This commit is contained in:
Rachel Lambda Samuelsson 2024-06-20 14:56:34 +02:00
parent b81084b65c
commit 4e5cef130c
17 changed files with 13449 additions and 72 deletions

View File

@ -11,8 +11,6 @@ let hostVolumeDir = "/var/lib/container-storage/";
(attrNames (readDir ./services)));
in genList (i: elemAt services_no_ip i // { ip = "10.10.0.${toString (i+2)}"; }) (length services_no_ip);
secrets = import ./secrets/secrets.nix;
hostIp = "10.10.0.1";
in
@ -145,6 +143,7 @@ lib.flatMap ({ name, config, ip, ports, volumes, ... }:
settings = {
experimental-features = [ "nix-command" "flakes" ];
auto-optimise-store = true;
trusted-users = [ "@wheel" ];
};
gc = {
automatic = true;

Binary file not shown.

After

Width:  |  Height:  |  Size: 32 KiB

File diff suppressed because it is too large Load Diff

After

Width:  |  Height:  |  Size: 557 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 32 KiB

File diff suppressed because it is too large Load Diff

After

Width:  |  Height:  |  Size: 557 KiB

View File

@ -0,0 +1,10 @@
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/katex@0.16.2/dist/katex.min.css" integrity="sha384-bYdxxUwYipFNohQlHt0bjN/LCpueqWz13HufFEV1SUatKs1cm4L6fFgCi1jT643X" crossorigin="anonymous">
<script defer src="https://cdn.jsdelivr.net/npm/katex@0.16.2/dist/katex.min.js" integrity="sha384-Qsn9KnoKISj6dI8g7p1HBlNpVx0I8p1SvlwOldgi3IorMle61nQy4zEahWYtljaz" crossorigin="anonymous"></script>
<script>
document.addEventListener("DOMContentLoaded", function() {
document.querySelectorAll(".math").forEach(function(elem) {
katex.render(elem.textContent, elem)
})
});
</script>
<a hidden rel="me" href="https://types.pl/@rachelrosen">Mastodon</a>

View File

@ -0,0 +1,17 @@
{{template "base/head" .}}
<div class="page-content home">
<div class="ui stackable middle very relaxed page grid">
<div class="sixteen wide center aligned centered column">
<div>
<img class="logo" width="220" height="220" src="{{AssetUrlPrefix}}/img/logo.svg"/>
</div>
<div class="hero">
<h1 class="ui icon header title">
{{AppName}}
</h1>
<h2>git with a hug</h2>
</div>
</div>
</div>
</div>
{{template "base/footer" .}}

Binary file not shown.

Binary file not shown.

BIN
secrets/gitea_mariadb_pass Normal file

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@ -4,24 +4,33 @@
config = {
services.gitea = {
enable = true;
appName = "My awesome Gitea server"; # Give the site a name
lfs.enable = true;
appName = "githug"; # Give the site a name
user = "git";
database = {
type = "postgres";
host = "postgres.containers";
port = 5432;
type = "mysql";
host = "mariadb.containers";
port = 3306;
name = "gitea";
user = "gitea";
createDatabase = false;
passwordFile = ../secrets/gitea_postgres_pass;
passwordFile = ../secrets/gitea_mariadb_pass;
};
settings.server = {
DOMAIN = "localhost";
ROOT_URL = "http://localhost/";
settings = {
server = {
# DOMAIN = "githug.xyz";
# ROOT_URL = "https://githug.xyz/";
# COOKIE_SECURE = true;
HTTP_PORT = 3001;
OFFLINE_MODE = true;
};
repository.ENABLE_PUSH_CREATE_USER = true;
mailer.ENABLED = false;
service = {
REGISTER_EMAIL_CONFIRM = false;
ENABLE_NOTIFY_EMAIL = false;
DISABLE_REGISTRATION = true;
};
settings.actions = {
ENABLED = true;
};
};
@ -41,6 +50,7 @@
};
users.groups.git = {};
};
ports = {
tcp = [ 3001 22 ];
@ -53,4 +63,22 @@
name = "gitea-statedir";
mountPoint = "/var/lib/gitea";
}];
hostConfig = {
system.activationScripts.gitea-custom-files =
let customs = pkgs.stdenv.mkDerivation {
name = "gitea-custom";
src = ./..;
phases = [ "installPhase" ];
installPhase = ''
cp -r $src/resources/gitea-custom $out
'';
};
in ''
mkdir -p ${lib.hostVolumeDir}/gitea-statedir/custom
rm -rf ${lib.hostVolumeDir}/gitea-statedir/custom/public
rm -rf ${lib.hostVolumeDir}/gitea-statedir/custom/templates
cp -rf ${customs}/public ${lib.hostVolumeDir}/gitea-statedir/custom
cp -rf ${customs}/templates ${lib.hostVolumeDir}/gitea-statedir/custom
'';
};
}

58
services/mariadb.nix Normal file
View File

@ -0,0 +1,58 @@
{ pkgs, lib, ... }: {
name = "mariadb";
config = {
services.mysql = {
enable = true;
package = pkgs.mariadb;
settings = {
mysqld = {
port = 3306;
};
mysqldump = {
quick = true;
};
};
ensureDatabases = [ "gitea" ];
initialScript = pkgs.writeScript "init.sql" ''
CREATE USER 'gitea'@'%' IDENTIFIED BY '${pkgs.lib.removeSuffix "\n"
(builtins.readFile ../secrets/gitea_mariadb_pass)}';
GRANT ALL ON gitea.* to 'gitea'@'%' WITH GRANT OPTION;
'';
ensureUsers = [
{
name = "root";
ensurePermissions = {
"*.*" = "ALL PRIVILEGES";
};
}
{
name = "mysqldump";
ensurePermissions = {
"*.*" = "SELECT, LOCK TABLES";
};
}
];
};
services.mysqlBackup = {
enable = true;
singleTransaction = true;
};
};
ports = {
tcp = [ 3306 ];
udp = [];
http = null;
forward = [];
};
hosts = [ ];
volumes = [
{
name = "mariadb-storage";
mountPoint = "/var/lib/mysql";
}
{
name = "mariadb-backup";
mountPoint = "/var/backup/mysql";
}
];
}

View File

@ -1,48 +0,0 @@
{ pkgs, lib, ... }: {
name = "postgres";
config = {
services.postgresql = {
enable = true;
enableTCPIP = true;
port = 5432;
ensureDatabases = [ "gitea" ];
ensureUsers = [
{
name = "gitea";
ensureDBOwnership = true;
}
{
name = "root";
ensureClauses.superuser = true;
}
];
authentication = ''
host all gitea 10.10.0.0/16 trust
local all root trust
'';
};
services.postgresqlBackup = {
enable = true;
backupAll = true;
compression = "gzip";
compressionLevel = 9;
};
};
ports = {
tcp = [ 5432 ];
udp = [];
http = null;
forward = [];
};
hosts = [ ];
volumes = [
{
name = "postgres-storage";
mountPoint = "/var/lib/postgresql";
}
{
name = "postgres-backup";
mountPoint = "/var/backup/postgresql";
}
];
}

View File

@ -1,14 +1,7 @@
{ pkgs, lib, ... }:
{
name = "gitea";
name = "smb";
config = {
services.nfs.server = {
enable = true;
createMountPoints = true;
exports = ''
/srv/nfs/music 192.168.0.0/16(rw,sync,no_subtree_check) *(ro,sync,no_subtree_check)
'';
};
};
ports = {
tcp = [ 111 2049 ];
@ -23,8 +16,8 @@
};
hosts = [];
volumes = [{
name = "nfs";
mountPoint = "/srv/nfs/";
name = "smb";
mountPoint = "/srv/smb/";
readOnly = false;
backup = false;
}];

2
update-blog.sh Normal file
View File

@ -0,0 +1,2 @@
#!/bin/sh
nix flake lock --update-input rachelcafe