move Gitea to VEGAS

This commit is contained in:
Max Headroom 2021-10-16 19:35:50 +02:00
parent d25c9bd74b
commit 5b8c553c83
4 changed files with 65 additions and 14 deletions

View file

@ -0,0 +1,49 @@
{ config, lib, tools, ... }:
with tools.nginx;
let
inherit (tools.meta) domain;
in
{
age.secrets = {
giteaDBPassword = {
file = ../../../../secrets/gitea-db-credentials.age;
owner = "git";
group = "gitea";
mode = "0400";
};
};
services.nginx.virtualHosts = mappers.mapSubdomains {
git = vhosts.proxy "http://127.0.0.1:3000";
};
services.gitea = {
enable = true;
appName = "Private Void Gitea";
domain = "git";
rootUrl = "https://git.${domain}";
disableRegistration = true;
# TODO: re-enable securely
ssh.enable = false;
user = "git";
log.level = "Warn";
database = {
createDatabase = false;
type = "postgres";
host = "127.0.0.1";
port = 5432;
name = "gitea";
user = "gitea";
passwordFile = config.age.secrets.giteaDBPassword.path;
};
};
users.users.git = {
description = "Git Service";
home = config.services.gitea.stateDir;
useDefaultShell = true;
group = "gitea";
isSystemUser = true;
};
}

View file

@ -21,6 +21,7 @@
./services/bitwarden
# TODO: fix this one
./services/forum
./services/git
]
# TODO: fix users
# ++ (import ../../users "server").groups.admin

View file

@ -1,13 +1,14 @@
age-encryption.org/v1
-> ssh-ed25519 NO562A j3g3B6nxxM4B6XgW2CYesr7YtTKyBfHfAb6YAMKqQxI
aTMvut/NvicYKVCUzRORzZKgu8leWC1iZUbg0hwFGEo
-> ssh-ed25519 5/zT0w k4fXusdfpmtXvWVsB69FcAWU8YE/Q+WprFc95cgNFz4
PNpWtqiIG7JnFcAW65+OPfajs8e7QuMj28sNXxx1PX8
-> ssh-ed25519 eDiawA SKR14VRaUDLPoqMQ0BrFKUAAYmoemRf3L2Lx/cyZmA8
bVQmN6Fvd/01TBQaxJ32bGD2/2hNxJUcsJ5+qyX3HHU
-> [-grease
7BlcEQVarNdjNBXT9gjmT6Fe80zDiHoj/hU28aww0II3keIJGRfROduIhQSgvpN1
bs5DjtZtdeCPWNjJu8UWFR9n4LJN2wPHsg4Wds8+bqGJ8qgRfUt+FITNNilw56V9
--- 8xO2TEohEHzFQ9nw1Loj/6640hEjF5ue5/fhhAqWMlA
ÿç7 Ñ)펧ҟÙ2~Õ+ýÀG<˜ 2lÏ£¥sð§$B#­GæK>% -ÿ`&ãz´ÜΨ* DÏOGΚDð\<5C>ç(
-> ssh-ed25519 NO562A PM8oVK72FJjSPefR1JV7e9Sti+QMPmNyOWNyjjn1Eyo
jjc6tg7dnwAajhCTO/IH+8sszSP/WbCipuROvwD0Hxk
-> ssh-ed25519 5/zT0w cvASi9DkdxdKXSnxWi/mwjlYVz9PtnQqnNFwHr22TR4
jASmnJsbTIItkRJzgIWmPPAqMziWREjzUpk6WEQG56g
-> ssh-ed25519 eDiawA R586/78N4EYagb8c5Ff9wqtOE4QYtU/vKVhOCSn+2RY
ekys4sz2TxUtGH2rSGgXVnHvg4G6maPkYvJd1CiLJ2E
-> ssh-ed25519 d3WGuA jj4c320WQiJ/N80fEeLe0GHD1lSnOT8hGLhsL+T8XCg
Mt2cS6+I9vKtczzb+3mWm0MquWigMJIWJaSvh+jhOjA
-> Vsn^{"-grease \<`i)T UL]B
pz4ZxTRE5ugg7JkLSTfkmfi4TFfOP+H1pny8rAbThQGXSIX9SxEpFVwhcYqqMkEg
LH5NvQztS+cZYQ0Sr7q666h4H7OKBRFbTmHMWxNdIecP43On
--- nknCOv9z0f8V+PrNTAEGdrxhLeY1nlfuDINbbgPr1Wo
­0~óØNÜa·[g³s\•Çâ!õœ*£ŠÕ0árò¥¸/²ñ^Á`c­õ¦€… 3g>oñ¿…É<>íškçv“ §­mS

View file

@ -6,9 +6,9 @@ in with hosts;
{
"discourse-adminpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"discourse-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"hydra-s3.age".publicKeys = max ++ map systemKeys [ styx ];
"gitea-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"hydra-db-credentials.age".publicKeys = max ++ map systemKeys [ styx ];
"gitea-db-credentials.age".publicKeys = max ++ map systemKeys [ git ];
"hydra-s3.age".publicKeys = max ++ map systemKeys [ styx ];
"oauth2_proxy-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"wireguard-key-wgautobahn.age".publicKeys = max ++ map systemKeys [ VEGAS ];
}