dendrify: comfy-station
This commit is contained in:
@@ -1,123 +0,0 @@
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
cfg = config.hive.gitea-instance;
|
||||
in {
|
||||
options.hive.gitea-instance = {
|
||||
enable = lib.mkEnableOption "Enable the Gitea instance";
|
||||
|
||||
instanceFQDN = lib.mkOption {
|
||||
type = lib.types.singleLineStr;
|
||||
example = "git.example.com";
|
||||
description = "Fully qualified domain name of the Gitea instance";
|
||||
};
|
||||
|
||||
databasePasswordFile = lib.mkOption {
|
||||
type = lib.types.path;
|
||||
example = "/etc/gitea-db-pass.txt";
|
||||
description = "Path to the file containing the Gitea database password";
|
||||
};
|
||||
nativeRunner = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
description = "Install a gitea act_runner using the native nix store";
|
||||
default = false;
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
# Gitea instance
|
||||
services.gitea = {
|
||||
enable = true;
|
||||
lfs.enable = true;
|
||||
appName = "Git yourself some Tea!";
|
||||
database = {
|
||||
name = "gitea";
|
||||
type = "postgres";
|
||||
passwordFile = cfg.databasePasswordFile;
|
||||
};
|
||||
settings = {
|
||||
server.PROTOCOL = "http+unix";
|
||||
server.ROOT_URL = "https://${cfg.instanceFQDN}/";
|
||||
server.DOMAIN = cfg.instanceFQDN;
|
||||
service.DISABLE_REGISTRATION = true;
|
||||
};
|
||||
};
|
||||
|
||||
# Fallback server with only 403
|
||||
services.nginx.virtualHosts.${config.networking.domain} = lib.mkDefault {
|
||||
default = true;
|
||||
locations."/".return = 403;
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
};
|
||||
|
||||
# Virtual host for gitea
|
||||
services.nginx.virtualHosts."${cfg.instanceFQDN}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://unix:/run/gitea/gitea.sock";
|
||||
};
|
||||
};
|
||||
|
||||
# Database setup
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
ensureDatabases = [config.services.gitea.user];
|
||||
ensureUsers = [
|
||||
{
|
||||
name = config.services.gitea.database.user;
|
||||
ensureDBOwnership = true;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
# act_runner
|
||||
services.gitea-actions-runner = lib.mkIf cfg.nativeRunner {
|
||||
instances.nixos-host = {
|
||||
enable = true;
|
||||
name = "nixos-host-runner";
|
||||
url = "https://${cfg.instanceFQDN}";
|
||||
tokenFile = "/var/lib/gitea-registration/nixos-host";
|
||||
|
||||
labels = ["nixos:host"];
|
||||
|
||||
settings = {
|
||||
runner = {
|
||||
capacity = 1;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
systemd.services.gitea-runner-nixos-host = lib.mkIf cfg.nativeRunner {
|
||||
after = ["gitea-runner-gen-token.service"];
|
||||
requires = ["gitea-runner-gen-token.service"];
|
||||
serviceConfig.Environment = ''
|
||||
PATH=/run/current-system/sw/bin:/usr/bin:/bin
|
||||
'';
|
||||
};
|
||||
systemd.services.gitea-runner-gen-token = lib.mkIf cfg.nativeRunner {
|
||||
wantedBy = ["multi-user.target"];
|
||||
after = ["gitea.service"];
|
||||
environment = {
|
||||
GITEA_CUSTOM = "/var/lib/gitea/custom";
|
||||
GITEA_WORK_DIR = "/var/lib/gitea";
|
||||
};
|
||||
script = ''
|
||||
set -euo pipefail
|
||||
token=$(${config.services.gitea.package}/bin/gitea actions generate-runner-token)
|
||||
echo "TOKEN=$token" > /var/lib/gitea-registration/nixos-host
|
||||
'';
|
||||
unitConfig.ConditionPathExists = ["!/var/lib/gitea-registration/nixos-host"];
|
||||
serviceConfig = {
|
||||
User = "gitea";
|
||||
Group = "gitea";
|
||||
StateDirectory = "gitea-registration";
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
Reference in New Issue
Block a user