cyplo
/
dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

rename gitea to forgejo, decontainerify

This commit is contained in:
Cyryl Płotnicki 2024-03-16 11:16:46 +00:00
parent be3e619c5e
commit 6441dc9cf1
4 changed files with 109 additions and 160 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
nixos/boxes/cupsnet/default.nix
View File

@ -1,10 +1,4 @@
{
config,
pkgs,
inputs,
lib,
...
}: {
{ config, pkgs, inputs, lib, ... }: {
imports = [
"${inputs.nixpkgs-stable}/nixos/modules/profiles/qemu-guest.nix"
../cli.nix
@ -13,7 +7,7 @@
./cryptpad.nix
./disks.nix
./foundryvtt.nix
./gitea.nix
./forgejo.nix
./mastodon.nix
./rss.nix
./ssh.nix

103
nixos/boxes/cupsnet/forgejo.nix Normal file
View File

@ -0,0 +1,103 @@
{ config, pkgs, inputs, lib, system, ... }:
let
unstable = inputs.nixpkgs-nixos-unstable;
package = unstable.legacyPackages."${system}".forgejo;
httpPort = 8083;
sshPort = 22;
domain = "git.cyplo.dev";
emailDomain = "peninsula.industries";
baseurl = "https://${domain}";
mailgunSmtpSecretName = "forgejo-mailgun-smtp-password";
mailgunSmtpPasswordPath = "/run/secrets/${mailgunSmtpSecretName}";
uid = 2051;
gid = 3051;
systemUserName = "forgejo";
systemGroupName = "forgejo";
users = {
users."${systemUserName}" = {
inherit uid;
isSystemUser = true;
isNormalUser = false;
group = systemGroupName;
};
groups."${systemGroupName}" = {
inherit gid;
members = [ "${systemUserName}" "nginx" ];
};
};
in {
imports =
[ ../nginx.nix "${unstable}/nixos/modules/services/misc/forgejo.nix" ];
disabledModules = [ "services/misc/forgejo.nix" ];
inherit users;
boot.kernel.sysctl = { "net.ipv4.ip_unprivileged_port_start" = 0; };
systemd.services.systemd-sysctl.enable = lib.mkForce true;
networking.firewall.allowedTCPPorts = [ sshPort ];
services.nginx = {
virtualHosts = {
"${domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:" + toString httpPort;
};
};
};
};
sops.secrets."${mailgunSmtpSecretName}" = {
sopsFile = ./mailgun.sops.yaml;
path = mailgunSmtpPasswordPath;
owner = systemUserName;
group = systemGroupName;
};
services.forgejo = {
enable = true;
inherit package;
user = systemUserName;
mailerPasswordFile = mailgunSmtpPasswordPath;
lfs.enable = true;
database.type = "sqlite3";
settings = {
service.DISABLE_REGISTRATION = true;
security.INSTALL_LOCK = true;
oauth2.ENABLE = false;
log.LEVEL = "Info";
actions.ENABLED = true;
"git.timeout" = {
DEFAULT = 600;
MIGRATE = 3600;
MIRROR = 3600;
CLONE = 600;
PULL = 600;
GC = 600;
};
"cron".ENABLED = true;
"cron.git_gc_repos".ENABLED = true;
"cron.delete_old_actions".ENABLED = true;
"cron.delete_old_system_notices".ENABLED = true;
"cron.gc_lfs".ENABLED = true;
server = {
ROOT_URL = baseurl;
DOMAIN = domain;
START_SSH_SERVER = true;
SSH_PORT = sshPort;
HTTP_PORT = httpPort;
SSH_LISTEN_PORT = sshPort;
DISABLE_SSH = false;
};
mailer = {
ENABLED = true;
FROM = "git.cyplo.dev <forgejo@${emailDomain}>";
PROTOCOL = "smtps";
SMTP_ADDR = "smtp.eu.mailgun.org";
SMTP_PORT = 465;
USER = "postmaster@${emailDomain}";
};
};
};
}

148
nixos/boxes/cupsnet/gitea.nix
View File

@ -1,148 +0,0 @@
{
config,
pkgs,
inputs,
lib,
system,
...
}: let
unstable = inputs.nixpkgs-nixos-unstable;
package = unstable.legacyPackages."${system}".forgejo;
httpPort = 8083;
sshPort = 22;
domain = "git.cyplo.dev";
emailDomain = "peninsula.industries";
baseurl = "https://${domain}";
path = "/var/lib/gitea";
mailgunSmtpSecretName = "gitea-mailgun-smtp-password";
mailgunSmtpPasswordPath = "/run/secrets/${mailgunSmtpSecretName}";
uid = 2051;
gid = 3051;
systemUserName = "gitea";
systemGroupName = "gitea";
users = {
users."${systemUserName}" = {
inherit uid;
isSystemUser = true;
isNormalUser = false;
group = systemGroupName;
};
groups."${systemGroupName}" = {
inherit gid;
members = ["${systemUserName}" "nginx"];
};
};
in {
imports = [../nginx.nix];
inherit users;
boot.kernel.sysctl = {"net.ipv4.ip_unprivileged_port_start" = 0;};
systemd.services.systemd-sysctl.enable = lib.mkForce true;
networking.firewall.allowedTCPPorts = [sshPort];
services.nginx = {
virtualHosts = {
"${domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:" + toString httpPort;
};
};
};
};
sops.secrets."${mailgunSmtpSecretName}" = {
sopsFile = ./mailgun.sops.yaml;
path = mailgunSmtpPasswordPath;
owner = systemUserName;
group = systemGroupName;
};
containers.gitea = {
autoStart = true;
forwardPorts = [
{
inherit httpPort;
containerPort = httpPort;
}
{
containerPort = sshPort;
hostPort = sshPort;
}
];
bindMounts = {
"${path}" = {
hostPath = "${path}";
isReadOnly = false;
};
"${mailgunSmtpPasswordPath}" = {
hostPath = "${mailgunSmtpPasswordPath}";
isReadOnly = true;
};
};
config = {
config,
pkgs,
lib,
...
}: {
system.stateVersion = "23.11";
users =
users
// {
mutableUsers = false;
allowNoPasswordLogin = true;
};
disabledModules = ["services/misc/gitea.nix"];
imports = ["${unstable}/nixos/modules/services/misc/gitea.nix"];
services.forgejo = {
enable = true;
inherit package;
stateDir = path;
user = systemUserName;
mailerPasswordFile = mailgunSmtpPasswordPath;
lfs.enable = true;
database.type = "sqlite3";
settings = {
service.DISABLE_REGISTRATION = true;
security.INSTALL_LOCK = true;
oauth2.ENABLE = false;
log.LEVEL = "Info";
actions.ENABLED = true;
"git.timeout" = {
DEFAULT = 600;
MIGRATE = 3600;
MIRROR = 3600;
CLONE = 600;
PULL = 600;
GC = 600;
};
"cron".ENABLED = true;
"cron.git_gc_repos".ENABLED = true;
"cron.delete_old_actions".ENABLED = true;
"cron.delete_old_system_notices".ENABLED = true;
"cron.gc_lfs".ENABLED = true;
server = {
ROOT_URL = baseurl;
DOMAIN = domain;
START_SSH_SERVER = true;
SSH_PORT = sshPort;
HTTP_PORT = httpPort;
SSH_LISTEN_PORT = sshPort;
DISABLE_SSH = false;
};
mailer = {
ENABLED = true;
FROM = "git.cyplo.dev <gitea@${emailDomain}>";
PROTOCOL = "smtps";
SMTP_ADDR = "smtp.eu.mailgun.org";
SMTP_PORT = 465;
USER = "postmaster@${emailDomain}";
};
};
};
};
};
}

8
nixos/boxes/cupsnet/mailgun.sops.yaml
View File

@ -1,4 +1,4 @@
gitea-mailgun-smtp-password: ENC[AES256_GCM,data:dIfcxK5ZQGNqnOfTdVI7FzR9RgP3Ao/bk7XDZULHby58MJumhESELRCkHgKhOSqTAQE=,iv:xjtVQEILVl+XFel+thoS8OvF/fpFYSNtt5MTRUhgyrI=,tag:TJPBQG4xsbHrcdXCbDdejg==,type:str]
forgejo-mailgun-smtp-password: ENC[AES256_GCM,data:bZfUTNOta/TuHpR1bsAHV8NFZSFgU1szzN9Ue/mzwMMGRqdh9ORUO8gIT+B3JMVEqNo=,iv:SVaMY2QK8lWGtLuUAXKWKxpfkRrvPBh3jhH9PFMFsuM=,tag:OwdGA0lieHTxe4GfDWqQXg==,type:str]
mastodon-mailgun-smtp-password: ENC[AES256_GCM,data:h2SSa/053BBIo3Y03TB+1SW6C9DFighMVgY1jzGcUZLhiZ/jd2YbTYlq83Nbb5GBZAY=,iv:9BJuVSfOC48K69kDLUjr1oK3g0xSKAxlzDI/py3STt8=,tag:DTE2OemwbZ0U59wF/9NQjA==,type:str]
sops:
kms: []
@ -96,8 +96,8 @@ sops:
cHhHRGJIRDlsMEp2RzgxTWkyaWovbkEKnEzQrhYmdxjwa8bDGgVnHBoNXrdb8JDy
EOkYPEiHlscMfsGnUhbujoLXEveIrLzukWgKcRNmS5fTyG4e2eP/cw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-01-01T16:13:02Z"
mac: ENC[AES256_GCM,data:YMQ2xiuiXoCAzuGGlm/KiEEjjZBHu7i+5Px2YibwSATBeEais9SZFqQx0qmIQw+VGdGAwVo8tQQ5Ikg5YJbHNEetanXbV1UJtMBBUb8m35lras+yXmeveOeKC/f46oa0DCPVuCDqkzEWOAk2NMZnfR5iuWBaZ6rvIhGnqlXodK8=,iv:UkTovxMi25Jfz8JzQE3W+Ar6w7ybBAJQG+9j6RWj/2M=,tag:RRSqNAv3OiMahG2oYZSJvA==,type:str]
lastmodified: "2024-03-16T11:03:13Z"
mac: ENC[AES256_GCM,data:XlpAHjvUnnz3NxZnNxlMGELsPjHL648fcs1mbP3KZQLthkLdERjT0BcuqKsY6X+s3CNEET18IKWGiBZPA+iFLAWAzHl+qNDm0WNZv05ECgz+BeNGH6e9FqqtSNIPmnSYfXqyHz/Psg1T5l+N6QK1dRl5PVeO8Bxs3G3H6iZgLOM=,iv:wswvHl6yK/BYW8zf53t18gYz5WNvULaRj2lyHVeuO2A=,tag:pJzh11seJQ64HCiIMhtzdQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3
version: 3.8.1