diff --git a/flake.nix b/flake.nix index 82581f7..d7d7706 100644 --- a/flake.nix +++ b/flake.nix @@ -105,32 +105,16 @@ } ]; }; - forgejo = nixpkgs.lib.nixosSystem { - inherit system; - modules = [ - agenix.nixosModules.default - "${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix" - "${inputs.self}/systems/minimalLXCConfig.nix" - "${inputs.self}/services" - { - networking.hostName = "forgejo"; - services.vm_forgejo = { - enable = true; - pgsql_ip = pgsql_host; - }; - } - ]; - }; -# template = nixpkgs.lib.nixosSystem { -# inherit system; -# modules = [ -# agenix.nixosModules.default -# "${inputs.self}/systems/minimalVMConfig.nix" -# { -# networking.hostName = "nixos"; -# } -# ]; -# }; + # template = nixpkgs.lib.nixosSystem { + # inherit system; + # modules = [ + # agenix.nixosModules.default + # "${inputs.self}/systems/minimalVMConfig.nix" + # { + # networking.hostName = "nixos"; + # } + # ]; + # }; jellyfin = nixpkgs.lib.nixosSystem { inherit system; modules = [ diff --git a/secrets.nix b/secrets.nix index 28ea9d6..29bf405 100644 --- a/secrets.nix +++ b/secrets.nix @@ -2,12 +2,12 @@ let tbarnouin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxccGxdfOFXeEClqz3ULl94ubzaJnk4pUus+ek18G0B tbarnouin@nixos"; users = [tbarnouin]; + forgejo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF2NAam+nseSCzJV/1UTyO2LgMjx0xT7/vTOOi5EG9HV root@forgejo-runner"; grafana = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQxvO9vdd2f9aV4F3LEQrrTJaLwLvSLbLtjB9qNxc4z root@grafana"; onlyoffice = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGbnzv2/Or4XdQXLDjIbr7oIDTQEvgSMTX4aiNCQk4tC root@onlyoffice"; postgresql = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJW7qA7j1sICuu1RAfs9ifR9dmOlHq45tKu1ga7CKaob root@pgsql"; - forgejo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMf3Cc/S0p/LFcW+RLMEqpxOOv8q/HrKO4I9joHmRxl root@forgejo"; - systems = [grafana onlyoffice postgresql forgejo]; + systems = [forgejo grafana]; in { "secrets/initialPassword.age".publicKeys = users ++ systems; "services/grafana/secrets/grafana-db.age".publicKeys = [tbarnouin grafana]; @@ -15,9 +15,8 @@ in { "services/grafana/secrets/kuma-token.age".publicKeys = [tbarnouin grafana]; "services/onlyoffice/secrets/office-dbpass.age".publicKeys = [tbarnouin onlyoffice]; "services/onlyoffice/secrets/office-jwtpass.age".publicKeys = [tbarnouin onlyoffice]; - "services/forgejo/secrets/forgejoDBPass.age".publicKeys = [tbarnouin forgejo]; - "services/postgresql/secrets/nextcloudDBPass.age".publicKeys = [tbarnouin postgresql]; - "services/postgresql/secrets/giteaDBPass.age".publicKeys = [tbarnouin postgresql]; - "services/postgresql/secrets/authentikDBPass.age".publicKeys = [tbarnouin postgresql]; - "services/postgresql/secrets/grafanaDBPass.age".publicKeys = [tbarnouin postgresql]; + "services/postgresql/secrets/nextcloudDBPass.age".publicKeys = [ tbarnouin postgresql ]; + "services/postgresql/secrets/giteaDBPass.age".publicKeys = [ tbarnouin postgresql ]; + "services/postgresql/secrets/authentikDBPass.age".publicKeys = [ tbarnouin postgresql ]; + "services/postgresql/secrets/grafanaDBPass.age".publicKeys = [ tbarnouin postgresql ]; } diff --git a/services/default.nix b/services/default.nix index dd8f211..42fe9eb 100644 --- a/services/default.nix +++ b/services/default.nix @@ -1,7 +1,7 @@ {inputs, ...}: { imports = [ ./nginx - ./forgejo + ./gitea ./redis ./jellyfin ./nextcloud diff --git a/services/forgejo/secrets/forgejoDBPass.age b/services/forgejo/secrets/forgejoDBPass.age deleted file mode 100644 index a38d066..0000000 --- a/services/forgejo/secrets/forgejoDBPass.age +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBaeXE2 -ZWQ1VFdHZnVaL2ZMc0R0aGRRcC8rVlozdUxyRkpkV0NYbnJmY0JzCmdIS1dzdlYz -ZW5Wd25FREZHdjJBUkdMOHVlTUNQNWNNZG5HWE1HNE5lOFkKLT4gc3NoLWVkMjU1 -MTkgeHFteWpBIFJ4Z1hkUC9QT2ZiMjJMRVQxQ2ZoS016V0FLdHVaWkduYzFlK09V -YjhsaU0KRzB5L2hpRnJyUGZOVVd3ZFkycHRsVVdqME9sNHdiemRUeHBjb0NSbFo3 -NAotPiArdE8iIy1ncmVhc2UgekhEID5Sbl8gUydFIE86IltpCktRUm85QXltM3VJ -NjJ2M2hyZVVjL2V6R2s3N2dUNXErVVpLT3pSY1pVeTNydlYyMFNNWktnZmhVM3Fy -eSswOUgKdEVxcjk5S25BQnYrUG1JR01GSjNpc2FqTUtPT0JtV1hOV1B2dFV0WDI0 -dzNBeXZKZXZBTWNUV2l2SVQ5YWcKLS0tIFAvK09oWjduaDJiUkVGTXdETm5uaEVa -K3JOejBhRlJ1UE91S0ZoOXBSazQKn5G3rTSmRTYc8Z9R2pjuAWFnJ/CuNblQKgK/ -XjUtInmR6DDQpEvZaiuWXTM= ------END AGE ENCRYPTED FILE----- diff --git a/services/forgejo/default.nix b/services/gitea/default.nix similarity index 56% rename from services/forgejo/default.nix rename to services/gitea/default.nix index c2bf08c..eeb68c7 100644 --- a/services/forgejo/default.nix +++ b/services/gitea/default.nix @@ -4,32 +4,30 @@ lib, ... }: let - cfg = config.services.vm_forgejo; + cfg = config.services.vm_gitea; in { - options.services.vm_forgejo = { + options.services.vm_gitea = { enable = lib.mkEnableOption "Enable minimal config"; - pgsql_ip = lib.mkOption { + db_ip = lib.mkOption { type = lib.types.str; - description = "forgejo database IP address"; + description = "Gitea database IP address"; }; }; config = lib.mkIf cfg.enable { - services.forgejo = { + services.gitea = { enable = true; user = "tbarnouin"; settings = { server.HTTP_PORT = 3000; - server.DISABLE_SSH = true; - server.ROOT_URL = "https://git.le43.eu"; + server.ROOT_URL = "http://${config.services.vm.vm_ip}/"; service.DISABLE_REGISTRATION = true; }; database = { createDatabase = false; type = "postgres"; - host = "${cfg.pgsql_ip}"; - name = "gitea"; + host = "${cfg.db_ip}"; user = "gitea"; - passwordFile = "/run/secrets/forgejo/forgejo-dbpass"; + passwordFile = "/run/secrets/gitea/gitea-dbpass"; }; }; networking.firewall.allowedTCPPorts = [3000];