chore: resonite, storage and forgejo setup

This commit is contained in:
Luna Simons 2026-02-27 21:47:24 +01:00
parent d79fe97b7e
commit 279e95a1ec
No known key found for this signature in database
GPG key ID: FAB9C1BCA0FED262
18 changed files with 203 additions and 167 deletions

View file

@ -1,24 +1,15 @@
{
imports = [
../../roles/headless
../../modules/services/resonite-server.nix
../../roles/webserver
./impl/forgejo.nix
./impl/resonite.nix
./impl/storage.nix
];
boot.swraid.mdadmConf = ''
MAILADDR luna@bddvlpr.com
'';
# sops.secrets = {
# "resonite/steam/username" = { };
# "resonite/steam/password" = { };
# "resonite/steam/branch-password" = { };
# "resonite/username" = { };
# "resonite/password" = { };
# };
# services.resonite-server = {
# enable = true;
# };
system.stateVersion = "25.11";
}

View file

@ -8,14 +8,8 @@
type = "gpt";
partitions = {
boot = {
size = "2G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "defaults" ];
};
size = "1M";
type = "EF02";
};
mdadm = {
size = "100%";
@ -34,6 +28,10 @@
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02";
};
mdadm = {
size = "100%";
content = {
@ -49,7 +47,7 @@
mdadm = {
raid0 = {
type = "mdadm";
level = 0;
level = 1;
content = {
type = "gpt";
partitions = {

View file

@ -1,7 +1,22 @@
{
boot = {
kernelModules = [ "kvm-amd" ];
initrd = {
availableKernelModules = [
"nvme"
"ahci"
];
kernelModules = [ "dm-snapshot" ];
};
loader.grub = {
enable = true;
efiSupport = false;
};
};
hardware = {
enableRedistributableFirmware = true;
cpu.amd.updateMicrocode = true;
};
}

View file

@ -0,0 +1,31 @@
{
services.forgejo = {
enable = true;
database.type = "postgres";
lfs.enable = true;
settings = {
server = {
DOMAIN = "git.avali.network";
ROOT_URL = "https://git.avali.network/";
HTTP_ADDR = "127.0.0.1";
HTTP_PORT = 3000;
};
service = {
DISABLE_REGISTRATION = true;
};
};
};
services.nginx.virtualHosts."git.avali.network" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
};
extraConfig = ''
client_max_body_size 512M;
'';
};
}

View file

@ -0,0 +1,35 @@
{ config, ... }:
{
sops = {
secrets = {
"resonite/steam/username" = { };
"resonite/steam/password" = { };
"resonite/steam/branch-password" = { };
"resonite/username" = { };
"resonite/password" = { };
};
templates = {
"resonite/.env".content = ''
STEAM_USER=${config.sops.placeholder."resonite/steam/username"}
STEAM_PASS=${config.sops.placeholder."resonite/steam/password"}
BETA_CODE=${config.sops.placeholder."resonite/steam/branch-password"}
'';
"resonite/config.json".content = builtins.toJSON {
universeId = null;
tickRate = 60.0;
maxConcurrentAssetTransfers = 8;
loginCredential = config.sops.placeholder."resonite/username";
loginPassword = config.sops.placeholder."resonite/password";
loginRequired = true;
};
};
};
services.resonite-server = {
enable = false;
environmentFiles = [ config.sops.templates."resonite/.env".path ];
settingsFile = config.sops.templates."resonite/config.json".path;
};
}

View file

@ -0,0 +1,17 @@
{
systemd.tmpfiles.rules = [
"d /srv/storage 0775 root wheel -"
];
services.nginx.virtualHosts."storage.avali.network" = {
enableACME = true;
forceSSL = true;
root = "/srv/storage";
extraConfig = ''
autoindex on;
autoindex_localtime on;
'';
};
}

View file

@ -7,14 +7,23 @@ resonite:
password: ENC[AES256_GCM,data:1oimmii6d9xj0CY/Ja8=,iv:ne6H4CjaWFT+cNY+bHNniHvl1CqOE9wiWiO/t+aSXQc=,tag:sfeiTBmFUjRFlycIfvnigg==,type:str]
sops:
age:
- recipient: age12n577uzpuv7mn7sca3a8jdsay235g5zc5un8zxfhxgsrq7jmsgqqq7fy9f
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1djZ5ZUYwMzJ5VnZuczhx
dm1lbkFpRlpvYUptcEN3RTRBeFpiRkcyRHc4CllMYkpHZ2Z0a0NMWFZQbUYweGh3
cTJyM3YwelNDdmVzUGxtWGZTRGJEQ0EKLS0tIGVkZWhyU0luNkgxWmdibGZCb2p2
ZC94dGUva3J0S1J6UWJGcW1sRy9EaGsKH+Ggopr0i3dLSTxG1q/sKKY5TeI3GJlc
PUAxSKp7JtKoF6eUHzmZOpleF50ksXaQYJRXEALot52hZ6cvqZXTSg==
-----END AGE ENCRYPTED FILE-----
- recipient: age16aazmlnarycwuk3a9e5sr55e2354sydn9qd5c6edhly9rq9k693s43txeq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArWlEyNVNodUtFelQ3MFls
d0QwVC9hWVhhb2xNQy9YRXdJWjFTdXNyM0U4Cklid0VManlvWlptL3l0Vy9ZOFh1
MGRvREgySElDZWlhbHYvc3dSYlpJS2cKLS0tIG14bGtYUVMxT291Ym15eG9PbkVN
VStSTmZ1TXlReGZmWlU2UHVzbVJmWXMKXhCPWqVrkIOSJWqtYDeAhYEdIubjLN+a
dCOodAxrty2fNj9HJdHXkbRazlGY1e4mp5LxNrAM+WAYIFUnTIqC1Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpMVhEWFIrZFhzMXBETHpT
eFo1WXlZUk1Wb0VvNllOMklkVVU4UG9VRW1rCmRjWUd3R2dEYTAybFJ5U2hTWjR1
bUtkRzluYWpGNjU3QmRlYWZCcFhjdXMKLS0tIFNzeXhzOTZ6bVdlMGNYdWZnMnFH
SUdMSXczUzFDdHdDM0VZNitHNE9lRncK8Az9PhbgZxu/cllBtSY1LIdo7sPdIC+G
N8OGVWENvrZ9KJRXEDNdGTQBxH5dF7ihlnkt+of9dxzfyuOXAndP2Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-02-27T15:18:00Z"
mac: ENC[AES256_GCM,data:bxwGVuMr78vRgEBsKzdYAYNDSD/UHZoKwwLgmOavz1BLJe0tpoaFY5TCPjREsupIL9YLyzq50M3cTX0y3qXOJ042j6tVedd4wCJ9eZf4ynvNkdKFT2Q3CrNCMmtfl12npywnpQsnSYhxm0YwaTPt/6/HEb+S91Gfsxe3D5YhKi4=,iv:yNxk3vEBUN1adjWnUE4Q8tEOEZZ0/AdZ0rmvmtMQgtw=,tag:dnDMakWxYAmn3z6akHcntQ==,type:str]