chore: resonite, storage and forgejo setup

2026-02-27 21:47:24 +01:00 · 2026-02-27 21:47:24 +01:00 · 279e95a1ec
commit 279e95a1ec
parent d79fe97b7e
18 changed files with 203 additions and 167 deletions
--- a/systems/rena/default.nix
+++ b/systems/rena/default.nix
@ -1,24 +1,15 @@
 {
  imports = [
    ../../roles/headless
-    ../../modules/services/resonite-server.nix
+    ../../roles/webserver
+    ./impl/forgejo.nix
+    ./impl/resonite.nix
+    ./impl/storage.nix
  ];

  boot.swraid.mdadmConf = ''
    MAILADDR luna@bddvlpr.com
  '';

-  # sops.secrets = {
-  #   "resonite/steam/username" = { };
-  #   "resonite/steam/password" = { };
-  #   "resonite/steam/branch-password" = { };
-  #   "resonite/username" = { };
-  #   "resonite/password" = { };
-  # };
-
-  # services.resonite-server = {
-  #   enable = true;
-  # };
-
  system.stateVersion = "25.11";
 }
--- a/systems/rena/disko.nix
+++ b/systems/rena/disko.nix
@ -8,14 +8,8 @@
          type = "gpt";
          partitions = {
            boot = {
-              size = "2G";
-              type = "EF00";
-              content = {
-                type = "filesystem";
-                format = "vfat";
-                mountpoint = "/boot";
-                mountOptions = [ "defaults" ];
-              };
+              size = "1M";
+              type = "EF02";
            };
            mdadm = {
              size = "100%";
@ -34,6 +28,10 @@
        content = {
          type = "gpt";
          partitions = {
+            boot = {
+              size = "1M";
+              type = "EF02";
+            };
            mdadm = {
              size = "100%";
              content = {
@ -49,7 +47,7 @@
    mdadm = {
      raid0 = {
        type = "mdadm";
-        level = 0;
+        level = 1;
        content = {
          type = "gpt";
          partitions = {
--- a/systems/rena/hardware.nix
+++ b/systems/rena/hardware.nix
@ -1,7 +1,22 @@
 {
+  boot = {
+    kernelModules = [ "kvm-amd" ];
+    initrd = {
+      availableKernelModules = [
+        "nvme"
+        "ahci"
+      ];
+      kernelModules = [ "dm-snapshot" ];
+    };
+
+    loader.grub = {
+      enable = true;
+      efiSupport = false;
+    };
+  };
+
  hardware = {
    enableRedistributableFirmware = true;
-
    cpu.amd.updateMicrocode = true;
  };
 }
--- a/systems/rena/impl/forgejo.nix
+++ b/systems/rena/impl/forgejo.nix
@ -0,0 +1,31 @@
+{
+  services.forgejo = {
+    enable = true;
+    database.type = "postgres";
+    lfs.enable = true;
+
+    settings = {
+      server = {
+        DOMAIN = "git.avali.network";
+        ROOT_URL = "https://git.avali.network/";
+        HTTP_ADDR = "127.0.0.1";
+        HTTP_PORT = 3000;
+      };
+
+      service = {
+        DISABLE_REGISTRATION = true;
+      };
+    };
+  };
+
+  services.nginx.virtualHosts."git.avali.network" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:3000";
+    };
+    extraConfig = ''
+      client_max_body_size 512M;
+    '';
+  };
+}
--- a/systems/rena/impl/resonite.nix
+++ b/systems/rena/impl/resonite.nix
@ -0,0 +1,35 @@
+{ config, ... }:
+{
+  sops = {
+    secrets = {
+      "resonite/steam/username" = { };
+      "resonite/steam/password" = { };
+      "resonite/steam/branch-password" = { };
+      "resonite/username" = { };
+      "resonite/password" = { };
+    };
+
+    templates = {
+      "resonite/.env".content = ''
+        STEAM_USER=${config.sops.placeholder."resonite/steam/username"}
+        STEAM_PASS=${config.sops.placeholder."resonite/steam/password"}
+        BETA_CODE=${config.sops.placeholder."resonite/steam/branch-password"}
+      '';
+      "resonite/config.json".content = builtins.toJSON {
+        universeId = null;
+        tickRate = 60.0;
+        maxConcurrentAssetTransfers = 8;
+
+        loginCredential = config.sops.placeholder."resonite/username";
+        loginPassword = config.sops.placeholder."resonite/password";
+        loginRequired = true;
+      };
+    };
+  };
+
+  services.resonite-server = {
+    enable = false;
+    environmentFiles = [ config.sops.templates."resonite/.env".path ];
+    settingsFile = config.sops.templates."resonite/config.json".path;
+  };
+}
--- a/systems/rena/impl/storage.nix
+++ b/systems/rena/impl/storage.nix
@ -0,0 +1,17 @@
+{
+  systemd.tmpfiles.rules = [
+    "d /srv/storage 0775 root wheel -"
+  ];
+
+  services.nginx.virtualHosts."storage.avali.network" = {
+    enableACME = true;
+    forceSSL = true;
+
+    root = "/srv/storage";
+
+    extraConfig = ''
+      autoindex on;
+      autoindex_localtime on;
+    '';
+  };
+}
--- a/systems/rena/secrets.yaml
+++ b/systems/rena/secrets.yaml
@ -7,14 +7,23 @@ resonite:
    password: ENC[AES256_GCM,data:1oimmii6d9xj0CY/Ja8=,iv:ne6H4CjaWFT+cNY+bHNniHvl1CqOE9wiWiO/t+aSXQc=,tag:sfeiTBmFUjRFlycIfvnigg==,type:str]
 sops:
    age:
+        - recipient: age12n577uzpuv7mn7sca3a8jdsay235g5zc5un8zxfhxgsrq7jmsgqqq7fy9f
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1djZ5ZUYwMzJ5VnZuczhx
+            dm1lbkFpRlpvYUptcEN3RTRBeFpiRkcyRHc4CllMYkpHZ2Z0a0NMWFZQbUYweGh3
+            cTJyM3YwelNDdmVzUGxtWGZTRGJEQ0EKLS0tIGVkZWhyU0luNkgxWmdibGZCb2p2
+            ZC94dGUva3J0S1J6UWJGcW1sRy9EaGsKH+Ggopr0i3dLSTxG1q/sKKY5TeI3GJlc
+            PUAxSKp7JtKoF6eUHzmZOpleF50ksXaQYJRXEALot52hZ6cvqZXTSg==
+            -----END AGE ENCRYPTED FILE-----
        - recipient: age16aazmlnarycwuk3a9e5sr55e2354sydn9qd5c6edhly9rq9k693s43txeq
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArWlEyNVNodUtFelQ3MFls
-            d0QwVC9hWVhhb2xNQy9YRXdJWjFTdXNyM0U4Cklid0VManlvWlptL3l0Vy9ZOFh1
-            MGRvREgySElDZWlhbHYvc3dSYlpJS2cKLS0tIG14bGtYUVMxT291Ym15eG9PbkVN
-            VStSTmZ1TXlReGZmWlU2UHVzbVJmWXMKXhCPWqVrkIOSJWqtYDeAhYEdIubjLN+a
-            dCOodAxrty2fNj9HJdHXkbRazlGY1e4mp5LxNrAM+WAYIFUnTIqC1Q==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpMVhEWFIrZFhzMXBETHpT
+            eFo1WXlZUk1Wb0VvNllOMklkVVU4UG9VRW1rCmRjWUd3R2dEYTAybFJ5U2hTWjR1
+            bUtkRzluYWpGNjU3QmRlYWZCcFhjdXMKLS0tIFNzeXhzOTZ6bVdlMGNYdWZnMnFH
+            SUdMSXczUzFDdHdDM0VZNitHNE9lRncK8Az9PhbgZxu/cllBtSY1LIdo7sPdIC+G
+            N8OGVWENvrZ9KJRXEDNdGTQBxH5dF7ihlnkt+of9dxzfyuOXAndP2Q==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2026-02-27T15:18:00Z"
    mac: ENC[AES256_GCM,data:bxwGVuMr78vRgEBsKzdYAYNDSD/UHZoKwwLgmOavz1BLJe0tpoaFY5TCPjREsupIL9YLyzq50M3cTX0y3qXOJ042j6tVedd4wCJ9eZf4ynvNkdKFT2Q3CrNCMmtfl12npywnpQsnSYhxm0YwaTPt/6/HEb+S91Gfsxe3D5YhKi4=,iv:yNxk3vEBUN1adjWnUE4Q8tEOEZZ0/AdZ0rmvmtMQgtw=,tag:dnDMakWxYAmn3z6akHcntQ==,type:str]