✨ (services): radicle

elythh · Sep 30, 2024 · eeefee6 · eeefee6
1 parent 4cdb223
commit eeefee6
Show file tree

Hide file tree

Showing 4 changed files with 58 additions and 2 deletions.
diff --git a/hosts/mithrix/default.nix b/hosts/mithrix/default.nix
@@ -23,6 +23,7 @@ in
       vikunja.enable = true;
       glance.enable = true;
       paperless.enable = true;
+      radicle.enable = true;
     };
   };
   tailscale.enable = true;

diff --git a/modules/nixos/opt/services/default.nix b/modules/nixos/opt/services/default.nix
@@ -11,6 +11,7 @@
     ./xserver.nix
     ./kanata.nix
     ./immich.nix
+    ./radicle.nix
     ./paperless.nix
     ./vikunja.nix
     ./your_spotify.nix

diff --git a/modules/nixos/opt/services/radicle.nix b/modules/nixos/opt/services/radicle.nix
@@ -0,0 +1,53 @@
+{ config, lib, ... }:
+let
+  inherit (lib)
+    mkIf
+    mkOption
+    types
+    mkEnableOption
+    ;
+
+  host = "git.elyth.xyz";
+  cfg = config.opt.services.radicle;
+in
+{
+  options.opt.services.radicle = {
+    enable = mkEnableOption "radicle";
+    nodeHost = mkOption {
+      type = types.str;
+      default = "0.0.0.0";
+    };
+    nodePort = mkOption {
+      type = types.int;
+      default = 8888;
+    };
+  };
+
+  config = mkIf cfg.enable {
+
+    sops.secrets.privateSSH = { };
+    services.radicle = {
+      enable = true;
+      privateKeyFile = config.sops.secrets.privateSSH.path;
+      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICsZ/9N72VrtwfZVklSPgaDTLSSRYVlP1l+7cDZwIj6v [email protected] - default key";
+      node.openFirewall = true;
+      node.listenAddress = cfg.nodeHost;
+      node.listenPort = cfg.nodePort;
+      settings = {
+        "web" = {
+          "pinned" = {
+            "repositories" =
+              [
+              ];
+          };
+        };
+      };
+      httpd.enable = true;
+      httpd.nginx.serverName = host;
+      httpd.nginx.enableACME = true;
+      httpd.nginx.forceSSL = true;
+    };
+    security.acme.defaults.email = "[email protected]";
+    security.acme.acceptTerms = true;
+  };
+}
diff --git a/secrets/mithrix/secrets.yaml b/secrets/mithrix/secrets.yaml
@@ -2,6 +2,7 @@ your_spotify_client_id_env: ENC[AES256_GCM,data:3pv9ZNpK7Aq0hiPV4/Aa5f8kwMdYJrSE
 your_spotify_client_secret: ENC[AES256_GCM,data:q7dieDgWx3TSZ3a66dD/aHVGfp69GYATbKm11gIussM=,iv:emlE0XHi04aItkawGBXS1UITaO3+mK4zZOYaZUDFF8k=,tag:hDWKctyrSmfoS+k35qVByA==,type:str]
 cloudflared-tunnel-creds: ENC[AES256_GCM,data:C8F6TNRevVnc/OR0OJFs4BtTEYZapoDr6/P5gvcBZreQdZ1OzlQe7EOCHozq/AhgpEe1VMioB1KVwCs3+dRTlp9KWesFpfUPzXO772f48Zpf1a0KlZeKz8FB5WM0NTnHs5ndXUGihPmQO/WvF/bKNS1KV7ib8RFmN+w2mpbqwvQ71c68FDGFgSC+KFXROMU3VMNJrgWP6+G391KFgpySPBWN,iv:/bJ52RKcPbQTxiLvqZU4YidpwEajcqJy44/3x3K2RYU=,tag:I2KAt2FAwyinXWkgKfhbIA==,type:str]
 paperless_password: ENC[AES256_GCM,data:MU5/I81Yd3bt8UYriiY=,iv:6B3L0gggcB/tZzG7aDBBLjPioqWLl0Ej246+mfiA5RI=,tag:tSBvhno6wM8eUj/K58DlEA==,type:str]
+privateSSH: ENC[AES256_GCM,data:fHV1DY+uXB36MvzR05FG45sthVsRwco6k164QJ5s/k6GQwyXVoAdQTNOGg1S98M8G384XizH8c5yZ80HutsINLI2eHYc3yj++nORNH+b3nsSgcTr+VRE1ahBuET24xzOmyWzKYvbslFwxw5R2MtFfoSZUnVYCykXPPmLb9D7QkzM9dF63loyT7bz4O9vX6zZU7alhbCUah6k18kVW657JN61xrR+qiiWaPtWfF6emoVZfIQnMgxZLZVs5eb7Vr3sYIbaKBivNDHzOMvwx06eyEhx1+4Q/du9aMpBRpF8DlQ1mkULcXyeM0Il9pHSx0nX6GsWgtoEN1w0qE2TLJtvCjCKfDHywOAGQIkdwtU94rvTWeO5WAhYCf+gFSbR2FisL4khq5fj4hTcrnL2RmB5pgsVsuPnK2DY+eNeJCrKj45eQRILfMSPozaW1oQAH5AIQL6uCpXiUgAblmOkxlhrq+HcGyU3yljWVaEigb08N+ldwXpnBzhXtw0hHwlvpST8wfrueiq3qRwRODKcY8Kh9lrNoZInss5ZWZim6u1i1fpteAR9U5JkT+KbSdJ9nT96/WdR6olm1KiqmgtABVtr2dt1KOI=,iv:xW+xjj1fQymAi2XG3yKEu/0e8gAvX2QEzXkJ8P6p3WQ=,tag:4t4OmWV9QAqEigIJbncWtQ==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -17,8 +18,8 @@ sops:
             N1NOYkhIbTRZakZWVzFPRUJRUVlKVGMK1rGjG9ssl2nk37JwdgRniC5/vtI+d+em
             nmDTexkjOQsLyVLckzZ5TDorg891F2Pa4L3a3FBJUa2sTFJjxv9Xww==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-09-28T19:59:01Z"
-    mac: ENC[AES256_GCM,data:0YT+yrsi+ZsZOXJGdB69g+KiqY69TRZjlOLpxyJ202kY3yOO0NqiFrR2QnSa9FxdF+HITfJI8FgPWlgwYFfw39tP/JTZ/TWnu4fLrZJurm+iY8g8YI7jTi5Lqn/Fn60TPOM297/IIUzjGSUwzZJ1mPz5/xUy26Tz5UGQgCEjYv4=,iv:Ko5AU+DZgBGvbvsYBW+Pxq8NIyLsLVv7SDhwATKNFD4=,tag:0pyNE89o7zYdV3hSZx8ZWw==,type:str]
+    lastmodified: "2024-09-29T23:37:30Z"
+    mac: ENC[AES256_GCM,data:YDI8HwGih1H4RxdN8/9a0mgqwgMu/IFsOVIReqA2wBKVewgeE1BweI11+xhPEsLiQqV5kh99VWEZH/j+kXMIm5GLIOW/vSRLOjaGIBHqHCmgvONjTmDKFoTdyhb+lpzy+EV5ihcte9Tp2hGWEN8ktZhiNC2qJLJWVRzFuebFRS0=,iv:Adn2ww73fVKvoUHLl5tjJtMCo5v5LqDLMgTNQYvfQls=,tag:iTfpxZaLFVUjD8kc7NMCIQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.0