From 5bed292a013c7af6c1734159de68f25ac716bf71 Mon Sep 17 00:00:00 2001 From: h7x4 Date: Thu, 11 Apr 2024 21:47:44 +0200 Subject: [PATCH 1/2] bekkalokk/gitea: move user import stuff to separate nix file --- hosts/bekkalokk/services/gitea/default.nix | 30 +-------------- .../bekkalokk/services/gitea/import-users.nix | 38 +++++++++++++++++++ 2 files changed, 39 insertions(+), 29 deletions(-) create mode 100644 hosts/bekkalokk/services/gitea/import-users.nix diff --git a/hosts/bekkalokk/services/gitea/default.nix b/hosts/bekkalokk/services/gitea/default.nix index fe51e65f..a33d9570 100644 --- a/hosts/bekkalokk/services/gitea/default.nix +++ b/hosts/bekkalokk/services/gitea/default.nix @@ -6,6 +6,7 @@ let in { imports = [ ./ci.nix + ./import-users.nix ]; sops.secrets = { @@ -13,9 +14,6 @@ in { owner = "gitea"; group = "gitea"; }; - "gitea/passwd-ssh-key" = { }; - "gitea/ssh-known-hosts" = { }; - "gitea/import-user-env" = { }; }; services.gitea = { @@ -70,32 +68,6 @@ in { networking.firewall.allowedTCPPorts = [ sshPort ]; - # Automatically import users - systemd.services.gitea-import-users = { - enable = true; - preStart=''${pkgs.rsync}/bin/rsync -e "${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=$CREDENTIALS_DIRECTORY/ssh-known-hosts -i $CREDENTIALS_DIRECTORY/sshkey" -a pvv@smtp.pvv.ntnu.no:/etc/passwd /tmp/passwd-import''; - serviceConfig = { - ExecStart = pkgs.writers.writePython3 "gitea-import-users" { libraries = [ pkgs.python3Packages.requests ]; } (builtins.readFile ./gitea-import-users.py); - LoadCredential=[ - "sshkey:${config.sops.secrets."gitea/passwd-ssh-key".path}" - "ssh-known-hosts:${config.sops.secrets."gitea/ssh-known-hosts".path}" - ]; - DynamicUser="yes"; - EnvironmentFile=config.sops.secrets."gitea/import-user-env".path; - }; - }; - - systemd.timers.gitea-import-users = { - requires = [ "gitea.service" ]; - after = [ "gitea.service" ]; - wantedBy = [ "timers.target" ]; - timerConfig = { - OnCalendar = "*-*-* 02:00:00"; - Persistent = true; - Unit = "gitea-import-users.service"; - }; - }; - system.activationScripts.linkGiteaLogo.text = let logo-svg = ../../../../assets/logo_blue_regular.svg; logo-png = ../../../../assets/logo_blue_regular.png; diff --git a/hosts/bekkalokk/services/gitea/import-users.nix b/hosts/bekkalokk/services/gitea/import-users.nix new file mode 100644 index 00000000..cae62837 --- /dev/null +++ b/hosts/bekkalokk/services/gitea/import-users.nix @@ -0,0 +1,38 @@ +{ config, pkgs, lib, ... }: +let + cfg = config.services.gitea; +in +{ + sops.secrets = { + "gitea/passwd-ssh-key" = { }; + "gitea/ssh-known-hosts" = { }; + "gitea/import-user-env" = { }; + }; + + systemd.services.gitea-import-users = lib.mkIf cfg.enable { + enable = true; + preStart=''${pkgs.rsync}/bin/rsync -e "${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=$CREDENTIALS_DIRECTORY/ssh-known-hosts -i $CREDENTIALS_DIRECTORY/sshkey" -a pvv@smtp.pvv.ntnu.no:/etc/passwd /tmp/passwd-import''; + serviceConfig = { + ExecStart = pkgs.writers.writePython3 "gitea-import-users" { + libraries = with pkgs.python3Packages; [ requests ]; + } (builtins.readFile ./gitea-import-users.py); + LoadCredential=[ + "sshkey:${config.sops.secrets."gitea/passwd-ssh-key".path}" + "ssh-known-hosts:${config.sops.secrets."gitea/ssh-known-hosts".path}" + ]; + DynamicUser="yes"; + EnvironmentFile=config.sops.secrets."gitea/import-user-env".path; + }; + }; + + systemd.timers.gitea-import-users = lib.mkIf cfg.enable { + requires = [ "gitea.service" ]; + after = [ "gitea.service" ]; + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "*-*-* 02:00:00"; + Persistent = true; + Unit = "gitea-import-users.service"; + }; + }; +} From b7b1c73bfaf45eb9f98a4ba90eaef4756976b5d5 Mon Sep 17 00:00:00 2001 From: h7x4 Date: Thu, 11 Apr 2024 21:47:47 +0200 Subject: [PATCH 2/2] bekkalokk/gitea: use systemd unit for gitea customization --- hosts/bekkalokk/services/gitea/default.nix | 36 +++++++++++++++------- 1 file changed, 25 insertions(+), 11 deletions(-) diff --git a/hosts/bekkalokk/services/gitea/default.nix b/hosts/bekkalokk/services/gitea/default.nix index a33d9570..e2865cd8 100644 --- a/hosts/bekkalokk/services/gitea/default.nix +++ b/hosts/bekkalokk/services/gitea/default.nix @@ -35,7 +35,7 @@ in { ROOT_URL = "https://${domain}/"; PROTOCOL = "http+unix"; SSH_PORT = sshPort; - START_SSH_SERVER = true; + START_SSH_SERVER = true; }; indexer.REPO_INDEXER_ENABLED = true; service.DISABLE_REGISTRATION = true; @@ -50,8 +50,6 @@ in { }; }; - services.gitea-themes.monokai = pkgs.gitea-theme-monokai; - environment.systemPackages = [ cfg.package ]; services.nginx.virtualHosts."${domain}" = { @@ -68,12 +66,28 @@ in { networking.firewall.allowedTCPPorts = [ sshPort ]; - system.activationScripts.linkGiteaLogo.text = let - logo-svg = ../../../../assets/logo_blue_regular.svg; - logo-png = ../../../../assets/logo_blue_regular.png; - in '' - install -Dm444 ${logo-svg} ${cfg.stateDir}/custom/public/img/logo.svg - install -Dm444 ${logo-png} ${cfg.stateDir}/custom/public/img/logo.png - install -Dm444 ${./loading.apng} ${cfg.stateDir}/custom/public/img/loading.png - ''; + # Extra customization + + services.gitea-themes.monokai = pkgs.gitea-theme-monokai; + + systemd.services.install-gitea-customization = { + description = "Install extra customization in gitea's CUSTOM_DIR"; + wantedBy = [ "gitea.service" ]; + requiredBy = [ "gitea.service" ]; + + serviceConfig = { + Type = "oneshot"; + User = cfg.user; + Group = cfg.group; + }; + + script = let + logo-svg = ../../../../assets/logo_blue_regular.svg; + logo-png = ../../../../assets/logo_blue_regular.png; + in '' + install -Dm444 ${logo-svg} ${cfg.customDir}/public/img/logo.svg + install -Dm444 ${logo-png} ${cfg.customDir}/public/img/logo.png + install -Dm444 ${./loading.apng} ${cfg.customDir}/public/img/loading.png + ''; + }; }