parent f49b1ee81d
8 changed files with 6 additions and 6 deletions
--- a/hosts/vps-www/default.nix
+++ b/hosts/vps-www/default.nix
@ -0,0 +1,76 @@
+{ self, ... }:
+{
+  imports = [ self.nixosModules.server-profile ];
+
+  system.stateVersion = "25.11";
+
+  custom =
+    let
+      sproutedDomain = "sprouted.cloud";
+    in
+    {
+      boot.loader.systemd-boot.enable = true;
+
+      networking = {
+        overlay.address = "10.254.250.4";
+        underlay = {
+          interface = "enp1s0";
+          cidr = "167.235.73.246/32";
+          isPublic = true;
+          gateway = "172.31.1.1";
+        };
+      };
+
+      services.public-nameserver = {
+        enable = true;
+        zones = [
+          "sprouted.cloud"
+          "sstork.dev"
+        ];
+      };
+
+      web-services =
+        let
+          sstorkDomain = "sstork.dev";
+        in
+        {
+          personal-blog = {
+            enable = true;
+            domain = sstorkDomain;
+          };
+
+          forgejo = {
+            enable = true;
+            domain = "git.${sstorkDomain}";
+            doBackups = true;
+          };
+
+          outline = {
+            enable = true;
+            domain = "wiki.${sproutedDomain}";
+            doBackups = true;
+          };
+
+          it-tools = {
+            enable = true;
+            domain = "it-tools.${sproutedDomain}";
+          };
+
+          networking-toolbox = {
+            enable = true;
+            domain = "net-tools.${sproutedDomain}";
+          };
+
+          privatebin = {
+            enable = true;
+            domain = "pastebin.${sproutedDomain}";
+            branding.name = "SproutedBin";
+          };
+
+          screego = {
+            enable = true;
+            domain = "mirror.${sproutedDomain}";
+          };
+        };
+    };
+}
--- a/hosts/vps-www/disko.nix
+++ b/hosts/vps-www/disko.nix
@ -0,0 +1,56 @@
+{
+  disko.devices = {
+    disk.main = {
+      device = "/dev/sda";
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          boot = {
+            size = "1M";
+            type = "EF02";
+          };
+          ESP = {
+            size = "512M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+              mountOptions = [ "umask=0077" ];
+            };
+          };
+          nix = {
+            size = "20G";
+            content = {
+              type = "filesystem";
+              format = "xfs";
+              extraArgs = [
+                "-m"
+                "reflink=1"
+              ];
+              mountpoint = "/nix";
+              mountOptions = [ "noatime" ];
+            };
+          };
+          persist = {
+            size = "100%";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/persist";
+              mountOptions = [ "noatime" ];
+            };
+          };
+        };
+      };
+    };
+    nodev."/" = {
+      fsType = "tmpfs";
+      mountOptions = [
+        "defaults"
+        "mode=755"
+      ];
+    };
+  };
+}
--- a/hosts/vps-www/hardware.nix
+++ b/hosts/vps-www/hardware.nix
@ -0,0 +1,15 @@
+{ modulesPath, ... }:
+{
+  imports = [ "${modulesPath}/profiles/qemu-guest.nix" ];
+
+  nixpkgs.hostPlatform = "x86_64-linux";
+
+  boot.initrd.availableKernelModules = [
+    "ahci"
+    "xhci_pci"
+    "virtio_pci"
+    "virtio_scsi"
+    "sd_mod"
+    "sr_mod"
+  ];
+}
--- a/hosts/vps-www/keys/age.pub
+++ b/hosts/vps-www/keys/age.pub
@ -0,0 +1 @@
+age1j47wr83tg4t8sdjcyarwvvrt8qzjrgw2fa2e4nufffdev89t8prsu7lxnh
--- a/hosts/vps-www/keys/nebula.crt
+++ b/hosts/vps-www/keys/nebula.crt
@ -0,0 +1,6 @@
+-----BEGIN NEBULA CERTIFICATE V2-----
+MIGwoEqAB3Zwcy13d3ehBwQFCv76BBijCAwGc2VydmVyhQRpp1ZvhgRrKH30hyAV
+Q/4ZW6re1yzFagxOA4SEMyUQWl7UCMJuYEUyO3NFaIIgdnIqsdm+3dZlD0Z67TOb
+Dfl+D6IbW5ATTzxVA8cF+0qDQBO7xSq71ZH/8UCt9HAzBxFDlrigv3cGQUdh/y5B
+TIid0k9jdBvoJr2WQbvvUbJeWkRlZbOPMBMUWejgLNXjnww=
+-----END NEBULA CERTIFICATE V2-----
--- a/hosts/vps-www/keys/nebula.pub
+++ b/hosts/vps-www/keys/nebula.pub
@ -0,0 +1,3 @@
+-----BEGIN NEBULA X25519 PUBLIC KEY-----
+dnIqsdm+3dZlD0Z67TObDfl+D6IbW5ATTzxVA8cF+0o=
+-----END NEBULA X25519 PUBLIC KEY-----
--- a/hosts/vps-www/secrets.json
+++ b/hosts/vps-www/secrets.json
@ -0,0 +1,39 @@
+{
+  "seb-password": "ENC[AES256_GCM,data:znyHz9AhZipp2VNkXifU27IvEbPoKqLf4ibSkqfvkGGoX/jHnoJRYruWmwLnAaqTk6moHtew6HZq3xjvNgUf+qVgaleWQntrLg==,iv:GpBQNm1jspU8PCN+SzfAUKSps3YySg6JJVYOLOFetOI=,tag:CKgqMm/mVae1i9He/ioMAg==,type:str]",
+  "restic": {
+    "password": "ENC[AES256_GCM,data:IGV07og9eSoleJnZ2+/FFLph7TLNd80q+u6WNn+V,iv:E2hBYbvpCMDul81lgUBNVr5Fm7x0u1f9cEkma9jKwYE=,tag:eA7CAtfQtodTCyOuEn4+ug==,type:str]"
+  },
+  "backblaze": {
+    "key-id": "ENC[AES256_GCM,data:vilvyZ72u0bl4/ll1U2ohDupH7Q6g6KfhQ==,iv:FOG6YYp7IeZ/m5p5TRTpzlg2w0ElKXte84ZKU5+3Wlo=,tag:CUizCsgvEInnPSBHw+f5sw==,type:str]",
+    "application-key": "ENC[AES256_GCM,data:5jEt2dx77hlkLBUNuNGKrwTA79Gz9GFDW+h3bJNVfw==,iv:hTCeTWLuUwePgVSksg8EKOJ42b1SmfhTifFk0PDYoMA=,tag:fh9wzzh7jZkX497obE4wog==,type:str]"
+  },
+  "healthchecks": {
+    "ping-key": "ENC[AES256_GCM,data:MqH/4hAk9cjWW5DCw19MvCo/jXNtLQ==,iv:3pfIJ4LhgOw2hHm75OiWdrqcBTD8h5yCwik50tXDp4E=,tag:OTXLGvjn1q4ffLEskmnGpg==,type:str]"
+  },
+  "outline": {
+    "gitlab-auth-secret": "ENC[AES256_GCM,data:fNxlI0sJdoY9hFxiJz4OdGLv1NyZbMchW/df5VuLBHqeQG19Seul0R1J0Fl+NBFfAAiyHA6oGzXerYLt6KsNDwFmK2ODuw==,iv:TfFyC+JUvb2GaeE8rh9Knj4fPkmoyWvymG9YAN/dpNA=,tag:PXn6uYXtFfV0N5+2fYyCZQ==,type:str]"
+  },
+  "nebula": {
+    "host-key": "ENC[AES256_GCM,data:oi5uWtflxt+LB9ft6DuH+h3owTF8bj9lNKVAVyyZH4Ww5F4tN+GhQDNXHSt4SK4M/9K/M7/VfRjcL0uDJq0SJmI1oy0g/pTF+JcBAV/Z6PAhPWBXxMBkIdL+xYLR5lXmBKnTTkHoIqvBZH7wDHq2kOKrBFU96yFfrMLK1TVv5Q==,iv:eau9vYEVwUjGTgESR2d2QNiBlTZIq5Do97/xZqmrz2c=,tag:aTdQ2vRxI/BByG02VvpPMw==,type:str]"
+  },
+  "porkbun": {
+    "api-key": "ENC[AES256_GCM,data:KT1vUUnm0d2T9H1YI5SE6xgTVVdmbLFJeL/+otlw0mheH+9svnC19YP9szB/kBLAPLes+2qunpqM02B9tJxGgD30SNc=,iv:wVIkhrCQ7t7lkR0q0OO/XWZbgZYuja53XgUjfy1fTNA=,tag:MJ5tjbIofqcKXDuzD0b1aQ==,type:str]",
+    "secret-api-key": "ENC[AES256_GCM,data:lmU41AkCVb15sFuMqTZ7qZ978D5BLEYYidsb0yPPjiPPUmnfqBNM5lMVo4k4gt/PcMLcRVv5I6DDqE44zOK7YPf6Fck=,iv:sS7PfE2/CjUekIXGlvEA/N6R5JE7BvgfeXJO5dzv6/8=,tag:rp8FY3hEOyoafmwTdROJ7Q==,type:str]"
+  },
+  "sops": {
+    "age": [
+      {
+        "recipient": "age1mpq8m4p7dnxh5ze3fh7etd2k6sp85zdnmp9te3e9chcw4pw07pcq960zh5",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCZncwTE1GMjQvWHlGRFh0\nSVU2emoxOEZ5VlJTMmtmS0ZNMDZja3NFWWcwCmpRbjZMV2NqQ3pTemVuMzZvTUZo\nT3YzQWdhUWN2UVFRazQrM1M4eUhwNmcKLS0tIFdlRWVnV2wwN2hlUXArLytBcFVr\nWm5JRUVwamdaeEROUjByUkdOcjEwdDgKtLCsbkX9lqirlzdGl7S4T7RZt5PwSzB+\nCylXI9UTTKWybPUhC+Vq1QHnFvw3N+NymDNNjwkNaY8d3YjOX/I9kA==\n-----END AGE ENCRYPTED FILE-----\n"
+      },
+      {
+        "recipient": "age1j47wr83tg4t8sdjcyarwvvrt8qzjrgw2fa2e4nufffdev89t8prsu7lxnh",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvVnphWlNaTUU0QytIdnEv\nQnNzelN4MUMreXZrME5KZStFMDg2V1VFd21rCkk2Uy9ITEF3SjlRVEdMMXlPdHhG\nam1PNnp3emtnMnczeFFSSStJaHF6TkkKLS0tIEJKbFRzbmNqMjk5NXVHZnhlWWZ3\nYng5L1F5YUJGOTg3TTJCK281SG9Id3MKsmH2yj19ig2g+KzBGLD9dWkdvr6TLdSd\nuuDC+frhj7wWrEomOOjIoYtWHXkUtTSAnCEZhrhfyupYhEvlFfWRlw==\n-----END AGE ENCRYPTED FILE-----\n"
+      }
+    ],
+    "lastmodified": "2026-02-11T17:18:44Z",
+    "mac": "ENC[AES256_GCM,data:CVnAf/P0Uj1kzU148d9LodrM7vNSmQ1F7LZQC5WEeAhPl+w1FgizNdzyQo+ZnuDBHkAflwJlB1kSS7Ou5/8mC9pBY1Kc13f4f+vpXNbZEyoUXaVqoESPSFtCdLrV+Fj54xwZEAUPzwvujuf9ud3SIs76vDF8LjTHxJFk3JPX4Ys=,iv:vPmUUwYnhB/jFCN4Fz2Bwh6cbb9MZ8DzVeY5m4Fno1U=,tag:YRozMlFU7DvjBRG/K1qmyA==,type:str]",
+    "unencrypted_suffix": "_unencrypted",
+    "version": "3.11.0"
+  }
+}
				`@ -0,0 +1 @@`
				`age1j47wr83tg4t8sdjcyarwvvrt8qzjrgw2fa2e4nufffdev89t8prsu7lxnh`