harbor: add gitea
This commit is contained in:
parent
8fe0efde13
commit
feae35d04e
GPG Key ID:
4000EB35E1AE0F07
@ -18,6 +18,10 @@
|
|||||||
sopsFile = ../../secrets/harbor/wg.yaml;
|
sopsFile = ../../secrets/harbor/wg.yaml;
|
||||||
key = "privateKey";
|
key = "privateKey";
|
||||||
};
|
};
|
||||||
|
sops.secrets."gitea-db-pass" = {
|
||||||
|
sopsFile = ../../secrets/harbor/gitea.yaml;
|
||||||
|
key = "databasePassword";
|
||||||
|
};
|
||||||
|
|
||||||
# Configure nix and garbage collection
|
# Configure nix and garbage collection
|
||||||
nix = {
|
nix = {
|
||||||
@ -50,6 +54,9 @@
|
|||||||
};
|
};
|
||||||
|
|
||||||
# hive modules
|
# hive modules
|
||||||
|
hive.gitea-instance.enable = true;
|
||||||
|
hive.gitea-instance.instanceFQDN = "git.jroeger.de";
|
||||||
|
hive.gitea-instance.databasePasswordFile = config.sops.secrets.gitea-db-pass.path;
|
||||||
hive.nextcloud-instance.enable = true;
|
hive.nextcloud-instance.enable = true;
|
||||||
hive.nextcloud-instance.ssl = true;
|
hive.nextcloud-instance.ssl = true;
|
||||||
hive.nextcloud-instance.adminPasswordFile = config.sops.secrets.nextcloud-admin-pass.path;
|
hive.nextcloud-instance.adminPasswordFile = config.sops.secrets.nextcloud-admin-pass.path;
|
||||||
|
|||||||
@ -27,6 +27,7 @@
|
|||||||
./programs/games.nix
|
./programs/games.nix
|
||||||
./programs/spotify-shortcuts.nix
|
./programs/spotify-shortcuts.nix
|
||||||
./services/borg-server.nix
|
./services/borg-server.nix
|
||||||
|
./services/gitea-instance.nix
|
||||||
./services/kdeconnect.nix
|
./services/kdeconnect.nix
|
||||||
./services/nextcloud-instance.nix
|
./services/nextcloud-instance.nix
|
||||||
./services/virt-manager.nix
|
./services/virt-manager.nix
|
||||||
|
|||||||
70
modules/services/gitea-instance.nix
Normal file
70
modules/services/gitea-instance.nix
Normal file
@ -0,0 +1,70 @@
|
|||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
cfg = config.hive.gitea-instance;
|
||||||
|
in {
|
||||||
|
options.hive.gitea-instance = {
|
||||||
|
enable = lib.mkEnableOption "Enable the Gitea instance";
|
||||||
|
|
||||||
|
instanceFQDN = lib.mkOption {
|
||||||
|
type = lib.types.singleLineStr;
|
||||||
|
example = "git.example.com";
|
||||||
|
description = "Fully qualified domain name of the Gitea instance";
|
||||||
|
};
|
||||||
|
|
||||||
|
databasePasswordFile = lib.mkOption {
|
||||||
|
type = lib.types.path;
|
||||||
|
example = "/etc/gitea-db-pass.txt";
|
||||||
|
description = "Path to the file containing the Gitea database password";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
# Gitea instance
|
||||||
|
services.gitea = {
|
||||||
|
enable = true;
|
||||||
|
appName = "Git yourself some Tea!";
|
||||||
|
database = {
|
||||||
|
name = "gitea";
|
||||||
|
type = "postgres";
|
||||||
|
passwordFile = cfg.databasePasswordFile;
|
||||||
|
};
|
||||||
|
settings = {
|
||||||
|
server.PROTOCOL = "http+unix";
|
||||||
|
server.ROOT_URL = "https://${cfg.instanceFQDN}/";
|
||||||
|
server.DOMAIN = cfg.instanceFQDN;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Fallback server with only 403
|
||||||
|
services.nginx.virtualHosts.${config.networking.domain} = lib.mkDefault {
|
||||||
|
default = true;
|
||||||
|
locations."/".return = 403;
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Virtual host for gitea
|
||||||
|
services.nginx.virtualHosts."${cfg.instanceFQDN}" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://unix:/run/gitea/gitea.sock";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Database setup
|
||||||
|
services.postgresql = {
|
||||||
|
enable = true;
|
||||||
|
ensureDatabases = [config.services.gitea.user];
|
||||||
|
ensureUsers = [
|
||||||
|
{
|
||||||
|
name = config.services.gitea.database.user;
|
||||||
|
ensureDBOwnership = true;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
25
secrets/harbor/gitea.yaml
Normal file
25
secrets/harbor/gitea.yaml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
databasePassword: ENC[AES256_GCM,data:D0pt10IJXbmx5Fj/yvMxyPjVPGctrQ==,iv:OiBSQIr4/lLCAV2mlIBfIfiVT51SeTGU1xJustlXZes=,tag:6FRtjip5pR7PeaJXRw1DVw==,type:str]
|
||||||
|
sops:
|
||||||
|
age:
|
||||||
|
- recipient: age1wf0rq27v0n27zfy0es8ns3n25e2fdt063dgn68tt3f89rgrtu9csq4yhsp
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNMnU3bE51SGhMbnFJZitN
|
||||||
|
RGJTMVBndVBhVVFGTVhHTU5BbWxEVnBMRjM4CnNZTy94T3h5TlZlNFdFV3JKVzEw
|
||||||
|
R1Y4dzNOYnR4TE9GN3E0ejNjVklHUzgKLS0tIHd2YUdXRnBtaFVjdDlOVi9wVjRJ
|
||||||
|
MVFrRDc3VkwxTDBqZkJNbmtGYXJkOEUK2N0kZdgCYYmGdgTdozqMSfEPOtWvol9X
|
||||||
|
CqVW0cp4BbycA1yV14H555ywFkz2n9tp8vuapt7FP1guFGiVYxK5Wg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1expg8vyduf290pz7l4f3mjzvk9f0azfdn48pyjzs3m6p7v4qjq0qwtn36z
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtNXhsTzNrQkwyQnJXdU1x
|
||||||
|
ZHZMNkdqV1NzRnRwQktrRzMzenRnTDFwTmx3CnB2UDJUbUJvcE5zbzlqRlFtUjdt
|
||||||
|
MU1JNGlJOUtMUE1MQzhZdmF2M0I0c3MKLS0tICsxUTFTbm5udUMyRyt0VnprU3dG
|
||||||
|
c1N5VHJZY1JkSCtPTGdHQlI1QUxQZncKzHuz+/0jj/0AL2atUTw56fL8J3bKBNmg
|
||||||
|
hCIsy3SeMeNXs2KN/yka3mfvzoCHeqHRXhQr8MzTkHaGmUhCv5ix/A==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2025-10-20T22:17:16Z"
|
||||||
|
mac: ENC[AES256_GCM,data:hN0eKuZyls/R5fbL7+U5INi0cq/TYVdTR9PYqgsrPWJL+HtN6KA6ZpaWR27ZBLv9/zB6FHPTg2Js+RQqYE6CZP+0scIx4p5uUe+kUV3qfX3/ZL6wh0vHpn8Jv+Y2NE8OMTeztYSqSDfTgqxeOfY0AchgMFiwgNITDl0IBrPfRSY=,iv:nY5bDlzNGc3N1xU5Zgt/aBgcelfvO5JEuf3sMVNfS14=,tag:oAhw2ZjGA0/DEISS4aqvkA==,type:str]
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.11.0
|
||||||
Loading…
x
Reference in New Issue
Block a user