diff --git a/nixos/configurations/Cape/default.nix b/nixos/configurations/Cape/default.nix index 84e4523..0587d08 100644 --- a/nixos/configurations/Cape/default.nix +++ b/nixos/configurations/Cape/default.nix @@ -7,6 +7,7 @@ ./users ./disko-config.nix ./miniflux.nix + ./radicle.nix ]; youthlic = { diff --git a/nixos/configurations/Cape/radicle.nix b/nixos/configurations/Cape/radicle.nix new file mode 100644 index 0000000..c3ee316 --- /dev/null +++ b/nixos/configurations/Cape/radicle.nix @@ -0,0 +1,9 @@ +{config, ...}: { + sops.secrets."ssh-private-key/radicle/Cape" = {}; + youthlic.programs.radicle = { + enable = true; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbQrJNWcWsFncTX4w/hkhz6zPNwHrTjA+6lnq5dmu/s radicle"; + privateKeyFile = config.sops.secrets."ssh-private-key/radicle/Cape".path; + domain = "seed.youthlic.fun"; + }; +} diff --git a/nixos/modules/programs/radicle.nix b/nixos/modules/programs/radicle.nix index 265d0d0..d652cc2 100644 --- a/nixos/modules/programs/radicle.nix +++ b/nixos/modules/programs/radicle.nix @@ -14,66 +14,91 @@ in { publicKey = lib.mkOption { type = with lib.types; either path str; }; - }; - }; - config = lib.mkIf cfg.enable { - services.radicle = { - enable = true; - node.listenAddress = "127.0.0.1"; - inherit (cfg) publicKey privateKeyFile; - settings = { - publicExplorer = "https://app.radicle.xyz/nodes/$host/$rid$path"; - preferredSeeds = [ - "z6Mkmqogy2qEM2ummccUthFEaaHvyYmYBYh3dbe9W4ebScxo@ash.radicle.garden:8776" - "z6MksmpU5b1dS7oaqF2bHXhQi1DWy2hB7Mh9CuN7y1DN6QSz@seed.radicle.xyz:8776" - "z6MkrLMMsiPWUcNPHcRajuMi9mDfYckSoJyPwwnknocNYPm7@seed.radicle.garden:8776" - ]; - web = { - pinned = { - repositories = []; - }; - }; - cli = { - hints = true; - }; - node = { - alias = "youthlic"; - listen = []; - peers = { - type = "dynamic"; - }; - connect = []; - extrnalAddresses = []; - network = "main"; - log = "INFO"; - relay = "auto"; - limits = { - routingMaxSize = 1000; - routingMaxAge = 604800; - gossipMaxAge = 1209600; - fetchConcurrency = 1; - maxOpenFiles = 4096; - rate = { - inbound = { - fillRate = 5.0; - capacity = 1024; - }; - outbound = { - fillRate = 10.0; - capacity = 2048; - }; - }; - connection = { - inbound = 128; - outbound = 16; - }; - }; - workers = 8; - seedingPolicy = { - default = "block"; - }; - }; + domain = lib.mkOption { + type = lib.types.str; }; }; }; + config = lib.mkMerge [ + (lib.mkIf cfg.enable { + services.radicle = { + enable = true; + inherit (cfg) publicKey privateKeyFile; + node.openFirewall = true; + httpd = { + enable = true; + listenPort = 8489; + }; + settings = { + publicExplorer = "https://app.radicle.xyz/nodes/$host/$rid$path"; + preferredSeeds = [ + "z6Mkmqogy2qEM2ummccUthFEaaHvyYmYBYh3dbe9W4ebScxo@ash.radicle.garden:8776" + "z6MksmpU5b1dS7oaqF2bHXhQi1DWy2hB7Mh9CuN7y1DN6QSz@seed.radicle.xyz:8776" + "z6MkrLMMsiPWUcNPHcRajuMi9mDfYckSoJyPwwnknocNYPm7@seed.radicle.garden:8776" + ]; + web = { + pinned = { + repositories = [ + "rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5" + "rad:z4D5UCArafTzTQpDZNQRuqswh3ury" + "rad:z4V1sjrXqjvFdnCUbxPFqd5p4DtH5" + "rad:z6cFWeWpnZNHh9rUW8phgA3b5yGt" + ]; + }; + }; + cli = { + hints = true; + }; + node = { + alias = cfg.domain; + listen = []; + peers = { + type = "dynamic"; + }; + connect = []; + externalAddresses = [ + "${cfg.domain}:8776" + ]; + network = "main"; + log = "INFO"; + relay = "auto"; + limits = { + routingMaxSize = 1000; + routingMaxAge = 604800; + gossipMaxAge = 1209600; + fetchConcurrency = 1; + maxOpenFiles = 4096; + rate = { + inbound = { + fillRate = 5.0; + capacity = 1024; + }; + outbound = { + fillRate = 10.0; + capacity = 2048; + }; + }; + connection = { + inbound = 128; + outbound = 16; + }; + }; + workers = 8; + seedingPolicy = { + default = "block"; + }; + }; + }; + }; + }) + (lib.mkIf (cfg.enable && config.youthlic.programs.caddy.enable) { + services.caddy.virtualHosts = { + "${cfg.domain}" = { + extraConfig = '' + reverse_proxy 127.0.0.1:8489 + ''; + }; + }; + }) + ]; }