Compare commits
4 Commits
90ca4d6098
...
225492f2e0
Author | SHA1 | Date |
---|---|---|
TEC | 225492f2e0 | |
TEC | f9445cb26d | |
TEC | b2aa968a1b | |
TEC | ce0fbff904 |
18
flake.lock
18
flake.lock
|
@ -8,11 +8,11 @@
|
||||||
"systems": "systems"
|
"systems": "systems"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1703433843,
|
"lastModified": 1707830867,
|
||||||
"narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=",
|
"narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=",
|
||||||
"owner": "ryantm",
|
"owner": "ryantm",
|
||||||
"repo": "agenix",
|
"repo": "agenix",
|
||||||
"rev": "417caa847f9383e111d1397039c9d4337d024bf0",
|
"rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -52,11 +52,11 @@
|
||||||
"utils": "utils"
|
"utils": "utils"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1703087360,
|
"lastModified": 1708091384,
|
||||||
"narHash": "sha256-0VUbWBW8VyiDRuimMuLsEO4elGuUw/nc2WDeuO1eN1M=",
|
"narHash": "sha256-dTGGw2y8wvfjr+J9CjQbfdulOq72hUG17HXVNxpH1yE=",
|
||||||
"owner": "serokell",
|
"owner": "serokell",
|
||||||
"repo": "deploy-rs",
|
"repo": "deploy-rs",
|
||||||
"rev": "b709d63debafce9f5645a5ba550c9e0983b3d1f7",
|
"rev": "0a0187794ac7f7a1e62cda3dabf8dc041f868790",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -156,11 +156,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1704538339,
|
"lastModified": 1707956935,
|
||||||
"narHash": "sha256-1734d3mQuux9ySvwf6axRWZRBhtcZA9Q8eftD6EZg6U=",
|
"narHash": "sha256-ZL2TrjVsiFNKOYwYQozpbvQSwvtV/3Me7Zwhmdsfyu4=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "46ae0210ce163b3cba6c7da08840c1d63de9c701",
|
"rev": "a4d4fe8c5002202493e87ec8dbc91335ff55552c",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -2,7 +2,9 @@
|
||||||
|
|
||||||
with lib;
|
with lib;
|
||||||
|
|
||||||
{
|
let
|
||||||
|
domain = "tecosaur.net";
|
||||||
|
in {
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
networking.firewall.allowedUDPPorts = [ 443 ];
|
networking.firewall.allowedUDPPorts = [ 443 ];
|
||||||
|
|
||||||
|
@ -15,7 +17,7 @@ with lib;
|
||||||
version = "ef9d0ab232f4fe5d7e86312cbba45ff8afea98a1";}
|
version = "ef9d0ab232f4fe5d7e86312cbba45ff8afea98a1";}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
virtualHosts."tecosaur.net".extraConfig = ''
|
virtualHosts."${domain}".extraConfig = ''
|
||||||
respond "__ __ _
|
respond "__ __ _
|
||||||
\ \ / /__| | ___ ___ _ __ ___ ___
|
\ \ / /__| | ___ ___ _ __ ___ ___
|
||||||
\ \ /\ / / _ \ |/ __/ _ \| '_ ` _ \ / _ \
|
\ \ /\ / / _ \ |/ __/ _ \| '_ ` _ \ / _ \
|
||||||
|
@ -24,7 +26,7 @@ respond "__ __ _
|
||||||
|
|
||||||
This is an in-progress replacement for tecosaur.com, done better.
|
This is an in-progress replacement for tecosaur.com, done better.
|
||||||
|
|
||||||
For now, you can find an increasing number of my projects on git.tecosaur.net,
|
For now, you can find an increasing number of my projects on code.${domain},
|
||||||
this includes the setup for this server, which is being constructed using:
|
this includes the setup for this server, which is being constructed using:
|
||||||
+ NixOS (with flakes and deploy-rs)
|
+ NixOS (with flakes and deploy-rs)
|
||||||
+ Caddy (web server)
|
+ Caddy (web server)
|
||||||
|
@ -38,11 +40,11 @@ In future, the following may be set up too:
|
||||||
+ Koel (music streaming)
|
+ Koel (music streaming)
|
||||||
"
|
"
|
||||||
'';
|
'';
|
||||||
virtualHosts."blog.tecosaur.net".extraConfig = ''
|
virtualHosts."blog.${domain}".extraConfig = ''
|
||||||
redir /tmio /tmio/
|
redir /tmio /tmio/
|
||||||
handle_path /tmio/* {
|
handle_path /tmio/* {
|
||||||
file_server {
|
file_server {
|
||||||
fs git /var/lib/gitea/repositories/tec/this-month-in-org.git html
|
fs git ${config.services.forgejo.stateDir}/repositories/tec/this-month-in-org.git html
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
handle {
|
handle {
|
||||||
|
@ -51,7 +53,7 @@ handle {
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
(mkIf config.services.syncthing.enable {
|
(mkIf config.services.syncthing.enable {
|
||||||
virtualHosts."syncthing.tecosaur.net".extraConfig =
|
virtualHosts."syncthing.${domain}".extraConfig =
|
||||||
''
|
''
|
||||||
reverse_proxy ${config.services.syncthing.guiAddress} {
|
reverse_proxy ${config.services.syncthing.guiAddress} {
|
||||||
header_up Host {upstream_hostport}
|
header_up Host {upstream_hostport}
|
||||||
|
@ -59,21 +61,24 @@ reverse_proxy ${config.services.syncthing.guiAddress} {
|
||||||
'';
|
'';
|
||||||
})
|
})
|
||||||
(mkIf config.services.syncthing.enable {
|
(mkIf config.services.syncthing.enable {
|
||||||
virtualHosts."public.tecosaur.net".extraConfig =
|
virtualHosts."public.${domain}".extraConfig =
|
||||||
''
|
''
|
||||||
root * ${config.services.syncthing.dataDir}/public/.build
|
root * ${config.services.syncthing.dataDir}/public/.build
|
||||||
file_server
|
file_server
|
||||||
'';
|
'';
|
||||||
})
|
})
|
||||||
(mkIf config.services.gitea.enable {
|
(mkIf config.services.forgejo.enable {
|
||||||
virtualHosts."git.tecosaur.net".extraConfig =
|
virtualHosts."git.tecosaur.net".extraConfig = "redir https://code.${domain}{uri} 301";
|
||||||
|
})
|
||||||
|
(mkIf config.services.forgejo.enable {
|
||||||
|
virtualHosts."code.${domain}".extraConfig =
|
||||||
''
|
''
|
||||||
@not_tec {
|
@not_tec {
|
||||||
not path /tec/*
|
not path /tec/*
|
||||||
not header Cookie *caddy_tec_redirect=true*
|
not header Cookie *caddy_tec_redirect=true*
|
||||||
}
|
}
|
||||||
handle @not_tec {
|
handle @not_tec {
|
||||||
reverse_proxy localhost:${toString config.services.gitea.settings.server.HTTP_PORT} {
|
reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT} {
|
||||||
@404 status 404
|
@404 status 404
|
||||||
handle_response @404 {
|
handle_response @404 {
|
||||||
header +Set-Cookie "caddy_tec_redirect=true; Max-Age=5"
|
header +Set-Cookie "caddy_tec_redirect=true; Max-Age=5"
|
||||||
|
@ -86,7 +91,7 @@ handle @not_tec {
|
||||||
header Cookie *caddy_tec_redirect=true*
|
header Cookie *caddy_tec_redirect=true*
|
||||||
}
|
}
|
||||||
handle @tec_redirect {
|
handle @tec_redirect {
|
||||||
reverse_proxy localhost:${toString config.services.gitea.settings.server.HTTP_PORT} {
|
reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT} {
|
||||||
@404 status 404
|
@404 status 404
|
||||||
handle_response @404 {
|
handle_response @404 {
|
||||||
header +Set-Cookie "caddy_tec_redirect=true; Max-Age=0"
|
header +Set-Cookie "caddy_tec_redirect=true; Max-Age=0"
|
||||||
|
@ -97,7 +102,7 @@ handle @tec_redirect {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
handle {
|
handle {
|
||||||
reverse_proxy localhost:${toString config.services.gitea.settings.server.HTTP_PORT}
|
reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
})
|
})
|
||||||
|
@ -105,7 +110,7 @@ handle {
|
||||||
|
|
||||||
users.users.caddy = {
|
users.users.caddy = {
|
||||||
extraGroups =
|
extraGroups =
|
||||||
lib.optional config.services.syncthing.enable "syncthing" ++
|
lib.optional config.services.syncthing.enable config.services.syncthing.user ++
|
||||||
lib.optional config.services.gitea.enable "gitea";
|
lib.optional config.services.forgejo.enable config.services.forgejo.user;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,40 +1,45 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
let
|
||||||
|
forgejo-user = "git";
|
||||||
|
in {
|
||||||
age.secrets.postgres-gitea = {
|
age.secrets.postgres-gitea = {
|
||||||
owner = "gitea";
|
owner = forgejo-user;
|
||||||
group = "users";
|
group = "users";
|
||||||
file = ../../secrets/postgres-gitea.age;
|
file = ../../secrets/postgres-gitea.age;
|
||||||
};
|
};
|
||||||
|
|
||||||
age.secrets.fastmail = {
|
age.secrets.fastmail = {
|
||||||
owner = "gitea";
|
owner = forgejo-user;
|
||||||
group = "users";
|
group = "users";
|
||||||
file = ../../secrets/fastmail.age;
|
file = ../../secrets/fastmail.age;
|
||||||
};
|
};
|
||||||
|
|
||||||
services.gitea = {
|
services.forgejo = {
|
||||||
package = pkgs.forgejo;
|
|
||||||
enable = true;
|
enable = true;
|
||||||
user = "gitea";
|
user = forgejo-user;
|
||||||
appName = "Code by TEC";
|
group = forgejo-user;
|
||||||
|
stateDir = "/var/lib/forgejo";
|
||||||
database = {
|
database = {
|
||||||
type = "postgres";
|
type = "postgres";
|
||||||
|
name = forgejo-user;
|
||||||
|
user = forgejo-user;
|
||||||
passwordFile = config.age.secrets.postgres-gitea.path;
|
passwordFile = config.age.secrets.postgres-gitea.path;
|
||||||
};
|
};
|
||||||
lfs.enable = true;
|
lfs.enable = true;
|
||||||
mailerPasswordFile = config.age.secrets.fastmail.path;
|
mailerPasswordFile = config.age.secrets.fastmail.path;
|
||||||
settings = {
|
settings = {
|
||||||
|
DEFAULT.APP_NAME = "Code by TEC";
|
||||||
server = {
|
server = {
|
||||||
DOMAIN = "git.tecosaur.net";
|
DOMAIN = "code.tecosaur.net";
|
||||||
ROOT_URL = "https://git.tecosaur.net";
|
ROOT_URL = "https://code.tecosaur.net";
|
||||||
HTTP_ADDRESS = "0.0.0.0";
|
HTTP_ADDRESS = "0.0.0.0";
|
||||||
HTTP_PORT = 3000;
|
HTTP_PORT = 3000;
|
||||||
};
|
};
|
||||||
mailer = {
|
mailer = {
|
||||||
ENABLED = true;
|
ENABLED = true;
|
||||||
PROTOCOL = "smtp+startls";
|
PROTOCOL = "smtp+startls";
|
||||||
FROM = "forgejo@git.tecosaur.net";
|
FROM = "forgejo@code.tecosaur.net";
|
||||||
USER = "tec@tecosaur.net";
|
USER = "tec@tecosaur.net";
|
||||||
SMTP_ADDR = "smtp.fastmail.com:587";
|
SMTP_ADDR = "smtp.fastmail.com:587";
|
||||||
};
|
};
|
||||||
|
@ -56,6 +61,9 @@
|
||||||
# "repository.mimetype_mapping" = {
|
# "repository.mimetype_mapping" = {
|
||||||
# ".org" = "text/org";
|
# ".org" = "text/org";
|
||||||
# };
|
# };
|
||||||
|
# actions = {
|
||||||
|
# ENABLED = true;
|
||||||
|
# };
|
||||||
ui = {
|
ui = {
|
||||||
GRAPH_MAX_COMMIT_NUM = 200;
|
GRAPH_MAX_COMMIT_NUM = 200;
|
||||||
DEFAULT_THEME = "auto";
|
DEFAULT_THEME = "auto";
|
||||||
|
@ -70,15 +78,14 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# users.users.gitea.uid = 997;
|
users.users.${forgejo-user} = {
|
||||||
# users.enforceIdUniqueness = false;
|
home = config.services.forgejo.stateDir;
|
||||||
# users.users.git = {
|
useDefaultShell = true;
|
||||||
# uid = config.users.users.gitea.uid;
|
group = forgejo-user;
|
||||||
# home = config.services.gitea.stateDir;
|
isSystemUser = true;
|
||||||
# useDefaultShell = true;
|
};
|
||||||
# group = "gitea";
|
|
||||||
# isSystemUser = true;
|
users.groups.${forgejo-user} = {};
|
||||||
# };
|
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [
|
systemd.tmpfiles.rules = [
|
||||||
"L+ ${config.services.gitea.stateDir}/custom/templates/home.tmpl - - - - ${./template-home.tmpl}"
|
"L+ ${config.services.gitea.stateDir}/custom/templates/home.tmpl - - - - ${./template-home.tmpl}"
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
, testers
|
, testers
|
||||||
, installShellFiles
|
, installShellFiles
|
||||||
, externalPlugins ? []
|
, externalPlugins ? []
|
||||||
, vendorHash ? "sha256-O0j6LwUQGa+NnotR2QpSIbNH+RI9y8mRrNoxbJqTw8k="
|
, vendorHash ? "sha256-uLmOv8//ZlgF9fB91whmwJMmI/n+/MMnLW4E6j2qeSk="
|
||||||
}:
|
}:
|
||||||
|
|
||||||
let
|
let
|
||||||
|
|
Loading…
Reference in New Issue