From 856cd79c374ba7b3556222abe680388613fc43fc Mon Sep 17 00:00:00 2001 From: schweby Date: Sat, 9 Jul 2022 19:36:24 +0200 Subject: [PATCH] init basic untested config --- hosts/parsons/configuration.nix | 1 + services/gitea.nix | 108 ++++++++++++++++++++++++++++++++ 2 files changed, 109 insertions(+) create mode 100644 services/gitea.nix diff --git a/hosts/parsons/configuration.nix b/hosts/parsons/configuration.nix index 937ea4a..c8aef57 100644 --- a/hosts/parsons/configuration.nix +++ b/hosts/parsons/configuration.nix @@ -17,6 +17,7 @@ ../../services/mail.nix ../../services/syncthing.nix ../../services/gitlab.nix + ../../services/gitea.nix ../../services/nginx-pages.nix ../../services/gitlab-runner.nix ../../services/lantifa.nix diff --git a/services/gitea.nix b/services/gitea.nix new file mode 100644 index 0000000..5db2d08 --- /dev/null +++ b/services/gitea.nix @@ -0,0 +1,108 @@ +{ config, lib, pkgs, profiles, modules, evalConfig, sources, ... }: + +{ + containers.gitea = { + privateNetwork = true; + hostAddress = "192.168.100.1"; + localAddress = "192.168.100.10"; + autoStart = true; + bindMounts = { + "/persist" = { + hostPath = "/persist/containers/gitea"; + isReadOnly = false; + }; + }; + path = (evalConfig { + hosts = { }; + groups = { }; + } ({ config, lib, pkgs, profiles, modules, sources, ... }: { + boot.isContainer = true; + networking.useDHCP = false; + users.users.root.hashedPassword = ""; + + imports = [ ((import sources.nix-hexchen) { }).profiles.nopersist ]; + + nixpkgs.config.allowUnfree = true; + networking.firewall.enable = false; + networking.defaultGateway = { + address = "192.168.100.1"; + interface = "eth0"; + }; + services.coredns = { + enable = true; + config = '' + .:53 { + forward . 1.1.1.1 + } + ''; + }; + services.gitea = { + enable = true; + appName = "0x0: git for all creatures"; + rootUrl = "https://git.infra4future.de/"; + httpAddress = "0.0.0.0"; + httpPort = 3000; + lfs.enable = true; + disableRegistration = true; + database.type = "postgres"; + cookieSecure = true; + log.level = "Info"; + # mailerPasswordFile = + # "/var/lib/secrets/noreply"; # see below for access permissions + # settings = { + # mailer = { + # ENABLED = true; + # HOST = "0x0.rip:465"; + # FROM = "noreply@0x0.rip"; + # ENVELOPE_FROM = "noreply@0x0.rip"; + # USER = "noreply@0x0.rip"; + + # }; + repository = { + DEFAULT_PRIVATE = "public"; + PREFERRED_LICENSES = "Unlicense"; + DEFAULT_BRANCH = "main"; + }; + "repository.pull-requests" = { + DEFAULT_MERGE_STYLE = "merge"; + DEFAULT_MERGE_MESSAGE_ALL_AUTHORS = true; + }; + "repository.upload".FILE_MAX_SIZE = 1024; + server = { + LANDING_PAGE = "explore"; + OFFLINE = true; + }; + security = { INSTALL_LOCK = true; }; + other = { + SHOW_FOOTER_VERSION = false; + SHOW_FOOTER_TEMPLATE_LOAD_TIME = false; + }; + cron = { + ENABLED = true; + NOTICE_ON_SUCCESS = true; + }; + "cron.update_mirrors" = { + SCHEDULE = "@every 12h"; + PULL_LIMIT = "-1"; + PUSH_LIMIT = "-1"; + }; + "cron.git_gc_repos".ENABLED = true; + "cron.delete_old_actions".ENABLED = true; + }; + services.postgresqlBackup = { + enable = true; + databases = [ "gitea" ]; + startAt = "*-*-* 23:45:00"; + location = "/persist/backups/postgres"; + }; + })).config.system.build.toplevel; + }; + + services.nginx.virtualHosts."git.infra4future.de" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://${config.containers.gitea.localAddress}:3000"; + }; + }; +}