tec/golgi
tec
/
golgi
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: tec:eddd0af0baa712fa94f43cc4e41f755d287eb823
Branches Tags
tec:master
...
compare: tec:b344c87346c64f0c50d7c21d4a2d3c0928c54e86
Branches Tags
tec:master

3 Commits
eddd0af0ba ... b344c87346

Author SHA1 Message Date
TEC b344c87346
Factor out domain in caddy config 2024-02-17 02:53:27 +08:00
TEC 53b6633026
Switch from git.DOMAIN to code.DOMAIN 2024-02-17 02:53:27 +08:00
TEC 83eeb60424
Migrate from gitea service to forgejo 
While I'm at it, make it so I can use git@... at long last.
 2024-02-17 02:53:03 +08:00
3 changed files with 56 additions and 44 deletions
Show Stats Expand all files Collapse all files

33
modules/caddy.nix
View File

@ -2,7 +2,9 @@
with lib; with lib;
{ let
domain = "tecosaur.net";
in {
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedUDPPorts = [ 443 ]; networking.firewall.allowedUDPPorts = [ 443 ];
@ -15,7 +17,7 @@ with lib;
version = "ef9d0ab232f4fe5d7e86312cbba45ff8afea98a1";} version = "ef9d0ab232f4fe5d7e86312cbba45ff8afea98a1";}
]; ];
}; };
virtualHosts."tecosaur.net".extraConfig = '' virtualHosts."${domain}".extraConfig = ''
respond "__ __ _ respond "__ __ _
\ \ / /__| | ___ ___ _ __ ___ ___ \ \ / /__| | ___ ___ _ __ ___ ___
\ \ /\ / / _ \ |/ __/ _ \| '_ ` _ \ / _ \ \ \ /\ / / _ \ |/ __/ _ \| '_ ` _ \ / _ \
@ -24,7 +26,7 @@ respond "__ __ _
This is an in-progress replacement for tecosaur.com, done better. This is an in-progress replacement for tecosaur.com, done better.
For now, you can find an increasing number of my projects on git.tecosaur.net, For now, you can find an increasing number of my projects on code.${domain},
this includes the setup for this server, which is being constructed using: this includes the setup for this server, which is being constructed using:
+ NixOS (with flakes and deploy-rs) + NixOS (with flakes and deploy-rs)
+ Caddy (web server) + Caddy (web server)
@ -38,11 +40,11 @@ In future, the following may be set up too:
+ Koel (music streaming) + Koel (music streaming)
" "
''; '';
virtualHosts."blog.tecosaur.net".extraConfig = '' virtualHosts."blog.${domain}".extraConfig = ''
redir /tmio /tmio/ redir /tmio /tmio/
handle_path /tmio/* { handle_path /tmio/* {
file_server { file_server {
fs git /var/lib/gitea/repositories/tec/this-month-in-org.git html fs git ${config.services.forgejo.stateDir}/repositories/tec/this-month-in-org.git html
} }
} }
handle { handle {
@ -51,7 +53,7 @@ handle {
''; '';
} }
(mkIf config.services.syncthing.enable { (mkIf config.services.syncthing.enable {
virtualHosts."syncthing.tecosaur.net".extraConfig = virtualHosts."syncthing.${domain}".extraConfig =
'' ''
reverse_proxy ${config.services.syncthing.guiAddress} { reverse_proxy ${config.services.syncthing.guiAddress} {
header_up Host {upstream_hostport} header_up Host {upstream_hostport}
@ -59,21 +61,24 @@ reverse_proxy ${config.services.syncthing.guiAddress} {
''; '';
}) })
(mkIf config.services.syncthing.enable { (mkIf config.services.syncthing.enable {
virtualHosts."public.tecosaur.net".extraConfig = virtualHosts."public.${domain}".extraConfig =
'' ''
root * ${config.services.syncthing.dataDir}/public/.build root * ${config.services.syncthing.dataDir}/public/.build
file_server file_server
''; '';
}) })
(mkIf config.services.gitea.enable { (mkIf config.services.forgejo.enable {
virtualHosts."git.tecosaur.net".extraConfig = virtualHosts."git.tecosaur.net".extraConfig = "redir https://code.${domain}{uri} 301";
})
(mkIf config.services.forgejo.enable {
virtualHosts."code.${domain}".extraConfig =
'' ''
@not_tec { @not_tec {
not path /tec/* not path /tec/*
not header Cookie *caddy_tec_redirect=true* not header Cookie *caddy_tec_redirect=true*
} }
handle @not_tec { handle @not_tec {
reverse_proxy localhost:${toString config.services.gitea.settings.server.HTTP_PORT} { reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT} {
@404 status 404 @404 status 404
handle_response @404 { handle_response @404 {
header +Set-Cookie "caddy_tec_redirect=true; Max-Age=5" header +Set-Cookie "caddy_tec_redirect=true; Max-Age=5"
@ -86,7 +91,7 @@ handle @not_tec {
header Cookie *caddy_tec_redirect=true* header Cookie *caddy_tec_redirect=true*
} }
handle @tec_redirect { handle @tec_redirect {
reverse_proxy localhost:${toString config.services.gitea.settings.server.HTTP_PORT} { reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT} {
@404 status 404 @404 status 404
handle_response @404 { handle_response @404 {
header +Set-Cookie "caddy_tec_redirect=true; Max-Age=0" header +Set-Cookie "caddy_tec_redirect=true; Max-Age=0"
@ -97,7 +102,7 @@ handle @tec_redirect {
} }
} }
handle { handle {
reverse_proxy localhost:${toString config.services.gitea.settings.server.HTTP_PORT} reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}
} }
''; '';
}) })
@ -105,7 +110,7 @@ handle {
users.users.caddy = { users.users.caddy = {
extraGroups = extraGroups =
lib.optional config.services.syncthing.enable "syncthing" ++ lib.optional config.services.syncthing.enable config.services.syncthing.user ++
lib.optional config.services.gitea.enable "gitea"; lib.optional config.services.forgejo.enable config.services.forgejo.user;
}; };
} }

67
modules/forgejo/default.nix
View File

@ -1,40 +1,45 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ let
age.secrets.postgres-gitea = { forgejo-user = "git";
owner = "gitea"; in {
age.secrets.postgres = {
owner = forgejo-user;
group = "users"; group = "users";
file = ../../secrets/postgres-gitea.age; file = ../../secrets/postgres.age;
}; };
age.secrets.fastmail = { age.secrets.fastmail = {
owner = "gitea"; owner = forgejo-user;
group = "users"; group = "users";
file = ../../secrets/fastmail.age; file = ../../secrets/fastmail.age;
}; };
services.gitea = { services.forgejo = {
package = pkgs.forgejo;
enable = true; enable = true;
user = "gitea"; user = forgejo-user;
appName = "Code by TEC"; group = forgejo-user;
stateDir = "/var/lib/forgejo";
database = { database = {
type = "postgres"; type = "postgres";
passwordFile = config.age.secrets.postgres-gitea.path; name = forgejo-user;
user = forgejo-user;
passwordFile = config.age.secrets.postgres.path;
}; };
lfs.enable = true; lfs.enable = true;
mailerPasswordFile = config.age.secrets.fastmail.path; mailerPasswordFile = config.age.secrets.fastmail.path;
settings = { settings = {
DEFAULT.APP_NAME = "Code by TEC";
server = { server = {
DOMAIN = "git.tecosaur.net"; DOMAIN = "code.tecosaur.net";
ROOT_URL = "https://git.tecosaur.net"; ROOT_URL = "https://code.tecosaur.net";
HTTP_ADDRESS = "0.0.0.0"; HTTP_ADDRESS = "0.0.0.0";
HTTP_PORT = 3000; HTTP_PORT = 3000;
}; };
mailer = { mailer = {
ENABLED = true; ENABLED = true;
PROTOCOL = "smtp+startls"; PROTOCOL = "smtp+startls";
FROM = "forgejo@git.tecosaur.net"; FROM = "forgejo@code.tecosaur.net";
USER = "tec@tecosaur.net"; USER = "tec@tecosaur.net";
SMTP_ADDR = "smtp.fastmail.com:587"; SMTP_ADDR = "smtp.fastmail.com:587";
}; };
@ -56,6 +61,9 @@
# "repository.mimetype_mapping" = { # "repository.mimetype_mapping" = {
# ".org" = "text/org"; # ".org" = "text/org";
# }; # };
# actions = {
# ENABLED = true;
# };
ui = { ui = {
GRAPH_MAX_COMMIT_NUM = 200; GRAPH_MAX_COMMIT_NUM = 200;
DEFAULT_THEME = "auto"; DEFAULT_THEME = "auto";
@ -70,24 +78,23 @@
}; };
}; };
# users.users.gitea.uid = 997; users.users.${forgejo-user} = {
# users.enforceIdUniqueness = false; home = config.services.forgejo.stateDir;
# users.users.git = { useDefaultShell = true;
# uid = config.users.users.gitea.uid; group = forgejo-user;
# home = config.services.gitea.stateDir; isSystemUser = true;
# useDefaultShell = true; };
# group = "gitea";
# isSystemUser = true; users.groups.${forgejo-user} = {};
# };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"L+ ${config.services.gitea.stateDir}/custom/templates/home.tmpl - - - - ${./template-home.tmpl}" "L+ ${config.services.forgejo.stateDir}/custom/templates/home.tmpl - - - - ${./template-home.tmpl}"
"L+ ${config.services.gitea.stateDir}/custom/public/assets/img/tree-greentea-themed.svg - - - - ${./images/tree-greentea-themed.svg}" "L+ ${config.services.forgejo.stateDir}/custom/public/assets/img/tree-greentea-themed.svg - - - - ${./images/tree-greentea-themed.svg}"
"L+ ${config.services.gitea.stateDir}/custom/public/assets/img/logo.svg - - - - ${./images/forgejo-icon-greentea-themed.svg}" "L+ ${config.services.forgejo.stateDir}/custom/public/assets/img/logo.svg - - - - ${./images/forgejo-icon-greentea-themed.svg}"
"L+ ${config.services.gitea.stateDir}/custom/public/assets/img/logo.png - - - - ${./images/forgejo-icon-greentea-themed.png}" "L+ ${config.services.forgejo.stateDir}/custom/public/assets/img/logo.png - - - - ${./images/forgejo-icon-greentea-themed.png}"
"L+ ${config.services.gitea.stateDir}/custom/public/assets/img/favicon.svg - - - - ${./images/forgejo-icon-greentea-themed.svg}" "L+ ${config.services.forgejo.stateDir}/custom/public/assets/img/favicon.svg - - - - ${./images/forgejo-icon-greentea-themed.svg}"
"L+ ${config.services.gitea.stateDir}/custom/public/assets/img/favicon.png - - - - ${./images/forgejo-icon-greentea-themed.png}" "L+ ${config.services.forgejo.stateDir}/custom/public/assets/img/favicon.png - - - - ${./images/forgejo-icon-greentea-themed.png}"
"L+ ${config.services.gitea.stateDir}/custom/public/assets/img/apple-touch-icon.png - - - - ${./images/forgejo-icon-greentea-themed.png}" "L+ ${config.services.forgejo.stateDir}/custom/public/assets/img/apple-touch-icon.png - - - - ${./images/forgejo-icon-greentea-themed.png}"
"L+ ${config.services.gitea.stateDir}/custom/public/assets/img/avatar_default.png - - - - ${./images/forgejo-square-greentea-themed.png}" "L+ ${config.services.forgejo.stateDir}/custom/public/assets/img/avatar_default.png - - - - ${./images/forgejo-square-greentea-themed.png}"
]; ];
} }

0
secrets/postgres-gitea.age → secrets/postgres.age
View File