From dbdb2036bfdf43f9b7063be1cfa78cf03d7e859c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9o=20Barnouin?= Date: Wed, 29 Jan 2025 10:14:33 +0100 Subject: [PATCH] Change gitea for forgejo --- flake.nix | 20 ++++++++++---------- secrets.nix | 13 +++++++------ services/default.nix | 2 +- services/{gitea => forgejo}/default.nix | 14 ++++++++------ services/forgejo/secrets/forgejoDBPass.age | 13 +++++++++++++ 5 files changed, 39 insertions(+), 23 deletions(-) rename services/{gitea => forgejo}/default.nix (63%) create mode 100644 services/forgejo/secrets/forgejoDBPass.age diff --git a/flake.nix b/flake.nix index d7d7706..d623df7 100644 --- a/flake.nix +++ b/flake.nix @@ -105,16 +105,16 @@ } ]; }; - # template = nixpkgs.lib.nixosSystem { - # inherit system; - # modules = [ - # agenix.nixosModules.default - # "${inputs.self}/systems/minimalVMConfig.nix" - # { - # networking.hostName = "nixos"; - # } - # ]; - # }; + template = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ + agenix.nixosModules.default + "${inputs.self}/systems/minimalVMConfig.nix" + { + networking.hostName = "nixos"; + } + ]; + }; jellyfin = nixpkgs.lib.nixosSystem { inherit system; modules = [ diff --git a/secrets.nix b/secrets.nix index 29bf405..28ea9d6 100644 --- a/secrets.nix +++ b/secrets.nix @@ -2,12 +2,12 @@ let tbarnouin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxccGxdfOFXeEClqz3ULl94ubzaJnk4pUus+ek18G0B tbarnouin@nixos"; users = [tbarnouin]; - forgejo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF2NAam+nseSCzJV/1UTyO2LgMjx0xT7/vTOOi5EG9HV root@forgejo-runner"; grafana = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQxvO9vdd2f9aV4F3LEQrrTJaLwLvSLbLtjB9qNxc4z root@grafana"; onlyoffice = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGbnzv2/Or4XdQXLDjIbr7oIDTQEvgSMTX4aiNCQk4tC root@onlyoffice"; postgresql = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJW7qA7j1sICuu1RAfs9ifR9dmOlHq45tKu1ga7CKaob root@pgsql"; + forgejo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMf3Cc/S0p/LFcW+RLMEqpxOOv8q/HrKO4I9joHmRxl root@forgejo"; - systems = [forgejo grafana]; + systems = [grafana onlyoffice postgresql forgejo]; in { "secrets/initialPassword.age".publicKeys = users ++ systems; "services/grafana/secrets/grafana-db.age".publicKeys = [tbarnouin grafana]; @@ -15,8 +15,9 @@ in { "services/grafana/secrets/kuma-token.age".publicKeys = [tbarnouin grafana]; "services/onlyoffice/secrets/office-dbpass.age".publicKeys = [tbarnouin onlyoffice]; "services/onlyoffice/secrets/office-jwtpass.age".publicKeys = [tbarnouin onlyoffice]; - "services/postgresql/secrets/nextcloudDBPass.age".publicKeys = [ tbarnouin postgresql ]; - "services/postgresql/secrets/giteaDBPass.age".publicKeys = [ tbarnouin postgresql ]; - "services/postgresql/secrets/authentikDBPass.age".publicKeys = [ tbarnouin postgresql ]; - "services/postgresql/secrets/grafanaDBPass.age".publicKeys = [ tbarnouin postgresql ]; + "services/forgejo/secrets/forgejoDBPass.age".publicKeys = [tbarnouin forgejo]; + "services/postgresql/secrets/nextcloudDBPass.age".publicKeys = [tbarnouin postgresql]; + "services/postgresql/secrets/giteaDBPass.age".publicKeys = [tbarnouin postgresql]; + "services/postgresql/secrets/authentikDBPass.age".publicKeys = [tbarnouin postgresql]; + "services/postgresql/secrets/grafanaDBPass.age".publicKeys = [tbarnouin postgresql]; } diff --git a/services/default.nix b/services/default.nix index 42fe9eb..dd8f211 100644 --- a/services/default.nix +++ b/services/default.nix @@ -1,7 +1,7 @@ {inputs, ...}: { imports = [ ./nginx - ./gitea + ./forgejo ./redis ./jellyfin ./nextcloud diff --git a/services/gitea/default.nix b/services/forgejo/default.nix similarity index 63% rename from services/gitea/default.nix rename to services/forgejo/default.nix index eeb68c7..28c4add 100644 --- a/services/gitea/default.nix +++ b/services/forgejo/default.nix @@ -4,30 +4,32 @@ lib, ... }: let - cfg = config.services.vm_gitea; + cfg = config.services.vm_forgejo; in { - options.services.vm_gitea = { + options.services.vm_forgejo = { enable = lib.mkEnableOption "Enable minimal config"; db_ip = lib.mkOption { type = lib.types.str; - description = "Gitea database IP address"; + description = "forgejo database IP address"; }; }; config = lib.mkIf cfg.enable { - services.gitea = { + services.forgejo = { enable = true; user = "tbarnouin"; settings = { server.HTTP_PORT = 3000; - server.ROOT_URL = "http://${config.services.vm.vm_ip}/"; + server.DISABLE_SSH = true; + server.ROOT_URL = "https://git.le43.eu"; service.DISABLE_REGISTRATION = true; }; database = { createDatabase = false; type = "postgres"; host = "${cfg.db_ip}"; + name = "gitea"; user = "gitea"; - passwordFile = "/run/secrets/gitea/gitea-dbpass"; + passwordFile = "/run/secrets/forgejo/forgejo-dbpass"; }; }; networking.firewall.allowedTCPPorts = [3000]; diff --git a/services/forgejo/secrets/forgejoDBPass.age b/services/forgejo/secrets/forgejoDBPass.age new file mode 100644 index 0000000..a38d066 --- /dev/null +++ b/services/forgejo/secrets/forgejoDBPass.age @@ -0,0 +1,13 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBaeXE2 +ZWQ1VFdHZnVaL2ZMc0R0aGRRcC8rVlozdUxyRkpkV0NYbnJmY0JzCmdIS1dzdlYz +ZW5Wd25FREZHdjJBUkdMOHVlTUNQNWNNZG5HWE1HNE5lOFkKLT4gc3NoLWVkMjU1 +MTkgeHFteWpBIFJ4Z1hkUC9QT2ZiMjJMRVQxQ2ZoS016V0FLdHVaWkduYzFlK09V +YjhsaU0KRzB5L2hpRnJyUGZOVVd3ZFkycHRsVVdqME9sNHdiemRUeHBjb0NSbFo3 +NAotPiArdE8iIy1ncmVhc2UgekhEID5Sbl8gUydFIE86IltpCktRUm85QXltM3VJ +NjJ2M2hyZVVjL2V6R2s3N2dUNXErVVpLT3pSY1pVeTNydlYyMFNNWktnZmhVM3Fy +eSswOUgKdEVxcjk5S25BQnYrUG1JR01GSjNpc2FqTUtPT0JtV1hOV1B2dFV0WDI0 +dzNBeXZKZXZBTWNUV2l2SVQ5YWcKLS0tIFAvK09oWjduaDJiUkVGTXdETm5uaEVa +K3JOejBhRlJ1UE91S0ZoOXBSazQKn5G3rTSmRTYc8Z9R2pjuAWFnJ/CuNblQKgK/ +XjUtInmR6DDQpEvZaiuWXTM= +-----END AGE ENCRYPTED FILE-----