gitea :)

host.nix

@@ -11,8 +11,6 @@ let hostVolumeDir = "/var/lib/container-storage/";
                     (attrNames (readDir ./services)));
       in genList (i: elemAt services_no_ip i // { ip = "10.10.0.${toString (i+2)}"; }) (length services_no_ip);
 
-    secrets = import ./secrets/secrets.nix;
-
     hostIp = "10.10.0.1";
 in
 
@@ -145,6 +143,7 @@ lib.flatMap ({ name, config, ip, ports, volumes, ... }:
     settings = {
       experimental-features = [ "nix-command" "flakes" ];
       auto-optimise-store = true;
+      trusted-users = [ "@wheel" ];
     };
     gc = {
       automatic = true;

resources/gitea-custom/templates/custom/footer.tmpl

@@ -0,0 +1,10 @@
+<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/katex@0.16.2/dist/katex.min.css" integrity="sha384-bYdxxUwYipFNohQlHt0bjN/LCpueqWz13HufFEV1SUatKs1cm4L6fFgCi1jT643X" crossorigin="anonymous">
+<script defer src="https://cdn.jsdelivr.net/npm/katex@0.16.2/dist/katex.min.js" integrity="sha384-Qsn9KnoKISj6dI8g7p1HBlNpVx0I8p1SvlwOldgi3IorMle61nQy4zEahWYtljaz" crossorigin="anonymous"></script>
+<script>
+    document.addEventListener("DOMContentLoaded", function() {
+        document.querySelectorAll(".math").forEach(function(elem) {
+            katex.render(elem.textContent, elem)
+        })
+    });
+</script>
+<a hidden rel="me" href="https://types.pl/@rachelrosen">Mastodon</a>

resources/gitea-custom/templates/home.tmpl

@@ -0,0 +1,17 @@
+{{template "base/head" .}}
+<div class="page-content home">
+	<div class="ui stackable middle very relaxed page grid">
+		<div class="sixteen wide center aligned centered column">
+			<div>
+				<img class="logo" width="220" height="220" src="{{AssetUrlPrefix}}/img/logo.svg"/>
+			</div>
+			<div class="hero">
+				<h1 class="ui icon header title">
+					{{AppName}}
+				</h1>
+				<h2>git with a hug</h2>
+			</div>
+		</div>
+	</div>
+</div>
+{{template "base/footer" .}}

services/gitea.nix

@@ -4,24 +4,33 @@
   config = {
     services.gitea = {
       enable = true;
-      appName = "My awesome Gitea server"; # Give the site a name
+      lfs.enable = true;
+      appName = "githug"; # Give the site a name
       user = "git";
       database = {
-        type = "postgres";
-        host = "postgres.containers";
-        port = 5432;
+        type = "mysql";
+        host = "mariadb.containers";
+        port = 3306;
         name = "gitea";
         user = "gitea";
         createDatabase = false;
-        passwordFile = ../secrets/gitea_postgres_pass;
+        passwordFile = ../secrets/gitea_mariadb_pass;
       };
-      settings.server = {
-        DOMAIN = "localhost";
-        ROOT_URL = "http://localhost/";
-        HTTP_PORT = 3001;
-      };
-      settings.actions = {
-        ENABLED = true;
+      settings = {
+        server = {
+          # DOMAIN = "githug.xyz";
+          # ROOT_URL = "https://githug.xyz/";
+          # COOKIE_SECURE = true;
+          HTTP_PORT = 3001;
+          OFFLINE_MODE = true;
+        };
+        repository.ENABLE_PUSH_CREATE_USER = true;
+        mailer.ENABLED = false;
+        service = {
+          REGISTER_EMAIL_CONFIRM = false;
+          ENABLE_NOTIFY_EMAIL = false;
+          DISABLE_REGISTRATION = true;
+        };
       };
     };
 
@@ -41,6 +50,7 @@
     };
 
     users.groups.git = {};
+
   };
   ports = {
     tcp = [ 3001 22 ];
@@ -53,4 +63,22 @@
     name = "gitea-statedir";
     mountPoint = "/var/lib/gitea";
   }];
+  hostConfig = {
+    system.activationScripts.gitea-custom-files =
+      let customs = pkgs.stdenv.mkDerivation {
+        name = "gitea-custom";
+        src = ./..;
+        phases = [ "installPhase" ];
+        installPhase = ''
+          cp -r $src/resources/gitea-custom $out
+        '';
+      };
+      in ''
+        mkdir -p ${lib.hostVolumeDir}/gitea-statedir/custom
+        rm -rf ${lib.hostVolumeDir}/gitea-statedir/custom/public
+        rm -rf ${lib.hostVolumeDir}/gitea-statedir/custom/templates
+        cp -rf ${customs}/public ${lib.hostVolumeDir}/gitea-statedir/custom
+        cp -rf ${customs}/templates ${lib.hostVolumeDir}/gitea-statedir/custom
+      '';
+  };
 }

services/mariadb.nix

@@ -0,0 +1,58 @@
+{ pkgs, lib, ... }: {
+  name = "mariadb";
+  config = {
+    services.mysql = {
+      enable = true;
+      package = pkgs.mariadb;
+      settings = {
+        mysqld = {
+          port = 3306;
+        };
+        mysqldump = {
+          quick = true;
+        };
+      };
+      ensureDatabases = [ "gitea" ];
+      initialScript = pkgs.writeScript "init.sql" ''
+        CREATE USER 'gitea'@'%' IDENTIFIED BY '${pkgs.lib.removeSuffix "\n" 
+          (builtins.readFile ../secrets/gitea_mariadb_pass)}';
+        GRANT ALL ON gitea.* to 'gitea'@'%' WITH GRANT OPTION;
+      '';
+      ensureUsers = [
+      {
+        name = "root";
+        ensurePermissions = {
+          "*.*" = "ALL PRIVILEGES";
+        };
+      }
+      {
+        name = "mysqldump";
+        ensurePermissions = {
+          "*.*" = "SELECT, LOCK TABLES";
+        };
+      }
+      ];
+    };
+    services.mysqlBackup = {
+      enable = true;
+      singleTransaction = true;
+    };
+  };
+  ports = {
+    tcp = [ 3306 ];
+    udp = [];
+    http = null;
+    forward = [];
+  };
+  hosts = [ ];
+  volumes = [
+  {
+    name = "mariadb-storage";
+    mountPoint = "/var/lib/mysql";
+  }
+  {
+    name = "mariadb-backup";
+    mountPoint = "/var/backup/mysql";
+  }
+  ];
+}

services/postgres.nix

@@ -1,48 +0,0 @@
-{ pkgs, lib, ... }: {
-  name = "postgres";
-  config = {
-    services.postgresql = {
-      enable = true;
-      enableTCPIP = true;
-      port = 5432;
-      ensureDatabases = [ "gitea" ];
-      ensureUsers = [
-      {
-        name = "gitea";
-        ensureDBOwnership = true;
-      }
-      {
-        name = "root";
-        ensureClauses.superuser = true;
-      }
-      ];
-      authentication = ''
-        host  all gitea 10.10.0.0/16 trust
-        local all root  trust
-      '';
-    };
-    services.postgresqlBackup = {
-      enable = true;
-      backupAll = true;
-      compression = "gzip";
-      compressionLevel = 9;
-    };
-  };
-  ports = {
-    tcp = [ 5432 ];
-    udp = [];
-    http = null;
-    forward = [];
-  };
-  hosts = [ ];
-  volumes = [
-  {
-    name = "postgres-storage";
-    mountPoint = "/var/lib/postgresql";
-  }
-  {
-    name = "postgres-backup";
-    mountPoint = "/var/backup/postgresql";
-  }
-  ];
-}

services/smb.nix

@@ -1,14 +1,7 @@
 { pkgs, lib, ... }: 
 {
-  name = "gitea";
+  name = "smb";
   config = {
-    services.nfs.server = {
-      enable = true;
-      createMountPoints = true;
-      exports = ''
-        /srv/nfs/music 192.168.0.0/16(rw,sync,no_subtree_check) *(ro,sync,no_subtree_check)
-      '';
-    };
   };
   ports = {
     tcp = [ 111 2049 ];
@@ -23,8 +16,8 @@
   };
   hosts = [];
   volumes = [{
-    name = "nfs";
-    mountPoint = "/srv/nfs/";
+    name = "smb";
+    mountPoint = "/srv/smb/";
     readOnly = false;
     backup = false;
   }];

update-blog.sh

@@ -0,0 +1,2 @@
+#!/bin/sh
+nix flake lock --update-input rachelcafe