diff --git a/hosts/alto/default.nix b/hosts/alto/default.nix index f1256ac..56a3db4 100644 --- a/hosts/alto/default.nix +++ b/hosts/alto/default.nix @@ -30,10 +30,6 @@ in subdomain = "budget"; port = portOf "actualbudget"; }; - forgejo = { - subdomain = "git"; - port = portOf "forgejo"; - }; }; }; @@ -47,10 +43,6 @@ in domain = "budget.${tsDomain}"; backups.enable = true; }; - forgejo = { - enable = true; - domain = "git.${tsDomain}"; - }; syncthing = { enable = true; diff --git a/hosts/alto/secrets.yaml b/hosts/alto/secrets.yaml index 3ec957a..c412753 100644 --- a/hosts/alto/secrets.yaml +++ b/hosts/alto/secrets.yaml @@ -5,8 +5,6 @@ nextcloud: admin-password: ENC[AES256_GCM,data:TepYe5rZox6aoa3jeIhmBxaZIQGpjjf+SAG8E39y,iv:cAanc3a5e3PF+BkiFjcME+PiTSRaNj/e78kT/RTbaxY=,tag:wbn4vWeDnSJH7jWu7hutVw==,type:str] hedgedoc: seb-password: ENC[AES256_GCM,data:+pejm+Ju9l1jqY/8gpWRR6I5z3VEFzPxzw==,iv:0ji6ayKljy7LoZW423xcMmKJqsbon3JGzEb8KlbR2zs=,tag:sz8Szb8wA00U9Es0q0N/tw==,type:str] -forgejo: - admin-password: ENC[AES256_GCM,data:opuQpLrpwkoaRLPmllMrnf1PXTPc1KvJLw==,iv:mfxM8XpQJvAYjKq+rCUhrg+OAaEre1KLayNgH9t4BvM=,tag:5IPFlI1T+j1lxvoPoHBMrQ==,type:str] restic: environment: ENC[AES256_GCM,data:v1Ui5mG7Q98CFEpq7sSpzEf86cJAcRi+sqFdvy6ZPuY9dukJD2wAGt5fuNQkMzBCKAUTHb46ga1WYf9fZ5AUOPdA1MNrJWKrXlrsYh8ZJYKOgfEVBBYPUKKGcajILNQ5SzU=,iv:Asg4CWJbGqSZh8YaxcWA0Yxau1dE4ZV9JBJSiDHufGI=,tag:46pNMWoCbciEv4cIHo7KFQ==,type:str] password: ENC[AES256_GCM,data:NVeqrWqtdgbhu3U7dAgwFeNLS9oPtnAPSrkGtvYD,iv:3l+9+bZfOpZdSCBKzXn5PqJvqo7mz/rj1tkihJqMHIs=,tag:JXigRR1adGlm8ehRv5wzIA==,type:str] @@ -31,7 +29,7 @@ sops: dEhnSkQ5SDlnbmhGSVdYaDNuc3ZkM00K7WPEZRYWAd7uGY0IcDwGgQVPrpkF/tnz ncj03JXM4BXwvEQOmD/i6wS4U4WCwkh9EauGJljVFTeu6TciomDULQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-05-26T18:22:58Z" - mac: ENC[AES256_GCM,data:e7flwIEUUY2aZw4Uxn2YsIAvYpXIqn7Td3DFHutdxSClsTeg98bFXnQwYVqG5eI4S+/z+4C3EVXsI3XIKEvleyefBopvNPy3TSrooAd2ckVJFS51YMqVuz7QV/QX7loNHtT1GTWceSVkIFFKeC1FBsOffHhwVyduR40C4Ok3CWY=,iv:wPC+DyiBaergNoH495kmmSO9meZTB0i4D8lQkAWMBe8=,tag:gyGBh1kISbOaLvrTupofSw==,type:str] + lastmodified: "2025-05-28T19:18:21Z" + mac: ENC[AES256_GCM,data:9K+Q8tf3rgoja+XmQS6E3HkoPp6v1jVdSVRarkLZvp3ELPjzUvE7Y4EkG0nq4wV5jdsaKdyH3QqjjPgRhSvrP4nKGwktA5hBJsCg/D7acjutcokc4oO3L11KFkBA/FxS1LCBBM5yufoIi1YQ8vX5XVqJafEIXD4fzfBn8SqZNcc=,iv:XutGQkil5NKEiBLZPtmdHJreiPvkPHiX4GhZrgrNC1Y=,tag:T+2MUaLXG6nkmfNQBQTq/g==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2 diff --git a/hosts/cirrus/default.nix b/hosts/cirrus/default.nix index 64ffcfd..fd95317 100644 --- a/hosts/cirrus/default.nix +++ b/hosts/cirrus/default.nix @@ -12,12 +12,6 @@ ssh.enable = true; }; - hedgedoc = { - enable = true; - domain = "docs.sprouted.cloud"; - backups.enable = true; - }; - crowdsec = { enable = true; firewallBouncer.enable = true; @@ -26,14 +20,29 @@ "caddy" ]; }; + + hedgedoc = { + enable = true; + domain = "docs.sprouted.cloud"; + backups.enable = true; + }; + forgejo = { + enable = true; + domain = "git.sstork.dev"; + }; }; }; services.caddy = { enable = true; - virtualHosts.${config.custom.services.hedgedoc.domain}.extraConfig = '' - reverse_proxy localhost:${toString config.custom.services.hedgedoc.port} - ''; + virtualHosts = { + ${config.custom.services.hedgedoc.domain}.extraConfig = '' + reverse_proxy localhost:${toString config.custom.services.hedgedoc.port} + ''; + ${config.custom.services.forgejo.domain}.extraConfig = '' + reverse_proxy localhost:${toString config.custom.services.forgejo.port} + ''; + }; }; networking.firewall.allowedTCPPorts = [ diff --git a/hosts/cirrus/secrets.yaml b/hosts/cirrus/secrets.yaml index 128bdd6..96f8443 100644 --- a/hosts/cirrus/secrets.yaml +++ b/hosts/cirrus/secrets.yaml @@ -3,6 +3,8 @@ tailscale-auth-key: ENC[AES256_GCM,data:u4F4B7cxqX5S+25lsB/X3WUYJFlLrIcqA+pWABDn hedgedoc: seb-password: ENC[AES256_GCM,data:hzUFWZ3m6oIUOySTHfRyEDSNqYIfJndYSg==,iv:wg8aMAEbvCYVfqMhikF1tbEdB+CYzLB4azlLN6OU/HE=,tag:Yf7xUBwIetnkUnncOi/V8Q==,type:str] gitlab-auth-secret: ENC[AES256_GCM,data:vxgXbP+6mtWpjgfsEaFHJd5IVM+oPPHhYNqwO76+Zw9j2fZZane4T9YUixUvM3kYQwW+Ml/gRHn9GjgM1fIYRRKAsbO1wA==,iv:lyfWZFwZjdP005X4USGKM1OWKu3W8YTZ0oWODhF/uPI=,tag:3Kj1/pUjMo8GjIDTdPBo1A==,type:str] +forgejo: + admin-password: ENC[AES256_GCM,data:DOZah26AGeR89kgeIvWPCJlVRxML9r7F2g==,iv:4BCOmHxzCr4Z3975MN4mr/lyeEVyJhwuGfDxek6GiSI=,tag:IsgsIhrTEMRp1/FFFQbyhA==,type:str] restic: environment: ENC[AES256_GCM,data:oPgJ20N7eO0W+SnRPA/uaGDbYBpKX3jWixuVIG0+eBRRlaPWBFpJKA7CK9oVvwuqQUtGiRnoR2gqO42C22WRSiHXqe1zoarhvQMcXy8CTQd6Y+k5iMspSzMZynfkMapooK4=,iv:Ub1ONOcoEZ52E8W1qK93xpmYXMUiVszFbHoO/pUa/Mo=,tag:2yTJZmirhPIN01cB5F0Lsw==,type:str] password: ENC[AES256_GCM,data:gMd4G8o83r3sTZEH1kRkn05Mye96sHV2mdRWNbbS,iv:E2hBYbvpCMDul81lgUBNVr5Fm7x0u1f9cEkma9jKwYE=,tag:CeFrP3pO1VmGxcvj7b7pYA==,type:str] @@ -29,7 +31,7 @@ sops: aHNody9YR2ZKTDNINmNvbGNHb0dCRVkKXcUQxU0Craqkze0l0mH75MKTnkf7a/ae XeqWVJRO1WpG+UhF3QB3yMq9uy0vlc3JnD3LsE0inWUSl0s6AgDZOg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-05-24T18:15:52Z" - mac: ENC[AES256_GCM,data:FIDuoiN8YmRCDHvl0SYN+HZKP+zgE1ZDEBSD8mePkLd6WfBtKQOS7bXr0GS5lfdui0H2e8tWDz1pMENlI69S3ZimAc8AYCJwyw0cyzRCjUNvicgJaxVP70faOhXTKXQnCu5Dxul/bYpzqvhhVUzhRfhoPxLLCSU7Hh05kqt3OJw=,iv:fWy6mXq0AQTjpWs1jyzqzwKA/hjd0Pvig9j1ZbdDDng=,tag:iHYPmJn6x6HJj3Q6LbEC/A==,type:str] + lastmodified: "2025-05-28T19:18:32Z" + mac: ENC[AES256_GCM,data:NVrQa5s01ws9WmDHjdByc6e7tHQSNQpDYY1J/6D6PZBq51Rs7/kmrA+M9myBjL40CzX4aT3AOPQQkD9V6iP9tP/2sN39kpfebnV55YtSTWI8t03r0bnSG4ZWlW84neg6qc96+cclSyEWSVxoBNZHIIyD02JJ9kSgfyyycZuxYf8=,iv:OHPeuZCHrmRk8TkNjHtujZTD4Bks7yPX0pReoMifBAE=,tag:DT/wMrApSpxT11/auDADDQ==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2