gitea mjau

2024-05-25 15:12:56 +02:00 · 2024-05-25 15:12:56 +02:00 · 6c504fb899
commit 6c504fb899
parent d77da1ff1a
8 changed files with 63 additions and 13 deletions
--- a/flake.nix
+++ b/flake.nix
@ -14,13 +14,15 @@
        };
        # 8080 on host is 80 on guest
        # 2222 on host is 22 on guest
+        # 22222 on host is 222 on guest
        virt-module = {
          virtualisation.vmVariant = {
            virtualisation.cores = 4;
            virtualisation.memorySize = 4096;
            virtualisation.forwardPorts = [
-              { from = "host"; host.port = 8080; guest.port = 80; }
-              { from = "host"; host.port = 2222;  guest.port = 22; }
+              { from = "host"; host.port = 8080;  guest.port = 80;  }
+              { from = "host"; host.port = 2222;  guest.port = 22;  }
+              { from = "host"; host.port = 22222; guest.port = 222; }
            ];
          };
        };
--- a/host.nix
+++ b/host.nix
@ -1,12 +1,12 @@
 state-version: { pkgs, ... }:
-let services = with builtins;
+let lib = import ./lib.nix { inherit pkgs; };
+    services = with builtins;
      let services_no_ip =
-        map (s: import (./services + "/${s}") { inherit pkgs; })
+        map (s: import (./services + "/${s}") { inherit pkgs lib; })
            (filter (s: ! isNull (match ".*\.nix" s)) 
                    (attrNames (readDir ./services)));
      in genList (i: elemAt services_no_ip i // { ip = "10.10.0.${toString (i+2)}"; }) (length services_no_ip);

-    lib = import ./lib.nix;
    secrets = import ./secrets/secrets.nix;

    hostIp = "10.10.0.1";
@ -32,6 +32,11 @@ lib.flatMap ({ name, config, ip, ports, volumes, ... }:
        };
      }
      ) volumes;
+      forwardPorts = builtins.map ({ container, host, proto }: {
+        containerPort = container;
+        hostPort = host;
+        protocol = proto;
+      }) ports.forward;
      config = config // {
        boot.isContainer = true;

@ -56,8 +61,14 @@ lib.flatMap ({ name, config, ip, ports, volumes, ... }:

 //

+
 {

+  imports = builtins.map (service:
+    if service ? hostConfig
+      then service.hostConfig
+      else {}) services;
+
  system.activationScripts.makeBindMounts = with builtins;
    lib.flatMapS (name: ''
      mkdir -p ${hostVolumeDir + name}
@ -86,6 +97,7 @@ lib.flatMap ({ name, config, ip, ports, volumes, ... }:
  # [SSHD]
  services.openssh = {
    enable = true;
+    ports = [ 222 ];
    settings = {
      PermitRootLogin = "no";
      PasswordAuthentication = false;
@ -96,7 +108,7 @@ lib.flatMap ({ name, config, ip, ports, volumes, ... }:
  networking = {
    hostName = "cafe";

-    firewall.allowedTCPPorts = [ 22 80 443 ];
+    firewall.allowedTCPPorts = [ 22 222 80 443 ];
    firewall.allowedUDPPorts = [ ];

    nat = {
--- a/lib.nix
+++ b/lib.nix
@ -1,4 +1,19 @@
+{ pkgs, ... }:
 {
  flatMap = (f: list: builtins.foldl' (acc: elem: acc // elem) {} (builtins.map f list));
  flatMapS = (f: list: builtins.foldl' (acc: elem: acc + elem) "" (builtins.map f list));
+  git-forward-shell = pkgs.stdenv.mkDerivation {
+    name = "git-forward-shell";
+    passthru = {
+      shellPath = "/bin/git-forward-shell";
+    };
+    phases = [ "installPhase" ];
+    src = pkgs.writeScriptBin "git-forward-shell" ''
+    #!/bin/sh
+    ssh -p 2222 -o StrictHostKeyChecking=no git@gitea.containers "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" bash $@"
+    '';
+    installPhase = ''
+      cp -r $src $out
+    '';
+  };
 }
--- a/secrets/giteaForward
+++ b/secrets/giteaForward
--- a/secrets/giteaForward.pub
+++ b/secrets/giteaForward.pub
--- a/services/gitea.nix
+++ b/services/gitea.nix
@ -1,9 +1,11 @@
-{ pkgs, ... }: {
+{ pkgs, lib, ... }: 
+{
  name = "gitea";
  config = {
    services.gitea = {
      enable = true;
      appName = "My awesome Gitea server"; # Give the site a name
+      user = "git";
      database = {
        type = "postgres";
        host = "postgres.containers";
@ -19,15 +21,33 @@
        HTTP_PORT = 3001;
      };
    };
+
+    services.openssh = {
+      enable = true;
+      settings = {
+        PermitRootLogin = "no";
+        PasswordAuthentication = false;
+      };
+    };
+
+    users.users.git = {
+      home = "/var/lib/gitea";
+      group = "git";
+      shell = pkgs.bashInteractive;
+      isSystemUser = true;
+    };
+
+    users.groups.git = {};
  };
  ports = {
-    tcp = [ 3001 ];
+    tcp = [ 3001 22 ];
    udp = [];
    http = 3001;
+    forward = [ { container = 22; host = 22; proto = "tcp"; } ];
  };
  hosts = [ "localhost" ];
  volumes = [{
    name = "gitea-statedir";
    mountPoint = "/var/lib/gitea";
-  }]; # TODO
+  }];
 }
--- a/services/postgres.nix
+++ b/services/postgres.nix
@ -1,4 +1,4 @@
-{ pkgs, ... }: {
+{ pkgs, lib, ... }: {
  name = "postgres";
  config = {
    services.postgresql = {
@ -19,6 +19,7 @@
    tcp = [ 3306 ];
    udp = [];
    http = null;
+    forward = [];
  };
  hosts = [ ];
  volumes = [{
--- a/services/readme.md
+++ b/services/readme.md
@ -1,18 +1,17 @@
 # Services

-TODO: volumes
-
 Contains files defining services.

 Services are of the form:
 ```nix
-{ pkgs, ... }: {
+{ pkgs, lib, ... }: {
  name = "name";
  config = { ... };
  ports = {
    tcp = [ 80 ];
    udp = [ 111 ];
    http = 80;
+    forward = [ { container = 22; host = 22; proto = "tcp"; } ];
  };
  hosts = [ "myservice.domain.mjau" ];
  volumes = [
@ -22,5 +21,6 @@ Services are of the form:
    readOnly = false;
  };
  ];
+  hostConfig = { ... }
 }
 ```