tec/golgi
tec
/
golgi
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: tec:0acc7fa9dd4a29a853aa09b6fae1405de9ad5cb2
Branches Tags
tec:master
...
compare: tec:eddd0af0baa712fa94f43cc4e41f755d287eb823
Branches Tags
tec:master

3 Commits
0acc7fa9dd ... eddd0af0ba

Author SHA1 Message Date
TEC eddd0af0ba
Factor out domain in caddy config 2024-02-17 02:50:45 +08:00
TEC d743d99d5a
Switch from git.DOMAIN to code.DOMAIN 2024-02-17 02:50:45 +08:00
TEC bf148cece1
Migrate from gitea service to forgejo 2024-02-17 02:50:43 +08:00
3 changed files with 56 additions and 44 deletions
Show Stats Expand all files Collapse all files

33
modules/caddy.nix
View File

@ -2,7 +2,9 @@
with lib;
{
let
domain = "tecosaur.net";
in {
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedUDPPorts = [ 443 ];
@ -15,7 +17,7 @@ with lib;
version = "ef9d0ab232f4fe5d7e86312cbba45ff8afea98a1";}
];
};
virtualHosts."tecosaur.net".extraConfig = ''
virtualHosts."${domain}".extraConfig = ''
respond "__ __ _
\ \ / /__| | ___ ___ _ __ ___ ___
\ \ /\ / / _ \ |/ __/ _ \| '_ ` _ \ / _ \
@ -24,7 +26,7 @@ respond "__ __ _
This is an in-progress replacement for tecosaur.com, done better.
For now, you can find an increasing number of my projects on git.tecosaur.net,
For now, you can find an increasing number of my projects on code.${domain},
this includes the setup for this server, which is being constructed using:
+ NixOS (with flakes and deploy-rs)
+ Caddy (web server)
@ -38,11 +40,11 @@ In future, the following may be set up too:
+ Koel (music streaming)
"
'';
virtualHosts."blog.tecosaur.net".extraConfig = ''
virtualHosts."blog.${domain}".extraConfig = ''
redir /tmio /tmio/
handle_path /tmio/* {
file_server {
fs git /var/lib/gitea/repositories/tec/this-month-in-org.git html
fs git ${config.services.forgejo.stateDir}/repositories/tec/this-month-in-org.git html
}
}
handle {
@ -51,7 +53,7 @@ handle {
'';
}
(mkIf config.services.syncthing.enable {
virtualHosts."syncthing.tecosaur.net".extraConfig =
virtualHosts."syncthing.${domain}".extraConfig =
''
reverse_proxy ${config.services.syncthing.guiAddress} {
header_up Host {upstream_hostport}
@ -59,21 +61,24 @@ reverse_proxy ${config.services.syncthing.guiAddress} {
'';
})
(mkIf config.services.syncthing.enable {
virtualHosts."public.tecosaur.net".extraConfig =
virtualHosts."public.${domain}".extraConfig =
''
root * ${config.services.syncthing.dataDir}/public/.build
file_server
'';
})
(mkIf config.services.gitea.enable {
virtualHosts."git.tecosaur.net".extraConfig =
(mkIf config.services.forgejo.enable {
virtualHosts."git.tecosaur.net".extraConfig = "redir https://code.${domain}{uri} 301";
})
(mkIf config.services.forgejo.enable {
virtualHosts."code.${domain}".extraConfig =
''
@not_tec {
not path /tec/*
not header Cookie *caddy_tec_redirect=true*
}
handle @not_tec {
reverse_proxy localhost:${toString config.services.gitea.settings.server.HTTP_PORT} {
reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT} {
@404 status 404
handle_response @404 {
header +Set-Cookie "caddy_tec_redirect=true; Max-Age=5"
@ -86,7 +91,7 @@ handle @not_tec {
header Cookie *caddy_tec_redirect=true*
}
handle @tec_redirect {
reverse_proxy localhost:${toString config.services.gitea.settings.server.HTTP_PORT} {
reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT} {
@404 status 404
handle_response @404 {
header +Set-Cookie "caddy_tec_redirect=true; Max-Age=0"
@ -97,7 +102,7 @@ handle @tec_redirect {
}
}
handle {
reverse_proxy localhost:${toString config.services.gitea.settings.server.HTTP_PORT}
reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}
}
'';
})
@ -105,7 +110,7 @@ handle {
users.users.caddy = {
extraGroups =
lib.optional config.services.syncthing.enable "syncthing" ++
lib.optional config.services.gitea.enable "gitea";
lib.optional config.services.syncthing.enable config.services.syncthing.user ++
lib.optional config.services.forgejo.enable config.services.forgejo.user;
};
}

67
modules/forgejo/default.nix
View File

@ -1,40 +1,45 @@
{ config, pkgs, ... }:
{
age.secrets.postgres-gitea = {
owner = "gitea";
let
forgejo-user = "git";
in {
age.secrets.postgres = {
owner = forgejo-user;
group = "users";
file = ../../secrets/postgres-gitea.age;
file = ../../secrets/postgres.age;
};
age.secrets.fastmail = {
owner = "gitea";
owner = forgejo-user;
group = "users";
file = ../../secrets/fastmail.age;
};
services.gitea = {
package = pkgs.forgejo;
services.forgejo = {
enable = true;
user = "gitea";
appName = "Code by TEC";
user = forgejo-user;
group = forgejo-user;
stateDir = "/var/lib/forgejo";
database = {
type = "postgres";
passwordFile = config.age.secrets.postgres-gitea.path;
name = forgejo-user;
user = forgejo-user;
passwordFile = config.age.secrets.postgres.path;
};
lfs.enable = true;
mailerPasswordFile = config.age.secrets.fastmail.path;
settings = {
DEFAULT.APP_NAME = "Code by TEC";
server = {
DOMAIN = "git.tecosaur.net";
ROOT_URL = "https://git.tecosaur.net";
DOMAIN = "code.tecosaur.net";
ROOT_URL = "https://code.tecosaur.net";
HTTP_ADDRESS = "0.0.0.0";
HTTP_PORT = 3000;
};
mailer = {
ENABLED = true;
PROTOCOL = "smtp+startls";
FROM = "forgejo@git.tecosaur.net";
FROM = "forgejo@code.tecosaur.net";
USER = "tec@tecosaur.net";
SMTP_ADDR = "smtp.fastmail.com:587";
};
@ -56,6 +61,9 @@
# "repository.mimetype_mapping" = {
# ".org" = "text/org";
# };
# actions = {
# ENABLED = true;
# };
ui = {
GRAPH_MAX_COMMIT_NUM = 200;
DEFAULT_THEME = "auto";
@ -70,24 +78,23 @@
};
};
# users.users.gitea.uid = 997;
# users.enforceIdUniqueness = false;
# users.users.git = {
# uid = config.users.users.gitea.uid;
# home = config.services.gitea.stateDir;
# useDefaultShell = true;
# group = "gitea";
# isSystemUser = true;
# };
users.users.${forgejo-user} = {
home = config.services.forgejo.stateDir;
useDefaultShell = true;
group = forgejo-user;
isSystemUser = true;
};
users.groups.${forgejo-user} = {};
systemd.tmpfiles.rules = [
"L+ ${config.services.gitea.stateDir}/custom/templates/home.tmpl - - - - ${./template-home.tmpl}"
"L+ ${config.services.gitea.stateDir}/custom/public/assets/img/tree-greentea-themed.svg - - - - ${./images/tree-greentea-themed.svg}"
"L+ ${config.services.gitea.stateDir}/custom/public/assets/img/logo.svg - - - - ${./images/forgejo-icon-greentea-themed.svg}"
"L+ ${config.services.gitea.stateDir}/custom/public/assets/img/logo.png - - - - ${./images/forgejo-icon-greentea-themed.png}"
"L+ ${config.services.gitea.stateDir}/custom/public/assets/img/favicon.svg - - - - ${./images/forgejo-icon-greentea-themed.svg}"
"L+ ${config.services.gitea.stateDir}/custom/public/assets/img/favicon.png - - - - ${./images/forgejo-icon-greentea-themed.png}"
"L+ ${config.services.gitea.stateDir}/custom/public/assets/img/apple-touch-icon.png - - - - ${./images/forgejo-icon-greentea-themed.png}"
"L+ ${config.services.gitea.stateDir}/custom/public/assets/img/avatar_default.png - - - - ${./images/forgejo-square-greentea-themed.png}"
"L+ ${config.services.forgejo.stateDir}/custom/templates/home.tmpl - - - - ${./template-home.tmpl}"
"L+ ${config.services.forgejo.stateDir}/custom/public/assets/img/tree-greentea-themed.svg - - - - ${./images/tree-greentea-themed.svg}"
"L+ ${config.services.forgejo.stateDir}/custom/public/assets/img/logo.svg - - - - ${./images/forgejo-icon-greentea-themed.svg}"
"L+ ${config.services.forgejo.stateDir}/custom/public/assets/img/logo.png - - - - ${./images/forgejo-icon-greentea-themed.png}"
"L+ ${config.services.forgejo.stateDir}/custom/public/assets/img/favicon.svg - - - - ${./images/forgejo-icon-greentea-themed.svg}"
"L+ ${config.services.forgejo.stateDir}/custom/public/assets/img/favicon.png - - - - ${./images/forgejo-icon-greentea-themed.png}"
"L+ ${config.services.forgejo.stateDir}/custom/public/assets/img/apple-touch-icon.png - - - - ${./images/forgejo-icon-greentea-themed.png}"
"L+ ${config.services.forgejo.stateDir}/custom/public/assets/img/avatar_default.png - - - - ${./images/forgejo-square-greentea-themed.png}"
];
}

0
secrets/postgres-gitea.age → secrets/postgres.age
View File