Compare commits
4 Commits
90ca4d6098
...
225492f2e0
Author | SHA1 | Date |
---|---|---|
TEC | 225492f2e0 | |
TEC | f9445cb26d | |
TEC | b2aa968a1b | |
TEC | ce0fbff904 |
18
flake.lock
18
flake.lock
|
@ -8,11 +8,11 @@
|
|||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1703433843,
|
||||
"narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=",
|
||||
"lastModified": 1707830867,
|
||||
"narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=",
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"rev": "417caa847f9383e111d1397039c9d4337d024bf0",
|
||||
"rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -52,11 +52,11 @@
|
|||
"utils": "utils"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1703087360,
|
||||
"narHash": "sha256-0VUbWBW8VyiDRuimMuLsEO4elGuUw/nc2WDeuO1eN1M=",
|
||||
"lastModified": 1708091384,
|
||||
"narHash": "sha256-dTGGw2y8wvfjr+J9CjQbfdulOq72hUG17HXVNxpH1yE=",
|
||||
"owner": "serokell",
|
||||
"repo": "deploy-rs",
|
||||
"rev": "b709d63debafce9f5645a5ba550c9e0983b3d1f7",
|
||||
"rev": "0a0187794ac7f7a1e62cda3dabf8dc041f868790",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -156,11 +156,11 @@
|
|||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1704538339,
|
||||
"narHash": "sha256-1734d3mQuux9ySvwf6axRWZRBhtcZA9Q8eftD6EZg6U=",
|
||||
"lastModified": 1707956935,
|
||||
"narHash": "sha256-ZL2TrjVsiFNKOYwYQozpbvQSwvtV/3Me7Zwhmdsfyu4=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "46ae0210ce163b3cba6c7da08840c1d63de9c701",
|
||||
"rev": "a4d4fe8c5002202493e87ec8dbc91335ff55552c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -2,7 +2,9 @@
|
|||
|
||||
with lib;
|
||||
|
||||
{
|
||||
let
|
||||
domain = "tecosaur.net";
|
||||
in {
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
networking.firewall.allowedUDPPorts = [ 443 ];
|
||||
|
||||
|
@ -15,7 +17,7 @@ with lib;
|
|||
version = "ef9d0ab232f4fe5d7e86312cbba45ff8afea98a1";}
|
||||
];
|
||||
};
|
||||
virtualHosts."tecosaur.net".extraConfig = ''
|
||||
virtualHosts."${domain}".extraConfig = ''
|
||||
respond "__ __ _
|
||||
\ \ / /__| | ___ ___ _ __ ___ ___
|
||||
\ \ /\ / / _ \ |/ __/ _ \| '_ ` _ \ / _ \
|
||||
|
@ -24,7 +26,7 @@ respond "__ __ _
|
|||
|
||||
This is an in-progress replacement for tecosaur.com, done better.
|
||||
|
||||
For now, you can find an increasing number of my projects on git.tecosaur.net,
|
||||
For now, you can find an increasing number of my projects on code.${domain},
|
||||
this includes the setup for this server, which is being constructed using:
|
||||
+ NixOS (with flakes and deploy-rs)
|
||||
+ Caddy (web server)
|
||||
|
@ -38,11 +40,11 @@ In future, the following may be set up too:
|
|||
+ Koel (music streaming)
|
||||
"
|
||||
'';
|
||||
virtualHosts."blog.tecosaur.net".extraConfig = ''
|
||||
virtualHosts."blog.${domain}".extraConfig = ''
|
||||
redir /tmio /tmio/
|
||||
handle_path /tmio/* {
|
||||
file_server {
|
||||
fs git /var/lib/gitea/repositories/tec/this-month-in-org.git html
|
||||
fs git ${config.services.forgejo.stateDir}/repositories/tec/this-month-in-org.git html
|
||||
}
|
||||
}
|
||||
handle {
|
||||
|
@ -51,7 +53,7 @@ handle {
|
|||
'';
|
||||
}
|
||||
(mkIf config.services.syncthing.enable {
|
||||
virtualHosts."syncthing.tecosaur.net".extraConfig =
|
||||
virtualHosts."syncthing.${domain}".extraConfig =
|
||||
''
|
||||
reverse_proxy ${config.services.syncthing.guiAddress} {
|
||||
header_up Host {upstream_hostport}
|
||||
|
@ -59,21 +61,24 @@ reverse_proxy ${config.services.syncthing.guiAddress} {
|
|||
'';
|
||||
})
|
||||
(mkIf config.services.syncthing.enable {
|
||||
virtualHosts."public.tecosaur.net".extraConfig =
|
||||
virtualHosts."public.${domain}".extraConfig =
|
||||
''
|
||||
root * ${config.services.syncthing.dataDir}/public/.build
|
||||
file_server
|
||||
'';
|
||||
})
|
||||
(mkIf config.services.gitea.enable {
|
||||
virtualHosts."git.tecosaur.net".extraConfig =
|
||||
(mkIf config.services.forgejo.enable {
|
||||
virtualHosts."git.tecosaur.net".extraConfig = "redir https://code.${domain}{uri} 301";
|
||||
})
|
||||
(mkIf config.services.forgejo.enable {
|
||||
virtualHosts."code.${domain}".extraConfig =
|
||||
''
|
||||
@not_tec {
|
||||
not path /tec/*
|
||||
not header Cookie *caddy_tec_redirect=true*
|
||||
}
|
||||
handle @not_tec {
|
||||
reverse_proxy localhost:${toString config.services.gitea.settings.server.HTTP_PORT} {
|
||||
reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT} {
|
||||
@404 status 404
|
||||
handle_response @404 {
|
||||
header +Set-Cookie "caddy_tec_redirect=true; Max-Age=5"
|
||||
|
@ -86,7 +91,7 @@ handle @not_tec {
|
|||
header Cookie *caddy_tec_redirect=true*
|
||||
}
|
||||
handle @tec_redirect {
|
||||
reverse_proxy localhost:${toString config.services.gitea.settings.server.HTTP_PORT} {
|
||||
reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT} {
|
||||
@404 status 404
|
||||
handle_response @404 {
|
||||
header +Set-Cookie "caddy_tec_redirect=true; Max-Age=0"
|
||||
|
@ -97,7 +102,7 @@ handle @tec_redirect {
|
|||
}
|
||||
}
|
||||
handle {
|
||||
reverse_proxy localhost:${toString config.services.gitea.settings.server.HTTP_PORT}
|
||||
reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}
|
||||
}
|
||||
'';
|
||||
})
|
||||
|
@ -105,7 +110,7 @@ handle {
|
|||
|
||||
users.users.caddy = {
|
||||
extraGroups =
|
||||
lib.optional config.services.syncthing.enable "syncthing" ++
|
||||
lib.optional config.services.gitea.enable "gitea";
|
||||
lib.optional config.services.syncthing.enable config.services.syncthing.user ++
|
||||
lib.optional config.services.forgejo.enable config.services.forgejo.user;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,40 +1,45 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
let
|
||||
forgejo-user = "git";
|
||||
in {
|
||||
age.secrets.postgres-gitea = {
|
||||
owner = "gitea";
|
||||
owner = forgejo-user;
|
||||
group = "users";
|
||||
file = ../../secrets/postgres-gitea.age;
|
||||
};
|
||||
|
||||
age.secrets.fastmail = {
|
||||
owner = "gitea";
|
||||
owner = forgejo-user;
|
||||
group = "users";
|
||||
file = ../../secrets/fastmail.age;
|
||||
};
|
||||
|
||||
services.gitea = {
|
||||
package = pkgs.forgejo;
|
||||
services.forgejo = {
|
||||
enable = true;
|
||||
user = "gitea";
|
||||
appName = "Code by TEC";
|
||||
user = forgejo-user;
|
||||
group = forgejo-user;
|
||||
stateDir = "/var/lib/forgejo";
|
||||
database = {
|
||||
type = "postgres";
|
||||
name = forgejo-user;
|
||||
user = forgejo-user;
|
||||
passwordFile = config.age.secrets.postgres-gitea.path;
|
||||
};
|
||||
lfs.enable = true;
|
||||
mailerPasswordFile = config.age.secrets.fastmail.path;
|
||||
settings = {
|
||||
DEFAULT.APP_NAME = "Code by TEC";
|
||||
server = {
|
||||
DOMAIN = "git.tecosaur.net";
|
||||
ROOT_URL = "https://git.tecosaur.net";
|
||||
DOMAIN = "code.tecosaur.net";
|
||||
ROOT_URL = "https://code.tecosaur.net";
|
||||
HTTP_ADDRESS = "0.0.0.0";
|
||||
HTTP_PORT = 3000;
|
||||
};
|
||||
mailer = {
|
||||
ENABLED = true;
|
||||
PROTOCOL = "smtp+startls";
|
||||
FROM = "forgejo@git.tecosaur.net";
|
||||
FROM = "forgejo@code.tecosaur.net";
|
||||
USER = "tec@tecosaur.net";
|
||||
SMTP_ADDR = "smtp.fastmail.com:587";
|
||||
};
|
||||
|
@ -56,6 +61,9 @@
|
|||
# "repository.mimetype_mapping" = {
|
||||
# ".org" = "text/org";
|
||||
# };
|
||||
# actions = {
|
||||
# ENABLED = true;
|
||||
# };
|
||||
ui = {
|
||||
GRAPH_MAX_COMMIT_NUM = 200;
|
||||
DEFAULT_THEME = "auto";
|
||||
|
@ -70,15 +78,14 @@
|
|||
};
|
||||
};
|
||||
|
||||
# users.users.gitea.uid = 997;
|
||||
# users.enforceIdUniqueness = false;
|
||||
# users.users.git = {
|
||||
# uid = config.users.users.gitea.uid;
|
||||
# home = config.services.gitea.stateDir;
|
||||
# useDefaultShell = true;
|
||||
# group = "gitea";
|
||||
# isSystemUser = true;
|
||||
# };
|
||||
users.users.${forgejo-user} = {
|
||||
home = config.services.forgejo.stateDir;
|
||||
useDefaultShell = true;
|
||||
group = forgejo-user;
|
||||
isSystemUser = true;
|
||||
};
|
||||
|
||||
users.groups.${forgejo-user} = {};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"L+ ${config.services.gitea.stateDir}/custom/templates/home.tmpl - - - - ${./template-home.tmpl}"
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
, testers
|
||||
, installShellFiles
|
||||
, externalPlugins ? []
|
||||
, vendorHash ? "sha256-O0j6LwUQGa+NnotR2QpSIbNH+RI9y8mRrNoxbJqTw8k="
|
||||
, vendorHash ? "sha256-uLmOv8//ZlgF9fB91whmwJMmI/n+/MMnLW4E6j2qeSk="
|
||||
}:
|
||||
|
||||
let
|
||||
|
|
Loading…
Reference in New Issue