dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

nixos/git: Fix container network access
Some checks failed
CI / Check, build and cache Nix flake (push) Failing after 1m46s
Details

Browse Source
This commit is contained in:
Jack O'Sullivan 2023-12-09 17:19:18 +00:00
parent 54f628d3a5
commit 22cdbd47fd
2 changed files with 27 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
nixos/boxes/colony/vms/git/default.nix
View File

@ -84,6 +84,7 @@ in
oci-containers = {
backend = "podman";
};
containers.containersConf.settings.network.default_subnet = "10.88.0.0/16";
};
systemd.network = {
@ -108,7 +109,13 @@ in
firewall = {
tcp.allowed = [ 19999 ];
trustedInterfaces = [ "oci" ];
extraRules = ''
table inet filter {
chain forward {
ip saddr 10.88.0.0/16 accept
}
}
'';
};
};
}

32
nixos/boxes/colony/vms/git/gitea.nix
View File

@ -1,5 +1,6 @@
{ lib, pkgs, config, assignments, allAssignments, ... }:
let
inherit (lib) mkMerge;
inherit (lib.my.c) pubDomain;
inherit (lib.my.c.colony) prefixes;
in
@ -37,20 +38,25 @@ in
wantedBy = [ "multi-user.target" ];
};
gitea.preStart =
let
repSec = "${pkgs.replace-secret}/bin/replace-secret";
confPath = "${config.services.gitea.customDir}/conf/app.ini";
in
''
gitea_extra_setup() {
chmod u+w '${confPath}'
${repSec} '#miniosecret#' '${config.age.secrets."gitea/minio.txt".path}' '${confPath}'
chmod u-w '${confPath}'
}
gitea = mkMerge [
(lib.my.systemdAwaitPostgres pkgs.postgresql "colony-psql")
{
preStart =
let
repSec = "${pkgs.replace-secret}/bin/replace-secret";
confPath = "${config.services.gitea.customDir}/conf/app.ini";
in
''
gitea_extra_setup() {
chmod u+w '${confPath}'
${repSec} '#miniosecret#' '${config.age.secrets."gitea/minio.txt".path}' '${confPath}'
chmod u-w '${confPath}'
}
(umask 027; gitea_extra_setup)
'';
(umask 027; gitea_extra_setup)
'';
}
];
};
};