dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

nixos/gitea: Enable MinIO storage

Browse Source
This commit is contained in:
Jack O'Sullivan 2023-11-16 14:30:20 +00:00
parent cc00c7d20b
commit 5ddcf927e3
2 changed files with 41 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
nixos/boxes/colony/vms/shill/gitea.nix
View File

@ -23,6 +23,25 @@ in
groups.git = {}; groups.git = {};
}; };
systemd = {
services = {
gitea.preStart =
let
repSec = "${pkgs.replace-secret}/bin/replace-secret";
confPath = "${config.services.gitea.customDir}/conf/app.ini";
in
''
gitea_extra_setup() {
chmod u+w '${confPath}'
${repSec} '#miniosecret#' '${config.age.secrets."gitea/minio.txt".path}' '${confPath}'
chmod u-w '${confPath}'
}
(umask 027; gitea_extra_setup)
'';
};
};
services = { services = {
gitea = { gitea = {
enable = true; enable = true;
@ -72,6 +91,16 @@ in
PASSWORD = "#mailerpass#"; PASSWORD = "#mailerpass#";
REPLY_TO_ADDRESS = "git+%{token}@nul.ie"; REPLY_TO_ADDRESS = "git+%{token}@nul.ie";
}; };
storage = {
STORAGE_TYPE = "minio";
SERVE_DIRECT = true;
MINIO_ENDPOINT = "s3.${pubDomain}";
MINIO_ACCESS_KEY_ID = "gitea";
MINIO_SECRET_ACCESS_KEY = "#miniosecret#";
MINIO_BUCKET = "gitea";
MINIO_LOCATION = "eu-central-1";
MINIO_USE_SSL = true;
};
actions = { actions = {
ENABLED = true; ENABLED = true;
}; };
@ -91,6 +120,7 @@ in
{ {
"gitea/db.txt" = ownedByGit; "gitea/db.txt" = ownedByGit;
"gitea/mail.txt" = ownedByGit; "gitea/mail.txt" = ownedByGit;
"gitea/minio.txt" = ownedByGit;
}; };
}; };

11
secrets/gitea/minio.txt.age Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEJhUWxSZyBxbXBS
L0lhYVlEM0ZjdW9ESEFnSy9haDBDYk13SVU2VkF4c2VuclNwUkJrClRSei9aNVVU
V21CVi9wNWVDa1A0VUJVa3lkTmFGRktjTVQwTjFSUXNpb0EKLT4gWDI1NTE5IFZm
SmplRjRsSmx0WHNVRk1mZXdDa3BWSnFGckJab053N2x1MmsrZC9qd3MKUHdSY3lp
YVBqcGFvamF4ajFjeHpFMVN6U2FBTElVNlRlV2pBV2FSMTh1WQotPiAxKXl+PFIt
Z3JlYXNlIDdJTjYrICE4NnVIKD1jCjl3UjhGV1UyMUxxbVNXMXlmZXBNQlhXRlFh
R0lpQXFlSEUxUjdiNThUYVFpNU5zCi0tLSBjeVhQVnJHS0Fsb2drSHJGZWhsankv
MkJOY3g1WnBzS0doa2ZEbFRyaDU4CtUkWHxzTHEczny17RbpuuZphcdRdBjl+xHU
ysTSxxajA7yJ0u1l440nc3WC9Aikw3w=
-----END AGE ENCRYPTED FILE-----