🚀 big update:
added logging to all nginx routes added loki, promtail to scrape nginx logs turned i2pd back on, updated my websites version upgraded all hosts to 24.05 forgejo added bigger limit to upload limit due to docker images privacy frontends: added priviblur libreddit -> redlib added biblioreads ddns-updater, changed credentials but there is a bug with porkbun added penpot brought back anonymousoverflow added readme privacy respecting frontends
This commit is contained in:
parent
9463db2058
commit
b6107679d1
39
hosts/carbon/services/monitoring/promtail.nix
Normal file
39
hosts/carbon/services/monitoring/promtail.nix
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
{ pkgs, ... }: {
|
||||||
|
|
||||||
|
|
||||||
|
services.promtail = {
|
||||||
|
enable = true;
|
||||||
|
configuration =
|
||||||
|
{
|
||||||
|
server = {
|
||||||
|
http_listen_port = 0;
|
||||||
|
grpc_listen_port = 0;
|
||||||
|
};
|
||||||
|
|
||||||
|
clients = [
|
||||||
|
{ url = "https//32.54.31.99:3100/api/prom/push"; }
|
||||||
|
];
|
||||||
|
|
||||||
|
scrape_configs = [
|
||||||
|
{
|
||||||
|
job_name = "system";
|
||||||
|
pipeline_stages = [
|
||||||
|
{ replace = { expression = "(?:[0-9]{1,3}\\.){3}([0-9]{1,3})"; replace = "***"; }; }
|
||||||
|
];
|
||||||
|
static_configs = [
|
||||||
|
{
|
||||||
|
targets = [ "localhost" ];
|
||||||
|
labels = {
|
||||||
|
job = "nginx_access_log";
|
||||||
|
host = "carbon";
|
||||||
|
agent = "promtail";
|
||||||
|
__path__ = "/var/log/nginx/json_access.log";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
29
hosts/carbon/services/privacy/biblioreads.nix
Normal file
29
hosts/carbon/services/privacy/biblioreads.nix
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
{ pkgs, config, ... }: {
|
||||||
|
|
||||||
|
virtualisation.oci-containers.containers = {
|
||||||
|
|
||||||
|
|
||||||
|
biblioreads = {
|
||||||
|
image = "nesaku/biblioreads:latest";
|
||||||
|
ports = [
|
||||||
|
"5484:3000"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
services.nginx = {
|
||||||
|
virtualHosts = {
|
||||||
|
|
||||||
|
"biblioreads.${config.networking.domain}" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = " http://127.0.0.1:5484";
|
||||||
|
extraConfig = ''
|
||||||
|
access_log /var/log/nginx/$server_name-access.log json_analytics;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
28
hosts/carbon/services/privacy/priviblur.nix
Normal file
28
hosts/carbon/services/privacy/priviblur.nix
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
{ pkgs, config, ... }: {
|
||||||
|
|
||||||
|
virtualisation.oci-containers.containers = {
|
||||||
|
|
||||||
|
priviblur = {
|
||||||
|
image = "quay.io/pussthecatorg/priviblur:latest";
|
||||||
|
ports = [
|
||||||
|
"1484:8000"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
services.nginx = {
|
||||||
|
virtualHosts = {
|
||||||
|
|
||||||
|
"priviblur.${config.networking.domain}" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = " http://127.0.0.1:1484";
|
||||||
|
extraConfig = ''
|
||||||
|
access_log /var/log/nginx/$server_name-access.log json_analytics;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
169
hosts/carbon/services/privacy/proxitok.nix
Normal file
169
hosts/carbon/services/privacy/proxitok.nix
Normal file
|
@ -0,0 +1,169 @@
|
||||||
|
# Auto-generated using compose2nix v0.2.0-pre.
|
||||||
|
{ pkgs, lib, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
services.nginx = {
|
||||||
|
virtualHosts = {
|
||||||
|
"proxitok.${config.networking.domain}" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = " http://127.0.0.1:4772";
|
||||||
|
extraConfig = ''
|
||||||
|
access_log /var/log/nginx/$server_name-access.log json_analytics;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Containers
|
||||||
|
virtualisation.oci-containers.containers."proxitok-redis" = {
|
||||||
|
image = "redis:7-alpine";
|
||||||
|
cmd = [ "redis-server" "--save" "60" "1" "--loglevel" "warning" ];
|
||||||
|
user = "nobody";
|
||||||
|
log-driver = "journald";
|
||||||
|
extraOptions = [
|
||||||
|
"--cap-drop=ALL"
|
||||||
|
"--network-alias=redis"
|
||||||
|
"--network=docker-compose_proxitok"
|
||||||
|
"--security-opt=no-new-privileges:true"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
systemd.services."podman-proxitok-redis" = {
|
||||||
|
serviceConfig = {
|
||||||
|
Restart = lib.mkOverride 500 "always";
|
||||||
|
};
|
||||||
|
after = [
|
||||||
|
"podman-network-docker-compose_proxitok.service"
|
||||||
|
];
|
||||||
|
requires = [
|
||||||
|
"podman-network-docker-compose_proxitok.service"
|
||||||
|
];
|
||||||
|
partOf = [
|
||||||
|
"podman-compose-docker-compose-root.target"
|
||||||
|
];
|
||||||
|
wantedBy = [
|
||||||
|
"podman-compose-docker-compose-root.target"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
virtualisation.oci-containers.containers."proxitok-signer" = {
|
||||||
|
image = "ghcr.io/pablouser1/signtok:master";
|
||||||
|
user = "nobody";
|
||||||
|
log-driver = "journald";
|
||||||
|
extraOptions = [
|
||||||
|
"--cap-drop=ALL"
|
||||||
|
"--network-alias=signer"
|
||||||
|
"--network=docker-compose_proxitok"
|
||||||
|
"--security-opt=no-new-privileges:true"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
systemd.services."podman-proxitok-signer" = {
|
||||||
|
serviceConfig = {
|
||||||
|
Restart = lib.mkOverride 500 "\"no\"";
|
||||||
|
};
|
||||||
|
after = [
|
||||||
|
"podman-network-docker-compose_proxitok.service"
|
||||||
|
];
|
||||||
|
requires = [
|
||||||
|
"podman-network-docker-compose_proxitok.service"
|
||||||
|
];
|
||||||
|
partOf = [
|
||||||
|
"podman-compose-docker-compose-root.target"
|
||||||
|
];
|
||||||
|
wantedBy = [
|
||||||
|
"podman-compose-docker-compose-root.target"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
virtualisation.oci-containers.containers."proxitok-web" = {
|
||||||
|
image = "ghcr.io/pablouser1/proxitok:master";
|
||||||
|
environment = {
|
||||||
|
API_CACHE = "redis";
|
||||||
|
API_SIGNER = "remote";
|
||||||
|
API_SIGNER_URL = "http://proxitok-signer:8080/signature";
|
||||||
|
LATTE_CACHE = "/cache";
|
||||||
|
REDIS_HOST = "proxitok-redis";
|
||||||
|
REDIS_PORT = "6379";
|
||||||
|
};
|
||||||
|
volumes = [
|
||||||
|
"proxitok-cache:/cache:rw"
|
||||||
|
];
|
||||||
|
ports = [
|
||||||
|
"4772:8080/tcp"
|
||||||
|
];
|
||||||
|
dependsOn = [
|
||||||
|
"proxitok-redis"
|
||||||
|
"proxitok-signer"
|
||||||
|
];
|
||||||
|
log-driver = "journald";
|
||||||
|
extraOptions = [
|
||||||
|
"--cap-add=CHOWN"
|
||||||
|
"--cap-add=SETGID"
|
||||||
|
"--cap-add=SETUID"
|
||||||
|
"--cap-drop=ALL"
|
||||||
|
"--network-alias=web"
|
||||||
|
"--network=docker-compose_proxitok"
|
||||||
|
"--security-opt=no-new-privileges:true"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
systemd.services."podman-proxitok-web" = {
|
||||||
|
serviceConfig = {
|
||||||
|
Restart = lib.mkOverride 500 "\"no\"";
|
||||||
|
};
|
||||||
|
after = [
|
||||||
|
"podman-network-docker-compose_proxitok.service"
|
||||||
|
"podman-volume-docker-compose_proxitok-cache.service"
|
||||||
|
];
|
||||||
|
requires = [
|
||||||
|
"podman-network-docker-compose_proxitok.service"
|
||||||
|
"podman-volume-docker-compose_proxitok-cache.service"
|
||||||
|
];
|
||||||
|
partOf = [
|
||||||
|
"podman-compose-docker-compose-root.target"
|
||||||
|
];
|
||||||
|
wantedBy = [
|
||||||
|
"podman-compose-docker-compose-root.target"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
# Networks
|
||||||
|
systemd.services."podman-network-docker-compose_proxitok" = {
|
||||||
|
path = [ pkgs.podman ];
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
RemainAfterExit = true;
|
||||||
|
ExecStop = "${pkgs.podman}/bin/podman network rm -f docker-compose_proxitok";
|
||||||
|
};
|
||||||
|
script = ''
|
||||||
|
podman network inspect docker-compose_proxitok || podman network create docker-compose_proxitok
|
||||||
|
'';
|
||||||
|
partOf = [ "podman-compose-docker-compose-root.target" ];
|
||||||
|
wantedBy = [ "podman-compose-docker-compose-root.target" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
# Volumes
|
||||||
|
systemd.services."podman-volume-docker-compose_proxitok-cache" = {
|
||||||
|
path = [ pkgs.podman ];
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
RemainAfterExit = true;
|
||||||
|
};
|
||||||
|
script = ''
|
||||||
|
podman volume inspect docker-compose_proxitok-cache || podman volume create docker-compose_proxitok-cache
|
||||||
|
'';
|
||||||
|
partOf = [ "podman-compose-docker-compose-root.target" ];
|
||||||
|
wantedBy = [ "podman-compose-docker-compose-root.target" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
# Root service
|
||||||
|
# When started, this will automatically create all resources and start
|
||||||
|
# the containers. When stopped, this will teardown all resources.
|
||||||
|
systemd.targets."podman-compose-docker-compose-root" = {
|
||||||
|
unitConfig = {
|
||||||
|
Description = "Root target generated by compose2nix.";
|
||||||
|
};
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
};
|
||||||
|
}
|
31
hosts/carbon/services/privacy/scribe.nix
Normal file
31
hosts/carbon/services/privacy/scribe.nix
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
{ pkgs, config, ... }: {
|
||||||
|
|
||||||
|
|
||||||
|
services.scribe = {
|
||||||
|
enable = true;
|
||||||
|
appDomain = "scribe.${config.networking.domain}";
|
||||||
|
port = 7283;
|
||||||
|
# TODO fix since it's readable by nix store...
|
||||||
|
environmentFile = ''
|
||||||
|
GITHUB_PERSONAL_ACCESS_TOKEN= ${builtins.readFile config.age.secrets.github-token.path}
|
||||||
|
GITHUB_USERNAME= ${builtins.readFile config.age.secrets.github-username.path}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx = {
|
||||||
|
virtualHosts = {
|
||||||
|
|
||||||
|
"scribe.${config.networking.domain}" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = " http://127.0.0.1:7283";
|
||||||
|
extraConfig = ''
|
||||||
|
access_log /var/log/nginx/$server_name-access.log json_analytics;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
118
hosts/carbon/services/privacy/wikiless.nix
Normal file
118
hosts/carbon/services/privacy/wikiless.nix
Normal file
|
@ -0,0 +1,118 @@
|
||||||
|
# Auto-generated using compose2nix v0.2.0-pre.
|
||||||
|
{ pkgs, lib, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
services.nginx = {
|
||||||
|
virtualHosts = {
|
||||||
|
"wikiless.${config.networking.domain}" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = " http://127.0.0.1:8180";
|
||||||
|
extraConfig = ''
|
||||||
|
access_log /var/log/nginx/$server_name-access.log json_analytics;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Containers
|
||||||
|
virtualisation.oci-containers.containers."wikiless" = {
|
||||||
|
image = "ghcr.io/metastem/wikiless:latest";
|
||||||
|
environment = {
|
||||||
|
REDIS_HOST = "redis://172.4.0.5:6379";
|
||||||
|
};
|
||||||
|
ports = [
|
||||||
|
"127.0.0.1:8180:8080/tcp"
|
||||||
|
];
|
||||||
|
dependsOn = [
|
||||||
|
"wikiless_redis"
|
||||||
|
];
|
||||||
|
log-driver = "journald";
|
||||||
|
extraOptions = [
|
||||||
|
"--cap-drop=ALL"
|
||||||
|
"--hostname=wikiless"
|
||||||
|
"--ip=172.4.0.6"
|
||||||
|
"--network-alias=wikiless"
|
||||||
|
"--network=docker-compose_wikiless_net"
|
||||||
|
"--security-opt=no-new-privileges:true"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
systemd.services."podman-wikiless" = {
|
||||||
|
serviceConfig = {
|
||||||
|
Restart = lib.mkOverride 500 "always";
|
||||||
|
};
|
||||||
|
after = [
|
||||||
|
"podman-network-docker-compose_wikiless_net.service"
|
||||||
|
];
|
||||||
|
requires = [
|
||||||
|
"podman-network-docker-compose_wikiless_net.service"
|
||||||
|
];
|
||||||
|
partOf = [
|
||||||
|
"podman-compose-docker-compose-root.target"
|
||||||
|
];
|
||||||
|
wantedBy = [
|
||||||
|
"podman-compose-docker-compose-root.target"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
virtualisation.oci-containers.containers."wikiless_redis" = {
|
||||||
|
image = "redis:latest";
|
||||||
|
user = "nobody";
|
||||||
|
log-driver = "journald";
|
||||||
|
extraOptions = [
|
||||||
|
"--cap-add=DAC_OVERRIDE"
|
||||||
|
"--cap-add=SETGID"
|
||||||
|
"--cap-add=SETUID"
|
||||||
|
"--cap-drop=ALL"
|
||||||
|
"--hostname=wikiless_redis"
|
||||||
|
"--ip=172.4.0.5"
|
||||||
|
"--network-alias=wikiless_redis"
|
||||||
|
"--network=docker-compose_wikiless_net"
|
||||||
|
"--security-opt=no-new-privileges:true"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
systemd.services."podman-wikiless_redis" = {
|
||||||
|
serviceConfig = {
|
||||||
|
Restart = lib.mkOverride 500 "always";
|
||||||
|
};
|
||||||
|
after = [
|
||||||
|
"podman-network-docker-compose_wikiless_net.service"
|
||||||
|
];
|
||||||
|
requires = [
|
||||||
|
"podman-network-docker-compose_wikiless_net.service"
|
||||||
|
];
|
||||||
|
partOf = [
|
||||||
|
"podman-compose-docker-compose-root.target"
|
||||||
|
];
|
||||||
|
wantedBy = [
|
||||||
|
"podman-compose-docker-compose-root.target"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
# Networks
|
||||||
|
systemd.services."podman-network-docker-compose_wikiless_net" = {
|
||||||
|
path = [ pkgs.podman ];
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
RemainAfterExit = true;
|
||||||
|
ExecStop = "${pkgs.podman}/bin/podman network rm -f docker-compose_wikiless_net";
|
||||||
|
};
|
||||||
|
script = ''
|
||||||
|
podman network inspect docker-compose_wikiless_net || podman network create docker-compose_wikiless_net --subnet=172.4.0.0/16
|
||||||
|
'';
|
||||||
|
partOf = [ "podman-compose-docker-compose-root.target" ];
|
||||||
|
wantedBy = [ "podman-compose-docker-compose-root.target" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
# Root service
|
||||||
|
# When started, this will automatically create all resources and start
|
||||||
|
# the containers. When stopped, this will teardown all resources.
|
||||||
|
systemd.targets."podman-compose-docker-compose-root" = {
|
||||||
|
unitConfig = {
|
||||||
|
Description = "Root target generated by compose2nix.";
|
||||||
|
};
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
23
hosts/carbon/services/routes/learningpulsedev.nix
Normal file
23
hosts/carbon/services/routes/learningpulsedev.nix
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
{ pkgs, config, ... }: {
|
||||||
|
|
||||||
|
services.nginx = {
|
||||||
|
virtualHosts = {
|
||||||
|
"lpdev.${config.networking.domain}" =
|
||||||
|
{
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = " http://32.54.31.99:8181";
|
||||||
|
};
|
||||||
|
extraConfig = ''
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
||||||
|
|
21
hosts/carbon/services/routes/penpot.nix
Normal file
21
hosts/carbon/services/routes/penpot.nix
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
{ pkgs, config, ... }: {
|
||||||
|
|
||||||
|
services.nginx = {
|
||||||
|
virtualHosts = {
|
||||||
|
"penpot.${config.networking.domain}" =
|
||||||
|
{
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = " http://32.54.31.241:9032";
|
||||||
|
extraConfig = ''
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
283
hosts/lime/services/penpot/docker-compose.nix
Normal file
283
hosts/lime/services/penpot/docker-compose.nix
Normal file
|
@ -0,0 +1,283 @@
|
||||||
|
# Auto-generated using compose2nix v0.1.9.
|
||||||
|
{ pkgs, lib, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
# Runtime
|
||||||
|
virtualisation.podman = {
|
||||||
|
enable = true;
|
||||||
|
autoPrune.enable = true;
|
||||||
|
dockerCompat = true;
|
||||||
|
defaultNetwork.settings = {
|
||||||
|
# Required for container networking to be able to use names.
|
||||||
|
dns_enabled = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
virtualisation.oci-containers.backend = "podman";
|
||||||
|
|
||||||
|
# Containers
|
||||||
|
virtualisation.oci-containers.containers."docker-compose-penpot-backend" = {
|
||||||
|
image = "penpotapp/backend:latest";
|
||||||
|
environment = {
|
||||||
|
PENPOT_ASSETS_STORAGE_BACKEND = "assets-fs";
|
||||||
|
PENPOT_DATABASE_PASSWORD = "penpot";
|
||||||
|
PENPOT_DATABASE_URI = "postgresql://penpot-postgres/penpot";
|
||||||
|
PENPOT_DATABASE_USERNAME = "penpot";
|
||||||
|
PENPOT_FLAGS = "enable-registration enable-login-with-password disable-email-verification enable-smtp enable-prepl-server";
|
||||||
|
PENPOT_PUBLIC_URI = "https://penpot.4o1x5.dev";
|
||||||
|
PENPOT_REDIS_URI = "redis://penpot-redis/0";
|
||||||
|
PENPOT_SMTP_DEFAULT_FROM = "no-reply@example.com";
|
||||||
|
PENPOT_SMTP_DEFAULT_REPLY_TO = "no-reply@example.com";
|
||||||
|
PENPOT_SMTP_HOST = "penpot-mailcatch";
|
||||||
|
PENPOT_SMTP_PASSWORD = "";
|
||||||
|
PENPOT_SMTP_PORT = "1025";
|
||||||
|
PENPOT_SMTP_SSL = "false";
|
||||||
|
PENPOT_SMTP_TLS = "false";
|
||||||
|
PENPOT_SMTP_USERNAME = "";
|
||||||
|
PENPOT_STORAGE_ASSETS_FS_DIRECTORY = "/opt/data/assets";
|
||||||
|
PENPOT_TELEMETRY_ENABLED = "false";
|
||||||
|
};
|
||||||
|
volumes = [
|
||||||
|
"penpot_assets:/opt/data/assets:rw"
|
||||||
|
];
|
||||||
|
dependsOn = [
|
||||||
|
"docker-compose-penpot-postgres"
|
||||||
|
"docker-compose-penpot-redis"
|
||||||
|
];
|
||||||
|
log-driver = "journald";
|
||||||
|
extraOptions = [
|
||||||
|
"--network-alias=penpot-backend"
|
||||||
|
"--network=docker-compose_penpot"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
systemd.services."podman-docker-compose-penpot-backend" = {
|
||||||
|
serviceConfig = {
|
||||||
|
Restart = lib.mkOverride 500 "always";
|
||||||
|
};
|
||||||
|
after = [
|
||||||
|
"podman-network-docker-compose_penpot.service"
|
||||||
|
"podman-volume-docker-compose_penpot_assets.service"
|
||||||
|
];
|
||||||
|
requires = [
|
||||||
|
"podman-network-docker-compose_penpot.service"
|
||||||
|
"podman-volume-docker-compose_penpot_assets.service"
|
||||||
|
];
|
||||||
|
partOf = [
|
||||||
|
"podman-compose-docker-compose-root.target"
|
||||||
|
];
|
||||||
|
wantedBy = [
|
||||||
|
"podman-compose-docker-compose-root.target"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
virtualisation.oci-containers.containers."docker-compose-penpot-exporter" = {
|
||||||
|
image = "penpotapp/exporter:latest";
|
||||||
|
environment = {
|
||||||
|
PENPOT_PUBLIC_URI = "http://penpot-frontend";
|
||||||
|
PENPOT_REDIS_URI = "redis://penpot-redis/0";
|
||||||
|
};
|
||||||
|
log-driver = "journald";
|
||||||
|
extraOptions = [
|
||||||
|
"--network-alias=penpot-exporter"
|
||||||
|
"--network=docker-compose_penpot"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
systemd.services."podman-docker-compose-penpot-exporter" = {
|
||||||
|
serviceConfig = {
|
||||||
|
Restart = lib.mkOverride 500 "always";
|
||||||
|
};
|
||||||
|
after = [
|
||||||
|
"podman-network-docker-compose_penpot.service"
|
||||||
|
];
|
||||||
|
requires = [
|
||||||
|
"podman-network-docker-compose_penpot.service"
|
||||||
|
];
|
||||||
|
partOf = [
|
||||||
|
"podman-compose-docker-compose-root.target"
|
||||||
|
];
|
||||||
|
wantedBy = [
|
||||||
|
"podman-compose-docker-compose-root.target"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
virtualisation.oci-containers.containers."docker-compose-penpot-frontend" = {
|
||||||
|
image = "penpotapp/frontend:latest";
|
||||||
|
environment = {
|
||||||
|
PENPOT_FLAGS = "enable-registration enable-login-with-password";
|
||||||
|
};
|
||||||
|
volumes = [
|
||||||
|
"penpot_assets:/opt/data/assets:rw"
|
||||||
|
];
|
||||||
|
ports = [
|
||||||
|
"9032:80/tcp"
|
||||||
|
];
|
||||||
|
labels = {
|
||||||
|
"traefik.enable" = "true";
|
||||||
|
};
|
||||||
|
dependsOn = [
|
||||||
|
"docker-compose-penpot-backend"
|
||||||
|
"docker-compose-penpot-exporter"
|
||||||
|
];
|
||||||
|
log-driver = "journald";
|
||||||
|
extraOptions = [
|
||||||
|
"--network-alias=penpot-frontend"
|
||||||
|
"--network=docker-compose_penpot"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
systemd.services."podman-docker-compose-penpot-frontend" = {
|
||||||
|
serviceConfig = {
|
||||||
|
Restart = lib.mkOverride 500 "always";
|
||||||
|
};
|
||||||
|
after = [
|
||||||
|
"podman-network-docker-compose_penpot.service"
|
||||||
|
"podman-volume-docker-compose_penpot_assets.service"
|
||||||
|
];
|
||||||
|
requires = [
|
||||||
|
"podman-network-docker-compose_penpot.service"
|
||||||
|
"podman-volume-docker-compose_penpot_assets.service"
|
||||||
|
];
|
||||||
|
partOf = [
|
||||||
|
"podman-compose-docker-compose-root.target"
|
||||||
|
];
|
||||||
|
wantedBy = [
|
||||||
|
"podman-compose-docker-compose-root.target"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
virtualisation.oci-containers.containers."docker-compose-penpot-mailcatch" = {
|
||||||
|
image = "sj26/mailcatcher:latest";
|
||||||
|
ports = [
|
||||||
|
"1080:1080/tcp"
|
||||||
|
];
|
||||||
|
log-driver = "journald";
|
||||||
|
extraOptions = [
|
||||||
|
"--network-alias=penpot-mailcatch"
|
||||||
|
"--network=docker-compose_penpot"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
systemd.services."podman-docker-compose-penpot-mailcatch" = {
|
||||||
|
serviceConfig = {
|
||||||
|
Restart = lib.mkOverride 500 "always";
|
||||||
|
};
|
||||||
|
after = [
|
||||||
|
"podman-network-docker-compose_penpot.service"
|
||||||
|
];
|
||||||
|
requires = [
|
||||||
|
"podman-network-docker-compose_penpot.service"
|
||||||
|
];
|
||||||
|
partOf = [
|
||||||
|
"podman-compose-docker-compose-root.target"
|
||||||
|
];
|
||||||
|
wantedBy = [
|
||||||
|
"podman-compose-docker-compose-root.target"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
virtualisation.oci-containers.containers."docker-compose-penpot-postgres" = {
|
||||||
|
image = "postgres:15";
|
||||||
|
environment = {
|
||||||
|
POSTGRES_DB = "penpot";
|
||||||
|
POSTGRES_INITDB_ARGS = "--data-checksums";
|
||||||
|
POSTGRES_PASSWORD = "penpot";
|
||||||
|
POSTGRES_USER = "penpot";
|
||||||
|
};
|
||||||
|
volumes = [
|
||||||
|
"penpot_postgres_v15:/var/lib/postgresql/data:rw"
|
||||||
|
];
|
||||||
|
log-driver = "journald";
|
||||||
|
extraOptions = [
|
||||||
|
"--network-alias=penpot-postgres"
|
||||||
|
"--network=docker-compose_penpot"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
systemd.services."podman-docker-compose-penpot-postgres" = {
|
||||||
|
serviceConfig = {
|
||||||
|
Restart = lib.mkOverride 500 "always";
|
||||||
|
};
|
||||||
|
after = [
|
||||||
|
"podman-network-docker-compose_penpot.service"
|
||||||
|
"podman-volume-docker-compose_penpot_postgres_v15.service"
|
||||||
|
];
|
||||||
|
requires = [
|
||||||
|
"podman-network-docker-compose_penpot.service"
|
||||||
|
"podman-volume-docker-compose_penpot_postgres_v15.service"
|
||||||
|
];
|
||||||
|
partOf = [
|
||||||
|
"podman-compose-docker-compose-root.target"
|
||||||
|
];
|
||||||
|
wantedBy = [
|
||||||
|
"podman-compose-docker-compose-root.target"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
virtualisation.oci-containers.containers."docker-compose-penpot-redis" = {
|
||||||
|
image = "redis:7";
|
||||||
|
log-driver = "journald";
|
||||||
|
extraOptions = [
|
||||||
|
"--network-alias=penpot-redis"
|
||||||
|
"--network=docker-compose_penpot"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
systemd.services."podman-docker-compose-penpot-redis" = {
|
||||||
|
serviceConfig = {
|
||||||
|
Restart = lib.mkOverride 500 "always";
|
||||||
|
};
|
||||||
|
after = [
|
||||||
|
"podman-network-docker-compose_penpot.service"
|
||||||
|
];
|
||||||
|
requires = [
|
||||||
|
"podman-network-docker-compose_penpot.service"
|
||||||
|
];
|
||||||
|
partOf = [
|
||||||
|
"podman-compose-docker-compose-root.target"
|
||||||
|
];
|
||||||
|
wantedBy = [
|
||||||
|
"podman-compose-docker-compose-root.target"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
# Networks
|
||||||
|
systemd.services."podman-network-docker-compose_penpot" = {
|
||||||
|
path = [ pkgs.podman ];
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
RemainAfterExit = true;
|
||||||
|
ExecStop = "${pkgs.podman}/bin/podman network rm -f docker-compose_penpot";
|
||||||
|
};
|
||||||
|
script = ''
|
||||||
|
podman network inspect docker-compose_penpot || podman network create docker-compose_penpot
|
||||||
|
'';
|
||||||
|
partOf = [ "podman-compose-docker-compose-root.target" ];
|
||||||
|
wantedBy = [ "podman-compose-docker-compose-root.target" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
# Volumes
|
||||||
|
systemd.services."podman-volume-docker-compose_penpot_assets" = {
|
||||||
|
path = [ pkgs.podman ];
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
RemainAfterExit = true;
|
||||||
|
};
|
||||||
|
script = ''
|
||||||
|
podman volume inspect docker-compose_penpot_assets || podman volume create docker-compose_penpot_assets
|
||||||
|
'';
|
||||||
|
partOf = [ "podman-compose-docker-compose-root.target" ];
|
||||||
|
wantedBy = [ "podman-compose-docker-compose-root.target" ];
|
||||||
|
};
|
||||||
|
systemd.services."podman-volume-docker-compose_penpot_postgres_v15" = {
|
||||||
|
path = [ pkgs.podman ];
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
RemainAfterExit = true;
|
||||||
|
};
|
||||||
|
script = ''
|
||||||
|
podman volume inspect docker-compose_penpot_postgres_v15 || podman volume create docker-compose_penpot_postgres_v15
|
||||||
|
'';
|
||||||
|
partOf = [ "podman-compose-docker-compose-root.target" ];
|
||||||
|
wantedBy = [ "podman-compose-docker-compose-root.target" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
# Root service
|
||||||
|
# When started, this will automatically create all resources and start
|
||||||
|
# the containers. When stopped, this will teardown all resources.
|
||||||
|
systemd.targets."podman-compose-docker-compose-root" = {
|
||||||
|
unitConfig = {
|
||||||
|
Description = "Root target generated by compose2nix.";
|
||||||
|
};
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
};
|
||||||
|
}
|
114
hosts/lime/services/penpot/docker-compose.yml
Normal file
114
hosts/lime/services/penpot/docker-compose.yml
Normal file
|
@ -0,0 +1,114 @@
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
penpot:
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
penpot_postgres_v15:
|
||||||
|
penpot_assets:
|
||||||
|
|
||||||
|
services:
|
||||||
|
penpot-frontend:
|
||||||
|
image: "penpotapp/frontend:latest"
|
||||||
|
restart: always
|
||||||
|
ports:
|
||||||
|
- 9032:80
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
- penpot_assets:/opt/data/assets
|
||||||
|
|
||||||
|
depends_on:
|
||||||
|
- penpot-backend
|
||||||
|
- penpot-exporter
|
||||||
|
|
||||||
|
networks:
|
||||||
|
- penpot
|
||||||
|
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
|
||||||
|
environment:
|
||||||
|
- PENPOT_FLAGS=enable-registration enable-login-with-password
|
||||||
|
|
||||||
|
penpot-backend:
|
||||||
|
image: "penpotapp/backend:latest"
|
||||||
|
restart: always
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
- penpot_assets:/opt/data/assets
|
||||||
|
|
||||||
|
depends_on:
|
||||||
|
- penpot-postgres
|
||||||
|
- penpot-redis
|
||||||
|
|
||||||
|
networks:
|
||||||
|
- penpot
|
||||||
|
|
||||||
|
## Configuration envronment variables for backend the
|
||||||
|
## container.
|
||||||
|
|
||||||
|
environment:
|
||||||
|
- PENPOT_FLAGS=enable-registration enable-login-with-password disable-email-verification enable-smtp enable-prepl-server
|
||||||
|
- PENPOT_PUBLIC_URI=https://penpot.4o1x5.dev
|
||||||
|
|
||||||
|
- PENPOT_DATABASE_URI=postgresql://penpot-postgres/penpot
|
||||||
|
- PENPOT_DATABASE_USERNAME=penpot
|
||||||
|
- PENPOT_DATABASE_PASSWORD=penpot
|
||||||
|
|
||||||
|
- PENPOT_REDIS_URI=redis://penpot-redis/0
|
||||||
|
|
||||||
|
- PENPOT_ASSETS_STORAGE_BACKEND=assets-fs
|
||||||
|
- PENPOT_STORAGE_ASSETS_FS_DIRECTORY=/opt/data/assets
|
||||||
|
- PENPOT_TELEMETRY_ENABLED=false
|
||||||
|
|
||||||
|
- PENPOT_SMTP_DEFAULT_FROM=no-reply@example.com
|
||||||
|
- PENPOT_SMTP_DEFAULT_REPLY_TO=no-reply@example.com
|
||||||
|
- PENPOT_SMTP_HOST=penpot-mailcatch
|
||||||
|
- PENPOT_SMTP_PORT=1025
|
||||||
|
- PENPOT_SMTP_USERNAME=
|
||||||
|
- PENPOT_SMTP_PASSWORD=
|
||||||
|
- PENPOT_SMTP_TLS=false
|
||||||
|
- PENPOT_SMTP_SSL=false
|
||||||
|
|
||||||
|
penpot-exporter:
|
||||||
|
image: "penpotapp/exporter:latest"
|
||||||
|
restart: always
|
||||||
|
networks:
|
||||||
|
- penpot
|
||||||
|
|
||||||
|
environment:
|
||||||
|
- PENPOT_PUBLIC_URI=http://penpot-frontend
|
||||||
|
- PENPOT_REDIS_URI=redis://penpot-redis/0
|
||||||
|
|
||||||
|
penpot-postgres:
|
||||||
|
image: "postgres:15"
|
||||||
|
restart: always
|
||||||
|
stop_signal: SIGINT
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
- penpot_postgres_v15:/var/lib/postgresql/data
|
||||||
|
|
||||||
|
networks:
|
||||||
|
- penpot
|
||||||
|
|
||||||
|
environment:
|
||||||
|
- POSTGRES_INITDB_ARGS=--data-checksums
|
||||||
|
- POSTGRES_DB=penpot
|
||||||
|
- POSTGRES_USER=penpot
|
||||||
|
- POSTGRES_PASSWORD=penpot
|
||||||
|
|
||||||
|
penpot-redis:
|
||||||
|
image: redis:7
|
||||||
|
restart: always
|
||||||
|
networks:
|
||||||
|
- penpot
|
||||||
|
|
||||||
|
penpot-mailcatch:
|
||||||
|
image: sj26/mailcatcher:latest
|
||||||
|
restart: always
|
||||||
|
expose:
|
||||||
|
- "1025"
|
||||||
|
ports:
|
||||||
|
- "1080:1080"
|
||||||
|
networks:
|
||||||
|
- penpot
|
46
hosts/pink/services/monitoring/loki.nix
Normal file
46
hosts/pink/services/monitoring/loki.nix
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
{ pkgs, ... }: {
|
||||||
|
#
|
||||||
|
services.loki = {
|
||||||
|
enable = false;
|
||||||
|
configuration = {
|
||||||
|
auth_enabled = false;
|
||||||
|
server = {
|
||||||
|
http_listen_port = 3100;
|
||||||
|
};
|
||||||
|
ingester = {
|
||||||
|
lifecycler = {
|
||||||
|
address = "0.0.0.0";
|
||||||
|
ring = {
|
||||||
|
kvstore.store = "inmemory";
|
||||||
|
replication_factor = 1;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
chunk_idle_period = "15m";
|
||||||
|
};
|
||||||
|
schema_config.configs = [
|
||||||
|
{
|
||||||
|
from = "2020-02-25";
|
||||||
|
store = "boltdb";
|
||||||
|
object_store = "filesystem";
|
||||||
|
schema = "v11";
|
||||||
|
index = {
|
||||||
|
prefix = "index_";
|
||||||
|
period = "24h";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
storage_config = {
|
||||||
|
boltdb.directory = "/tmp/loki/index";
|
||||||
|
};
|
||||||
|
limits_config = {
|
||||||
|
enforce_metric_name = false;
|
||||||
|
reject_old_samples = true;
|
||||||
|
reject_old_samples_max_age = "500h";
|
||||||
|
};
|
||||||
|
chunk_store_config.max_look_back_period = "0s";
|
||||||
|
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
|
@ -1,3 +1,9 @@
|
||||||
{ pkgs, ... }: {
|
{ pkgs, ... }: {
|
||||||
age.secrets.forgejo-runner.file = ./forgejo-runner.age;
|
age.secrets.forgejo-runner.file = ./forgejo-runner.age;
|
||||||
|
age.secrets.github-username.file = ./github-username.age;
|
||||||
|
age.secrets.github-token.file = ./github-token.age;
|
||||||
|
age.secrets.scribe-secret.file = ./scribe-secret.age;
|
||||||
|
age.secrets.piped.file = ./piped.age;
|
||||||
|
age.secrets.anonymousoverflow.file = ./anonymousoverflow.age;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
7
secrets/github-token.age
Normal file
7
secrets/github-token.age
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 VxAJjg BcQSeT5FRJ12Pk0e9j1Mv0D/0uG8T/UE51B49KYYe1I
|
||||||
|
xSU3OJoeb6xPAG2DkRZvuTaclzPvQMCg/tTbOOvU/QM
|
||||||
|
-> ssh-ed25519 pw11Hg L/r4k+wx7Vb2HimVLh8dmd+ZeICaNF26OCtKuzgc/Xo
|
||||||
|
NZYAc3uOtJRXsWPgbCq6DfCpH5N4mi9kqh4YloWYPzs
|
||||||
|
--- Cv+Cc5Qdi6Z72vq7suNXVeQ20fqzh+qYRrhW24Q9sEM
|
||||||
|
ªso‹FØ:„RˆS†¥Ç„Dt3jíëƒ:žÇP³Ð5zFëæxTL´<4C>ij¬sõí¼ÇR½‚P‘ü_à[Ú~³ï(—<>•À>ôÖí
|
7
secrets/github-username.age
Normal file
7
secrets/github-username.age
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 VxAJjg BPlZOaOlG/dT+mxNHrCtGXffhUlkSMyCXYiz3ehePBM
|
||||||
|
ApUQIhgKA6wrHPAixEChyWFze2BuYqtWoXGETIx/xkM
|
||||||
|
-> ssh-ed25519 pw11Hg Wm2qEsBZnq43+Pv20CxOr91wRQFkHKKcQskc962sGXk
|
||||||
|
i9gnpoR2yr+sRwCwM1ImQpN6AVvRg3MlBS9nPG2+MuY
|
||||||
|
--- NzFMu6okyjRaNQ1lOYYwT5QXmERZaXHtewsSystDRzk
|
||||||
|
pÜ}¼«ÚšÃdS±aÇXÁ=ëzµIŒ2®t¡/ò—õÿúH#
|
BIN
secrets/piped.age
Normal file
BIN
secrets/piped.age
Normal file
Binary file not shown.
|
@ -1,7 +1,7 @@
|
||||||
age-encryption.org/v1
|
age-encryption.org/v1
|
||||||
-> ssh-ed25519 VxAJjg SAzffPLeKmWwiPBrxqb8b1lSjnvX0xXGoErceOwrfz8
|
-> ssh-ed25519 VxAJjg PovEnAxpyfLvVb0w/TaEY7anN5NsfkV+OodD8mu+IQ0
|
||||||
qOu9fsxq0yneo5Wx0S6sJriYl9I+0geuD85ZVK8LEUg
|
x4mHqwXQ/sf7tuXkS146P/mrM/ShtGnZtLD3ap6FBzQ
|
||||||
-> ssh-ed25519 2+o3cg ODYd9WzF/r4ScnLNmnxne3NiuqlAQ4E3koozu4EKBQE
|
-> ssh-ed25519 2+o3cg I5NXmiKJfzguoDvYd13yOlfiIUuXwZUHNFKh+CSK3GU
|
||||||
iiLf5yuAnGDTSFXLTbxm0PsQQBjnoFPVS7rh9v91GzY
|
RuDsCnHg0CBsdYaPrALI+sJlY3q3Z2hM92G6btMdJPk
|
||||||
--- BT5nFRlqsSubodxJI5M1+xE8yD/vzSHkvUTKhwOScWQ
|
--- Om0oMnr4C6xQMSvvz1J3veLMoEXzyPYtWrPpwks4Vmo
|
||||||
vá<EFBFBD>ˉôÀ©(1ÝOßþÉ¥vfÜ"(r<>Ÿ¸ï$5)Ћb;©t1†‹‹°
|
V<EFBFBD>L¤CžKŔT_°<EFBFBD>’o)ěqĄ:"°‹WČÍË.qęA<C499>ônůť}wŞ@Ĺ9bŢOĚÓI2ÂÎŞdf2:řß‹†Őq<C590>ĽoGE'´“Z”aV“¨&ţwö<77>8ëM<> Í7ĚŁ
|
Binary file not shown.
7
secrets/scribe-secret.age
Normal file
7
secrets/scribe-secret.age
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 VxAJjg xDv23IBlJ1lrNTPQkOlVrg8Hufc0NDOpFALrbUMgSB4
|
||||||
|
s0U4Iylpghexez0uA6o6OaNBBa27RrdlcrabwC1Na6s
|
||||||
|
-> ssh-ed25519 pw11Hg SAYnexlOt8B7YnqGN4+gaRl1zrcMpnLHRhb0arlwZRI
|
||||||
|
mw2AXbMDzU7y1ieDqFfEsJLiqXi6W3I1KAUEVUDXUKw
|
||||||
|
--- 6wz/46U1kEIvlYl6PXmRVE3dh1Jqs+7D8A4EbDucy/w
|
||||||
|
nõì}Ré:\2ôƒvÂYÿÖG¼VÄ¢vì(óhhæ%)P¦†ac$§A¿$*®|N½<4E>Ìð*<æîñr~Í7
|
|
@ -11,6 +11,12 @@ in
|
||||||
"anonymousoverflow.age".publicKeys = [ grape carbon ];
|
"anonymousoverflow.age".publicKeys = [ grape carbon ];
|
||||||
"forgejo-runner.age".publicKeys = [ grape carbon ];
|
"forgejo-runner.age".publicKeys = [ grape carbon ];
|
||||||
|
|
||||||
|
"piped.age".publicKeys = [ grape carbon ];
|
||||||
|
# scribe
|
||||||
|
"github-username.age".publicKeys = [ grape carbon ];
|
||||||
|
"github-token.age".publicKeys = [ grape carbon ];
|
||||||
|
"scribe-secret.age".publicKeys = [ grape carbon ];
|
||||||
|
|
||||||
"porkbun.age".publicKeys = [ grape lime ];
|
"porkbun.age".publicKeys = [ grape lime ];
|
||||||
"porkbun-user.age".publicKeys = [ grape lime ];
|
"porkbun-user.age".publicKeys = [ grape lime ];
|
||||||
|
|
||||||
|
|
Reference in a new issue