ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

weee

Browse source
This commit is contained in:
RingOfStorms (Joshua Bell) 2025-04-28 18:02:45 -05:00
parent 39edfefa58
commit e671f877d9
4 changed files with 26 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

17
common/_containers/forgejo.nix
View file

@ -7,8 +7,11 @@ let
name = "forgejo"; name = "forgejo";
hostDataDir = "/var/lib/${name}"; hostDataDir = "/var/lib/${name}";
hostAddress = "10.0.0.1";
containerAddress = "10.0.0.2";
hostAddress6 = "fc00::1"; hostAddress6 = "fc00::1";
containerAddress6 = "fc00::2"; containerAddress6 = "fc00::2";
hostBridge = "br0";
binds = [ binds = [
# Postgres data, must use postgres user in container and host # Postgres data, must use postgres user in container and host
@ -80,6 +83,8 @@ in
ephemeral = true; ephemeral = true;
autoStart = true; autoStart = true;
privateNetwork = true; privateNetwork = true;
hostAddress = hostAddress;
localAddress = containerAddress;
hostAddress6 = hostAddress6; hostAddress6 = hostAddress6;
localAddress6 = containerAddress6; localAddress6 = containerAddress6;
bindMounts = lib.foldl ( bindMounts = lib.foldl (
@ -100,13 +105,15 @@ in
networking = { networking = {
firewall = { firewall = {
enable = true; enable = true;
allowedTCPPorts = [ 3000 3032 ]; allowedTCPPorts = [
3000
3032
];
}; };
# Use systemd-resolved inside the container # Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false; useHostResolvConf = lib.mkForce false;
}; };
services.resolved.enable = true; services.resolved.enable = true;
# Ensure users exist on container # Ensure users exist on container
@ -163,6 +170,8 @@ in
DISABLE_ORGANIZATIONS_PAGE = true; DISABLE_ORGANIZATIONS_PAGE = true;
}; };
repository = { repository = {
# ENABLE_PUSH_CREATE_USER = true;
# ENABLE_PUSH_CREATE_ORG = true;
DISABLE_STARS = true; DISABLE_STARS = true;
DEFAULT_PRIVATE = "private"; DEFAULT_PRIVATE = "private";
}; };
@ -175,6 +184,10 @@ in
SHOW_FOOTER_VERSION = false; SHOW_FOOTER_VERSION = false;
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false; SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
}; };
migrations = {
ALLOWED_DOMAINS = "*.github.com,github.com";
ALLOW_LOCALNETWORKS = true;
};
}; };
}; };
}; };

2
common/general/shell/common.nix
View file

@ -40,7 +40,7 @@ with lib;
date_short = "date +'%Y-%m-%d'"; date_short = "date +'%Y-%m-%d'";
ls = "ls --color -Gah"; ls = "ls --color -Gah";
ll = "ls --color -Galh"; ll = "ls --color -Galh";
lss = "du --max-depth=0 -h * 2>/dev/null | sort -hr"; lss = "du --max-depth=0 -h {.,}* 2>/dev/null | sort -hr";
psg = "ps aux | head -n 1 && ps aux | grep -v 'grep' | grep"; psg = "ps aux | head -n 1 && ps aux | grep -v 'grep' | grep";
cl = "clear"; cl = "clear";

13
hosts/lio/containers.nix
View file

@ -16,10 +16,15 @@
config = { config = {
## Give internet access ## Give internet access
networking.nat.enable = true; networking = {
networking.nat.internalInterfaces = [ "ve-*" ]; nat = {
networking.nat.externalInterface = "ens3"; enable = true;
networking.nat.enableIPv6 = true; internalInterfaces = [ "ve-*" ];
externalInterface = "eno1";
enableIPv6 = true;
};
firewall.trustedInterfaces = [ "ve-*" ];
};
# mathesar # mathesar
# services.mathesar.secretKey = "mImvhwyu0cFmtUNOAyOjm6qozWjEmHyrGIpOTZXWW7lnkj5RP3"; # services.mathesar.secretKey = "mImvhwyu0cFmtUNOAyOjm6qozWjEmHyrGIpOTZXWW7lnkj5RP3";

2
hosts/lio/flake.lock generated
View file

@ -32,7 +32,7 @@
}, },
"locked": { "locked": {
"lastModified": 1, "lastModified": 1,
"narHash": "sha256-fpl7kTl/r442RV8N8ut08UclEQR1wUs2G+gk4/S71pA=", "narHash": "sha256-PLiddkpkHZxcS8MiVlI8k3rbBWNqDb0mrHWdRvadANI=",
"path": "../../common", "path": "../../common",
"type": "path" "type": "path"
}, },