bekkalokk/gitea-web: host pages

bekkalokk/gitea: set up gitea-web sync units
2024-08-26 18:05:30 +02:00 · 2024-08-26 18:05:30 +02:00
1 changed files with 16 additions and 2 deletions
--- a/hosts/bekkalokk/services/gitea/web-secret-provider/default.nix
+++ b/hosts/bekkalokk/services/gitea/web-secret-provider/default.nix
@ -37,6 +37,18 @@ in
    ] ++ (map (org: "gitea-web-secret-provider@${org}") organizations);
  };

+  systemd.tmpfiles.settings."10-gitea-web-secret-provider" =
+    builtins.listToAttrs (map (org: {
+      name = "/var/lib/gitea-web/web/${org}";
+      value = {
+        d = {
+          user = "gitea-web";
+          group = "nginx";
+          mode = "750";
+        };
+      };
+    }) organizations);
+
  systemd.slices.system-giteaweb = {
    description = "Gitea web directories";
  };
@ -68,7 +80,10 @@ in
      User = "gitea-web";
      Group = "gitea-web";

-      StateDirectory = "gitea-web";
+      StateDirectory = toString [
+        "gitea-web/keys/%i"
+        "gitea-web/authorized_keys.d"
+      ];
      LoadCredential = [
        "token:${config.sops.secrets."gitea/web-secret-provider/token".path}"
      ];
@ -103,7 +118,6 @@ in

  services.openssh.authorizedKeysFiles = map (org: "/var/lib/gitea-web/authorized_keys.d/${org}") organizations;

-  users.users.nginx.extraGroups = [ "gitea-web" ];
  services.nginx.virtualHosts."pages.pvv.ntnu.no" = {
    kTLS = true;
    forceSSL = true;
Author	SHA1	Message	Date
Oystein Kristoffer Tveit	f45b70594d	bekkalokk/gitea-web: host pages	2024-08-26 18:05:30 +02:00
Oystein Kristoffer Tveit	db3625288b	bekkalokk/gitea: set up gitea-web sync units	2024-08-26 18:05:30 +02:00