1
0
Fork 0

Compare commits

...

1 Commits

Author SHA1 Message Date
Felix Albrigtsen 2f66325e25 Move bekkalokk files, configure gitea 2023-04-23 01:01:56 +02:00
8 changed files with 94 additions and 67 deletions

View File

@ -6,10 +6,10 @@
../../base.nix ../../base.nix
# TODO: set up authentication for the following: # TODO: set up authentication for the following:
# ./services/website/website.nix # ./services/website.nix
# ./services/website/nginx.nix ./services/nginx.nix
# ./services/website/gitea.nix ./services/gitea.nix
# ./services/website/mediawiki.nix # ./services/mediawiki.nix
]; ];
sops.defaultSopsFile = ../../secrets/bekkalokk/bekkalokk.yaml; sops.defaultSopsFile = ../../secrets/bekkalokk/bekkalokk.yaml;

View File

@ -0,0 +1,57 @@
{ config, values, pkgs, ... }:
let
cfg = config.services.gitea;
in {
sops.secrets."gitea/dbpassword" = { };
services.gitea = {
enable = true;
user = "git";
rootUrl = "https://gitea.pvv.ntnu.no/";
stateDir = "/data/gitea";
appName = "PVV Git";
enableUnixSocket = true;
database = {
type = "postgres";
host = values.hosts.bicep.ipv4;
port = 5432;
passwordFile = config.sops.secrets."gitea/dbpassword".path;
createDatabase = false;
};
settings = {
service.DISABLE_REGISTRATION = true;
session.COOKIE_SECURE = true;
};
};
services.nginx.virtualHosts = {
"gitea.pvv.ntnu.no" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://unix:/run/gitea/gitea.sock";
proxyWebsockets = true;
recommendedProxySettings = true;
};
};
"git2.pvv.ntnu.no" = {
globalRedirect = "gitea.pvv.ntnu.no";
};
};
users.users.git = {
description = "Gitea service";
home = cfg.stateDir;
#useDefaultShell = true;
group = "gitea";
isSystemUser = true;
#uid = config.ids.uids.git;
packages = [ pkgs.gitea ];
};
}

View File

@ -0,0 +1,28 @@
{ config, ... }:
{
security.acme = {
acceptTerms = true;
defaults.email = "danio@pvv.ntnu.no";
};
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedProxySettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
# virtualHosts = {
# "www.pvv.ntnu.no" = {
# forceSSL = true;
# locations = {
# "/pvv" = {
# proxyPass = "http://localhost:${config.services.mediawiki.virtualHost.listen.pvv.port}";
# };
# };
# };
# };
};
}

View File

@ -1,26 +0,0 @@
{ config, values, ... }:
{
sops.secrets."postgres/gitea/password" = { };
services.gitea = {
enable = true;
rootUrl = "https://git2.pvv.ntnu.no/";
stateDir = "/data/gitea";
appName = "PVV Git";
enableUnixSocket = true;
database = {
type = "postgres";
host = values.bicep.ipv4;
port = config.services.postgresql.port;
passwordFile = config.sops.secrets."postgres/gitea/password".path;
createDatabase = false;
};
settings = {
service.DISABLE_REGISTRATION = true;
session.COOKIE_SECURE = true;
};
};
}

View File

@ -1,30 +0,0 @@
{ config, ... }:
{
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedProxySettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
virtualHosts = {
"www.pvv.ntnu.no" = {
forceSSL = true;
locations = {
"/pvv" = {
proxyPass = "http://localhost:${config.services.mediawiki.virtualHost.listen.pvv.port}";
};
};
};
"git.pvv.ntnu.no" = {
locations."/" = {
proxyPass = "http://unix:${config.services.gitea.settings.server.HTTP_ADDR}";
proxyWebsockets = true;
};
};
};
};
}

View File

@ -1,11 +1,9 @@
gitea: gitea:
password: ENC[AES256_GCM,data:hlNzdU1ope0t50/3aztyLeXjMHd2vFPpwURX+Iu8f49DOqgSnEMtV+KtLA==,iv:qljRnSnchL5cFmaUAfCH9GQYQxcy5cyWejgk1x6bFgI=,tag:tIhboFU5kZsj5oAQR3hLbw==,type:str] dbpassword: ENC[AES256_GCM,data:Tx7bFpHjXev1Q3G5Rdq5/Pg5XVro7hQFyG/FJUsiGeJOezymfk1V84VXPQ==,iv:msn8d2sarb2r+nSy1Qk1IOtkXhKDOXjcUO5dFpln1e4=,tag:Wtm1Q5FzTt1WA+uQjaVQKA==,type:str]
mediawiki: mediawiki:
password: ENC[AES256_GCM,data:HsBuA1E7187roGnKuFPfPDYxA16GFjAUucgUtrdUFmcOzmTNiFH+NWY2ZQ==,iv:vDYUmmZftcrkDtJxNYKAJSx9j+AQcmQarC62QRHR4IM=,tag:3TKjNrGRivFWoK3djC748g==,type:str] password: ENC[AES256_GCM,data:HsBuA1E7187roGnKuFPfPDYxA16GFjAUucgUtrdUFmcOzmTNiFH+NWY2ZQ==,iv:vDYUmmZftcrkDtJxNYKAJSx9j+AQcmQarC62QRHR4IM=,tag:3TKjNrGRivFWoK3djC748g==,type:str]
keys:
postgres: postgres:
gitea: ENC[AES256_GCM,data:lG4P8kzp7Zq94WftN7p1RJqM65esPuTFZ2JJWkFFXTzlid2DRZPsG2FGIA==,iv:JvHQUgwwb7wJTNMxjLjOUw5sKKWlyMJafVaUOLUu9Sk=,tag:qE0+gDFU/YtghqCv/d2Qgw==,type:str] mediawiki: ENC[AES256_GCM,data:JsDjfDrbJHejPDZFn6TyPkDnMIX9Go62ZmRy7P+N1Ncaz5tintspO1YtIA==,iv:7EgzkRf8GP/pIMxxEkI3fzKjxr1sT4vwsqshRtkeYU0=,tag:l3DO/0sicTolInEl2mJNSA==,type:str]
mediawiki: ENC[AES256_GCM,data:p+s/uQ3ywQY9RpImFWTxjt1orzl905i9kTQPzsAIs6hAK5t3B00XVzKZgQ==,iv:xp3PRrjCGFxCsRZOlJGIonBOKWJ+3/1CByc4q7O3vDw=,tag:bfKlU2Pcoq0cQjbhp+UXag==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -39,8 +37,8 @@ sops:
RHN4RDJWWGV2ZDJzVUo1VVorNzhlMGMKCwdWOZOnibpbB5mZSCBGhj+yUZvk/vuK RHN4RDJWWGV2ZDJzVUo1VVorNzhlMGMKCwdWOZOnibpbB5mZSCBGhj+yUZvk/vuK
hsiDo74vmsmNZ/zmN6cw60hNwhZ4NgtfXcKG8Axe+1rPUwEcrvWHIQ== hsiDo74vmsmNZ/zmN6cw60hNwhZ4NgtfXcKG8Axe+1rPUwEcrvWHIQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-01-28T23:33:14Z" lastmodified: "2023-04-22T23:00:19Z"
mac: ENC[AES256_GCM,data:c7YytaXdAPQmCiZHH2cojJqcZna2ilGXzpnkgxgYUOSQ0n3tryOK45uVp2JDN9OJ9gS5QsLf62AlqidE0wkYYuRC6HZnwhmlMuoY3kl2sr0/Y4kJqGeODRlZoGzUIOahHkphK1Y5GBs8GW6OYk46U54wi9+BF062pYxuOCoPwD4=,iv:ZLueZpRdaD/7uvmimDUELCAtM3e9169vmoXcHz4OKfQ=,tag:Ya8tMbUBhuypXJeZ8GQmWA==,type:str] mac: ENC[AES256_GCM,data:/c9N6/qSzeqjzNq1buR5Z7YLp/H1wDgpnpw5G8CcTJkggzn/mDfvyNg/k/TAJl5CzH/mh20yeHTjOGOiTXubkhJya+WT01g0PVinU3+GxTUZOxkaF0rHTCRzuiSbbrJzhtvMmmgbbYSkaGBZ8+Y3VvC8qnNKzadO+QozqZbLuWY=,iv:FiMABv8OBDRJeI6VsuapFS3qOlDP+TzJE8rrYSV/F7A=,tag:GAv2Pk5U7igVAyhch+ZEeA==,type:str]
pgp: pgp:
- created_at: "2023-01-28T23:37:44Z" - created_at: "2023-01-28T23:37:44Z"
enc: | enc: |