Drift/pvv-nixos-config
Drift
/
pvv-nixos-config
16
4
Fork 1
Code Issues Pull Requests 6 Wiki Activity

Compare commits

base: Drift:4800c506c24ec4c6c815f3221e68ac23c08fc631
Branches Tags
Drift:main
Drift:pvvvvv
Drift:init-bakke
Drift:hookshot
Drift:disable-postgres-on-bekkalokk
Drift:sleipner-authorised-keys
Drift:sounding
Drift:retain-flake-inputs
Drift:openstack-image-builder
Drift:elysium
Drift:cleanup
Drift:fix-openstack-networking
Drift:systemd_exporter
Drift:backup-databases
Drift:smartd-notifs
Drift:systemd-journald-remote
Drift:skrot
Drift:deploy-doorbell
Drift:misc-gitea-fixes
Drift:run-vm
Drift:spotifyd
Drift:remote
Drift:nix-topology
Drift:dagali-heimdal-openldap-sasl-stack
Drift:setup-bikkje-login
Drift:ozai-prod
Drift:add-bluemap
Drift:ozai
Drift:setup-postfix-for-service-machines
Drift:fix-gitea-ci-runner-network-issues
Drift:heimdal-openldap-sasl-testing-on-salsa-on-buskerud
Drift:gitea-metrics
Drift:misc1
Drift:add-simple-saml-theme
Drift:misc-extra-gitea-setup
Drift:add-skrott
Drift:setup-kerberos
Drift:setup-home-areas
Drift:setup-openvpn-tunnel
Drift:shark-kanidm
Drift:prometheusexim
..
compare: Drift:f45b70594db0eb903adabae626974e3db87b0e3d
Branches Tags
Drift:pvvvvv
Drift:main
Drift:init-bakke
Drift:hookshot
Drift:disable-postgres-on-bekkalokk
Drift:sleipner-authorised-keys
Drift:sounding
Drift:retain-flake-inputs
Drift:openstack-image-builder
Drift:elysium
Drift:cleanup
Drift:fix-openstack-networking
Drift:systemd_exporter
Drift:backup-databases
Drift:smartd-notifs
Drift:systemd-journald-remote
Drift:skrot
Drift:deploy-doorbell
Drift:misc-gitea-fixes
Drift:run-vm
Drift:spotifyd
Drift:remote
Drift:nix-topology
Drift:dagali-heimdal-openldap-sasl-stack
Drift:setup-bikkje-login
Drift:ozai-prod
Drift:add-bluemap
Drift:ozai
Drift:setup-postfix-for-service-machines
Drift:fix-gitea-ci-runner-network-issues
Drift:heimdal-openldap-sasl-testing-on-salsa-on-buskerud
Drift:gitea-metrics
Drift:misc1
Drift:add-simple-saml-theme
Drift:misc-extra-gitea-setup
Drift:add-skrott
Drift:setup-kerberos
Drift:setup-home-areas
Drift:setup-openvpn-tunnel
Drift:shark-kanidm
Drift:prometheusexim

2 Commits
4800c506c2 ... f45b70594d

Author SHA1 Message Date
Oystein Kristoffer Tveit f45b70594d
bekkalokk/gitea-web: host pages 2024-08-26 18:05:30 +02:00
Oystein Kristoffer Tveit db3625288b
bekkalokk/gitea: set up gitea-web sync units 2024-08-26 18:05:30 +02:00
1 changed files with 16 additions and 2 deletions
Show Stats Expand all files Collapse all files

18
hosts/bekkalokk/services/gitea/web-secret-provider/default.nix
View File

@ -37,6 +37,18 @@ in
] ++ (map (org: "gitea-web-secret-provider@${org}") organizations); ] ++ (map (org: "gitea-web-secret-provider@${org}") organizations);
}; };
systemd.tmpfiles.settings."10-gitea-web-secret-provider" =
builtins.listToAttrs (map (org: {
name = "/var/lib/gitea-web/web/${org}";
value = {
d = {
user = "gitea-web";
group = "nginx";
mode = "750";
};
};
}) organizations);
systemd.slices.system-giteaweb = { systemd.slices.system-giteaweb = {
description = "Gitea web directories"; description = "Gitea web directories";
}; };
@ -68,7 +80,10 @@ in
User = "gitea-web"; User = "gitea-web";
Group = "gitea-web"; Group = "gitea-web";
StateDirectory = "gitea-web"; StateDirectory = toString [
"gitea-web/keys/%i"
"gitea-web/authorized_keys.d"
];
LoadCredential = [ LoadCredential = [
"token:${config.sops.secrets."gitea/web-secret-provider/token".path}" "token:${config.sops.secrets."gitea/web-secret-provider/token".path}"
]; ];
@ -103,7 +118,6 @@ in
services.openssh.authorizedKeysFiles = map (org: "/var/lib/gitea-web/authorized_keys.d/${org}") organizations; services.openssh.authorizedKeysFiles = map (org: "/var/lib/gitea-web/authorized_keys.d/${org}") organizations;
users.users.nginx.extraGroups = [ "gitea-web" ];
services.nginx.virtualHosts."pages.pvv.ntnu.no" = { services.nginx.virtualHosts."pages.pvv.ntnu.no" = {
kTLS = true; kTLS = true;
forceSSL = true; forceSSL = true;