Compare commits
3 Commits
0acc7fa9dd
...
eddd0af0ba
Author | SHA1 | Date |
---|---|---|
TEC | eddd0af0ba | |
TEC | d743d99d5a | |
TEC | bf148cece1 |
|
@ -2,7 +2,9 @@
|
|||
|
||||
with lib;
|
||||
|
||||
{
|
||||
let
|
||||
domain = "tecosaur.net";
|
||||
in {
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
networking.firewall.allowedUDPPorts = [ 443 ];
|
||||
|
||||
|
@ -15,7 +17,7 @@ with lib;
|
|||
version = "ef9d0ab232f4fe5d7e86312cbba45ff8afea98a1";}
|
||||
];
|
||||
};
|
||||
virtualHosts."tecosaur.net".extraConfig = ''
|
||||
virtualHosts."${domain}".extraConfig = ''
|
||||
respond "__ __ _
|
||||
\ \ / /__| | ___ ___ _ __ ___ ___
|
||||
\ \ /\ / / _ \ |/ __/ _ \| '_ ` _ \ / _ \
|
||||
|
@ -24,7 +26,7 @@ respond "__ __ _
|
|||
|
||||
This is an in-progress replacement for tecosaur.com, done better.
|
||||
|
||||
For now, you can find an increasing number of my projects on git.tecosaur.net,
|
||||
For now, you can find an increasing number of my projects on code.${domain},
|
||||
this includes the setup for this server, which is being constructed using:
|
||||
+ NixOS (with flakes and deploy-rs)
|
||||
+ Caddy (web server)
|
||||
|
@ -38,11 +40,11 @@ In future, the following may be set up too:
|
|||
+ Koel (music streaming)
|
||||
"
|
||||
'';
|
||||
virtualHosts."blog.tecosaur.net".extraConfig = ''
|
||||
virtualHosts."blog.${domain}".extraConfig = ''
|
||||
redir /tmio /tmio/
|
||||
handle_path /tmio/* {
|
||||
file_server {
|
||||
fs git /var/lib/gitea/repositories/tec/this-month-in-org.git html
|
||||
fs git ${config.services.forgejo.stateDir}/repositories/tec/this-month-in-org.git html
|
||||
}
|
||||
}
|
||||
handle {
|
||||
|
@ -51,7 +53,7 @@ handle {
|
|||
'';
|
||||
}
|
||||
(mkIf config.services.syncthing.enable {
|
||||
virtualHosts."syncthing.tecosaur.net".extraConfig =
|
||||
virtualHosts."syncthing.${domain}".extraConfig =
|
||||
''
|
||||
reverse_proxy ${config.services.syncthing.guiAddress} {
|
||||
header_up Host {upstream_hostport}
|
||||
|
@ -59,21 +61,24 @@ reverse_proxy ${config.services.syncthing.guiAddress} {
|
|||
'';
|
||||
})
|
||||
(mkIf config.services.syncthing.enable {
|
||||
virtualHosts."public.tecosaur.net".extraConfig =
|
||||
virtualHosts."public.${domain}".extraConfig =
|
||||
''
|
||||
root * ${config.services.syncthing.dataDir}/public/.build
|
||||
file_server
|
||||
'';
|
||||
})
|
||||
(mkIf config.services.gitea.enable {
|
||||
virtualHosts."git.tecosaur.net".extraConfig =
|
||||
(mkIf config.services.forgejo.enable {
|
||||
virtualHosts."git.tecosaur.net".extraConfig = "redir https://code.${domain}{uri} 301";
|
||||
})
|
||||
(mkIf config.services.forgejo.enable {
|
||||
virtualHosts."code.${domain}".extraConfig =
|
||||
''
|
||||
@not_tec {
|
||||
not path /tec/*
|
||||
not header Cookie *caddy_tec_redirect=true*
|
||||
}
|
||||
handle @not_tec {
|
||||
reverse_proxy localhost:${toString config.services.gitea.settings.server.HTTP_PORT} {
|
||||
reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT} {
|
||||
@404 status 404
|
||||
handle_response @404 {
|
||||
header +Set-Cookie "caddy_tec_redirect=true; Max-Age=5"
|
||||
|
@ -86,7 +91,7 @@ handle @not_tec {
|
|||
header Cookie *caddy_tec_redirect=true*
|
||||
}
|
||||
handle @tec_redirect {
|
||||
reverse_proxy localhost:${toString config.services.gitea.settings.server.HTTP_PORT} {
|
||||
reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT} {
|
||||
@404 status 404
|
||||
handle_response @404 {
|
||||
header +Set-Cookie "caddy_tec_redirect=true; Max-Age=0"
|
||||
|
@ -97,7 +102,7 @@ handle @tec_redirect {
|
|||
}
|
||||
}
|
||||
handle {
|
||||
reverse_proxy localhost:${toString config.services.gitea.settings.server.HTTP_PORT}
|
||||
reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}
|
||||
}
|
||||
'';
|
||||
})
|
||||
|
@ -105,7 +110,7 @@ handle {
|
|||
|
||||
users.users.caddy = {
|
||||
extraGroups =
|
||||
lib.optional config.services.syncthing.enable "syncthing" ++
|
||||
lib.optional config.services.gitea.enable "gitea";
|
||||
lib.optional config.services.syncthing.enable config.services.syncthing.user ++
|
||||
lib.optional config.services.forgejo.enable config.services.forgejo.user;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,40 +1,45 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
age.secrets.postgres-gitea = {
|
||||
owner = "gitea";
|
||||
let
|
||||
forgejo-user = "git";
|
||||
in {
|
||||
age.secrets.postgres = {
|
||||
owner = forgejo-user;
|
||||
group = "users";
|
||||
file = ../../secrets/postgres-gitea.age;
|
||||
file = ../../secrets/postgres.age;
|
||||
};
|
||||
|
||||
age.secrets.fastmail = {
|
||||
owner = "gitea";
|
||||
owner = forgejo-user;
|
||||
group = "users";
|
||||
file = ../../secrets/fastmail.age;
|
||||
};
|
||||
|
||||
services.gitea = {
|
||||
package = pkgs.forgejo;
|
||||
services.forgejo = {
|
||||
enable = true;
|
||||
user = "gitea";
|
||||
appName = "Code by TEC";
|
||||
user = forgejo-user;
|
||||
group = forgejo-user;
|
||||
stateDir = "/var/lib/forgejo";
|
||||
database = {
|
||||
type = "postgres";
|
||||
passwordFile = config.age.secrets.postgres-gitea.path;
|
||||
name = forgejo-user;
|
||||
user = forgejo-user;
|
||||
passwordFile = config.age.secrets.postgres.path;
|
||||
};
|
||||
lfs.enable = true;
|
||||
mailerPasswordFile = config.age.secrets.fastmail.path;
|
||||
settings = {
|
||||
DEFAULT.APP_NAME = "Code by TEC";
|
||||
server = {
|
||||
DOMAIN = "git.tecosaur.net";
|
||||
ROOT_URL = "https://git.tecosaur.net";
|
||||
DOMAIN = "code.tecosaur.net";
|
||||
ROOT_URL = "https://code.tecosaur.net";
|
||||
HTTP_ADDRESS = "0.0.0.0";
|
||||
HTTP_PORT = 3000;
|
||||
};
|
||||
mailer = {
|
||||
ENABLED = true;
|
||||
PROTOCOL = "smtp+startls";
|
||||
FROM = "forgejo@git.tecosaur.net";
|
||||
FROM = "forgejo@code.tecosaur.net";
|
||||
USER = "tec@tecosaur.net";
|
||||
SMTP_ADDR = "smtp.fastmail.com:587";
|
||||
};
|
||||
|
@ -56,6 +61,9 @@
|
|||
# "repository.mimetype_mapping" = {
|
||||
# ".org" = "text/org";
|
||||
# };
|
||||
# actions = {
|
||||
# ENABLED = true;
|
||||
# };
|
||||
ui = {
|
||||
GRAPH_MAX_COMMIT_NUM = 200;
|
||||
DEFAULT_THEME = "auto";
|
||||
|
@ -70,24 +78,23 @@
|
|||
};
|
||||
};
|
||||
|
||||
# users.users.gitea.uid = 997;
|
||||
# users.enforceIdUniqueness = false;
|
||||
# users.users.git = {
|
||||
# uid = config.users.users.gitea.uid;
|
||||
# home = config.services.gitea.stateDir;
|
||||
# useDefaultShell = true;
|
||||
# group = "gitea";
|
||||
# isSystemUser = true;
|
||||
# };
|
||||
users.users.${forgejo-user} = {
|
||||
home = config.services.forgejo.stateDir;
|
||||
useDefaultShell = true;
|
||||
group = forgejo-user;
|
||||
isSystemUser = true;
|
||||
};
|
||||
|
||||
users.groups.${forgejo-user} = {};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"L+ ${config.services.gitea.stateDir}/custom/templates/home.tmpl - - - - ${./template-home.tmpl}"
|
||||
"L+ ${config.services.gitea.stateDir}/custom/public/assets/img/tree-greentea-themed.svg - - - - ${./images/tree-greentea-themed.svg}"
|
||||
"L+ ${config.services.gitea.stateDir}/custom/public/assets/img/logo.svg - - - - ${./images/forgejo-icon-greentea-themed.svg}"
|
||||
"L+ ${config.services.gitea.stateDir}/custom/public/assets/img/logo.png - - - - ${./images/forgejo-icon-greentea-themed.png}"
|
||||
"L+ ${config.services.gitea.stateDir}/custom/public/assets/img/favicon.svg - - - - ${./images/forgejo-icon-greentea-themed.svg}"
|
||||
"L+ ${config.services.gitea.stateDir}/custom/public/assets/img/favicon.png - - - - ${./images/forgejo-icon-greentea-themed.png}"
|
||||
"L+ ${config.services.gitea.stateDir}/custom/public/assets/img/apple-touch-icon.png - - - - ${./images/forgejo-icon-greentea-themed.png}"
|
||||
"L+ ${config.services.gitea.stateDir}/custom/public/assets/img/avatar_default.png - - - - ${./images/forgejo-square-greentea-themed.png}"
|
||||
"L+ ${config.services.forgejo.stateDir}/custom/templates/home.tmpl - - - - ${./template-home.tmpl}"
|
||||
"L+ ${config.services.forgejo.stateDir}/custom/public/assets/img/tree-greentea-themed.svg - - - - ${./images/tree-greentea-themed.svg}"
|
||||
"L+ ${config.services.forgejo.stateDir}/custom/public/assets/img/logo.svg - - - - ${./images/forgejo-icon-greentea-themed.svg}"
|
||||
"L+ ${config.services.forgejo.stateDir}/custom/public/assets/img/logo.png - - - - ${./images/forgejo-icon-greentea-themed.png}"
|
||||
"L+ ${config.services.forgejo.stateDir}/custom/public/assets/img/favicon.svg - - - - ${./images/forgejo-icon-greentea-themed.svg}"
|
||||
"L+ ${config.services.forgejo.stateDir}/custom/public/assets/img/favicon.png - - - - ${./images/forgejo-icon-greentea-themed.png}"
|
||||
"L+ ${config.services.forgejo.stateDir}/custom/public/assets/img/apple-touch-icon.png - - - - ${./images/forgejo-icon-greentea-themed.png}"
|
||||
"L+ ${config.services.forgejo.stateDir}/custom/public/assets/img/avatar_default.png - - - - ${./images/forgejo-square-greentea-themed.png}"
|
||||
];
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue