harbor: add gitea

Upgrade Gen109 @ 2025-10-19-14:30:21 by jonas@monolith
System Gen108 @ 2025-10-19-14:15:06 by jonas@monolith
2025-10-21 00:37:23 +02:00 · 2025-10-19 14:30:22 +02:00 · 2025-10-19 14:15:07 +02:00 · 2025-10-19 14:10:22 +02:00 · 2025-10-17 14:46:01 +02:00 · 2025-10-15 00:49:13 +02:00
8 changed files with 169 additions and 47 deletions
--- a/flake.lock
+++ b/flake.lock
@ -20,11 +20,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1755946532,
-        "narHash": "sha256-POePremlUY5GyA1zfbtic6XLxDaQcqHN6l+bIxdT5gc=",
+        "lastModified": 1759499898,
+        "narHash": "sha256-UNzYHLWfkSzLHDep5Ckb5tXc0fdxwPIrT+MY4kpQttM=",
        "owner": "hyprwm",
        "repo": "aquamarine",
-        "rev": "81584dae2df6ac79f6b6dae0ecb7705e95129ada",
+        "rev": "655e067f96fd44b3f5685e17f566b0e4d535d798",
        "type": "github"
      },
      "original": {
@ -41,11 +41,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1757578366,
-        "narHash": "sha256-gPxQdaX0sP/ddT1g/TFHstcvBSGFnrrDHNaU9WBGnRc=",
+        "lastModified": 1759439824,
+        "narHash": "sha256-bOmAhQG3Ek2ZpNcnkFo3yiGeSmklk1uLm09BwDdnpWM=",
        "owner": "polygon",
        "repo": "audio.nix",
-        "rev": "598aacc9542ca3f933fd7b63821587c566568e18",
+        "rev": "8595d27a844a11bd14819de330ce6c9f724923bb",
        "type": "github"
      },
      "original": {
@ -82,11 +82,11 @@
      },
      "locked": {
        "dir": "pkgs/firefox-addons",
-        "lastModified": 1758427412,
-        "narHash": "sha256-VbVedyzFU0URoEccHZOzZI3tuCVfGFz12F1/bFdDyAk=",
+        "lastModified": 1760846615,
+        "narHash": "sha256-ept30QIKVAx/f7fHBGIfCPhPdZNd4yaBTq2Frz1LkFM=",
        "owner": "rycee",
        "repo": "nur-expressions",
-        "rev": "72d7daed5a5e07593b70a3ab26ad0fdecadc49c3",
+        "rev": "afeaf06f6cbc7fd65e8cdbe53ddf3f3c643b36d1",
        "type": "gitlab"
      },
      "original": {
@ -216,11 +216,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1758192433,
-        "narHash": "sha256-CR6RnqEJSTiFgA6KQY4TTLUWbZ8RBnb+hxQqesuQNzQ=",
+        "lastModified": 1759490292,
+        "narHash": "sha256-T6iWzDOXp8Wv0KQOCTHpBcmAOdHJ6zc/l9xaztW6Ivc=",
        "owner": "hyprwm",
        "repo": "hyprgraphics",
-        "rev": "c44e749dd611521dee940d00f7c444ee0ae4cfb7",
+        "rev": "9431db625cd9bb66ac55525479dce694101d6d7a",
        "type": "github"
      },
      "original": {
@ -247,11 +247,11 @@
        "xdph": "xdph"
      },
      "locked": {
-        "lastModified": 1758383869,
-        "narHash": "sha256-L93loAJMQzETzHt4zkaKeKgKyMiV1HvGeFCmr6jW2Xg=",
+        "lastModified": 1760874867,
+        "narHash": "sha256-w2JettCPyqWKMYoJRCTc5/nsSvGrSV9jG4kbn8Q0pZk=",
        "owner": "hyprwm",
        "repo": "Hyprland",
-        "rev": "41dad381770300fe1015ad8cdd1f370a8fd4e5d5",
+        "rev": "59ff7b2f891d06f4097128faf7027a3863542167",
        "type": "github"
      },
      "original": {
@ -277,11 +277,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1758382384,
-        "narHash": "sha256-tF9YAZlU8WrtLhEeB7p/TEwZrUM5P6JQ1q4giLh8YZ8=",
+        "lastModified": 1760659005,
+        "narHash": "sha256-wyS6tXYJuzbwckOeaCoRtT4qIG2UZ0YvSZx7EBNjTV0=",
        "owner": "hyprwm",
        "repo": "hyprland-plugins",
-        "rev": "c8b2be350290e77e5cb8d482cde6b4c7e7f62099",
+        "rev": "a5a6f93d72d5fb37e78b98c756cfd8b340e71a19",
        "type": "github"
      },
      "original": {
@ -370,11 +370,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1757694755,
-        "narHash": "sha256-j+w5QUUr2QT/jkxgVKecGYV8J7fpzXCMgzEEr6LG9ug=",
+        "lastModified": 1759080228,
+        "narHash": "sha256-RgDoAja0T1hnF0pTc56xPfLfFOO8Utol2iITwYbUhTk=",
        "owner": "hyprwm",
        "repo": "hyprland-qtutils",
-        "rev": "5ffdfc13ed03df1dae5084468d935f0a3f2c9a4c",
+        "rev": "629b15c19fa4082e4ce6be09fdb89e8c3312aed7",
        "type": "github"
      },
      "original": {
@ -399,11 +399,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1756810301,
-        "narHash": "sha256-wgZ3VW4VVtjK5dr0EiK9zKdJ/SOqGIBXVG85C3LVxQA=",
+        "lastModified": 1758927902,
+        "narHash": "sha256-LZgMds7M94+vuMql2bERQ6LiFFdhgsEFezE4Vn+Ys3A=",
        "owner": "hyprwm",
        "repo": "hyprlang",
-        "rev": "3d63fb4a42c819f198deabd18c0c2c1ded1de931",
+        "rev": "4dafa28d4f79877d67a7d1a654cddccf8ebf15da",
        "type": "github"
      },
      "original": {
@ -424,11 +424,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1756117388,
-        "narHash": "sha256-oRDel6pNl/T2tI+nc/USU9ZP9w08dxtl7hiZxa0C/Wc=",
+        "lastModified": 1759619523,
+        "narHash": "sha256-r1ed7AR2ZEb2U8gy321/Xcp1ho2tzn+gG1te/Wxsj1A=",
        "owner": "hyprwm",
        "repo": "hyprutils",
-        "rev": "b2ae3204845f5f2f79b4703b441252d8ad2ecfd0",
+        "rev": "3df7bde01efb3a3e8e678d1155f2aa3f19e177ef",
        "type": "github"
      },
      "original": {
@ -506,11 +506,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1757943327,
-        "narHash": "sha256-w6cDExPBqbq7fTLo4dZ1ozDGeq3yV6dSN4n/sAaS6OM=",
+        "lastModified": 1760106635,
+        "narHash": "sha256-2GoxVaKWTHBxRoeUYSjv0AfSOx4qw5CWSFz2b+VolKU=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "67a709cfe5d0643dafd798b0b613ed579de8be05",
+        "rev": "9ed85f8afebf2b7478f25db0a98d0e782c0ed903",
        "type": "github"
      },
      "original": {
@ -554,11 +554,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1758277210,
-        "narHash": "sha256-iCGWf/LTy+aY0zFu8q12lK8KuZp7yvdhStehhyX1v8w=",
+        "lastModified": 1760524057,
+        "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "8eaee110344796db060382e15d3af0a9fc396e0e",
+        "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5",
        "type": "github"
      },
      "original": {
@ -570,11 +570,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1758346548,
-        "narHash": "sha256-afXE7AJ7MY6wY1pg/Y6UPHNYPy5GtUKeBkrZZ/gC71E=",
+        "lastModified": 1760580664,
+        "narHash": "sha256-/YdfibIrnqXAL8p5kqCU345mzpHoOtuVIkMiI2pF4Dc=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "b2a3852bd078e68dd2b3dfa8c00c67af1f0a7d20",
+        "rev": "98ff3f9af2684f6136c24beef08f5e2033fc5389",
        "type": "github"
      },
      "original": {
@ -594,11 +594,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1758185783,
-        "narHash": "sha256-6fX2CG8PzdBNwJGBISnf/nVHUVMZdCsekT1mP672Uh8=",
+        "lastModified": 1759321049,
+        "narHash": "sha256-8XkU4gIrLT2DJZWQyvsP5woXGZF5eE/7AnKfwQkiwYU=",
        "owner": "pjones",
        "repo": "plasma-manager",
-        "rev": "6a7d78cebd9a0f84a508bec9bc47ac504c5f51f4",
+        "rev": "205dcfd4a30d4a5d1b4f28defee69daa7c7252cd",
        "type": "github"
      },
      "original": {
@ -674,11 +674,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1758425756,
-        "narHash": "sha256-L3N8zV6wsViXiD8i3WFyrvjDdz76g3tXKEdZ4FkgQ+Y=",
+        "lastModified": 1760845571,
+        "narHash": "sha256-PwGzU3EOU65Ef1VvuNnVLie+l+P0g/fzf/PGUG82KbM=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "e0fdaea3c31646e252a60b42d0ed8eafdb289762",
+        "rev": "9c9a9798be331ed3f4b2902933d7677d0659ee61",
        "type": "github"
      },
      "original": {
--- a/home/jonas@comfy-station.nix
+++ b/home/jonas@comfy-station.nix
@ -1,4 +1,8 @@
-{config, ...}: rec {
+{
+  config,
+  pkgs,
+  ...
+}: {
  imports = [
    (./. + "/jonas@comfy-station/" + /borg.nix)
  ];
@ -9,7 +13,7 @@
  home.homeDirectory = "/home/jonas";

  sops = {
-    age.keyFile = "${home.homeDirectory}/.config/sops/age/keys.txt";
+    age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
  };

  # hive modules
@ -94,4 +98,17 @@
      key = "4000EB35E1AE0F07";
    };
  };
+
+  programs.jujutsu = {
+    enable = true;
+    settings = {
+      user = {
+        name = config.programs.git.userName;
+        email = config.programs.git.userEmail;
+      };
+      ui = {
+        diff-formatter = ["${pkgs.difftastic}/bin/difft" "--color=always" "$left" "$right"];
+      };
+    };
+  };
 }
--- a/hosts/comfy-station/configuration.nix
+++ b/hosts/comfy-station/configuration.nix
@ -68,10 +68,10 @@
    firefox
    gimp
    git
+    (gnome-network-displays.overrideAttrs (final: prev: {buildInputs = prev.buildInputs ++ [glib-networking];}))
    insomnia
    krita
    libreoffice
-    miraclecast
    mosquitto
    mpv
    mupdf
@ -95,6 +95,7 @@
  nixpkgs.config.permittedInsecurePackages = [
    "electron-25.9.0" # required by obsidian
  ];
+  services.avahi.enable = true;
  services.udev.packages = [pkgs.openhantek6022];
  virtualisation.docker.enable = true;

--- a/hosts/harbor/configuration.nix
+++ b/hosts/harbor/configuration.nix
@ -18,6 +18,10 @@
    sopsFile = ../../secrets/harbor/wg.yaml;
    key = "privateKey";
  };
+  sops.secrets."gitea-db-pass" = {
+    sopsFile = ../../secrets/harbor/gitea.yaml;
+    key = "databasePassword";
+  };

  # Configure nix and garbage collection
  nix = {
@ -50,6 +54,9 @@
  };

  # hive modules
+  hive.gitea-instance.enable = true;
+  hive.gitea-instance.instanceFQDN = "git.jroeger.de";
+  hive.gitea-instance.databasePasswordFile = config.sops.secrets.gitea-db-pass.path;
  hive.nextcloud-instance.enable = true;
  hive.nextcloud-instance.ssl = true;
  hive.nextcloud-instance.adminPasswordFile = config.sops.secrets.nextcloud-admin-pass.path;
--- a/modules/bin/nix-scripts.nix
+++ b/modules/bin/nix-scripts.nix
@ -86,9 +86,10 @@
        ${pkgs.git}/bin/git switch "$branch_current"
      fi

-      nix store diff-closures \
+      nix store --log-format internal-json -v diff-closures \
          '.?ref='"$branch_current"'#nixosConfigurations.'"$(${pkgs.hostname}/bin/hostname)"'.config.system.build.toplevel' \
-          '.?ref='"$branch_staging"'#nixosConfigurations.'"$(${pkgs.hostname}/bin/hostname)"'.config.system.build.toplevel'
+          '.?ref='"$branch_staging"'#nixosConfigurations.'"$(${pkgs.hostname}/bin/hostname)"'.config.system.build.toplevel' \
+          |& ${pkgs.nix-output-monitor}/bin/nom --json

      popd
    '';
--- a/modules/default.nix
+++ b/modules/default.nix
@ -27,6 +27,7 @@
      ./programs/games.nix
      ./programs/spotify-shortcuts.nix
      ./services/borg-server.nix
+      ./services/gitea-instance.nix
      ./services/kdeconnect.nix
      ./services/nextcloud-instance.nix
      ./services/virt-manager.nix
--- a/modules/services/gitea-instance.nix
+++ b/modules/services/gitea-instance.nix
@ -0,0 +1,70 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  cfg = config.hive.gitea-instance;
+in {
+  options.hive.gitea-instance = {
+    enable = lib.mkEnableOption "Enable the Gitea instance";
+
+    instanceFQDN = lib.mkOption {
+      type = lib.types.singleLineStr;
+      example = "git.example.com";
+      description = "Fully qualified domain name of the Gitea instance";
+    };
+
+    databasePasswordFile = lib.mkOption {
+      type = lib.types.path;
+      example = "/etc/gitea-db-pass.txt";
+      description = "Path to the file containing the Gitea database password";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    # Gitea instance
+    services.gitea = {
+      enable = true;
+      appName = "Git yourself some Tea!";
+      database = {
+        name = "gitea";
+        type = "postgres";
+        passwordFile = cfg.databasePasswordFile;
+      };
+      settings = {
+        server.PROTOCOL = "http+unix";
+        server.ROOT_URL = "https://${cfg.instanceFQDN}/";
+        server.DOMAIN = cfg.instanceFQDN;
+      };
+    };
+
+    # Fallback server with only 403
+    services.nginx.virtualHosts.${config.networking.domain} = lib.mkDefault {
+      default = true;
+      locations."/".return = 403;
+      forceSSL = true;
+      enableACME = true;
+    };
+
+    # Virtual host for gitea
+    services.nginx.virtualHosts."${cfg.instanceFQDN}" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://unix:/run/gitea/gitea.sock";
+      };
+    };
+
+    # Database setup
+    services.postgresql = {
+      enable = true;
+      ensureDatabases = [config.services.gitea.user];
+      ensureUsers = [
+        {
+          name = config.services.gitea.database.user;
+          ensureDBOwnership = true;
+        }
+      ];
+    };
+  };
+}
--- a/secrets/harbor/gitea.yaml
+++ b/secrets/harbor/gitea.yaml
@ -0,0 +1,25 @@
+databasePassword: ENC[AES256_GCM,data:D0pt10IJXbmx5Fj/yvMxyPjVPGctrQ==,iv:OiBSQIr4/lLCAV2mlIBfIfiVT51SeTGU1xJustlXZes=,tag:6FRtjip5pR7PeaJXRw1DVw==,type:str]
+sops:
+    age:
+        - recipient: age1wf0rq27v0n27zfy0es8ns3n25e2fdt063dgn68tt3f89rgrtu9csq4yhsp
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNMnU3bE51SGhMbnFJZitN
+            RGJTMVBndVBhVVFGTVhHTU5BbWxEVnBMRjM4CnNZTy94T3h5TlZlNFdFV3JKVzEw
+            R1Y4dzNOYnR4TE9GN3E0ejNjVklHUzgKLS0tIHd2YUdXRnBtaFVjdDlOVi9wVjRJ
+            MVFrRDc3VkwxTDBqZkJNbmtGYXJkOEUK2N0kZdgCYYmGdgTdozqMSfEPOtWvol9X
+            CqVW0cp4BbycA1yV14H555ywFkz2n9tp8vuapt7FP1guFGiVYxK5Wg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1expg8vyduf290pz7l4f3mjzvk9f0azfdn48pyjzs3m6p7v4qjq0qwtn36z
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtNXhsTzNrQkwyQnJXdU1x
+            ZHZMNkdqV1NzRnRwQktrRzMzenRnTDFwTmx3CnB2UDJUbUJvcE5zbzlqRlFtUjdt
+            MU1JNGlJOUtMUE1MQzhZdmF2M0I0c3MKLS0tICsxUTFTbm5udUMyRyt0VnprU3dG
+            c1N5VHJZY1JkSCtPTGdHQlI1QUxQZncKzHuz+/0jj/0AL2atUTw56fL8J3bKBNmg
+            hCIsy3SeMeNXs2KN/yka3mfvzoCHeqHRXhQr8MzTkHaGmUhCv5ix/A==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-10-20T22:17:16Z"
+    mac: ENC[AES256_GCM,data:hN0eKuZyls/R5fbL7+U5INi0cq/TYVdTR9PYqgsrPWJL+HtN6KA6ZpaWR27ZBLv9/zB6FHPTg2Js+RQqYE6CZP+0scIx4p5uUe+kUV3qfX3/ZL6wh0vHpn8Jv+Y2NE8OMTeztYSqSDfTgqxeOfY0AchgMFiwgNITDl0IBrPfRSY=,iv:nY5bDlzNGc3N1xU5Zgt/aBgcelfvO5JEuf3sMVNfS14=,tag:oAhw2ZjGA0/DEISS4aqvkA==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0
Author	SHA1	Message	Date
Jonas Röger	feae35d04e	harbor: add gitea	2025-10-21 00:37:23 +02:00
Jonas Röger	8fe0efde13	Upgrade Gen109 @ 2025-10-19-14:30:21 by jonas@monolith	2025-10-19 14:30:22 +02:00
Jonas Röger	f16cf36b1e	System Gen108 @ 2025-10-19-14:15:06 by jonas@monolith	2025-10-19 14:15:07 +02:00
Jonas Röger	58eaa374ac	System Gen107 @ 2025-10-19-14:10:22 by jonas@monolith	2025-10-19 14:10:22 +02:00
Jonas Röger	4397a97111	Home Gen542 @ 2025-10-17-14:45 by jonas@comfy-station	2025-10-17 14:46:01 +02:00
Jonas Röger	c001453553	System Gen212 @ 2025-10-15-00:49:12 by jonas@comfy-station	2025-10-15 00:49:13 +02:00
Jonas Röger	5866f3a8d6	System Gen211 @ 2025-10-14-19:57:52 by jonas@comfy-station	2025-10-14 19:57:52 +02:00
Jonas Röger	9a977d889d	System Gen210 @ 2025-10-14-19:44:36 by jonas@comfy-station	2025-10-14 19:44:37 +02:00
Jonas Röger	2e5036cbbc	System Gen209 @ 2025-10-14-19:32:25 by jonas@comfy-station	2025-10-14 19:32:26 +02:00
Jonas Röger	810e1dea23	System Gen208 @ 2025-10-14-17:05:52 by jonas@comfy-station	2025-10-14 17:05:53 +02:00