gortium/infra
1
1
Fork 0
Code Issues 13 Pull Requests 21 Actions Packages Projects 1 Releases Wiki Activity

Compare commits

base: gortium:af3865517029a6ef044a576a5763d8e3d107eb67
Branches Tags
gortium:master gortium:feat/worldmonitor gortium:feat/ups-config gortium:feat/rollback-sentinel-on-fresh-branch gortium:fix/honcho-vector-dim-empty gortium:fix/backup-submodule-update gortium:feat/restrict-docker-blacklist gortium:feat/restrict-docker-commands-for-ai-worker gortium:fix/hermes-matrix-deps-venv-persist gortium:feat/uconsole-cm5-v3 gortium:fix/update-compose-submodule-matrix-bridge gortium:feat/nix-deployment-v2 gortium:kvm-pr gortium:feat/nixos-ci-workflow gortium:kvm-pr-consolidate gortium:feat/hermes-workspace-combined gortium:feat/hyperspace-pods-module gortium:feat/hermes-workspace gortium:feat/hermes-workers gortium:feat/add-paperclip-agent-orchestrator gortium:feat/syncthing-org-sync gortium:fix/vpn-iptables-nft-v3 gortium:fix/vpn-iptables-nft-v2 gortium:fix/vpn-iptables-nft-upstream gortium:feat/nixos-ci gortium:feat/update-compose-submodule-custom-tools gortium:feat/kvm-libvirt gortium:fix/wg-easy-iptables-nft gortium:feat/compose-submodule-v2 gortium:feat/hermes-fork-dockerfile gortium:ai-worker-restricted-access gortium:feat/wireguard-vpn gortium:feat/k3s-pod-cluster gortium:feature/server-hardening-clean gortium:docs/merge-priority-order gortium:feat/hermes-voice-gpu-support gortium:feat/uconsole-cm5-v2 gortium:fix/matrix-bridge-v2 gortium:fix/backup-network-v2 gortium:feat/docker-add-qemu-cross-compilation gortium:feat/docker-add-latex-stack gortium:feat/docker-add-chromium-browser-deps gortium:feat/docker-add-curl-poppler-imagemagick gortium:feat/add-uconsole-host gortium:home_manager
..
compare: gortium:master
Branches Tags
gortium:feat/worldmonitor gortium:feat/ups-config gortium:feat/rollback-sentinel-on-fresh-branch gortium:fix/honcho-vector-dim-empty gortium:fix/backup-submodule-update gortium:feat/restrict-docker-blacklist gortium:feat/restrict-docker-commands-for-ai-worker gortium:fix/hermes-matrix-deps-venv-persist gortium:feat/uconsole-cm5-v3 gortium:fix/update-compose-submodule-matrix-bridge gortium:feat/nix-deployment-v2 gortium:kvm-pr gortium:feat/nixos-ci-workflow gortium:kvm-pr-consolidate gortium:feat/hermes-workspace-combined gortium:feat/hyperspace-pods-module gortium:feat/hermes-workspace gortium:feat/hermes-workers gortium:feat/add-paperclip-agent-orchestrator gortium:master gortium:feat/syncthing-org-sync gortium:fix/vpn-iptables-nft-v3 gortium:fix/vpn-iptables-nft-v2 gortium:fix/vpn-iptables-nft-upstream gortium:feat/nixos-ci gortium:feat/update-compose-submodule-custom-tools gortium:feat/kvm-libvirt gortium:fix/wg-easy-iptables-nft gortium:feat/compose-submodule-v2 gortium:feat/hermes-fork-dockerfile gortium:ai-worker-restricted-access gortium:feat/wireguard-vpn gortium:feat/k3s-pod-cluster gortium:feature/server-hardening-clean gortium:docs/merge-priority-order gortium:feat/hermes-voice-gpu-support gortium:feat/uconsole-cm5-v2 gortium:fix/matrix-bridge-v2 gortium:fix/backup-network-v2 gortium:feat/docker-add-qemu-cross-compilation gortium:feat/docker-add-latex-stack gortium:feat/docker-add-chromium-browser-deps gortium:feat/docker-add-curl-poppler-imagemagick gortium:feat/add-uconsole-host gortium:home_manager

17 Commits
af38655170 ... master

Author SHA1 Message Date
Thierry Pouplier
36359de6aa Merge pull request 'feat: add Syncthing firewall port and update compose submodule' (#47) from feat/syncthing-org-sync into master 
Reviewed-on: #47
 2026-05-19 00:34:42 +00:00
Robert
10b8565fd6 Merge branch 'master' into feat/syncthing-org-sync 2026-05-18 20:33:29 -04:00
Robert
f672696b8e Update submodule for syncthing 2026-05-18 20:31:07 -04:00
Hermes
0980dca455 fix: update compose submodule to Traefik-routed Syncthing 2026-05-14 21:40:12 -04:00
Hermes
96bc20ab70 feat: add Syncthing firewall port and update compose submodule 2026-05-14 21:36:26 -04:00
Thierry Pouplier
670ae4f002 Merge pull request 'fix: update compose submodule — use ln -sf for iptables-nft' (#46) from fix/vpn-iptables-nft-v3 into master 
Reviewed-on: #46
 2026-05-13 17:00:16 +00:00
Hermes
f785abfd49 fix: update compose submodule — use ln -sf for iptables-nft 2026-05-13 12:59:04 -04:00
Thierry Pouplier
6f44aa7f76 Merge pull request 'fix: update compose submodule — remove apk add iptables-nft' (#45) from fix/vpn-iptables-nft-v2 into master 
Reviewed-on: #45
 2026-05-13 16:49:39 +00:00
Hermes
8d40f1691f fix: update compose submodule — remove apk add iptables-nft 2026-05-13 12:49:14 -04:00
Robert
2dd2e64986 Merge remote-tracking branch 'origin/master' 2026-05-13 12:42:54 -04:00
Robert
23fc5e0597 Give a little more ssh room for tramp 2026-05-13 12:41:09 -04:00
Thierry Pouplier
0c9c33d735 Merge pull request 'fix: update wg-easy to official ghcr image with iptables-nft' (#44) from fix/vpn-iptables-nft-upstream into master 
Reviewed-on: #44
 2026-05-13 16:39:56 +00:00
Hermes
0bb6890f1c chore: merge master into branch 2026-05-13 12:39:05 -04:00
Hermes
9d5434425f fix: update compose submodule for wg-easy iptables-nft fix 
Updates the assets/compose submodule to point to the fix/vpn-iptables-nft-upstream
branch which contains:
- Switch FROM weejewel/wg-easy:latest (Alpine 3.11, stale 4yr) to
  ghcr.io/wg-easy/wg-easy:latest (actively maintained, Alpine krypton)
- Use update-alternatives instead of raw ln -sf to flip iptables
  from legacy to nftables backend
- Fix compose build context: ./vpn -> . (Dockerfile is at same level)
 2026-05-13 12:30:47 -04:00
Thierry Pouplier
1fb4320dd1 Merge pull request 'feat: update compose submodule for custom tools startup' (#43) from feat/update-compose-submodule-custom-tools into master 
Reviewed-on: #43
 2026-05-13 13:58:27 +00:00
Hermes
51e9f47fd4 feat: update compose submodule for custom tools startup 2026-05-13 09:56:24 -04:00
Hermes
06b3eb840f fix: update compose submodule for wg-easy iptables-nft fix 2026-05-12 16:29:51 -04:00
4 changed files with 37 additions and 69 deletions
Expand all files Collapse all files

33
.gitea/workflows/build-nixos.yml
View File

@@ -1,33 +0,0 @@
name: Build NixOS config
on:
pull_request:
branches: [ master ]
paths:
- '**.nix'
- 'flake.lock'
- 'secrets/**'
- 'hosts/**'
- 'modules/**'
push:
branches: [ master ]
paths:
- '**.nix'
- 'flake.lock'
- 'secrets/**'
- 'hosts/**'
- 'modules/**'
jobs:
build:
runs-on: nixos-builder
steps:
- name: Checkout
run: |
git clone -b "${{ github.head_ref || github.ref_name }}" \
https://gitea:${{ secrets.GITHUB_TOKEN }}@code.lazyworkhorse.net/gortium/infra.git .
git log --oneline -3
- name: Build NixOS config (lazyworkhorse)
run: |
nix --version
nh os build .#lazyworkhorse 2>&1

2
assets/compose

Submodule assets/compose updated: 6b82a26c25...d3f2e3b7b9

3
hosts/lazyworkhorse/configuration.nix
View File

@@ -207,6 +207,7 @@
ai = {
path = self + "/assets/compose/ai";
envFile = config.age.secrets.containers_env.path;
ports = [ 22000 ]; # Syncthing TCP sync
};
cloudstorage = {
@@ -474,7 +475,7 @@
services.openssh.settings = {
PermitRootLogin = "no";
MaxAuthTries = 3;
MaxSessions = 10;
MaxSessions = 20;
LoginGraceTime = 30;
ClientAliveInterval = 300;
ClientAliveCountMax = 2;

68
secrets/containers.env.age
View File

@@ -1,36 +1,36 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEdoTUQ4QSB5c1B3
anRidlRvdUIxUGZWVEw0VDQ5L1QzRHdlVHJHRDRvNEF6M2dNQVNrCk50aXF6ekxq
WnVCUXBZbEJsVk1BMmQvN2ZpNmp3ZHYvSUlvakN2VTdZUVkKLT4gMyR8Syh7ZyMt
Z3JlYXNlIFs3ezgmZDAKZ2hhNzZmU2wzdkNkTnliL0NiWWlQbnppcmRLdHZVYWdm
bG5LZ0p3Ci0tLSBMYmxYa0hCbnVham05dVo5eEJXTEhob2F1YXhzNlNoVXBwNmNz
M0RVS0xRCt2jk8SwZ4McFmBkWknNs0phZSD3deFAh1nvRE9fSp82yNG0SoFE8O8e
HaMP5fO1Y7gW7Nqvvtr0Fs2AXwxzLtVRc8+XYxDuhRY9Rq5w/VHaEt9fS2OQioml
hcTw3MhBGAN4JVhFz/lUOEO82jd3lKig95fGjA2SpwfxlAMhepe7OmJ4Hpe+QrPt
orXgJHG2Ssu2mLgpnIr3mYVXKfNMy9TUGkh5hM1qR2TidtcefExYegCesjRNmSw/
KVe8wTdF1dr+R+vQDGXZleLpLzKZHATw36+GxGUfpm6iWuDc3lBsjHrVVlm2mz7o
XM+bHDnnUHSFXhHh5gDIoRi/kI3w5b1F2psKXFAGOQq4osrYInoGdvMrGWDvhGZS
GbVyAoZKYOmlqjM/AY4vMc5N7ICsDJqugFi9fDSmckfgzvUYVbzuv7D+1gtmjAzi
+e/vhujRjE2xaD7kIeO6UFq0lZpMoQV3tX5kJG0OOuF1GlZzw22SUc67w25JNHSE
GRnm+MN7XfvtlRZyyYERMs6j829H6zOQL96YBpzxc1yx07K+SMKewHhbm4pyrcDD
dVZxNMHv+B+F2tw1KFMl+Go3pyQp0p+CgiSWUoyvBzK0BwZ7XXy93GWmuAN/dhpU
YhXIiqXgexN6a/0Z6OTah8xW1sr6EYvIGWnXdUUB+azEI2uykX00MO10szDJ/vkh
DZUafMtlgMKU+fBbM0Tr0QM1R30BWNJCjHgsoU7mxbyiuFYuyAC72T70z5WdQTst
jf4NJdc4FKOHA6ydLoyzi7ey05nxm8zquHW1kCwLVUMhvjUPbQhpWQbU8DvlB6l1
nGqWBUTqeorstDcvTTEjySPrp7PIUMj+Vt2MiFCQa5eh2sZWFJsYrA6CEtGFTpyU
og8rGtS7UBukgsp7rucLO8MYt0/ZauUcEg0jcbWc+KOWtC9MPedv6gTLfaxpk1xy
iY+7Y+H860Pt1WvVFYg9/0fj0wz92DqR08oWvOjR7+EekhacqAHfTm6PpLLKSeHw
M1D0dElJ6L1hkmHr88q7YwPfMzObmRbKh28ayeoLOprx3ezYr4t0qWWAKysvkkuo
uhvfqngZefj7CloVCaQVM0Du6p74wV5UEkxopJyMc3s4oEkauX2DgVHzb0NJ+a3n
KyatZoIEOK+yBDuRw9+c3FdxOmSc8EEdDPh5tXHOfixdxHlMXeNWo7VwtR7ThPcj
wRHwN9dgzW4AbYQAHKSOCGGqlhINYVxDviwhTT+PYB/w7x42id8aMW2KOhgGcVCD
fyQQJN5ANCxglu/T0+SmXikPQkuJqzOuE0+qqz1sMuKF3KLJB5ppys1Ygmpm27Up
oaqBa7JS4yJc53rPSEy4r10GqBbvYNDmcEWZilSrj5aTB7nhq+RVyTwmAU+qfLmK
NgGi05oyVGYBX135c6eXkEtKg1HiH5LkqkvLGIDYkAeiLmqXv6N7hGphBF7fdLXw
g8Anrn+JYaOc/6ZntCPLwm4cV4KE2hswSReHFrposb6M4/Kbx8Yf2iMx07IQ3v/R
z0sIihHjfOqLi3kafL4N0BDoLAQdjbxqkx1z0VcGVkPliS0mDro17b1KfxPsI04/
k6xTWoBQAhcCkH+NpT0VRNCM7f6aycsJekfakTRRqg5rwFimqReMSJcKCLZdoezi
iAIMHPqPW1+sjwA7Rroj3Th0NbC8vGJ47vobK8jQ4XgrwaUGhhloCTpAjzFLFTUS
YdiJN2qBQfABhxD9Owqo98HXDigqb9jhh/LrPYYDhtP6c4J+zz3+gPRiho7T03H3
kZ+YU3Q=
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEdoTUQ4QSBWNEpt
cGFNeVBBaDRqb3pLSEZGQW0wb3VmVnBoZCswUFkzbnBLUnJ0QTNrClRqVkk4RUVO
d29KYjd5YUcwankvaTFmVHUxQVpDT2ZYWHRaY3JXTUtQMU0KLT4gKXBtQ3UsXi1n
cmVhc2UgNnwxYCBXVyA/KCQmIHt9NAo3OTZVUHR2UXkvaEFwY0ZBdEJsaFpsbHJ0
cklKcDVHcEdWMEdPSkpnN0FiRU43RW5hUWFMdjR3WFRRSFBLSGlmClM3cTNJWlNM
TExkdHdXUHJISkNIaE1TTUxUc1NUWkV1a09HeFU3bVZwQXMKLS0tIGhOcXFTUElS
azJJNnEreUhMWTJBaVZGSTJPRUFqQkVYS01KRENUVVpZSDgK8+8onFejroBo7MeO
dW+so4lOsq4zJKn3f0cxmCFg1f0X8zt6h4Uc3A5Cvr1uU+6yw1FWmJ7xa3jJz3lO
EEaKQJXYC+xIIKGcA7qILa0SFp4a/4OuYjcg27HrlPhg7u5wDhQrd0LdVEe1Xngp
ZivX7P7HwIna3X8C+TL+K2v/AG2N/z86cdKfRvxyMKNbHhYw+CfHEnWgh8tJ++4h
G9evNniuNqte6cQaRe7jODfPNW4FuY/Sb7barlJ/M9iAQdYAdyLAzU1LABeHeUfD
wtHjxy9DUZ55Vg8bB8M2JJU9MkoRT4ewiVd9LeC1GWeVmKsm93wsmrov714i7U2j
wHtDkjqEF2MmzuQc18sjNaAHiwz8j6o5xU2L/Q4+Q707yISWG7RGZYh389Cr1rnw
siUq/Vunqw2wk13+J/4vu9nqt5mMktBaCtp+QiWIurjwB5LUAyChrSm+dg5lb0Mt
UhSc0lq1+E3vxAXM2Hmk+vP86VD+6WJvAU82VFApF1s6zG2FU1/AcOVVf54nan/q
f+rgSFfASHQCYSblUJHyEtwLNsWEmTGmOEn1buUKD/H0zatPQnc0rYpjlx2V0Sjd
6yB5+wPrZ0AkN1pjcsPKOv8Kaog2DzqIjib+SaSTaRxWHQEb9uzvaReAcYI5HOpE
gkC040HN33BItATbo4+hz70Im8Ni/VXD+g6yzM6Hj1hJL+PinTKeg5keQRFIZjMx
grzievB2wVBBgLgN3qMdTFmpplaL7iL702JjXZUTTK9Izp+9wiCsV1fTa53FWDht
ylFL5SWElqXjK+QBXxAe+Jk6VQov5HI21YDXL67S554ABeRok23wxrQ31TCI4xq9
PQV7VtNRjyVud7S29m3OwpWOsgTZhn+JclHj2v4bNJzJkJnZRTmcvGPktzRI5+R4
e5vxVhGnJDzI71txaHl8+xS1lu9VzCQUrxX6TXyTRV4KjIOz0g06JOBgmBRBvJca
7MZbC65xpisl/gyLRbgkVga3t94dPV+dpZsn8eq6427IyRbKslJefatggR9//c6I
5N5fl0fR3gJQMB+HRbipBH2YsdbdWJyb4Nn6STZxIfrqoG/xC6C1raF0xK7hUx6i
4DUDSPohM8fOIswQPfE+FH3eygfzu/Ln5+ghsgHTEhgFvmgMvyxaAt6kHIzIUhMX
M3dASr4VPDpIXuXsRWwYLEifhzxsuvwVxfwtsnCaR6XKijsYECWGDdYOWHdleeqx
wDPhxEesfFVhKxhrKY9Ir8k9/FFBKQU/3GjW4+SMAg5Al1YEzxshP9vKuVcsei7W
JDwAwotNXaCm6NBckiyZJE53ou6+gckPY7V9cOfnuH74Z9ywkFzB3HW3ZlonaGyM
oGmLGcccavFtyhg5s/As4i6X8ARIpDiwe59Pn3GNXMctySqIrrr2ogUoXgrfFCie
6GOTdeMW7GeOSdJUxCofghlspS/nq01Og77VI/beWYrIwLubSka6Zaltww9zgObk
/FGEMgFkEpq7iyCvYSPA8F46pJKvnMP3S84AWCPmcTcHeg4lwGPvs6btexXBGdoz
nkCyq7wdH5Nngm7jUbl88LtaLZPAQkuqXphBVTnrF9Ofbnb4iRZ2Op4xpx9rGyvx
mO6UEhL6V1i2YZFNkNMg/W8aoMiUgBdqbkxaxblT9L0aNdlFU9+LbWYolURVEadd
Qjv0Z1gMA+tsuBbVszwsMfneZ5+B9Q==
-----END AGE ENCRYPTED FILE-----