dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

nixos/shill: Add Gitea

Browse Source
This commit is contained in:
Jack O'Sullivan
2023-11-13 08:14:16 +00:00
parent 4f8bdc1219
commit a94c778e10
7 changed files with 137 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
nixos/boxes/colony/vms/default.nix
View File

@@ -167,6 +167,19 @@
};
frontend = "virtio-blk";
}
{
name = "git";
backend = {
driver = "host_device";
filename = "/dev/main/git";
discard = "unmap";
};
format = {
driver = "raw";
discard = "unmap";
};
frontend = "virtio-blk";
}
]);
};

2
nixos/boxes/colony/vms/estuary/default.nix
View File

@@ -459,6 +459,8 @@ in
table inet nat {
chain prerouting {
${matchInet "meta l4proto { udp, tcp } th dport domain redirect to :5353" "estuary"}
ip daddr ${allAssignments.shill.internal.ipv4.address} tcp dport { http, https } dnat to ${allAssignments.middleman.internal.ipv4.address}
ip6 daddr ${allAssignments.shill.internal.ipv6.address} tcp dport { http, https } dnat to ${allAssignments.middleman.internal.ipv6.address}
}
chain postrouting {
ip saddr ${prefixes.all.v4} snat to ${assignments.internal.ipv4.address}

5
nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
View File

@@ -390,6 +390,11 @@ in
};
useACMEHost = pubDomain;
};
"git.${pubDomain}" = {
locations."/".proxyPass = "http://shill-vm.${domain}:3000";
useACMEHost = pubDomain;
};
};
minio =

2
nixos/boxes/colony/vms/shill/default.nix
View File

@@ -49,7 +49,7 @@ in
inherit (lib.my) networkdAssignment;
in
{
imports = [ "${modulesPath}/profiles/qemu-guest.nix" ./hercules.nix ];
imports = [ "${modulesPath}/profiles/qemu-guest.nix" ./hercules.nix ./gitea.nix ];
config = mkMerge [
{

95
nixos/boxes/colony/vms/shill/gitea.nix Normal file
View File

@@ -0,0 +1,95 @@
{ lib, pkgs, config, ... }:
let
inherit (lib.my.c) pubDomain;
inherit (lib.my.c.colony) prefixes;
in
{
config = {
fileSystems = {
"/var/lib/gitea" = {
device = "/dev/disk/by-label/git";
fsType = "ext4";
};
};
users = {
users.git = {
description = "Gitea Service";
home = config.services.gitea.stateDir;
useDefaultShell = true;
group = config.services.gitea.group;
isSystemUser = true;
};
groups.git = {};
};
services = {
gitea = {
enable = true;
user = "git";
group = "git";
appName = "/dev/player0 git";
stateDir = "/var/lib/gitea";
lfs.enable = true;
database = {
type = "postgres";
createDatabase = false;
host = "colony-psql";
user = "gitea";
passwordFile = config.age.secrets."gitea/db.txt".path;
};
mailerPasswordFile = config.age.secrets."gitea/mail.txt".path;
settings = {
server = {
DOMAIN = "git.${pubDomain}";
HTTP_ADDR = "::";
ROOT_URL = "https://git.${pubDomain}";
};
service = {
DISABLE_REGISTRATION = true;
ENABLE_NOTIFY_MAIL = true;
};
session = {
COOKIE_SECURE = true;
};
repository = {
DEFAULT_BRANCH = "master";
};
mailer = {
ENABLED = true;
PROTOCOL = "smtp+starttls";
SMTP_ADDR = "mail.nul.ie";
SMTP_PORT = 587;
USER = "git@nul.ie";
FROM = "Gitea <git@nul.ie>";
};
};
};
};
my = {
secrets = {
files =
let
ownedByGit = {
owner = "git";
group = "git";
};
in
{
"gitea/db.txt" = ownedByGit;
"gitea/mail.txt" = ownedByGit;
};
};
firewall.extraRules = ''
table inet filter {
chain input {
ip saddr ${prefixes.all.v4} tcp dport 3000 accept
ip6 saddr ${prefixes.all.v6} tcp dport 3000 accept
}
}
'';
};
};
}