forked from Drift/pvv-nixos-config
		
	Compare commits
	
		
			1 Commits
		
	
	
		
			setup-kerb
			...
			add-gitea
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 2f66325e25 | 
| @@ -6,10 +6,10 @@ | ||||
|     ../../base.nix | ||||
|  | ||||
|     # TODO: set up authentication for the following: | ||||
|     # ./services/website/website.nix | ||||
|     # ./services/website/nginx.nix | ||||
|     # ./services/website/gitea.nix | ||||
|     # ./services/website/mediawiki.nix | ||||
|     # ./services/website.nix | ||||
|     ./services/nginx.nix | ||||
|     ./services/gitea.nix | ||||
|     # ./services/mediawiki.nix | ||||
|   ]; | ||||
|  | ||||
|   sops.defaultSopsFile = ../../secrets/bekkalokk/bekkalokk.yaml; | ||||
|   | ||||
							
								
								
									
										57
									
								
								hosts/bekkalokk/services/gitea.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										57
									
								
								hosts/bekkalokk/services/gitea.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,57 @@ | ||||
| { config, values, pkgs, ... }: | ||||
| let | ||||
|   cfg = config.services.gitea; | ||||
| in { | ||||
|   sops.secrets."gitea/dbpassword" = { }; | ||||
|  | ||||
|   services.gitea = { | ||||
|     enable = true; | ||||
|     user = "git"; | ||||
|     rootUrl = "https://gitea.pvv.ntnu.no/"; | ||||
|     stateDir = "/data/gitea"; | ||||
|     appName = "PVV Git"; | ||||
|  | ||||
|     enableUnixSocket = true; | ||||
|  | ||||
|     database = { | ||||
|       type = "postgres"; | ||||
|       host = values.hosts.bicep.ipv4; | ||||
|       port = 5432; | ||||
|       passwordFile = config.sops.secrets."gitea/dbpassword".path; | ||||
|       createDatabase = false; | ||||
|     }; | ||||
|  | ||||
|     settings = { | ||||
|       service.DISABLE_REGISTRATION = true; | ||||
|       session.COOKIE_SECURE = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   services.nginx.virtualHosts = { | ||||
|     "gitea.pvv.ntnu.no" = { | ||||
|       forceSSL = true; | ||||
|       enableACME = true; | ||||
|       locations."/" = { | ||||
|         proxyPass = "http://unix:/run/gitea/gitea.sock"; | ||||
|         proxyWebsockets = true; | ||||
|         recommendedProxySettings = true; | ||||
|       }; | ||||
|     }; | ||||
|  | ||||
|     "git2.pvv.ntnu.no" = { | ||||
|       globalRedirect = "gitea.pvv.ntnu.no"; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   users.users.git = { | ||||
|     description = "Gitea service"; | ||||
|     home = cfg.stateDir; | ||||
|     #useDefaultShell = true; | ||||
|  | ||||
|     group = "gitea"; | ||||
|     isSystemUser = true; | ||||
|     #uid = config.ids.uids.git; | ||||
|     packages = [ pkgs.gitea ]; | ||||
|   }; | ||||
|  | ||||
| } | ||||
							
								
								
									
										28
									
								
								hosts/bekkalokk/services/nginx.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										28
									
								
								hosts/bekkalokk/services/nginx.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,28 @@ | ||||
| { config, ... }: | ||||
| { | ||||
|   security.acme = { | ||||
|     acceptTerms = true; | ||||
|     defaults.email = "danio@pvv.ntnu.no"; | ||||
|   }; | ||||
|  | ||||
|   services.nginx = { | ||||
|     enable = true; | ||||
|  | ||||
|     recommendedTlsSettings = true; | ||||
|     recommendedProxySettings = true; | ||||
|     recommendedOptimisation = true; | ||||
|     recommendedGzipSettings = true; | ||||
|  | ||||
|     # virtualHosts = { | ||||
|     #   "www.pvv.ntnu.no" = { | ||||
|     #     forceSSL = true; | ||||
|  | ||||
|     #     locations = { | ||||
|     #       "/pvv" = { | ||||
|     #         proxyPass = "http://localhost:${config.services.mediawiki.virtualHost.listen.pvv.port}"; | ||||
|     #       }; | ||||
|     #     }; | ||||
|     #   }; | ||||
|     # }; | ||||
|   }; | ||||
| } | ||||
| @@ -1,26 +0,0 @@ | ||||
| { config, values, ... }: | ||||
| { | ||||
|   sops.secrets."postgres/gitea/password" = { }; | ||||
|  | ||||
|   services.gitea = { | ||||
|     enable = true; | ||||
|     rootUrl = "https://git2.pvv.ntnu.no/"; | ||||
|     stateDir = "/data/gitea"; | ||||
|     appName = "PVV Git"; | ||||
|  | ||||
|     enableUnixSocket = true; | ||||
|  | ||||
|     database = { | ||||
|       type = "postgres"; | ||||
|       host = values.bicep.ipv4; | ||||
|       port = config.services.postgresql.port; | ||||
|       passwordFile = config.sops.secrets."postgres/gitea/password".path; | ||||
|       createDatabase = false; | ||||
|     }; | ||||
|  | ||||
|     settings = { | ||||
|       service.DISABLE_REGISTRATION = true; | ||||
|       session.COOKIE_SECURE = true; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
| @@ -1,30 +0,0 @@ | ||||
| { config, ... }: | ||||
| { | ||||
|   services.nginx = { | ||||
|     enable = true; | ||||
|  | ||||
|     recommendedTlsSettings = true; | ||||
|     recommendedProxySettings = true; | ||||
|     recommendedOptimisation = true; | ||||
|     recommendedGzipSettings = true; | ||||
|  | ||||
|     virtualHosts = { | ||||
|       "www.pvv.ntnu.no" = { | ||||
|         forceSSL = true; | ||||
|  | ||||
|         locations = { | ||||
|           "/pvv" = { | ||||
|             proxyPass = "http://localhost:${config.services.mediawiki.virtualHost.listen.pvv.port}"; | ||||
|           }; | ||||
|         }; | ||||
|       }; | ||||
|  | ||||
|       "git.pvv.ntnu.no" = { | ||||
|         locations."/" = { | ||||
|           proxyPass = "http://unix:${config.services.gitea.settings.server.HTTP_ADDR}"; | ||||
|           proxyWebsockets = true; | ||||
|         }; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
| @@ -1,11 +1,9 @@ | ||||
| gitea: | ||||
|     password: ENC[AES256_GCM,data:hlNzdU1ope0t50/3aztyLeXjMHd2vFPpwURX+Iu8f49DOqgSnEMtV+KtLA==,iv:qljRnSnchL5cFmaUAfCH9GQYQxcy5cyWejgk1x6bFgI=,tag:tIhboFU5kZsj5oAQR3hLbw==,type:str] | ||||
|     dbpassword: ENC[AES256_GCM,data:Tx7bFpHjXev1Q3G5Rdq5/Pg5XVro7hQFyG/FJUsiGeJOezymfk1V84VXPQ==,iv:msn8d2sarb2r+nSy1Qk1IOtkXhKDOXjcUO5dFpln1e4=,tag:Wtm1Q5FzTt1WA+uQjaVQKA==,type:str] | ||||
| mediawiki: | ||||
|     password: ENC[AES256_GCM,data:HsBuA1E7187roGnKuFPfPDYxA16GFjAUucgUtrdUFmcOzmTNiFH+NWY2ZQ==,iv:vDYUmmZftcrkDtJxNYKAJSx9j+AQcmQarC62QRHR4IM=,tag:3TKjNrGRivFWoK3djC748g==,type:str] | ||||
| keys: | ||||
|     postgres: | ||||
|         gitea: ENC[AES256_GCM,data:lG4P8kzp7Zq94WftN7p1RJqM65esPuTFZ2JJWkFFXTzlid2DRZPsG2FGIA==,iv:JvHQUgwwb7wJTNMxjLjOUw5sKKWlyMJafVaUOLUu9Sk=,tag:qE0+gDFU/YtghqCv/d2Qgw==,type:str] | ||||
|         mediawiki: ENC[AES256_GCM,data:p+s/uQ3ywQY9RpImFWTxjt1orzl905i9kTQPzsAIs6hAK5t3B00XVzKZgQ==,iv:xp3PRrjCGFxCsRZOlJGIonBOKWJ+3/1CByc4q7O3vDw=,tag:bfKlU2Pcoq0cQjbhp+UXag==,type:str] | ||||
| postgres: | ||||
|     mediawiki: ENC[AES256_GCM,data:JsDjfDrbJHejPDZFn6TyPkDnMIX9Go62ZmRy7P+N1Ncaz5tintspO1YtIA==,iv:7EgzkRf8GP/pIMxxEkI3fzKjxr1sT4vwsqshRtkeYU0=,tag:l3DO/0sicTolInEl2mJNSA==,type:str] | ||||
| sops: | ||||
|     kms: [] | ||||
|     gcp_kms: [] | ||||
| @@ -39,8 +37,8 @@ sops: | ||||
|             RHN4RDJWWGV2ZDJzVUo1VVorNzhlMGMKCwdWOZOnibpbB5mZSCBGhj+yUZvk/vuK | ||||
|             hsiDo74vmsmNZ/zmN6cw60hNwhZ4NgtfXcKG8Axe+1rPUwEcrvWHIQ== | ||||
|             -----END AGE ENCRYPTED FILE----- | ||||
|     lastmodified: "2023-01-28T23:33:14Z" | ||||
|     mac: ENC[AES256_GCM,data:c7YytaXdAPQmCiZHH2cojJqcZna2ilGXzpnkgxgYUOSQ0n3tryOK45uVp2JDN9OJ9gS5QsLf62AlqidE0wkYYuRC6HZnwhmlMuoY3kl2sr0/Y4kJqGeODRlZoGzUIOahHkphK1Y5GBs8GW6OYk46U54wi9+BF062pYxuOCoPwD4=,iv:ZLueZpRdaD/7uvmimDUELCAtM3e9169vmoXcHz4OKfQ=,tag:Ya8tMbUBhuypXJeZ8GQmWA==,type:str] | ||||
|     lastmodified: "2023-04-22T23:00:19Z" | ||||
|     mac: ENC[AES256_GCM,data:/c9N6/qSzeqjzNq1buR5Z7YLp/H1wDgpnpw5G8CcTJkggzn/mDfvyNg/k/TAJl5CzH/mh20yeHTjOGOiTXubkhJya+WT01g0PVinU3+GxTUZOxkaF0rHTCRzuiSbbrJzhtvMmmgbbYSkaGBZ8+Y3VvC8qnNKzadO+QozqZbLuWY=,iv:FiMABv8OBDRJeI6VsuapFS3qOlDP+TzJE8rrYSV/F7A=,tag:GAv2Pk5U7igVAyhch+ZEeA==,type:str] | ||||
|     pgp: | ||||
|         - created_at: "2023-01-28T23:37:44Z" | ||||
|           enc: | | ||||
		Reference in New Issue
	
	Block a user