forked from Drift/pvv-nixos-config
Compare commits
1 Commits
Author | SHA1 | Date | |
---|---|---|---|
2f66325e25 |
@ -6,10 +6,10 @@
|
||||
../../base.nix
|
||||
|
||||
# TODO: set up authentication for the following:
|
||||
# ./services/website/website.nix
|
||||
# ./services/website/nginx.nix
|
||||
# ./services/website/gitea.nix
|
||||
# ./services/website/mediawiki.nix
|
||||
# ./services/website.nix
|
||||
./services/nginx.nix
|
||||
./services/gitea.nix
|
||||
# ./services/mediawiki.nix
|
||||
];
|
||||
|
||||
sops.defaultSopsFile = ../../secrets/bekkalokk/bekkalokk.yaml;
|
||||
|
57
hosts/bekkalokk/services/gitea.nix
Normal file
57
hosts/bekkalokk/services/gitea.nix
Normal file
@ -0,0 +1,57 @@
|
||||
{ config, values, pkgs, ... }:
|
||||
let
|
||||
cfg = config.services.gitea;
|
||||
in {
|
||||
sops.secrets."gitea/dbpassword" = { };
|
||||
|
||||
services.gitea = {
|
||||
enable = true;
|
||||
user = "git";
|
||||
rootUrl = "https://gitea.pvv.ntnu.no/";
|
||||
stateDir = "/data/gitea";
|
||||
appName = "PVV Git";
|
||||
|
||||
enableUnixSocket = true;
|
||||
|
||||
database = {
|
||||
type = "postgres";
|
||||
host = values.hosts.bicep.ipv4;
|
||||
port = 5432;
|
||||
passwordFile = config.sops.secrets."gitea/dbpassword".path;
|
||||
createDatabase = false;
|
||||
};
|
||||
|
||||
settings = {
|
||||
service.DISABLE_REGISTRATION = true;
|
||||
session.COOKIE_SECURE = true;
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts = {
|
||||
"gitea.pvv.ntnu.no" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://unix:/run/gitea/gitea.sock";
|
||||
proxyWebsockets = true;
|
||||
recommendedProxySettings = true;
|
||||
};
|
||||
};
|
||||
|
||||
"git2.pvv.ntnu.no" = {
|
||||
globalRedirect = "gitea.pvv.ntnu.no";
|
||||
};
|
||||
};
|
||||
|
||||
users.users.git = {
|
||||
description = "Gitea service";
|
||||
home = cfg.stateDir;
|
||||
#useDefaultShell = true;
|
||||
|
||||
group = "gitea";
|
||||
isSystemUser = true;
|
||||
#uid = config.ids.uids.git;
|
||||
packages = [ pkgs.gitea ];
|
||||
};
|
||||
|
||||
}
|
28
hosts/bekkalokk/services/nginx.nix
Normal file
28
hosts/bekkalokk/services/nginx.nix
Normal file
@ -0,0 +1,28 @@
|
||||
{ config, ... }:
|
||||
{
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults.email = "danio@pvv.ntnu.no";
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
|
||||
recommendedTlsSettings = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedGzipSettings = true;
|
||||
|
||||
# virtualHosts = {
|
||||
# "www.pvv.ntnu.no" = {
|
||||
# forceSSL = true;
|
||||
|
||||
# locations = {
|
||||
# "/pvv" = {
|
||||
# proxyPass = "http://localhost:${config.services.mediawiki.virtualHost.listen.pvv.port}";
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
};
|
||||
}
|
@ -1,26 +0,0 @@
|
||||
{ config, values, ... }:
|
||||
{
|
||||
sops.secrets."postgres/gitea/password" = { };
|
||||
|
||||
services.gitea = {
|
||||
enable = true;
|
||||
rootUrl = "https://git2.pvv.ntnu.no/";
|
||||
stateDir = "/data/gitea";
|
||||
appName = "PVV Git";
|
||||
|
||||
enableUnixSocket = true;
|
||||
|
||||
database = {
|
||||
type = "postgres";
|
||||
host = values.bicep.ipv4;
|
||||
port = config.services.postgresql.port;
|
||||
passwordFile = config.sops.secrets."postgres/gitea/password".path;
|
||||
createDatabase = false;
|
||||
};
|
||||
|
||||
settings = {
|
||||
service.DISABLE_REGISTRATION = true;
|
||||
session.COOKIE_SECURE = true;
|
||||
};
|
||||
};
|
||||
}
|
@ -1,30 +0,0 @@
|
||||
{ config, ... }:
|
||||
{
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
|
||||
recommendedTlsSettings = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedGzipSettings = true;
|
||||
|
||||
virtualHosts = {
|
||||
"www.pvv.ntnu.no" = {
|
||||
forceSSL = true;
|
||||
|
||||
locations = {
|
||||
"/pvv" = {
|
||||
proxyPass = "http://localhost:${config.services.mediawiki.virtualHost.listen.pvv.port}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
"git.pvv.ntnu.no" = {
|
||||
locations."/" = {
|
||||
proxyPass = "http://unix:${config.services.gitea.settings.server.HTTP_ADDR}";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
@ -1,11 +1,9 @@
|
||||
gitea:
|
||||
password: ENC[AES256_GCM,data:hlNzdU1ope0t50/3aztyLeXjMHd2vFPpwURX+Iu8f49DOqgSnEMtV+KtLA==,iv:qljRnSnchL5cFmaUAfCH9GQYQxcy5cyWejgk1x6bFgI=,tag:tIhboFU5kZsj5oAQR3hLbw==,type:str]
|
||||
dbpassword: ENC[AES256_GCM,data:Tx7bFpHjXev1Q3G5Rdq5/Pg5XVro7hQFyG/FJUsiGeJOezymfk1V84VXPQ==,iv:msn8d2sarb2r+nSy1Qk1IOtkXhKDOXjcUO5dFpln1e4=,tag:Wtm1Q5FzTt1WA+uQjaVQKA==,type:str]
|
||||
mediawiki:
|
||||
password: ENC[AES256_GCM,data:HsBuA1E7187roGnKuFPfPDYxA16GFjAUucgUtrdUFmcOzmTNiFH+NWY2ZQ==,iv:vDYUmmZftcrkDtJxNYKAJSx9j+AQcmQarC62QRHR4IM=,tag:3TKjNrGRivFWoK3djC748g==,type:str]
|
||||
keys:
|
||||
postgres:
|
||||
gitea: ENC[AES256_GCM,data:lG4P8kzp7Zq94WftN7p1RJqM65esPuTFZ2JJWkFFXTzlid2DRZPsG2FGIA==,iv:JvHQUgwwb7wJTNMxjLjOUw5sKKWlyMJafVaUOLUu9Sk=,tag:qE0+gDFU/YtghqCv/d2Qgw==,type:str]
|
||||
mediawiki: ENC[AES256_GCM,data:p+s/uQ3ywQY9RpImFWTxjt1orzl905i9kTQPzsAIs6hAK5t3B00XVzKZgQ==,iv:xp3PRrjCGFxCsRZOlJGIonBOKWJ+3/1CByc4q7O3vDw=,tag:bfKlU2Pcoq0cQjbhp+UXag==,type:str]
|
||||
postgres:
|
||||
mediawiki: ENC[AES256_GCM,data:JsDjfDrbJHejPDZFn6TyPkDnMIX9Go62ZmRy7P+N1Ncaz5tintspO1YtIA==,iv:7EgzkRf8GP/pIMxxEkI3fzKjxr1sT4vwsqshRtkeYU0=,tag:l3DO/0sicTolInEl2mJNSA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@ -39,8 +37,8 @@ sops:
|
||||
RHN4RDJWWGV2ZDJzVUo1VVorNzhlMGMKCwdWOZOnibpbB5mZSCBGhj+yUZvk/vuK
|
||||
hsiDo74vmsmNZ/zmN6cw60hNwhZ4NgtfXcKG8Axe+1rPUwEcrvWHIQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-01-28T23:33:14Z"
|
||||
mac: ENC[AES256_GCM,data:c7YytaXdAPQmCiZHH2cojJqcZna2ilGXzpnkgxgYUOSQ0n3tryOK45uVp2JDN9OJ9gS5QsLf62AlqidE0wkYYuRC6HZnwhmlMuoY3kl2sr0/Y4kJqGeODRlZoGzUIOahHkphK1Y5GBs8GW6OYk46U54wi9+BF062pYxuOCoPwD4=,iv:ZLueZpRdaD/7uvmimDUELCAtM3e9169vmoXcHz4OKfQ=,tag:Ya8tMbUBhuypXJeZ8GQmWA==,type:str]
|
||||
lastmodified: "2023-04-22T23:00:19Z"
|
||||
mac: ENC[AES256_GCM,data:/c9N6/qSzeqjzNq1buR5Z7YLp/H1wDgpnpw5G8CcTJkggzn/mDfvyNg/k/TAJl5CzH/mh20yeHTjOGOiTXubkhJya+WT01g0PVinU3+GxTUZOxkaF0rHTCRzuiSbbrJzhtvMmmgbbYSkaGBZ8+Y3VvC8qnNKzadO+QozqZbLuWY=,iv:FiMABv8OBDRJeI6VsuapFS3qOlDP+TzJE8rrYSV/F7A=,tag:GAv2Pk5U7igVAyhch+ZEeA==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-01-28T23:37:44Z"
|
||||
enc: |
|
Loading…
Reference in New Issue
Block a user