Migrate to gitea

2023-07-19 22:25:34 +02:00 · 2023-07-19 22:25:34 +02:00 · 9392c00e94
commit 9392c00e94
parent 6db6683148
7 changed files with 167 additions and 35 deletions
--- a/flake.lock
+++ b/flake.lock
@ -47,18 +47,36 @@
        "type": "github"
      }
    },
-    "nixpkgs": {
+    "nixops": {
+      "inputs": {
+        "nixpkgs": "nixpkgs",
+        "utils": "utils"
+      },
      "locked": {
-        "lastModified": 1689431009,
-        "narHash": "sha256-hPgQCRWP5q/Xc4qOIP3c2krR9nQua78+t9EDiuey5nc=",
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "af8279f65fe71ce5a448408034a8c06e2b4b2c66",
+        "lastModified": 1677688500,
+        "narHash": "sha256-yF2tS9Zo8JCIdPjhy19grmJk8wUFMxMu9cPlgfMJuTg=",
+        "owner": "NixOS",
+        "repo": "nixops",
+        "rev": "fc9b55c55da62f949028143b974f67fdc7f40c8b",
        "type": "github"
      },
      "original": {
-        "owner": "nixos",
-        "ref": "nixos-23.05",
+        "id": "nixops",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1672525397,
+        "narHash": "sha256-WASDnyxHKWVrEe0dIzkpH+jzKlCKAk0husv0f/9pyxg=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "8ba56d7c0d7490680f2d51ba46a141eca7c46afa",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
@ -93,7 +111,39 @@
        "type": "indirect"
      }
    },
+    "nixpkgs-unstable": {
+      "locked": {
+        "lastModified": 1689534811,
+        "narHash": "sha256-jnSUdzD/414d94plCyNlvTJJtiTogTep6t7ZgIKIHiE=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "6cee3b5893090b0f5f0a06b4cf42ca4e60e5d222",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1689431009,
+        "narHash": "sha256-hPgQCRWP5q/Xc4qOIP3c2krR9nQua78+t9EDiuey5nc=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "af8279f65fe71ce5a448408034a8c06e2b4b2c66",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-23.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_3": {
      "locked": {
        "lastModified": 1670751203,
        "narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=",
@ -111,19 +161,20 @@
    "root": {
      "inputs": {
        "impermanence": "impermanence",
-        "nixpkgs": "nixpkgs",
-        "simple-mailserver": "simple-mailserver",
-        "unstable": "unstable"
+        "nixops": "nixops",
+        "nixpkgs": "nixpkgs_2",
+        "nixpkgs-unstable": "nixpkgs-unstable",
+        "simple-mailserver": "simple-mailserver"
      }
    },
    "simple-mailserver": {
      "inputs": {
        "blobs": "blobs",
        "flake-compat": "flake-compat",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs_3",
        "nixpkgs-22_11": "nixpkgs-22_11",
        "nixpkgs-23_05": "nixpkgs-23_05",
-        "utils": "utils"
+        "utils": "utils_2"
      },
      "locked": {
        "lastModified": 1687462267,
@ -140,23 +191,22 @@
        "type": "gitlab"
      }
    },
-    "unstable": {
+    "utils": {
      "locked": {
-        "lastModified": 1689534811,
-        "narHash": "sha256-jnSUdzD/414d94plCyNlvTJJtiTogTep6t7ZgIKIHiE=",
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "6cee3b5893090b0f5f0a06b4cf42ca4e60e5d222",
+        "lastModified": 1667395993,
+        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
        "type": "github"
      },
      "original": {
-        "owner": "nixos",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
+        "owner": "numtide",
+        "repo": "flake-utils",
        "type": "github"
      }
    },
-    "utils": {
+    "utils_2": {
      "locked": {
        "lastModified": 1605370193,
        "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
--- a/flake.nix
+++ b/flake.nix
@ -3,7 +3,7 @@

    inputs = {
        nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
-        unstable.url = "github:nixos/nixpkgs/nixos-unstable";
+        nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";

        # https://nixos.wiki/wiki/Impermanence
        impermanence.url = "github:nix-community/impermanence";
@ -11,14 +11,23 @@
        simple-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05";
    };

-    outputs = { self, nixpkgs, ... }@attrs: let
+    outputs = { self, nixpkgs, nixpkgs-unstable, nixops, ... }@attrs: let
+        system = "x86_64-linux";
+        overlay-unstable = final: prev: {
+            unstable = import nixpkgs-unstable {
+                inherit system;
+                config.allowUnfree = true;
+            };
+        };
+
        user = "user"; # Select user from the `./users` directory
    in {
        # Media homeserver
        nixosConfigurations.homeserver = nixpkgs.lib.nixosSystem {
-            system = "x86_64-linux";
+            inherit system;
            specialArgs = attrs;
            modules = [ 
+                ({ config, pkgs, ...}: { nixpkgs.overlays = [ overlay-unstable ]; })
                ./users/${user}.nix
                ./systems/homeserver.nix
            ];
@ -26,9 +35,10 @@

        # dirae.org
        nixosConfigurations.dirae = nixpkgs.lib.nixosSystem {
-            system = "x86_64-linux";
+            inherit system;
            specialArgs = attrs;
            modules = [
+                ({ config, pkgs, ...}: { nixpkgs.overlays = [ overlay-unstable ]; })
                ./users/${user}.nix
                ./systems/dirae.nix
            ];
@ -36,9 +46,10 @@

        # Debugging VM configuration
        nixosConfigurations.qemu-vm = nixpkgs.lib.nixosSystem {
-            system = "x86_64-linux";
+            inherit system;
            specialArgs = attrs;
            modules = [ 
+                ({ config, pkgs, ...}: { nixpkgs.overlays = [ overlay-unstable ]; })
                ./users/${user}.nix
                ./systems/qemu-vm.nix
            ];
--- a/packages/forgejo/dirae.nix
+++ b/packages/forgejo/dirae.nix
@ -0,0 +1,56 @@
+{ pkgs, config, lib, ... }: let
+    # theme = builtins.fetchurl {
+    #     url = "";
+    #     sha256 = "";
+    # };
+in
+{
+    # systemd.services.gitea.preStart = lib.mkAfter ''
+    #     mkdir -p ${config.services.gitea.stateDir}/custom/public/css
+    #     cp -f ${theme} ${config.services.gitea.stateDir}/custom/public/css/
+    # '';
+
+    services.gitea = {
+        enable = true;
+        package = pkgs.forgejo;
+        
+        appName = "git.dirae.org";
+        settings = {
+            service = {
+                DISABLE_REGISTRATION = true;
+            };
+
+            server = {
+                DOMAIN = "git.dirae.org";
+                ROOT_URL = "https://git.dirae.org";
+                HTTP_PORT = 3001;
+            };
+
+            ui = {
+                THEMES = ''
+                    forgejo-auto,forgejo-light,forgejo-dark,auto,gitea,arc-green
+                '';
+                DEFAULT_THEME = "forgejo-dark";
+            };
+
+            repository = {
+                DEFAULT_BRANCH = "master";
+            };
+        };
+        
+        database = {
+            type = "postgres";
+            passwordFile = "/var/keys/gitea/db";
+        };
+    };
+
+    services.postgresql = {
+        enable = true;
+        authentication = ''
+            local gitea all ident map=gitea-users
+        '';
+        identMap = ''
+            gitea-users gitea gitea
+        '';
+    };
+}
--- a/packages/gitlab/package.nix
+++ b/packages/gitlab/package.nix
@ -8,6 +8,7 @@
        # Server is running on limited budet :,)
        # https://docs.gitlab.com/omnibus/settings/memory_constrained_envs.html
        puma.workers = 0;
+        puma.threadsMax = 1;

        user = "gitlab";
        group = "gitlab";
--- a/packages/nginx/dirae.nix
+++ b/packages/nginx/dirae.nix
@ -20,6 +20,14 @@ in {
        recommendedTlsSettings = true;

        virtualHosts = {
+            "caem.dev" = {
+                enableACME = true;
+                forceSSL = true;
+                locations."/" = {
+                    root = "/var/www/caem";
+                };
+            };
+
            "dirae.org" = {
                enableACME = true;
                forceSSL = true;
@ -35,14 +43,19 @@ in {

            };

-            "gitlab.dirae.org" = {
+            "git.dirae.org" = {
                enableACME = true;
                forceSSL = true;
-                locations."/" = {
-                    proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
-                };
+                locations."/".proxyPass = "http://127.0.0.1:3001";
+            };

-             };
+           # "gitlab.dirae.org" = {
+           #     enableACME = true;
+           #     forceSSL = true;
+           #     locations."/" = {
+           #         proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
+           #     };
+           #  };
        };
    };
 }
--- a/systems/common.nix
+++ b/systems/common.nix
@ -1,6 +1,6 @@
 # Common configuration for all systems

-{  ... }:
+{ pkgs, ... }:

 {
    nix = {
--- a/systems/dirae.nix
+++ b/systems/dirae.nix
@ -10,7 +10,8 @@
        ../packages/sshd/package.nix
        ../packages/mailserver/package.nix
        ../packages/nginx/dirae.nix
-        ../packages/gitlab/package.nix
+#        ../packages/gitlab/package.nix
+        ../packages/forgejo/dirae.nix
        ../packages/synapse/package.nix
    ];