foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-01-31 04:58:01 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

hosts/plover: update and re-enable Gitea service

Browse Source
This commit is contained in:
Gabriel Arazas 2024-10-02 21:16:39 +08:00
parent 88bb626d46
commit 7537f77e40
No known key found for this signature in database
GPG Key ID: 62104B43D00AA360
2 changed files with 23 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
configs/nixos/plover/default.nix
View File

@ -30,6 +30,7 @@
grafana.enable = true; grafana.enable = true;
# All of the self-hosted applications belong in here. # All of the self-hosted applications belong in here.
gitea.enable = true;
vaultwarden.enable = true; vaultwarden.enable = true;
}; };

61
configs/nixos/plover/modules/services/gitea.nix
View File

@ -10,7 +10,6 @@ let
codeForgeDomain = "code.${config.networking.domain}"; codeForgeDomain = "code.${config.networking.domain}";
giteaUser = config.users.users."${config.services.gitea.user}".name; giteaUser = config.users.users."${config.services.gitea.user}".name;
giteaDatabaseUser = config.services.gitea.user;
in in
{ {
options.hosts.plover.services.gitea.enable = options.hosts.plover.services.gitea.enable =
@ -19,17 +18,14 @@ in
config = lib.mkIf cfg.enable (lib.mkMerge [ config = lib.mkIf cfg.enable (lib.mkMerge [
{ {
sops.secrets = foodogsquaredLib.sops-nix.getSecrets ../../secrets/secrets.yaml { sops.secrets = foodogsquaredLib.sops-nix.getSecrets ../../secrets/secrets.yaml {
"gitea/db/password".owner = giteaUser; "gitea/smtp_password".owner = giteaUser;
"gitea/smtp/password".owner = giteaUser;
}; };
state.ports.gitea.value = 8432;
services.gitea = { services.gitea = {
enable = true; enable = true;
appName = "foodogsquared's code forge"; appName = "foodogsquared's code forge";
database = {
type = "postgres";
passwordFile = config.sops.secrets."gitea/db/password".path;
};
# Allow Gitea to take a dump. # Allow Gitea to take a dump.
dump = { dump = {
@ -40,14 +36,14 @@ in
# There are a lot of services in port 3000 so we'll change it. # There are a lot of services in port 3000 so we'll change it.
lfs.enable = true; lfs.enable = true;
mailerPasswordFile = config.sops.secrets."gitea/smtp/password".path; mailerPasswordFile = config.sops.secrets."gitea/smtp_password".path;
# You can see the available configuration options at # You can see the available configuration options at
# https://docs.gitea.io/en-us/config-cheat-sheet/. # https://docs.gitea.io/en-us/config-cheat-sheet/.
settings = { settings = {
server = { server = {
ROOT_URL = "https://${codeForgeDomain}"; ROOT_URL = "https://${codeForgeDomain}";
HTTP_PORT = 8432; HTTP_PORT = config.state.ports.gitea.value;
DOMAIN = codeForgeDomain; DOMAIN = codeForgeDomain;
}; };
@ -89,12 +85,12 @@ in
mailer = { mailer = {
ENABLED = true; ENABLED = true;
PROTOCOL = "smtp+starttls"; PROTOCOL = "smtp+starttls";
SMTP_ADDRESS = "smtp.sendgrid.net"; SMTP_ADDRESS = "mail.foodogsquared.one";
SMTP_PORT = 587; SMTP_PORT = 587;
USER = "apikey"; USER = "bot@foodogsquared.one";
FROM = "bot+gitea@foodogsquared.one"; FROM = "bot+gitea@foodogsquared.one";
SEND_AS_PLAIN_TEXT = true; SEND_AS_PLAIN_TEXT = true;
SENDMAIL_PATH = "${pkgs.system-sendmail}/bin/sendmail"; SENDMAIL_PATH = lib.getExe' pkgs.system-sendmail "sendmail";
}; };
# Reduce the logs to be filled with. You also have to keep in mind this # Reduce the logs to be filled with. You also have to keep in mind this
@ -111,7 +107,6 @@ in
session.COOKIE_SECURE = true; session.COOKIE_SECURE = true;
# Some more database configuration. # Some more database configuration.
database.SCHEMA = config.services.gitea.user;
# Run various periodic services. # Run various periodic services.
"cron.update_mirrors".SCHEDULE = "@every 3h"; "cron.update_mirrors".SCHEDULE = "@every 3h";
@ -148,6 +143,20 @@ in
} }
(lib.mkIf hostCfg.services.database.enable { (lib.mkIf hostCfg.services.database.enable {
sops.secrets = foodogsquaredLib.sops-nix.getSecrets ../../secrets/secrets.yaml {
"gitea/db_password".owner = giteaUser;
};
services.gitea.database = {
type = "postgres";
passwordFile = config.sops.secrets."gitea/db_password".path;
port = config.state.ports.postgresql.value;
};
services.gitea.settings.database = {
SCHEMA = config.services.gitea.user;
};
# Making sure this plays nicely with the database service of choice. Take # Making sure this plays nicely with the database service of choice. Take
# note, we're mainly using secure schema usage pattern here as described from # note, we're mainly using secure schema usage pattern here as described from
# the PostgreSQL documentation at # the PostgreSQL documentation at
@ -159,32 +168,6 @@ in
ensureDBOwnership = true; ensureDBOwnership = true;
}; };
}; };
# Setting up Gitea for PostgreSQL secure schema usage.
systemd.services.gitea = {
# Gitea service module will have to set up certain things first which is
# why we have to go first.
preStart =
let
gitea = lib.getExe' config.services.gitea.package "gitea";
giteaAdminUsername = lib.escapeShellArg "foodogsquared";
psql = lib.getExe' config.services.postgresql.package "psql";
in
lib.mkMerge [
(lib.mkBefore ''
# Setting up the appropriate schema for PostgreSQL secure schema usage.
${psql} -tAc "CREATE SCHEMA IF NOT EXISTS AUTHORIZATION ${giteaDatabaseUser};"
'')
(lib.mkAfter ''
# Setting up the administrator account automated.
${gitea} admin user list --admin | grep -q ${giteaAdminUsername} \
|| ${gitea} admin user create \
--username ${giteaAdminUsername} --email foodogsquared@${config.networking.domain} \
--random-password --random-password-length 76 --admin
'')
];
};
}) })
(lib.mkIf hostCfg.services.reverse-proxy.enable { (lib.mkIf hostCfg.services.reverse-proxy.enable {