Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 2f66325e25 |
@@ -6,10 +6,10 @@
|
|||||||
../../base.nix
|
../../base.nix
|
||||||
|
|
||||||
# TODO: set up authentication for the following:
|
# TODO: set up authentication for the following:
|
||||||
# ./services/website/website.nix
|
# ./services/website.nix
|
||||||
# ./services/website/nginx.nix
|
./services/nginx.nix
|
||||||
# ./services/website/gitea.nix
|
./services/gitea.nix
|
||||||
# ./services/website/mediawiki.nix
|
# ./services/mediawiki.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
sops.defaultSopsFile = ../../secrets/bekkalokk/bekkalokk.yaml;
|
sops.defaultSopsFile = ../../secrets/bekkalokk/bekkalokk.yaml;
|
||||||
|
|||||||
57
hosts/bekkalokk/services/gitea.nix
Normal file
57
hosts/bekkalokk/services/gitea.nix
Normal file
@@ -0,0 +1,57 @@
|
|||||||
|
{ config, values, pkgs, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.services.gitea;
|
||||||
|
in {
|
||||||
|
sops.secrets."gitea/dbpassword" = { };
|
||||||
|
|
||||||
|
services.gitea = {
|
||||||
|
enable = true;
|
||||||
|
user = "git";
|
||||||
|
rootUrl = "https://gitea.pvv.ntnu.no/";
|
||||||
|
stateDir = "/data/gitea";
|
||||||
|
appName = "PVV Git";
|
||||||
|
|
||||||
|
enableUnixSocket = true;
|
||||||
|
|
||||||
|
database = {
|
||||||
|
type = "postgres";
|
||||||
|
host = values.hosts.bicep.ipv4;
|
||||||
|
port = 5432;
|
||||||
|
passwordFile = config.sops.secrets."gitea/dbpassword".path;
|
||||||
|
createDatabase = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
settings = {
|
||||||
|
service.DISABLE_REGISTRATION = true;
|
||||||
|
session.COOKIE_SECURE = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts = {
|
||||||
|
"gitea.pvv.ntnu.no" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://unix:/run/gitea/gitea.sock";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
"git2.pvv.ntnu.no" = {
|
||||||
|
globalRedirect = "gitea.pvv.ntnu.no";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
users.users.git = {
|
||||||
|
description = "Gitea service";
|
||||||
|
home = cfg.stateDir;
|
||||||
|
#useDefaultShell = true;
|
||||||
|
|
||||||
|
group = "gitea";
|
||||||
|
isSystemUser = true;
|
||||||
|
#uid = config.ids.uids.git;
|
||||||
|
packages = [ pkgs.gitea ];
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
||||||
28
hosts/bekkalokk/services/nginx.nix
Normal file
28
hosts/bekkalokk/services/nginx.nix
Normal file
@@ -0,0 +1,28 @@
|
|||||||
|
{ config, ... }:
|
||||||
|
{
|
||||||
|
security.acme = {
|
||||||
|
acceptTerms = true;
|
||||||
|
defaults.email = "danio@pvv.ntnu.no";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
recommendedTlsSettings = true;
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
recommendedOptimisation = true;
|
||||||
|
recommendedGzipSettings = true;
|
||||||
|
|
||||||
|
# virtualHosts = {
|
||||||
|
# "www.pvv.ntnu.no" = {
|
||||||
|
# forceSSL = true;
|
||||||
|
|
||||||
|
# locations = {
|
||||||
|
# "/pvv" = {
|
||||||
|
# proxyPass = "http://localhost:${config.services.mediawiki.virtualHost.listen.pvv.port}";
|
||||||
|
# };
|
||||||
|
# };
|
||||||
|
# };
|
||||||
|
# };
|
||||||
|
};
|
||||||
|
}
|
||||||
@@ -1,26 +0,0 @@
|
|||||||
{ config, values, ... }:
|
|
||||||
{
|
|
||||||
sops.secrets."postgres/gitea/password" = { };
|
|
||||||
|
|
||||||
services.gitea = {
|
|
||||||
enable = true;
|
|
||||||
rootUrl = "https://git2.pvv.ntnu.no/";
|
|
||||||
stateDir = "/data/gitea";
|
|
||||||
appName = "PVV Git";
|
|
||||||
|
|
||||||
enableUnixSocket = true;
|
|
||||||
|
|
||||||
database = {
|
|
||||||
type = "postgres";
|
|
||||||
host = values.bicep.ipv4;
|
|
||||||
port = config.services.postgresql.port;
|
|
||||||
passwordFile = config.sops.secrets."postgres/gitea/password".path;
|
|
||||||
createDatabase = false;
|
|
||||||
};
|
|
||||||
|
|
||||||
settings = {
|
|
||||||
service.DISABLE_REGISTRATION = true;
|
|
||||||
session.COOKIE_SECURE = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
@@ -1,30 +0,0 @@
|
|||||||
{ config, ... }:
|
|
||||||
{
|
|
||||||
services.nginx = {
|
|
||||||
enable = true;
|
|
||||||
|
|
||||||
recommendedTlsSettings = true;
|
|
||||||
recommendedProxySettings = true;
|
|
||||||
recommendedOptimisation = true;
|
|
||||||
recommendedGzipSettings = true;
|
|
||||||
|
|
||||||
virtualHosts = {
|
|
||||||
"www.pvv.ntnu.no" = {
|
|
||||||
forceSSL = true;
|
|
||||||
|
|
||||||
locations = {
|
|
||||||
"/pvv" = {
|
|
||||||
proxyPass = "http://localhost:${config.services.mediawiki.virtualHost.listen.pvv.port}";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
"git.pvv.ntnu.no" = {
|
|
||||||
locations."/" = {
|
|
||||||
proxyPass = "http://unix:${config.services.gitea.settings.server.HTTP_ADDR}";
|
|
||||||
proxyWebsockets = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
@@ -1,11 +1,9 @@
|
|||||||
gitea:
|
gitea:
|
||||||
password: ENC[AES256_GCM,data:hlNzdU1ope0t50/3aztyLeXjMHd2vFPpwURX+Iu8f49DOqgSnEMtV+KtLA==,iv:qljRnSnchL5cFmaUAfCH9GQYQxcy5cyWejgk1x6bFgI=,tag:tIhboFU5kZsj5oAQR3hLbw==,type:str]
|
dbpassword: ENC[AES256_GCM,data:Tx7bFpHjXev1Q3G5Rdq5/Pg5XVro7hQFyG/FJUsiGeJOezymfk1V84VXPQ==,iv:msn8d2sarb2r+nSy1Qk1IOtkXhKDOXjcUO5dFpln1e4=,tag:Wtm1Q5FzTt1WA+uQjaVQKA==,type:str]
|
||||||
mediawiki:
|
mediawiki:
|
||||||
password: ENC[AES256_GCM,data:HsBuA1E7187roGnKuFPfPDYxA16GFjAUucgUtrdUFmcOzmTNiFH+NWY2ZQ==,iv:vDYUmmZftcrkDtJxNYKAJSx9j+AQcmQarC62QRHR4IM=,tag:3TKjNrGRivFWoK3djC748g==,type:str]
|
password: ENC[AES256_GCM,data:HsBuA1E7187roGnKuFPfPDYxA16GFjAUucgUtrdUFmcOzmTNiFH+NWY2ZQ==,iv:vDYUmmZftcrkDtJxNYKAJSx9j+AQcmQarC62QRHR4IM=,tag:3TKjNrGRivFWoK3djC748g==,type:str]
|
||||||
keys:
|
postgres:
|
||||||
postgres:
|
mediawiki: ENC[AES256_GCM,data:JsDjfDrbJHejPDZFn6TyPkDnMIX9Go62ZmRy7P+N1Ncaz5tintspO1YtIA==,iv:7EgzkRf8GP/pIMxxEkI3fzKjxr1sT4vwsqshRtkeYU0=,tag:l3DO/0sicTolInEl2mJNSA==,type:str]
|
||||||
gitea: ENC[AES256_GCM,data:lG4P8kzp7Zq94WftN7p1RJqM65esPuTFZ2JJWkFFXTzlid2DRZPsG2FGIA==,iv:JvHQUgwwb7wJTNMxjLjOUw5sKKWlyMJafVaUOLUu9Sk=,tag:qE0+gDFU/YtghqCv/d2Qgw==,type:str]
|
|
||||||
mediawiki: ENC[AES256_GCM,data:p+s/uQ3ywQY9RpImFWTxjt1orzl905i9kTQPzsAIs6hAK5t3B00XVzKZgQ==,iv:xp3PRrjCGFxCsRZOlJGIonBOKWJ+3/1CByc4q7O3vDw=,tag:bfKlU2Pcoq0cQjbhp+UXag==,type:str]
|
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
@@ -39,8 +37,8 @@ sops:
|
|||||||
RHN4RDJWWGV2ZDJzVUo1VVorNzhlMGMKCwdWOZOnibpbB5mZSCBGhj+yUZvk/vuK
|
RHN4RDJWWGV2ZDJzVUo1VVorNzhlMGMKCwdWOZOnibpbB5mZSCBGhj+yUZvk/vuK
|
||||||
hsiDo74vmsmNZ/zmN6cw60hNwhZ4NgtfXcKG8Axe+1rPUwEcrvWHIQ==
|
hsiDo74vmsmNZ/zmN6cw60hNwhZ4NgtfXcKG8Axe+1rPUwEcrvWHIQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-01-28T23:33:14Z"
|
lastmodified: "2023-04-22T23:00:19Z"
|
||||||
mac: ENC[AES256_GCM,data:c7YytaXdAPQmCiZHH2cojJqcZna2ilGXzpnkgxgYUOSQ0n3tryOK45uVp2JDN9OJ9gS5QsLf62AlqidE0wkYYuRC6HZnwhmlMuoY3kl2sr0/Y4kJqGeODRlZoGzUIOahHkphK1Y5GBs8GW6OYk46U54wi9+BF062pYxuOCoPwD4=,iv:ZLueZpRdaD/7uvmimDUELCAtM3e9169vmoXcHz4OKfQ=,tag:Ya8tMbUBhuypXJeZ8GQmWA==,type:str]
|
mac: ENC[AES256_GCM,data:/c9N6/qSzeqjzNq1buR5Z7YLp/H1wDgpnpw5G8CcTJkggzn/mDfvyNg/k/TAJl5CzH/mh20yeHTjOGOiTXubkhJya+WT01g0PVinU3+GxTUZOxkaF0rHTCRzuiSbbrJzhtvMmmgbbYSkaGBZ8+Y3VvC8qnNKzadO+QozqZbLuWY=,iv:FiMABv8OBDRJeI6VsuapFS3qOlDP+TzJE8rrYSV/F7A=,tag:GAv2Pk5U7igVAyhch+ZEeA==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2023-01-28T23:37:44Z"
|
- created_at: "2023-01-28T23:37:44Z"
|
||||||
enc: |
|
enc: |
|
||||||
Reference in New Issue
Block a user