move Gitea to VEGAS

2021-10-16 19:35:50 +02:00 · 2021-10-16 19:35:50 +02:00 · 5b8c553c83
commit 5b8c553c83
parent d25c9bd74b
4 changed files with 65 additions and 14 deletions
--- a/hosts/VEGAS/services/git/default.nix
+++ b/hosts/VEGAS/services/git/default.nix
@ -0,0 +1,49 @@
+{ config, lib, tools, ... }:
+with tools.nginx;
+let
+  inherit (tools.meta) domain;
+in
+{
+  age.secrets = {
+    giteaDBPassword = {
+      file = ../../../../secrets/gitea-db-credentials.age;
+      owner = "git";
+      group = "gitea";
+      mode = "0400";
+    };
+  };
+
+  services.nginx.virtualHosts = mappers.mapSubdomains {
+    git = vhosts.proxy "http://127.0.0.1:3000";
+  };
+
+  services.gitea = {
+    enable = true;
+    appName = "Private Void Gitea";
+    domain = "git";
+    rootUrl = "https://git.${domain}";
+    disableRegistration = true;
+    # TODO: re-enable securely
+    ssh.enable = false;
+    user = "git";
+    log.level = "Warn";
+    
+    database = {
+      createDatabase = false;
+      type = "postgres";
+      host = "127.0.0.1";
+      port = 5432;
+      name = "gitea";
+      user = "gitea";
+      passwordFile = config.age.secrets.giteaDBPassword.path;
+    };
+  };
+
+  users.users.git = {
+    description = "Git Service";
+    home = config.services.gitea.stateDir;
+    useDefaultShell = true;
+    group = "gitea";
+    isSystemUser = true;
+  };
+}
--- a/hosts/VEGAS/system.nix
+++ b/hosts/VEGAS/system.nix
@ -21,6 +21,7 @@
      ./services/bitwarden
      # TODO: fix this one
      ./services/forum
+      ./services/git
    ]
    # TODO: fix users
    # ++ (import ../../users "server").groups.admin
--- a/secrets/gitea-db-credentials.age
+++ b/secrets/gitea-db-credentials.age
@ -1,13 +1,14 @@
 age-encryption.org/v1
-> ssh-ed25519 NO562A j3g3B6nxxM4B6XgW2CYesr7YtTKyBfHfAb6YAMKqQxI
-aTMvut/NvicYKVCUzRORzZKgu8leWC1iZUbg0hwFGEo
-> ssh-ed25519 5/zT0w k4fXusdfpmtXvWVsB69FcAWU8YE/Q+WprFc95cgNFz4
-PNpWtqiIG7JnFcAW65+OPfajs8e7QuMj28sNXxx1PX8
-> ssh-ed25519 eDiawA SKR14VRaUDLPoqMQ0BrFKUAAYmoemRf3L2Lx/cyZmA8
-bVQmN6Fvd/01TBQaxJ32bGD2/2hNxJUcsJ5+qyX3HHU
-> [-grease
-7BlcEQVarNdjNBXT9gjmT6Fe80zDiHoj/hU28aww0II3keIJGRfROduIhQSgvpN1
-bs5DjtZtdeCPWNjJu8UWFR9n4LJN2wPHsg4Wds8+bqGJ8qgRfUt+FITNNilw56V9
-
--- 8xO2TEohEHzFQ9nw1Loj/6640hEjF5ue5/fhhAqWMlA
-ÿç›7
Ñ)íŽ§ÒŸÙ2‘~Õ+ýÀG<˜
2lÏ£¥sð§$B#GæK>’%
-ÿ`&ãz´ÜÎ¨*DÏOGÎšDð\<5C>ç(
+-> ssh-ed25519 NO562A PM8oVK72FJjSPefR1JV7e9Sti+QMPmNyOWNyjjn1Eyo
+jjc6tg7dnwAajhCTO/IH+8sszSP/WbCipuROvwD0Hxk
+-> ssh-ed25519 5/zT0w cvASi9DkdxdKXSnxWi/mwjlYVz9PtnQqnNFwHr22TR4
+jASmnJsbTIItkRJzgIWmPPAqMziWREjzUpk6WEQG56g
+-> ssh-ed25519 eDiawA R586/78N4EYagb8c5Ff9wqtOE4QYtU/vKVhOCSn+2RY
+ekys4sz2TxUtGH2rSGgXVnHvg4G6maPkYvJd1CiLJ2E
+-> ssh-ed25519 d3WGuA jj4c320WQiJ/N80fEeLe0GHD1lSnOT8hGLhsL+T8XCg
+Mt2cS6+I9vKtczzb+3mWm0MquWigMJIWJaSvh+jhOjA
+-> Vsn^{"-grease \<`i)T UL]B
+pz4ZxTRE5ugg7JkLSTfkmfi4TFfOP+H1pny8rAbThQGXSIX9SxEpFVwhcYqqMkEg
+LH5NvQztS+cZYQ0Sr7q666h4H7OKBRFbTmHMWxNdIecP43On
+--- nknCOv9z0f8V+PrNTAEGdrxhLeY1nlfuDINbbgPr1Wo
+0~óØNÜa·[g³s\•Çâ!õœ*£ŠÕ0árò¥¸/²ñ^Á`cõ¦€… 3g>oñ¿…É<>íškçv“	§mS
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -6,9 +6,9 @@ in with hosts;
 {
  "discourse-adminpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "discourse-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
-  "hydra-s3.age".publicKeys = max ++ map systemKeys [ styx ];
+  "gitea-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "hydra-db-credentials.age".publicKeys = max ++ map systemKeys [ styx ];
-  "gitea-db-credentials.age".publicKeys = max ++ map systemKeys [ git ];
+  "hydra-s3.age".publicKeys = max ++ map systemKeys [ styx ];
  "oauth2_proxy-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "wireguard-key-wgautobahn.age".publicKeys = max ++ map systemKeys [ VEGAS ];
 }