diff --git a/flake.lock b/flake.lock index 8cf560a..2230673 100644 --- a/flake.lock +++ b/flake.lock @@ -47,18 +47,36 @@ "type": "github" } }, - "nixpkgs": { + "nixops": { + "inputs": { + "nixpkgs": "nixpkgs", + "utils": "utils" + }, "locked": { - "lastModified": 1689431009, - "narHash": "sha256-hPgQCRWP5q/Xc4qOIP3c2krR9nQua78+t9EDiuey5nc=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "af8279f65fe71ce5a448408034a8c06e2b4b2c66", + "lastModified": 1677688500, + "narHash": "sha256-yF2tS9Zo8JCIdPjhy19grmJk8wUFMxMu9cPlgfMJuTg=", + "owner": "NixOS", + "repo": "nixops", + "rev": "fc9b55c55da62f949028143b974f67fdc7f40c8b", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-23.05", + "id": "nixops", + "type": "indirect" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1672525397, + "narHash": "sha256-WASDnyxHKWVrEe0dIzkpH+jzKlCKAk0husv0f/9pyxg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "8ba56d7c0d7490680f2d51ba46a141eca7c46afa", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -93,7 +111,39 @@ "type": "indirect" } }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1689534811, + "narHash": "sha256-jnSUdzD/414d94plCyNlvTJJtiTogTep6t7ZgIKIHiE=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "6cee3b5893090b0f5f0a06b4cf42ca4e60e5d222", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { + "locked": { + "lastModified": 1689431009, + "narHash": "sha256-hPgQCRWP5q/Xc4qOIP3c2krR9nQua78+t9EDiuey5nc=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "af8279f65fe71ce5a448408034a8c06e2b4b2c66", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1670751203, "narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=", @@ -111,19 +161,20 @@ "root": { "inputs": { "impermanence": "impermanence", - "nixpkgs": "nixpkgs", - "simple-mailserver": "simple-mailserver", - "unstable": "unstable" + "nixops": "nixops", + "nixpkgs": "nixpkgs_2", + "nixpkgs-unstable": "nixpkgs-unstable", + "simple-mailserver": "simple-mailserver" } }, "simple-mailserver": { "inputs": { "blobs": "blobs", "flake-compat": "flake-compat", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "nixpkgs-22_11": "nixpkgs-22_11", "nixpkgs-23_05": "nixpkgs-23_05", - "utils": "utils" + "utils": "utils_2" }, "locked": { "lastModified": 1687462267, @@ -140,23 +191,22 @@ "type": "gitlab" } }, - "unstable": { + "utils": { "locked": { - "lastModified": 1689534811, - "narHash": "sha256-jnSUdzD/414d94plCyNlvTJJtiTogTep6t7ZgIKIHiE=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "6cee3b5893090b0f5f0a06b4cf42ca4e60e5d222", + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", + "owner": "numtide", + "repo": "flake-utils", "type": "github" } }, - "utils": { + "utils_2": { "locked": { "lastModified": 1605370193, "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=", diff --git a/flake.nix b/flake.nix index ebf9d42..5d0eb05 100644 --- a/flake.nix +++ b/flake.nix @@ -3,7 +3,7 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05"; - unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; # https://nixos.wiki/wiki/Impermanence impermanence.url = "github:nix-community/impermanence"; @@ -11,14 +11,23 @@ simple-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05"; }; - outputs = { self, nixpkgs, ... }@attrs: let + outputs = { self, nixpkgs, nixpkgs-unstable, nixops, ... }@attrs: let + system = "x86_64-linux"; + overlay-unstable = final: prev: { + unstable = import nixpkgs-unstable { + inherit system; + config.allowUnfree = true; + }; + }; + user = "user"; # Select user from the `./users` directory in { # Media homeserver nixosConfigurations.homeserver = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; + inherit system; specialArgs = attrs; modules = [ + ({ config, pkgs, ...}: { nixpkgs.overlays = [ overlay-unstable ]; }) ./users/${user}.nix ./systems/homeserver.nix ]; @@ -26,9 +35,10 @@ # dirae.org nixosConfigurations.dirae = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; + inherit system; specialArgs = attrs; modules = [ + ({ config, pkgs, ...}: { nixpkgs.overlays = [ overlay-unstable ]; }) ./users/${user}.nix ./systems/dirae.nix ]; @@ -36,9 +46,10 @@ # Debugging VM configuration nixosConfigurations.qemu-vm = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; + inherit system; specialArgs = attrs; modules = [ + ({ config, pkgs, ...}: { nixpkgs.overlays = [ overlay-unstable ]; }) ./users/${user}.nix ./systems/qemu-vm.nix ]; diff --git a/packages/forgejo/dirae.nix b/packages/forgejo/dirae.nix new file mode 100644 index 0000000..bae2672 --- /dev/null +++ b/packages/forgejo/dirae.nix @@ -0,0 +1,56 @@ +{ pkgs, config, lib, ... }: let + # theme = builtins.fetchurl { + # url = ""; + # sha256 = ""; + # }; +in +{ + # systemd.services.gitea.preStart = lib.mkAfter '' + # mkdir -p ${config.services.gitea.stateDir}/custom/public/css + # cp -f ${theme} ${config.services.gitea.stateDir}/custom/public/css/ + # ''; + + services.gitea = { + enable = true; + package = pkgs.forgejo; + + appName = "git.dirae.org"; + settings = { + service = { + DISABLE_REGISTRATION = true; + }; + + server = { + DOMAIN = "git.dirae.org"; + ROOT_URL = "https://git.dirae.org"; + HTTP_PORT = 3001; + }; + + ui = { + THEMES = '' + forgejo-auto,forgejo-light,forgejo-dark,auto,gitea,arc-green + ''; + DEFAULT_THEME = "forgejo-dark"; + }; + + repository = { + DEFAULT_BRANCH = "master"; + }; + }; + + database = { + type = "postgres"; + passwordFile = "/var/keys/gitea/db"; + }; + }; + + services.postgresql = { + enable = true; + authentication = '' + local gitea all ident map=gitea-users + ''; + identMap = '' + gitea-users gitea gitea + ''; + }; +} diff --git a/packages/gitlab/package.nix b/packages/gitlab/package.nix index ee33c5d..9b19471 100644 --- a/packages/gitlab/package.nix +++ b/packages/gitlab/package.nix @@ -8,6 +8,7 @@ # Server is running on limited budet :,) # https://docs.gitlab.com/omnibus/settings/memory_constrained_envs.html puma.workers = 0; + puma.threadsMax = 1; user = "gitlab"; group = "gitlab"; diff --git a/packages/nginx/dirae.nix b/packages/nginx/dirae.nix index a4195c8..1938401 100644 --- a/packages/nginx/dirae.nix +++ b/packages/nginx/dirae.nix @@ -20,6 +20,14 @@ in { recommendedTlsSettings = true; virtualHosts = { + "caem.dev" = { + enableACME = true; + forceSSL = true; + locations."/" = { + root = "/var/www/caem"; + }; + }; + "dirae.org" = { enableACME = true; forceSSL = true; @@ -35,14 +43,19 @@ in { }; - "gitlab.dirae.org" = { + "git.dirae.org" = { enableACME = true; forceSSL = true; - locations."/" = { - proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket"; - }; + locations."/".proxyPass = "http://127.0.0.1:3001"; + }; - }; + # "gitlab.dirae.org" = { + # enableACME = true; + # forceSSL = true; + # locations."/" = { + # proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket"; + # }; + # }; }; }; } diff --git a/systems/common.nix b/systems/common.nix index f695755..e59b0ee 100644 --- a/systems/common.nix +++ b/systems/common.nix @@ -1,6 +1,6 @@ # Common configuration for all systems -{ ... }: +{ pkgs, ... }: { nix = { diff --git a/systems/dirae.nix b/systems/dirae.nix index f52a088..3da3e58 100644 --- a/systems/dirae.nix +++ b/systems/dirae.nix @@ -10,7 +10,8 @@ ../packages/sshd/package.nix ../packages/mailserver/package.nix ../packages/nginx/dirae.nix - ../packages/gitlab/package.nix +# ../packages/gitlab/package.nix + ../packages/forgejo/dirae.nix ../packages/synapse/package.nix ];