nx2/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nx2site002 (unready)

Browse Source
This commit is contained in:
Lennart J. Kurzweg (Nx2)
2024-11-15 14:10:48 +01:00
parent e26ac7cbe2
commit 6a7d8fe4be
6 changed files with 193 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
configuration.nix
View File

@@ -42,7 +42,7 @@
./system-modules/postgres.nix ./system-modules/postgres.nix
./system-modules/nx2site/proxy.nix ./system-modules/nx2site/proxy.nix
# ./system-modules/nx2site/gitea.nix # ./system-modules/nx2site/gitea.nix
# ./system-modules/nx2site/vaultwarden.nix ./system-modules/nx2site/vaultwarden.nix
] else []); ] else []);
# Set your time zone. # Set your time zone.
@@ -99,6 +99,7 @@
blueman blueman
dmidecode dmidecode
file file
cowsay
# ]) ++ (with pkgs-unstable; [ # ]) ++ (with pkgs-unstable; [
# # sendme # # sendme
]); ]);

5
sops-secrets.yaml
View File

File diff suppressed because one or more lines are too long

159
system-modules/nx2site/gitea.nix
View File

@@ -1,12 +1,16 @@
{ config, pkgs-unstable, domain, ... }: { config, pkgs, lib, domain, ... }:
{ {
sops.secrets = { sops.secrets = {
"postgres-pw" = { owner = "gitea"; }; "postgres-pw" = { owner = config.services.gitea.user; };
}; };
environment.systemPackages = with pkgs; [
gitea
];
services.gitea = { services.gitea = {
enable = true; enable = true;
package = pkgs-unstable.gitea; package = pkgs.gitea;
group = "gitea"; # default group = "gitea"; # default
user = "gitea"; # default user = "gitea"; # default
appName = "NxGit"; appName = "NxGit";
@@ -26,20 +30,20 @@
name = "gitea"; # default name = "gitea"; # default
user = "gitea"; # default user = "gitea"; # default
}; };
dump = { # dump = {
enable = true; # enable = true;
backupDir = "${config.services.gitea.stateDir}/dump"; # default # backupDir = "${config.services.gitea.stateDir}/dump"; # default
file = null; # default # file = null; # default
interval = "daily"; # interval = "daily";
type = "zip"; # default # type = "zip"; # default
}; # };
extraConfig = null; # default # extraConfig = null; # default
lfs = { # lfs = {
enable = false; # default # enable = false; # default
contentDir = "${config.services.gitea.stateDir}/data/lfs"; # default # contentDir = "${config.services.gitea.stateDir}/data/lfs"; # default
}; # };
mailerPasswordFile = null; # default # mailerPasswordFile = null; # default
metricsTokenFile = null; # default # metricsTokenFile = null; # default
repositoryRoot = "${config.services.gitea.stateDir}/repositories"; # default repositoryRoot = "${config.services.gitea.stateDir}/repositories"; # default
settings = { settings = {
log = { log = {
@@ -47,17 +51,17 @@
# LEVEL = "Error"; # LEVEL = "Error";
ROOT_PATH = "${config.services.gitea.stateDir}/log"; # default ROOT_PATH = "${config.services.gitea.stateDir}/log"; # default
}; };
i18n = { # i18n = {
LANGS = "en-US"; # LANGS = "en-US";
}; # };
server = { server = {
DISABLE_SSH = false; # default DISABLE_SSH = false; # default
SSH_PORT = 20022; SSH_PORT = 20022;
DOMAIN = "pw2.${domain}"; # DOMAIN = "pw2.${domain}";
HTTP_ADDR = "http://${config.services.gitea.settings.server.DOMAIN}:${toString config.services.gitea.settings.server.HTTP_PORT}/"; # HTTP_ADDR = "${config.services.gitea.settings.server.DOMAIN}:${toString config.services.gitea.settings.server.HTTP_PORT}/";
HTTP_PORT = 3000; # default # HTTP_PORT = 3000; # default
PROTOCOL = "http"; # default # PROTOCOL = "http"; # default
ROOT_URL = "https:pw2.${domain}/"; # default # ROOT_URL = "https:pw2.${domain}/"; # default
STATIC_ROOT_PATH = "${config.services.gitea.stateDir}/static"; STATIC_ROOT_PATH = "${config.services.gitea.stateDir}/static";
}; };
session = { session = {
@@ -69,3 +73,108 @@
}; };
}; };
} }
# APP_NAME = Gitea: Git with a cup of tea
# RUN_MODE = prod
# RUN_USER = git
# WORK_PATH = /data/gitea
# [repository]
# ROOT = /data/git/repositories
# ENABLE_PUSH_CREATE_ORG = true
# ENABLE_PUSH_CREATE_USER = true
# [repository.local]
# LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
# [repository.upload]
# TEMP_PATH = /data/gitea/uploads
# [server]
# APP_DATA_PATH = /data/gitea
# DOMAIN = git.nx2.site
# SSH_DOMAIN = git.nx2.site
# HTTP_PORT = 3000
# ROOT_URL = https://git.nx2.site/
# DISABLE_SSH = false
# SSH_PORT = 22
# SSH_LISTEN_PORT = 22
# LFS_START_SERVER = true
# LFS_JWT_SECRET = aitnnoway
# OFFLINE_MODE = false
# [database]
# PATH = /data/gitea/gitea.db
# DB_TYPE = postgres
# HOST = giteadb:5432
# NAME = gitea
# USER = gitea
# PASSWD = -lkjlkj
# LOG_SQL = false
# SCHEMA =
# SSL_MODE = disable
# [indexer]
# ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
# [session]
# PROVIDER_CONFIG = /data/gitea/sessions
# PROVIDER = file
# [picture]
# AVATAR_UPLOAD_PATH = /data/gitea/avatars
# REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
# [attachment]
# PATH = /data/gitea/attachments
# [log]
# MODE = console
# LEVEL = info
# ROOT_PATH = /data/gitea/log
# [security]
# INSTALL_LOCK = true
# SECRET_KEY =
# REVERSE_PROXY_LIMIT = 1
# REVERSE_PROXY_TRUSTED_PROXIES = *
# INTERNAL_TOKEN = faaaaakeeyJuYmYiOjE3MTMxMTAzMjN9.iliwlrfZDTb8oL296gpXRYhC-6_AJdjePO7dk3NT-PE
# PASSWORD_HASH_ALGO = pbkdf2
# [service]
# DISABLE_REGISTRATION = true
# REQUIRE_SIGNIN_VIEW = false
# REGISTER_EMAIL_CONFIRM = false
# ENABLE_NOTIFY_MAIL = false
# ALLOW_ONLY_EXTERNAL_REGISTRATION = false
# ENABLE_CAPTCHA = false
# DEFAULT_KEEP_EMAIL_PRIVATE = false
# DEFAULT_ALLOW_CREATE_ORGANIZATION = true
# DEFAULT_ENABLE_TIMETRACKING = true
# NO_REPLY_ADDRESS = noreply.nx2.site
# [lfs]
# PATH = /data/git/lfs
# [mailer]
# ENABLED = true
# SMTP_ADDR = smtp.gmail.com
# SMTP_PORT = 587
# FROM = git@nx2.site
# USER = lennart.kurzweg.lk@gmail.com
# PASSWD = "ihh"
# [openid]
# ENABLE_OPENID_SIGNIN = true
# ENABLE_OPENID_SIGNUP = false
# [cron.update_checker]
# ENABLED = false
# [repository.pull-request]
# DEFAULT_MERGE_STYLE = merge
# [repository.signing]
# DEFAULT_TRUST_MODEL = committer
# [oauth2]
# JWT_SECRET = redavt

7
system-modules/nx2site/proxy.nix
View File

@@ -110,7 +110,9 @@
}; };
"pw2.${domain}" = vh // { "pw2.${domain}" = vh // {
listen = dl; listen = dl;
locations = let d = "127.0.0.1:3000"; in { locations = let
d = with config.services.vaultwarden.config; "${ROCKET_ADDRESS}:${builtins.toString ROCKET_PORT}";
in {
"/" = { proxyPass = "http://${d}"; }; "/" = { proxyPass = "http://${d}"; };
"/admin" = { proxyPass = "http://${d}"; }; "/admin" = { proxyPass = "http://${d}"; };
"/notifications/hub" = { proxyPass = "http://${d}"; }; "/notifications/hub" = { proxyPass = "http://${d}"; };
@@ -126,8 +128,9 @@
locations = { "/" = { proxyPass = "http://git.docker:3000"; }; }; locations = { "/" = { proxyPass = "http://git.docker:3000"; }; };
}; };
"git2.${domain}" = vh // { "git2.${domain}" = vh // {
http2 = false;
listen = dl; listen = dl;
locations = { "/" = { proxyPass = "http://127.0.0.1:8222"; }; }; locations = { "/" = { proxyPass = "http://127.0.0.1:3000"; }; };
}; };
"~^(.*).${domain}$" = { "~^(.*).${domain}$" = {
listen = dl; listen = dl;

43
system-modules/nx2site/vaultwarden.nix
View File

@@ -0,0 +1,43 @@
{ config, pkgs, secrets, domain, ... }:
{
sops.secrets = {
"nx2site/vaultwarden.env" = {
owner = "vaultwarden";
};
};
services.vaultwarden = {
enable = true;
package = pkgs.vaultwarden;
webVaultPackage = pkgs.vaultwarden.webvault;
dbBackend = "postgresql";
# backupDir = "/var/backup/vaultwarden";
environmentFile = config.sops.secrets."nx2site/vaultwarden.env".path;
config = {
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222;
DATABASE_URL = "@DATABASE_URL@";
# DATABASE_URL = "postgresql://vaultwarden:fakepw123@127.0.0.1:5432/vaultwarden";
SMTP_HOST = "smtp.gmail.com";
SMTP_FROM = secrets.email.gmail-online.mail;
SMTP_PORT = 587;
SMTP_SECURITY = "starttls";
SMTP_USERNAME = secrets.email.gmail-online.mail;
SMTP_PASSWORD = "@SMTP_PASSWORD@";
LOGIN_RATELIMIT_MAX_BURST = 10;
LOGIN_RATELIMIT_SECONDS = 60;
DOMAIN = "https://pw2.${domain}";
INVITATION_ORG_NAME = "NxPW";
INVITATIONS_ALLOWED = true;
ADMIN_TOKEN = "@ADMIN_TOKEN@";
SIGNUPS_ALLOWED = false;
SIGNUPS_VERIFY = true;
SIGNUPS_VERIFY_RESEND_TIME = 3600;
SIGNUPS_VERIFY_RESEND_LIMIT = 6;
EMERGENCY_ACCESS_ALLOWED = true;
SENDS_ALLOWED = true;
WEB_VAULT_ENABLED = true;
};
};
}

8
system-modules/postgres.nix
View File

@@ -23,7 +23,7 @@
# recoveryConfig = null; # recoveryConfig = null;
ensureDatabases = [ ensureDatabases = [
"gitea" "gitea"
# "vaultwarden" "vaultwarden"
]; ];
settings = { settings = {
port = 5432; # default port = 5432; # default
@@ -48,7 +48,11 @@
{ {
# as liong as there is no declarative user management you gotta set a pw by hand # as liong as there is no declarative user management you gotta set a pw by hand
# sudo -u postgres psql -c "ALTER USER gitea PASSWORD 'new-passwd';" # sudo -u postgres psql -c "ALTER USER gitea PASSWORD 'new-passwd';"
name = "gitea"; name = "gitea";
ensureDBOwnership = true;
}
{
name = "vaultwarden";
ensureDBOwnership = true; ensureDBOwnership = true;
} }
]; ];