Compare commits

...

2 commits

Author SHA1 Message Date
Julius a423603e26
Gitea Lives! 2022-05-20 17:21:36 +02:00
Julius e9ce88b058
Add new gitea 2022-05-19 21:10:04 +02:00
7 changed files with 79 additions and 11 deletions

View file

@ -4,6 +4,7 @@
environment.systemPackages = with pkgs; [ git curl ];
programs.neovim.enable = true;
programs.neovim.viAlias = true;
programs.neovim.vimAlias = true;
programs.fish.shellInit = "set -U fish_greeting";
users.defaultUserShell = pkgs.fish;

View file

@ -77,11 +77,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1652559422,
"narHash": "sha256-jPVTNImBTUIFdtur+d4IVot6eXmsvtOcBm0TzxmhWPk=",
"lastModified": 1652881001,
"narHash": "sha256-k9JmPCojaJnqGz4aRXXT1HZqJKHCXijoMfBAb24abXk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "8b3398bc7587ebb79f93dfeea1b8c574d3c6dba1",
"rev": "2d474d6a4a43a0348b78db68dc00c491032cf5cf",
"type": "github"
},
"original": {

View file

@ -24,12 +24,12 @@
packages.x86_64-linux.register = let
lxc = nixos-generators.nixosGenerate {
pkgs = pkgs;
modules = [ ./machines/base.nix ];
modules = [ ./machines/base ];
format = "lxc";
};
metadata = nixos-generators.nixosGenerate {
pkgs = pkgs;
modules = [ ./machines/base.nix ];
modules = [ ./machines/base ];
format = "lxc-metadata";
};
in with import nixpkgs { system = "x86_64-linux"; };
@ -61,6 +61,14 @@
tags = [ "database" ];
};
};
gitea = {
imports = [ ./machines/gitea ];
deployment = {
targetUser = "jdejeu";
targetHost = "gitea.lxd";
tags = [ "website" "system" ];
};
};
};
devShells.x86_64-linux.default = pkgs.mkShell {

View file

@ -1,5 +1,5 @@
{ config, pkgs, ... }: {
imports = [ ../common ../common/lxc.nix ];
imports = [ ../../common ../../common/lxc.nix ];
networking.hostName = "base";
system.stateVersion = "21.11";
}

View file

@ -0,0 +1,40 @@
{ config, pkgs, ... }: {
imports = [ ../../common ../../common/lxc.nix ];
networking.hostName = "gitea";
system.stateVersion = "21.11";
environment.systemPackages = with pkgs; [ gnupg unzip ];
networking.firewall.enable = false;
networking.firewall.allowedTCPPorts = [ 3000 ];
services.openssh.permitRootLogin = "no";
services.openssh.passwordAuthentication = false;
# The db can only be accessed from the machine anyways
# so the password is just set to x
environment.etc.giteaPass = {
enable = true;
text = "x";
};
services.gitea = {
enable = true;
ssh = { clonePort = 4321; };
lfs.enable = true;
appName = "Voidcorp Gitea";
domain = "git.asraphiel.dev";
rootUrl = "https://git.asraphiel.dev/";
database = {
type = "postgres";
host = "postgres.lxd";
name = "gitea";
user = "gitea";
passwordFile = "/etc/giteaPass";
createDatabase = false;
};
cookieSecure = true;
disableRegistration = true;
};
}

View file

@ -17,6 +17,15 @@
enableACME = true;
root = "/etc/main";
};
virtualHosts."git.asraphiel.dev" = {
forceSSL = true;
enableACME = true;
http2 = true;
locations."/" = {
proxyPass = "http://gitea.lxd:3000/";
proxyWebsockets = true;
};
};
};
security.acme.email = "acme@voidcorp.nl";
security.acme.acceptTerms = true;

View file

@ -3,18 +3,28 @@
networking.hostName = "postgres";
system.stateVersion = "21.11";
environment.systemPackages = with pkgs; [ rsync ];
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 5432 ];
services.postgresql = {
enable = true;
package = pkgs.postgresql_13;
# yes scuffed, but technically lxd can do whatever with the ip's it gives
authentication = "host all all 10.0.0.0/24 trust";
authentication = ''
local all all trust
host all all 10.0.0.0/8 trust
host all all fd42:14c:5baf:51ec:216:3eff:fe6e:32a7/96 trust
'';
ensureDatabases = [ "gitea" ];
ensureUsers = [{
name = "gitea";
ensurePermissions = { "DATABASE \"gitea\"" = "ALL PRIVILEGES"; };
}];
ensureUsers = [
{
name = "gitea";
ensurePermissions = { "DATABASE \"gitea\"" = "ALL PRIVILEGES"; };
}
];
enableTCPIP = true;
};
}