From 6c504fb8991061e8c014c347bdcba5c106dc701c Mon Sep 17 00:00:00 2001
From: Rachel Lambda Samuelsson <depsterr@protonmail.com>
Date: Sat, 25 May 2024 15:12:56 +0200
Subject: [PATCH] gitea mjau

---
 flake.nix                |   6 ++++--
 host.nix                 |  20 ++++++++++++++++----
 lib.nix                  |  15 +++++++++++++++
 secrets/giteaForward     | Bin 0 -> 421 bytes
 secrets/giteaForward.pub | Bin 0 -> 116 bytes
 services/gitea.nix       |  26 +++++++++++++++++++++++---
 services/postgres.nix    |   3 ++-
 services/readme.md       |   6 +++---
 8 files changed, 63 insertions(+), 13 deletions(-)
 create mode 100644 secrets/giteaForward
 create mode 100644 secrets/giteaForward.pub

diff --git a/flake.nix b/flake.nix
index fdc9637..ce5a634 100644
--- a/flake.nix
+++ b/flake.nix
@@ -14,13 +14,15 @@
         };
         # 8080 on host is 80 on guest
         # 2222 on host is 22 on guest
+        # 22222 on host is 222 on guest
         virt-module = {
           virtualisation.vmVariant = {
             virtualisation.cores = 4;
             virtualisation.memorySize = 4096;
             virtualisation.forwardPorts = [
-              { from = "host"; host.port = 8080; guest.port = 80; }
-              { from = "host"; host.port = 2222;  guest.port = 22; }
+              { from = "host"; host.port = 8080;  guest.port = 80;  }
+              { from = "host"; host.port = 2222;  guest.port = 22;  }
+              { from = "host"; host.port = 22222; guest.port = 222; }
             ];
           };
         };
diff --git a/host.nix b/host.nix
index 66883dd..bbf306d 100644
--- a/host.nix
+++ b/host.nix
@@ -1,12 +1,12 @@
 state-version: { pkgs, ... }:
-let services = with builtins;
+let lib = import ./lib.nix { inherit pkgs; };
+    services = with builtins;
       let services_no_ip =
-        map (s: import (./services + "/${s}") { inherit pkgs; })
+        map (s: import (./services + "/${s}") { inherit pkgs lib; })
             (filter (s: ! isNull (match ".*\.nix" s)) 
                     (attrNames (readDir ./services)));
       in genList (i: elemAt services_no_ip i // { ip = "10.10.0.${toString (i+2)}"; }) (length services_no_ip);
 
-    lib = import ./lib.nix;
     secrets = import ./secrets/secrets.nix;
 
     hostIp = "10.10.0.1";
@@ -32,6 +32,11 @@ lib.flatMap ({ name, config, ip, ports, volumes, ... }:
         };
       }
       ) volumes;
+      forwardPorts = builtins.map ({ container, host, proto }: {
+        containerPort = container;
+        hostPort = host;
+        protocol = proto;
+      }) ports.forward;
       config = config // {
         boot.isContainer = true;
 
@@ -56,8 +61,14 @@ lib.flatMap ({ name, config, ip, ports, volumes, ... }:
 
 //
 
+
 {
 
+  imports = builtins.map (service:
+    if service ? hostConfig
+      then service.hostConfig
+      else {}) services;
+
   system.activationScripts.makeBindMounts = with builtins;
     lib.flatMapS (name: ''
       mkdir -p ${hostVolumeDir + name}
@@ -86,6 +97,7 @@ lib.flatMap ({ name, config, ip, ports, volumes, ... }:
   # [SSHD]
   services.openssh = {
     enable = true;
+    ports = [ 222 ];
     settings = {
       PermitRootLogin = "no";
       PasswordAuthentication = false;
@@ -96,7 +108,7 @@ lib.flatMap ({ name, config, ip, ports, volumes, ... }:
   networking = {
     hostName = "cafe";
 
-    firewall.allowedTCPPorts = [ 22 80 443 ];
+    firewall.allowedTCPPorts = [ 22 222 80 443 ];
     firewall.allowedUDPPorts = [ ];
 
     nat = {
diff --git a/lib.nix b/lib.nix
index 2803aca..f344c23 100644
--- a/lib.nix
+++ b/lib.nix
@@ -1,4 +1,19 @@
+{ pkgs, ... }:
 {
   flatMap = (f: list: builtins.foldl' (acc: elem: acc // elem) {} (builtins.map f list));
   flatMapS = (f: list: builtins.foldl' (acc: elem: acc + elem) "" (builtins.map f list));
+  git-forward-shell = pkgs.stdenv.mkDerivation {
+    name = "git-forward-shell";
+    passthru = {
+      shellPath = "/bin/git-forward-shell";
+    };
+    phases = [ "installPhase" ];
+    src = pkgs.writeScriptBin "git-forward-shell" ''
+    #!/bin/sh
+    ssh -p 2222 -o StrictHostKeyChecking=no git@gitea.containers "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" bash $@"
+    '';
+    installPhase = ''
+      cp -r $src $out
+    '';
+  };
 }
diff --git a/secrets/giteaForward b/secrets/giteaForward
new file mode 100644
index 0000000000000000000000000000000000000000..c669f87e3b9dd7cbb44c3e56c26b6411c855c40c
GIT binary patch
literal 421
zcmV;W0b2e5M@dveQdv+`0HyCCXs3{dqs+8qel(yH)0%+j0USk@t(b}Et)XCEOv2*v
z&ya{yQ|qZTWx0pR(Jc8rRsSq+fS#SihRqrUpEcUws-va|jiGB2^GfbV*-b(f&u{(h
zxVvZf;kS<6x<ZcuR7OJEg~K#Fb!W%c00Mqw+p^RV26;U91@R4TF|rV@TuSX29L4@h
zEx$rWuNi_S`j_c@yiGIx6mMzDCPnc!hGfk53(gvTX0|`V#Z{*k7~RS?@E#j+Xx{81
z^P21BgLFUM0cx~CqC79OjY`SwQ0Rc&KVQSEcPD-|&$=dVW2(U!YkC8i4-9N8iUf@}
zbIX42s89?98q>JuQx{jVIgS!;m+>+#P(d@%cWa{2lsWK^U@sS5lw%@$0E2<+BRpvL
zfeq0E{%I7D+*6Ch#6C}`1Y{Dw3a~;OL%OO6O-90l?ZDlvX%<7uQU50XAlkZ&6I@QF
z-oPLS9O><#svv@P-g!+m9QY_ml{93-E?oJvmzK$2ThbZT)X&py=OY@&0|L?Whlo(s
Pr`I8w9Y-fqU``Yayc5fn

literal 0
HcmV?d00001

diff --git a/secrets/giteaForward.pub b/secrets/giteaForward.pub
new file mode 100644
index 0000000000000000000000000000000000000000..1da1a4e4d85d2503c419aa3d6688c2841c39f74b
GIT binary patch
literal 116
zcmV-)0E_<sM@dveQdv+`021n>@|F1RpcM4GNQxYH9`2GS?d%k8;11!m<Y_;JR})7e
z^jI*)WI)Q!tSXykk-);ATFnG^&RU}wsfzk|+@m`b{}zLD`V2rD`g`3{$I?$pWszQP
W=BvJ`SZzg6rQ~i!l@Z)o%xN6ocsY##

literal 0
HcmV?d00001

diff --git a/services/gitea.nix b/services/gitea.nix
index 1cc974b..6dc14f2 100644
--- a/services/gitea.nix
+++ b/services/gitea.nix
@@ -1,9 +1,11 @@
-{ pkgs, ... }: {
+{ pkgs, lib, ... }: 
+{
   name = "gitea";
   config = {
     services.gitea = {
       enable = true;
       appName = "My awesome Gitea server"; # Give the site a name
+      user = "git";
       database = {
         type = "postgres";
         host = "postgres.containers";
@@ -19,15 +21,33 @@
         HTTP_PORT = 3001;
       };
     };
+
+    services.openssh = {
+      enable = true;
+      settings = {
+        PermitRootLogin = "no";
+        PasswordAuthentication = false;
+      };
+    };
+
+    users.users.git = {
+      home = "/var/lib/gitea";
+      group = "git";
+      shell = pkgs.bashInteractive;
+      isSystemUser = true;
+    };
+
+    users.groups.git = {};
   };
   ports = {
-    tcp = [ 3001 ];
+    tcp = [ 3001 22 ];
     udp = [];
     http = 3001;
+    forward = [ { container = 22; host = 22; proto = "tcp"; } ];
   };
   hosts = [ "localhost" ];
   volumes = [{
     name = "gitea-statedir";
     mountPoint = "/var/lib/gitea";
-  }]; # TODO
+  }];
 }
diff --git a/services/postgres.nix b/services/postgres.nix
index eccab69..674d99c 100644
--- a/services/postgres.nix
+++ b/services/postgres.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }: {
+{ pkgs, lib, ... }: {
   name = "postgres";
   config = {
     services.postgresql = {
@@ -19,6 +19,7 @@
     tcp = [ 3306 ];
     udp = [];
     http = null;
+    forward = [];
   };
   hosts = [ ];
   volumes = [{
diff --git a/services/readme.md b/services/readme.md
index 9eded8a..509fd3b 100644
--- a/services/readme.md
+++ b/services/readme.md
@@ -1,18 +1,17 @@
 # Services
 
-TODO: volumes
-
 Contains files defining services.
 
 Services are of the form:
 ```nix
-{ pkgs, ... }: {
+{ pkgs, lib, ... }: {
   name = "name";
   config = { ... };
   ports = {
     tcp = [ 80 ];
     udp = [ 111 ];
     http = 80;
+    forward = [ { container = 22; host = 22; proto = "tcp"; } ];
   };
   hosts = [ "myservice.domain.mjau" ];
   volumes = [
@@ -22,5 +21,6 @@ Services are of the form:
     readOnly = false;
   };
   ];
+  hostConfig = { ... }
 }
 ```