gitea mjau
This commit is contained in:
parent
d77da1ff1a
commit
6c504fb899
|
@ -14,13 +14,15 @@
|
||||||
};
|
};
|
||||||
# 8080 on host is 80 on guest
|
# 8080 on host is 80 on guest
|
||||||
# 2222 on host is 22 on guest
|
# 2222 on host is 22 on guest
|
||||||
|
# 22222 on host is 222 on guest
|
||||||
virt-module = {
|
virt-module = {
|
||||||
virtualisation.vmVariant = {
|
virtualisation.vmVariant = {
|
||||||
virtualisation.cores = 4;
|
virtualisation.cores = 4;
|
||||||
virtualisation.memorySize = 4096;
|
virtualisation.memorySize = 4096;
|
||||||
virtualisation.forwardPorts = [
|
virtualisation.forwardPorts = [
|
||||||
{ from = "host"; host.port = 8080; guest.port = 80; }
|
{ from = "host"; host.port = 8080; guest.port = 80; }
|
||||||
{ from = "host"; host.port = 2222; guest.port = 22; }
|
{ from = "host"; host.port = 2222; guest.port = 22; }
|
||||||
|
{ from = "host"; host.port = 22222; guest.port = 222; }
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
20
host.nix
20
host.nix
|
@ -1,12 +1,12 @@
|
||||||
state-version: { pkgs, ... }:
|
state-version: { pkgs, ... }:
|
||||||
let services = with builtins;
|
let lib = import ./lib.nix { inherit pkgs; };
|
||||||
|
services = with builtins;
|
||||||
let services_no_ip =
|
let services_no_ip =
|
||||||
map (s: import (./services + "/${s}") { inherit pkgs; })
|
map (s: import (./services + "/${s}") { inherit pkgs lib; })
|
||||||
(filter (s: ! isNull (match ".*\.nix" s))
|
(filter (s: ! isNull (match ".*\.nix" s))
|
||||||
(attrNames (readDir ./services)));
|
(attrNames (readDir ./services)));
|
||||||
in genList (i: elemAt services_no_ip i // { ip = "10.10.0.${toString (i+2)}"; }) (length services_no_ip);
|
in genList (i: elemAt services_no_ip i // { ip = "10.10.0.${toString (i+2)}"; }) (length services_no_ip);
|
||||||
|
|
||||||
lib = import ./lib.nix;
|
|
||||||
secrets = import ./secrets/secrets.nix;
|
secrets = import ./secrets/secrets.nix;
|
||||||
|
|
||||||
hostIp = "10.10.0.1";
|
hostIp = "10.10.0.1";
|
||||||
|
@ -32,6 +32,11 @@ lib.flatMap ({ name, config, ip, ports, volumes, ... }:
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
) volumes;
|
) volumes;
|
||||||
|
forwardPorts = builtins.map ({ container, host, proto }: {
|
||||||
|
containerPort = container;
|
||||||
|
hostPort = host;
|
||||||
|
protocol = proto;
|
||||||
|
}) ports.forward;
|
||||||
config = config // {
|
config = config // {
|
||||||
boot.isContainer = true;
|
boot.isContainer = true;
|
||||||
|
|
||||||
|
@ -56,8 +61,14 @@ lib.flatMap ({ name, config, ip, ports, volumes, ... }:
|
||||||
|
|
||||||
//
|
//
|
||||||
|
|
||||||
|
|
||||||
{
|
{
|
||||||
|
|
||||||
|
imports = builtins.map (service:
|
||||||
|
if service ? hostConfig
|
||||||
|
then service.hostConfig
|
||||||
|
else {}) services;
|
||||||
|
|
||||||
system.activationScripts.makeBindMounts = with builtins;
|
system.activationScripts.makeBindMounts = with builtins;
|
||||||
lib.flatMapS (name: ''
|
lib.flatMapS (name: ''
|
||||||
mkdir -p ${hostVolumeDir + name}
|
mkdir -p ${hostVolumeDir + name}
|
||||||
|
@ -86,6 +97,7 @@ lib.flatMap ({ name, config, ip, ports, volumes, ... }:
|
||||||
# [SSHD]
|
# [SSHD]
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
ports = [ 222 ];
|
||||||
settings = {
|
settings = {
|
||||||
PermitRootLogin = "no";
|
PermitRootLogin = "no";
|
||||||
PasswordAuthentication = false;
|
PasswordAuthentication = false;
|
||||||
|
@ -96,7 +108,7 @@ lib.flatMap ({ name, config, ip, ports, volumes, ... }:
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "cafe";
|
hostName = "cafe";
|
||||||
|
|
||||||
firewall.allowedTCPPorts = [ 22 80 443 ];
|
firewall.allowedTCPPorts = [ 22 222 80 443 ];
|
||||||
firewall.allowedUDPPorts = [ ];
|
firewall.allowedUDPPorts = [ ];
|
||||||
|
|
||||||
nat = {
|
nat = {
|
||||||
|
|
15
lib.nix
15
lib.nix
|
@ -1,4 +1,19 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
{
|
{
|
||||||
flatMap = (f: list: builtins.foldl' (acc: elem: acc // elem) {} (builtins.map f list));
|
flatMap = (f: list: builtins.foldl' (acc: elem: acc // elem) {} (builtins.map f list));
|
||||||
flatMapS = (f: list: builtins.foldl' (acc: elem: acc + elem) "" (builtins.map f list));
|
flatMapS = (f: list: builtins.foldl' (acc: elem: acc + elem) "" (builtins.map f list));
|
||||||
|
git-forward-shell = pkgs.stdenv.mkDerivation {
|
||||||
|
name = "git-forward-shell";
|
||||||
|
passthru = {
|
||||||
|
shellPath = "/bin/git-forward-shell";
|
||||||
|
};
|
||||||
|
phases = [ "installPhase" ];
|
||||||
|
src = pkgs.writeScriptBin "git-forward-shell" ''
|
||||||
|
#!/bin/sh
|
||||||
|
ssh -p 2222 -o StrictHostKeyChecking=no git@gitea.containers "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" bash $@"
|
||||||
|
'';
|
||||||
|
installPhase = ''
|
||||||
|
cp -r $src $out
|
||||||
|
'';
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
BIN
secrets/giteaForward
Normal file
BIN
secrets/giteaForward
Normal file
Binary file not shown.
BIN
secrets/giteaForward.pub
Normal file
BIN
secrets/giteaForward.pub
Normal file
Binary file not shown.
|
@ -1,9 +1,11 @@
|
||||||
{ pkgs, ... }: {
|
{ pkgs, lib, ... }:
|
||||||
|
{
|
||||||
name = "gitea";
|
name = "gitea";
|
||||||
config = {
|
config = {
|
||||||
services.gitea = {
|
services.gitea = {
|
||||||
enable = true;
|
enable = true;
|
||||||
appName = "My awesome Gitea server"; # Give the site a name
|
appName = "My awesome Gitea server"; # Give the site a name
|
||||||
|
user = "git";
|
||||||
database = {
|
database = {
|
||||||
type = "postgres";
|
type = "postgres";
|
||||||
host = "postgres.containers";
|
host = "postgres.containers";
|
||||||
|
@ -19,15 +21,33 @@
|
||||||
HTTP_PORT = 3001;
|
HTTP_PORT = 3001;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
PermitRootLogin = "no";
|
||||||
|
PasswordAuthentication = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
users.users.git = {
|
||||||
|
home = "/var/lib/gitea";
|
||||||
|
group = "git";
|
||||||
|
shell = pkgs.bashInteractive;
|
||||||
|
isSystemUser = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.groups.git = {};
|
||||||
};
|
};
|
||||||
ports = {
|
ports = {
|
||||||
tcp = [ 3001 ];
|
tcp = [ 3001 22 ];
|
||||||
udp = [];
|
udp = [];
|
||||||
http = 3001;
|
http = 3001;
|
||||||
|
forward = [ { container = 22; host = 22; proto = "tcp"; } ];
|
||||||
};
|
};
|
||||||
hosts = [ "localhost" ];
|
hosts = [ "localhost" ];
|
||||||
volumes = [{
|
volumes = [{
|
||||||
name = "gitea-statedir";
|
name = "gitea-statedir";
|
||||||
mountPoint = "/var/lib/gitea";
|
mountPoint = "/var/lib/gitea";
|
||||||
}]; # TODO
|
}];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ pkgs, ... }: {
|
{ pkgs, lib, ... }: {
|
||||||
name = "postgres";
|
name = "postgres";
|
||||||
config = {
|
config = {
|
||||||
services.postgresql = {
|
services.postgresql = {
|
||||||
|
@ -19,6 +19,7 @@
|
||||||
tcp = [ 3306 ];
|
tcp = [ 3306 ];
|
||||||
udp = [];
|
udp = [];
|
||||||
http = null;
|
http = null;
|
||||||
|
forward = [];
|
||||||
};
|
};
|
||||||
hosts = [ ];
|
hosts = [ ];
|
||||||
volumes = [{
|
volumes = [{
|
||||||
|
|
|
@ -1,18 +1,17 @@
|
||||||
# Services
|
# Services
|
||||||
|
|
||||||
TODO: volumes
|
|
||||||
|
|
||||||
Contains files defining services.
|
Contains files defining services.
|
||||||
|
|
||||||
Services are of the form:
|
Services are of the form:
|
||||||
```nix
|
```nix
|
||||||
{ pkgs, ... }: {
|
{ pkgs, lib, ... }: {
|
||||||
name = "name";
|
name = "name";
|
||||||
config = { ... };
|
config = { ... };
|
||||||
ports = {
|
ports = {
|
||||||
tcp = [ 80 ];
|
tcp = [ 80 ];
|
||||||
udp = [ 111 ];
|
udp = [ 111 ];
|
||||||
http = 80;
|
http = 80;
|
||||||
|
forward = [ { container = 22; host = 22; proto = "tcp"; } ];
|
||||||
};
|
};
|
||||||
hosts = [ "myservice.domain.mjau" ];
|
hosts = [ "myservice.domain.mjau" ];
|
||||||
volumes = [
|
volumes = [
|
||||||
|
@ -22,5 +21,6 @@ Services are of the form:
|
||||||
readOnly = false;
|
readOnly = false;
|
||||||
};
|
};
|
||||||
];
|
];
|
||||||
|
hostConfig = { ... }
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
Loading…
Reference in New Issue
Block a user