bekkalokk/gitea-web: host pages

bekkalokk/gitea: set up gitea-web sync units
2024-08-26 18:13:13 +02:00 · 2024-08-26 18:13:13 +02:00
1 changed files with 2 additions and 16 deletions
--- a/hosts/bekkalokk/services/gitea/web-secret-provider/default.nix
+++ b/hosts/bekkalokk/services/gitea/web-secret-provider/default.nix
@ -37,18 +37,6 @@ in
    ] ++ (map (org: "gitea-web-secret-provider@${org}") organizations);
  };

-  systemd.tmpfiles.settings."10-gitea-web-secret-provider" =
-    builtins.listToAttrs (map (org: {
-      name = "/var/lib/gitea-web/web/${org}";
-      value = {
-        d = {
-          user = "gitea-web";
-          group = "nginx";
-          mode = "750";
-        };
-      };
-    }) organizations);
-
  systemd.slices.system-giteaweb = {
    description = "Gitea web directories";
  };
@ -80,10 +68,7 @@ in
      User = "gitea-web";
      Group = "gitea-web";

-      StateDirectory = toString [
-        "gitea-web/keys/%i"
-        "gitea-web/authorized_keys.d"
-      ];
+      StateDirectory = "gitea-web";
      LoadCredential = [
        "token:${config.sops.secrets."gitea/web-secret-provider/token".path}"
      ];
@ -118,6 +103,7 @@ in

  services.openssh.authorizedKeysFiles = map (org: "/var/lib/gitea-web/authorized_keys.d/${org}") organizations;

+  users.users.nginx.extraGroups = [ "gitea-web" ];
  services.nginx.virtualHosts."pages.pvv.ntnu.no" = {
    kTLS = true;
    forceSSL = true;
Author	SHA1	Message	Date
Oystein Kristoffer Tveit	4800c506c2	bekkalokk/gitea-web: host pages	2024-08-26 18:13:13 +02:00
Oystein Kristoffer Tveit	ee4050baf7	bekkalokk/gitea: set up gitea-web sync units	2024-08-26 18:13:13 +02:00