dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

nixos/shill: Add Gitea

Browse Source
This commit is contained in:
Jack O'Sullivan 2023-11-13 08:14:16 +00:00
parent 4f8bdc1219
commit a94c778e10
7 changed files with 137 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
nixos/boxes/colony/vms/default.nix
View File

@ -167,6 +167,19 @@
}; };
frontend = "virtio-blk"; frontend = "virtio-blk";
} }
{
name = "git";
backend = {
driver = "host_device";
filename = "/dev/main/git";
discard = "unmap";
};
format = {
driver = "raw";
discard = "unmap";
};
frontend = "virtio-blk";
}
]); ]);
}; };

2
nixos/boxes/colony/vms/estuary/default.nix
View File

@ -459,6 +459,8 @@ in
table inet nat { table inet nat {
chain prerouting { chain prerouting {
${matchInet "meta l4proto { udp, tcp } th dport domain redirect to :5353" "estuary"} ${matchInet "meta l4proto { udp, tcp } th dport domain redirect to :5353" "estuary"}
ip daddr ${allAssignments.shill.internal.ipv4.address} tcp dport { http, https } dnat to ${allAssignments.middleman.internal.ipv4.address}
ip6 daddr ${allAssignments.shill.internal.ipv6.address} tcp dport { http, https } dnat to ${allAssignments.middleman.internal.ipv6.address}
} }
chain postrouting { chain postrouting {
ip saddr ${prefixes.all.v4} snat to ${assignments.internal.ipv4.address} ip saddr ${prefixes.all.v4} snat to ${assignments.internal.ipv4.address}

5
nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
View File

@ -390,6 +390,11 @@ in
}; };
useACMEHost = pubDomain; useACMEHost = pubDomain;
}; };
"git.${pubDomain}" = {
locations."/".proxyPass = "http://shill-vm.${domain}:3000";
useACMEHost = pubDomain;
};
}; };
minio = minio =

2
nixos/boxes/colony/vms/shill/default.nix
View File

@ -49,7 +49,7 @@ in
inherit (lib.my) networkdAssignment; inherit (lib.my) networkdAssignment;
in in
{ {
imports = [ "${modulesPath}/profiles/qemu-guest.nix" ./hercules.nix ]; imports = [ "${modulesPath}/profiles/qemu-guest.nix" ./hercules.nix ./gitea.nix ];
config = mkMerge [ config = mkMerge [
{ {

95
nixos/boxes/colony/vms/shill/gitea.nix Normal file
View File

@ -0,0 +1,95 @@
{ lib, pkgs, config, ... }:
let
inherit (lib.my.c) pubDomain;
inherit (lib.my.c.colony) prefixes;
in
{
config = {
fileSystems = {
"/var/lib/gitea" = {
device = "/dev/disk/by-label/git";
fsType = "ext4";
};
};
users = {
users.git = {
description = "Gitea Service";
home = config.services.gitea.stateDir;
useDefaultShell = true;
group = config.services.gitea.group;
isSystemUser = true;
};
groups.git = {};
};
services = {
gitea = {
enable = true;
user = "git";
group = "git";
appName = "/dev/player0 git";
stateDir = "/var/lib/gitea";
lfs.enable = true;
database = {
type = "postgres";
createDatabase = false;
host = "colony-psql";
user = "gitea";
passwordFile = config.age.secrets."gitea/db.txt".path;
};
mailerPasswordFile = config.age.secrets."gitea/mail.txt".path;
settings = {
server = {
DOMAIN = "git.${pubDomain}";
HTTP_ADDR = "::";
ROOT_URL = "https://git.${pubDomain}";
};
service = {
DISABLE_REGISTRATION = true;
ENABLE_NOTIFY_MAIL = true;
};
session = {
COOKIE_SECURE = true;
};
repository = {
DEFAULT_BRANCH = "master";
};
mailer = {
ENABLED = true;
PROTOCOL = "smtp+starttls";
SMTP_ADDR = "mail.nul.ie";
SMTP_PORT = 587;
USER = "git@nul.ie";
FROM = "Gitea <git@nul.ie>";
};
};
};
};
my = {
secrets = {
files =
let
ownedByGit = {
owner = "git";
group = "git";
};
in
{
"gitea/db.txt" = ownedByGit;
"gitea/mail.txt" = ownedByGit;
};
};
firewall.extraRules = ''
table inet filter {
chain input {
ip saddr ${prefixes.all.v4} tcp dport 3000 accept
ip6 saddr ${prefixes.all.v6} tcp dport 3000 accept
}
}
'';
};
};
}

10
secrets/gitea/db.txt.age Normal file
View File

@ -0,0 +1,10 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEJhUWxSZyBRK3Zp
OTVnQ2lZRzloWE1hYmxMYWZERDdXL0pTdFVGYUN3Vk0wbkhBWTFBCkg1YkVidmwy
ZVhDSWJOTXB6Qmw5OXNVU0RVUlFyQkE4MVE2eUp6ZXZBOHMKLT4gWDI1NTE5IG9u
YUMxZkhHc0RVZkQ3UEEvazArRnl5NGpvTkJPRWdFbm9qYzdjZjNZZ28KRU1FdmMz
cVlzbHRFWUZqbkw2Ry9QVXppTFdNRTIwWnJBYzc0NUxieUMvRQotPiAxbn4nYSxC
LWdyZWFzZSBNRyAxO0EgVDoKQklPUS93Ci0tLSBoTXhqZ2VjNTlOVzdBN25CeUdD
VFJtT2pDWi9taXh1SHpNTG9oeHJsbE9jCgGD+69tbzN5f1FlBBSMb/2GgJW2cmXI
97MXqA888ugf0vppdqy5yu+D4GdjoIvkKv0=
-----END AGE ENCRYPTED FILE-----

11
secrets/gitea/mail.txt.age Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEJhUWxSZyBGekxK
ZFVBQkpTeGtzcHJuektzS0hPUFBIelg5UzQvVzg3SXJmSE9NbG5nCjFMbDBMcmFw
dG9xaHpGV2RvZDg3WjRueTZtUGR3TnUyZE8yM1Rhdi83MGcKLT4gWDI1NTE5IGRu
Ry9ZNVIyWEYvcWhCOWx0eEVVcnFaYm5IK3Fhc1Z1Ykg0VDFEbE0wU28KcnFGN3Rs
bEtUazc3dkFCMEN2V2hTNFhlK2Z0OWQyNjNjaW5kbVU2OVozQQotPiAlfj84LWdy
ZWFzZSBNLzc9fUcgNi5nKCBdRk50dSB1ClJkdmx0VjVUK0o3cmxrY1JycktXVkFS
Yk10a3plZmsKLS0tIEVzUEhoUEE5TkZFK01BckxpZ0tKV2hZRERRbnFQUnlXRjQx
RExPb1B3dHMKUaxZI1wEt10kHnWMgn3Na0UVpn/bhGpwXpToyH0Gzdjy5mQiPvcl
X8RKm1wpkrLhXA==
-----END AGE ENCRYPTED FILE-----