mirror of
https://github.com/CHN-beta/nixos.git
synced 2024-10-23 04:38:44 +08:00
services.gitea: init
This commit is contained in:
parent
4ffd5aebd5
commit
f906e9d556
@ -337,7 +337,7 @@
|
||||
nginx.applications = { kkmeeting.enable = true; webdav.instances."webdav.chn.moe" = {}; };
|
||||
httpapi.enable = true;
|
||||
mastodon.enable = true;
|
||||
gitlab.enable = true;
|
||||
gitea.enable = true;
|
||||
grafana.enable = true;
|
||||
fail2ban.enable = true;
|
||||
wireguard =
|
||||
|
@ -35,7 +35,7 @@ inputs:
|
||||
./httpapi.nix
|
||||
./mirism.nix
|
||||
./mastodon.nix
|
||||
./gitlab.nix
|
||||
./gitea.nix
|
||||
./grafana.nix
|
||||
./fail2ban.nix
|
||||
./wireguard.nix
|
||||
|
64
modules/services/gitea.nix
Normal file
64
modules/services/gitea.nix
Normal file
@ -0,0 +1,64 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.gitea = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
hostname = mkOption { type = types.str; default = "git.chn.moe"; };
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.config.nixos.services) gitea;
|
||||
inherit (inputs.lib) mkIf;
|
||||
in mkIf gitea.enable
|
||||
{
|
||||
services.gitea =
|
||||
{
|
||||
enable = true;
|
||||
lfs.enable = true;
|
||||
mailerPasswordFile = inputs.config.sops.secrets."gitea/mail".path;
|
||||
database =
|
||||
{
|
||||
createDatabase = false;
|
||||
type = "postgres";
|
||||
passwordFile = inputs.config.sops.secrets."gitea/db".path;
|
||||
};
|
||||
settings =
|
||||
{
|
||||
session =
|
||||
{
|
||||
COOKIE_SECURE = true;
|
||||
};
|
||||
server =
|
||||
{
|
||||
SSH_PORT = 2222;
|
||||
ROOT_URL = "https://${gitea.hostname}";
|
||||
DOMAIN = gitea.hostname;
|
||||
};
|
||||
mailer =
|
||||
{
|
||||
ENABLED = true;
|
||||
FROM = "bot@chn.moe";
|
||||
PROTOCOL = "smtps";
|
||||
SMTP_ADDR = "mail.chn.moe";
|
||||
SMTP_PORT = 465;
|
||||
USER = "bot@chn.moe";
|
||||
};
|
||||
};
|
||||
};
|
||||
nixos.services =
|
||||
{
|
||||
nginx =
|
||||
{
|
||||
enable = true;
|
||||
https."${gitea.hostname}".location."/".proxy.upstream = "http://127.0.0.1:3000";
|
||||
};
|
||||
postgresql.instances.gitea = {};
|
||||
};
|
||||
sops.secrets =
|
||||
{
|
||||
"gitea/mail" = { owner = "gitea"; key = "mail/bot"; };
|
||||
"gitea/db" = { owner = "gitea"; key = "postgresql/gitea"; };
|
||||
"mail/bot" = {};
|
||||
};
|
||||
};
|
||||
}
|
@ -1,81 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.gitlab = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
hostname = mkOption { type = types.str; default = "git.chn.moe"; };
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.config.nixos.services) gitlab;
|
||||
inherit (inputs.lib) mkIf;
|
||||
in mkIf gitlab.enable
|
||||
{
|
||||
services.gitlab =
|
||||
{
|
||||
enable = true;
|
||||
host = gitlab.hostname;
|
||||
port = 443;
|
||||
https = true;
|
||||
smtp =
|
||||
{
|
||||
enable = true;
|
||||
address = "mail.chn.moe";
|
||||
username = "bot@chn.moe";
|
||||
passwordFile = inputs.config.sops.secrets."gitlab/mail".path;
|
||||
tls = true;
|
||||
enableStartTLSAuto = false;
|
||||
port = 465;
|
||||
domain = gitlab.hostname;
|
||||
authentication = "login";
|
||||
};
|
||||
extraConfig =
|
||||
{
|
||||
gitlab.email_from = "bot@chn.moe";
|
||||
lfs.enabled = true;
|
||||
};
|
||||
secrets =
|
||||
{
|
||||
secretFile = inputs.config.sops.secrets."gitlab/secret".path;
|
||||
otpFile = inputs.config.sops.secrets."gitlab/otp".path;
|
||||
jwsFile = inputs.config.sops.secrets."gitlab/jws".path;
|
||||
dbFile = inputs.config.sops.secrets."gitlab/dbFile".path;
|
||||
};
|
||||
initialRootPasswordFile = inputs.config.sops.secrets."gitlab/root".path;
|
||||
initialRootEmail = "bot@chn.moe";
|
||||
databasePasswordFile = inputs.config.sops.secrets."gitlab/db".path;
|
||||
databaseHost = "127.0.0.1";
|
||||
# extraGitlabRb =
|
||||
# ''
|
||||
# Settings.gitlab_sshd['enable'] = true
|
||||
# Settings.gitlab_sshd['listen_address'] = '0.0.0.0:2222'
|
||||
# '';
|
||||
};
|
||||
nixos.services =
|
||||
{
|
||||
nginx =
|
||||
{
|
||||
enable = true;
|
||||
https."${gitlab.hostname}".location."/".proxy.upstream = "http://unix:/run/gitlab/gitlab-workhorse.socket";
|
||||
};
|
||||
postgresql.instances.gitlab = {};
|
||||
};
|
||||
sops.secrets = let owner = inputs.config.services.gitlab.user; in
|
||||
{
|
||||
"gitlab/mail" = { owner = owner; key = "mail/bot"; };
|
||||
"gitlab/secret".owner = owner;
|
||||
"gitlab/otp".owner = owner;
|
||||
"gitlab/jws" =
|
||||
{
|
||||
owner = owner;
|
||||
sopsFile =
|
||||
"${inputs.topInputs.self}/secrets/${inputs.config.nixos.system.networking.hostname}/gitlab/jws.bin";
|
||||
format = "binary";
|
||||
};
|
||||
"gitlab/dbFile".owner = owner;
|
||||
"gitlab/root".owner = owner;
|
||||
"gitlab/db" = { owner = owner; key = "postgresql/gitlab"; };
|
||||
"mail/bot" = {};
|
||||
};
|
||||
};
|
||||
}
|
@ -21,7 +21,7 @@ postgresql:
|
||||
vaultwarden: ENC[AES256_GCM,data:Uz8GJMaLUTQ9pQbZyZLWS4bL5wmt9RvbAwNctAIDt9JrV3FaXxgKjE0MJSGklS55yj/Z/wbO6RCuCK2AWR2VKw==,iv:7hA8YcB88M1qCV8EhFYpHbfPmAZ/7xNqvTMJYZ/UcAY=,tag:mkDHJYmRoYZ/Ct0UmOp9FA==,type:str]
|
||||
nextcloud: ENC[AES256_GCM,data:5UpYSMsZgUgEJHg0ou9Z1RTE+YFFUKuXwPtc6L5XxD4GNo8Gd3CvcQSNGAol+5DtyPKF3q1+ZgtScWGrqU1RyA==,iv:Zfm+Oa4eON8WiJzYUkMFawafDwo9pOnOpWkwHYLIKkk=,tag:4ECMla1dFfCrn7lILwWFNA==,type:str]
|
||||
mastodon: ENC[AES256_GCM,data:IQxoNjZILazu5cxkEzFAqqmGSsOffMQHoRB7AC2NqI/+CJSVsfdwiSVfxN+Jc9dmrqCjscUSxaWCMHnrZj/JyQ==,iv:d6tyj/w0uH2E3qHjEcopVhnmE/Pq0qN9PHthSArryyw=,tag:kfJsxqkErFcG11B0CmiIKw==,type:str]
|
||||
gitlab: ENC[AES256_GCM,data:YC1Ubpc9zWK8rb5FvZAEYjNWqVF8tZL6Nxqa18Wyq7KAh2Rv2tjl0iVlVzhtaBf28gF++nJVu9LcATaOuHH9sw==,iv:j+t4PwizJNkWZkhzdqU01/P5MeS2nSk6XNlvxJ17hC0=,tag:0gtBn9has+xrtJCn6MAyyA==,type:str]
|
||||
gitea: ENC[AES256_GCM,data:EAuFPlUFvtARh4wbevoIUwZ886nS+3O9Jy7q/SkaTDx7PkQKGhZcPPxY45AG0QQrjSaI3cGLzDBMutFMXP0BMA==,iv:0cLOsopAfyMLHJDowyZirVR5nqLrjSLHYtnPC8GXReE=,tag:BwG5UibGLS16rwJbH/0ZyQ==,type:str]
|
||||
grafana: ENC[AES256_GCM,data:ZLtDIZ3oKasE4r1WNllNe/rkXxqRS+QAJI7EGPKhiFF1BtAxD46UpGQnUag3yg0gP/8+3COQs6camVSxcKFL1A==,iv:wMj3keVjNpVwNMwlt4E3ds1EYjLNIZ/S3RydhOlmYWU=,tag:ZRn7NWaUPbf2rHYLoLYw+w==,type:str]
|
||||
meilisearch:
|
||||
misskey-misskey: ENC[AES256_GCM,data:4s+qqd6mmstioC0XmG/vA6ED9mzu1vRJVPFFalRiqnnsFy0dYEU87H+y12eOp/KDSLdTNvpp6Z6jCNvxnpDXzQ==,iv:x6L9OPu/dwVsD9pYb4dqavw9NesMbo7LB+rwz6veAR4=,tag:/BBqV2sHIgPas7XsZydh2g==,type:str]
|
||||
@ -116,8 +116,8 @@ sops:
|
||||
SnFHS1Z0SXUzTFdEd29KTy9DU3Y3R0UKfhh+rUmWDrf+UGjclP57dHipPLFoXSqy
|
||||
HdelmfV6q4/c7ppx2E+oZw3VNgoZCsrxxzYZfwxHJiZb+5vkE0D8iA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-12-13T04:01:05Z"
|
||||
mac: ENC[AES256_GCM,data:3iqD/x7fzpKWfb6Ckv5JP+ZuaD2VuVoHGEeEC9OSv0ZplVH6RGyUa0GLIf0rYvQn55N1d+k7N1iCbrPyAC1O1kAcgTev+mdZSC+MkiGNUk2gxNlh+9NN8gy8EchTm1eN3JFaQ1sZw7AYNJEQM4N+SSH8uM2HR2iAMdC4ACYwxdE=,iv:BDz04pY0mf3kcofuTZLaLwSxaP02FR7r0WWLIukOOYc=,tag:m/hpWWh+SExtj+B7xEuWFA==,type:str]
|
||||
lastmodified: "2023-12-17T05:32:02Z"
|
||||
mac: ENC[AES256_GCM,data:fgtAvBL6Dg/ATU2+jIY9RAukDm64VxKPkf19ouRptuHq6DPm5e/puVLpNMhs5X+uGH9GTfBy79aBV9lYzrniA0IFWv3vbUeHI1A4VvgfZwqGazJ+6oJg6jNibsoeWFhrZGWxfYGWs0U4HDkL52QcLDjU0VyMq33t8HrTEKh2KCM=,iv:ML+H3E/Mb+3d13U2E4zLb+F4vxPINtps0gsxqfqG9XA=,tag:jOcaxjXDJMxIweI5VwEgKw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
@ -1,24 +0,0 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:Al5NNNTib+gGITYXCC7y2eBnbMtDEg12PPIKhu5aYsX1y5hEzf8plZAQUpjipwW+MRGP8y13kjtvgmYEW+2hjPKkvB1V0wVWwyVlJW9z4c/8+XZQ6iHTbdczxKbSj9swXO+pbnt6n20ofKSB5eCJbaHWG6Fd1ln7S0sataprlccwSF/WoJuwL5Hk654ldN4EA6i/2QHcUZFeVCc7cx+j9kBp6optwydV+V/skp88sJ9mecLXDrfFnNqzEFK4U6s2lMnhSfDtYGCC6RlC63hslSS6aqYrVn7KJqoI1v2pMBWbTSjO4ZJZkjy4RBjcnbYotfEji8zJ1QEJ/49IjrMkDxxT/shdmk5G8F2Zf1f9bo6Ge6yBJffw3oBAnjZe7z4QgHQzbQmuEMmgZ6C+XMyvtFNXbCcBIjFPIiaMujj4aT7S1HBGyVIoYUTRiLsTF8cilsazIid65ps7ydkHJjDZigigcuunogBJ7WtOs1wU2j/O8LDwStMnJ33aib4M4dVAn896KyIltN2lber4zQcshce+Ld2Y5UPU9wUD6dcx+Ezmma0OCgvoAB8TmZ1L+6heBWf27hb+Z2eHQlatLDhnZrQ7OrO76eL3aBHDXbDHv5IDMRTntb4strUqDD6JPAN+L8HS8D3rhVK54OHVMMPyIWzkWJRpLjyrI2m0bgxlpNPDz97ACu1Mlu0ebbhWTYMOYeBZjNvyyvf2W0Bp01sgnImQkFbfoxwZchvtDAhfCeW4GtlF2GI2iwCCtbe09hCO+hf9ulQQsoPcS875n3QlLv8SiFh24MEmj2JwfbrfeCb4QZxh6d+A63PBZxurhk1eDfVHjWa/e23A7hdv8NJ9Qfd5ah5jDgEHwLzu0HOE+afsJieYYHLhEUmv0/+HIyLG3soWfDLjy+i73p3avtaFv0GHXZx8D5NQB7Gy3445Px9Yd75xOI2kasI1sHbJuDgtLzNImNhfnA3L9EwTNyHMVpPH+1dUOV3qw+UH34tD8iJfSdV1WYp3ewxnrPFWuuLnZp0Z8LhtXW/FHlBQGAOoth0gdixy9wxEfxN93bXYMDHLzwxLA8vQ3b5inWMEptKXWKGjfASa8N63K0+r0SAbLMYNp7QvJycaswiust2dYhxbwFE30eQKrf07IWoYEKSKOBJD6mgO2O89W9Zn0KXvcYB4gU+emHRUAURZVQ2JMKT17L7h/y2FJj7nQV9M9iCp+Z4svwl6ur4FwIJ6NjkNqiyL9e6fAeWwi/8ip3WIjSosk4H8et/D757D9Kd9TxBAijfyMdDEwNi7ign7WIa2dkKjZIt3TS2ZxdE8zlc9MYUqc04ncqfuw3LolBlnwVscQgO3zf99yaMBA0KL4fm+Wps7Yqx+SVWz/W614AqJDqPYmdqs4T7LQYGmRYAsb3T6SRHDAU/v7Z9moAXvxc5t20fChm6p6nJc8kpG0kYhyoh7EbVefMqhwxVL97QKgoqzMjH+cXUEGdFS07bKETCuMep9wL2wH1DqAU3jwzrhmJebjuvtr7Q1Y7Ea0CTx+mCkWp6puX7xwHMFoSkMVvc1Kw5Bao1uI+ENIMKcSB2JST5fvYkzFNfl21ellJo4sqpLl30LNrjAi7Mv2oxw7hERZCvMewEyqOX4jplQyGtg3rv9hZnZZ+vy0T/Dn0gRruF5+lc32rkPaYWN8KEsOilXnoP+1014ScfnDD0gK/I/pLkTrxZYXjpSFU2J+qwif8NtcYghbMT5u3B6nv5rdmhF0RPUG2qgVvQDG5e6inzPidyGLGMxzPVFGDNg25tQTnG9YO833FNTV0DS6ThZOHjW6AntDcxvtSc6GqKCOomBPD0vmsGAOEVxLCWTQ6j422obThFZu6QQSjoyPKWwukeHWA1MEMdNY79bf1qACxoBJvSh+Xg/M9POvySHxVbFItvvRPTQYii9i4Cr0DpDhmK8pH27AqIc1tyaFfb2n0q/OGqjsvExFhA0mDn8x6D9spt9j7hRixHFFmqMSAins8NolbOPeY/uVq2WqaU4w3sPSIM/on20eadpsC5O22xt5UQXGQYn3d7TtpvInJ7r3gU5pp/Sjoe4Qw68sl4BZ3u8jYUOuVUqVztcilqqcqMUf96qDVnGjetLtL1c+BTDqcefZmSaEUIDe8gyKbvuY5rB0OqkxZ6F6shXiJRKGLQOfGL7mhh9GCgUTa/VhXaZmcOuc9jS0hCl4cZbEaIJr+SdChqHvwCnvFLyh3DpUwEh8S1E8MK3v6J3pQRPEgWSji3ntJxakGbW6tHb,iv:w+4KWqVK5p9UrAulfCwq1naoJoBmLYxWhRlYeG3x08c=,tag:hMDB+QP1AXRU0iBd3ZSxGg==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSbDRxK0taVzlwWEJPNFNk\nWVVtS09Jb1AzaUhkeGlTNlJBOXUyTEs1MEVjCnEwOGMyV0tJVDNwTzhQb25Fb1lz\nRkJqbFZMa1VkWVBFOWc0NVIwU2E1SEEKLS0tIExqOEZFUThmYThnbzBpZC9TcGc2\nSFNRQmNmdGlPZnE1cXlMT1VKNTU4NkUK19Xik2Nc2UB6hREBiClAx8fQQd0/lhma\nq0e0KEOIlJfH9Yowc/oT+zZust/i7O69mIK8cS3XWF8eUqFzj4aG8w==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age137x7csalutwvfygvvzpemlsywvdxj3j4z93a50z2sjx03w6zau8q3r5902",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1MGxNN2xIOFYvYWxuQTJy\ndktHSjU3cnJWN1diQTJKaVRPVU52MG1XUVUwCk9nVTZIbkllQjhGK0JweE1EbGFp\nTXZoakZpODRTM3BzUkp3Wk1WRmtwbnMKLS0tIGhkdmIzTXJwUHc3dHlHV3phTVVr\nQS9kalRPdkRZM0FBbXF6SDh6YzA0QVkKGTVwOIO6JgEKSb78s8erh+McXjtfuQQm\nlhX1NRb8Uk/SYhvrnfjMTUIQ9i2yqPn1cBuhp/MNgSsSS49q5anRNA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2023-11-20T06:57:24Z",
|
||||
"mac": "ENC[AES256_GCM,data:QiRf8cKJeTkEQOK3qJCi2uise8RDyg0zcZOVX0XE6YSE6mDivg2LC8mKuSBFVPw1vX+99l7aOBDEqKALD0sQIOQjd0lySJTLp4TDbSP43QoVQ5KmUtUUzeByDkH6DUBnFuXWlvyD5kOokqGvxkYXvyihdji8yDQz8rlw6xlwNPU=,iv:C3Wd+I2yal/tFpURBRvPygOtPedJ4kLsVNmOip9CUio=,tag:NIq54bGg863j+/k15npz8A==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.7.3"
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user