From 83eeb604247f8b47866bf652b4f66bdb48d1cff9 Mon Sep 17 00:00:00 2001 From: TEC Date: Sat, 17 Feb 2024 01:20:44 +0800 Subject: [PATCH] Migrate from gitea service to forgejo While I'm at it, make it so I can use git@... at long last. --- modules/caddy.nix | 14 ++--- modules/forgejo/default.nix | 61 +++++++++++--------- secrets/{postgres-gitea.age => postgres.age} | 0 3 files changed, 41 insertions(+), 34 deletions(-) rename secrets/{postgres-gitea.age => postgres.age} (100%) diff --git a/modules/caddy.nix b/modules/caddy.nix index f7673b3..2b92f31 100644 --- a/modules/caddy.nix +++ b/modules/caddy.nix @@ -42,7 +42,7 @@ In future, the following may be set up too: redir /tmio /tmio/ handle_path /tmio/* { file_server { - fs git /var/lib/gitea/repositories/tec/this-month-in-org.git html + fs git ${config.services.forgejo.stateDir}/repositories/tec/this-month-in-org.git html } } handle { @@ -65,15 +65,15 @@ reverse_proxy ${config.services.syncthing.guiAddress} { file_server ''; }) - (mkIf config.services.gitea.enable { virtualHosts."git.tecosaur.net".extraConfig = + (mkIf config.services.forgejo.enable { '' @not_tec { not path /tec/* not header Cookie *caddy_tec_redirect=true* } handle @not_tec { - reverse_proxy localhost:${toString config.services.gitea.settings.server.HTTP_PORT} { + reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT} { @404 status 404 handle_response @404 { header +Set-Cookie "caddy_tec_redirect=true; Max-Age=5" @@ -86,7 +86,7 @@ handle @not_tec { header Cookie *caddy_tec_redirect=true* } handle @tec_redirect { - reverse_proxy localhost:${toString config.services.gitea.settings.server.HTTP_PORT} { + reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT} { @404 status 404 handle_response @404 { header +Set-Cookie "caddy_tec_redirect=true; Max-Age=0" @@ -97,7 +97,7 @@ handle @tec_redirect { } } handle { - reverse_proxy localhost:${toString config.services.gitea.settings.server.HTTP_PORT} + reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT} } ''; }) @@ -105,7 +105,7 @@ handle { users.users.caddy = { extraGroups = - lib.optional config.services.syncthing.enable "syncthing" ++ - lib.optional config.services.gitea.enable "gitea"; + lib.optional config.services.syncthing.enable config.services.syncthing.user ++ + lib.optional config.services.forgejo.enable config.services.forgejo.user; }; } diff --git a/modules/forgejo/default.nix b/modules/forgejo/default.nix index 1d29ada..61568f4 100644 --- a/modules/forgejo/default.nix +++ b/modules/forgejo/default.nix @@ -1,30 +1,35 @@ { config, pkgs, ... }: -{ - age.secrets.postgres-gitea = { - owner = "gitea"; +let + forgejo-user = "git"; +in { + age.secrets.postgres = { + owner = forgejo-user; group = "users"; - file = ../../secrets/postgres-gitea.age; + file = ../../secrets/postgres.age; }; age.secrets.fastmail = { - owner = "gitea"; + owner = forgejo-user; group = "users"; file = ../../secrets/fastmail.age; }; - services.gitea = { - package = pkgs.forgejo; + services.forgejo = { enable = true; - user = "gitea"; - appName = "Code by TEC"; + user = forgejo-user; + group = forgejo-user; + stateDir = "/var/lib/forgejo"; database = { type = "postgres"; - passwordFile = config.age.secrets.postgres-gitea.path; + name = forgejo-user; + user = forgejo-user; + passwordFile = config.age.secrets.postgres.path; }; lfs.enable = true; mailerPasswordFile = config.age.secrets.fastmail.path; settings = { + DEFAULT.APP_NAME = "Code by TEC"; server = { DOMAIN = "git.tecosaur.net"; ROOT_URL = "https://git.tecosaur.net"; @@ -56,6 +61,9 @@ # "repository.mimetype_mapping" = { # ".org" = "text/org"; # }; + # actions = { + # ENABLED = true; + # }; ui = { GRAPH_MAX_COMMIT_NUM = 200; DEFAULT_THEME = "auto"; @@ -70,24 +78,23 @@ }; }; - # users.users.gitea.uid = 997; - # users.enforceIdUniqueness = false; - # users.users.git = { - # uid = config.users.users.gitea.uid; - # home = config.services.gitea.stateDir; - # useDefaultShell = true; - # group = "gitea"; - # isSystemUser = true; - # }; + users.users.${forgejo-user} = { + home = config.services.forgejo.stateDir; + useDefaultShell = true; + group = forgejo-user; + isSystemUser = true; + }; + + users.groups.${forgejo-user} = {}; systemd.tmpfiles.rules = [ - "L+ ${config.services.gitea.stateDir}/custom/templates/home.tmpl - - - - ${./template-home.tmpl}" - "L+ ${config.services.gitea.stateDir}/custom/public/assets/img/tree-greentea-themed.svg - - - - ${./images/tree-greentea-themed.svg}" - "L+ ${config.services.gitea.stateDir}/custom/public/assets/img/logo.svg - - - - ${./images/forgejo-icon-greentea-themed.svg}" - "L+ ${config.services.gitea.stateDir}/custom/public/assets/img/logo.png - - - - ${./images/forgejo-icon-greentea-themed.png}" - "L+ ${config.services.gitea.stateDir}/custom/public/assets/img/favicon.svg - - - - ${./images/forgejo-icon-greentea-themed.svg}" - "L+ ${config.services.gitea.stateDir}/custom/public/assets/img/favicon.png - - - - ${./images/forgejo-icon-greentea-themed.png}" - "L+ ${config.services.gitea.stateDir}/custom/public/assets/img/apple-touch-icon.png - - - - ${./images/forgejo-icon-greentea-themed.png}" - "L+ ${config.services.gitea.stateDir}/custom/public/assets/img/avatar_default.png - - - - ${./images/forgejo-square-greentea-themed.png}" + "L+ ${config.services.forgejo.stateDir}/custom/templates/home.tmpl - - - - ${./template-home.tmpl}" + "L+ ${config.services.forgejo.stateDir}/custom/public/assets/img/tree-greentea-themed.svg - - - - ${./images/tree-greentea-themed.svg}" + "L+ ${config.services.forgejo.stateDir}/custom/public/assets/img/logo.svg - - - - ${./images/forgejo-icon-greentea-themed.svg}" + "L+ ${config.services.forgejo.stateDir}/custom/public/assets/img/logo.png - - - - ${./images/forgejo-icon-greentea-themed.png}" + "L+ ${config.services.forgejo.stateDir}/custom/public/assets/img/favicon.svg - - - - ${./images/forgejo-icon-greentea-themed.svg}" + "L+ ${config.services.forgejo.stateDir}/custom/public/assets/img/favicon.png - - - - ${./images/forgejo-icon-greentea-themed.png}" + "L+ ${config.services.forgejo.stateDir}/custom/public/assets/img/apple-touch-icon.png - - - - ${./images/forgejo-icon-greentea-themed.png}" + "L+ ${config.services.forgejo.stateDir}/custom/public/assets/img/avatar_default.png - - - - ${./images/forgejo-square-greentea-themed.png}" ]; } diff --git a/secrets/postgres-gitea.age b/secrets/postgres.age similarity index 100% rename from secrets/postgres-gitea.age rename to secrets/postgres.age