gitea mjau

This commit is contained in:
Rachel Lambda Samuelsson 2024-05-25 15:12:56 +02:00
parent d77da1ff1a
commit 6c504fb899
8 changed files with 63 additions and 13 deletions

View File

@ -14,6 +14,7 @@
};
# 8080 on host is 80 on guest
# 2222 on host is 22 on guest
# 22222 on host is 222 on guest
virt-module = {
virtualisation.vmVariant = {
virtualisation.cores = 4;
@ -21,6 +22,7 @@
virtualisation.forwardPorts = [
{ from = "host"; host.port = 8080; guest.port = 80; }
{ from = "host"; host.port = 2222; guest.port = 22; }
{ from = "host"; host.port = 22222; guest.port = 222; }
];
};
};

View File

@ -1,12 +1,12 @@
state-version: { pkgs, ... }:
let services = with builtins;
let lib = import ./lib.nix { inherit pkgs; };
services = with builtins;
let services_no_ip =
map (s: import (./services + "/${s}") { inherit pkgs; })
map (s: import (./services + "/${s}") { inherit pkgs lib; })
(filter (s: ! isNull (match ".*\.nix" s))
(attrNames (readDir ./services)));
in genList (i: elemAt services_no_ip i // { ip = "10.10.0.${toString (i+2)}"; }) (length services_no_ip);
lib = import ./lib.nix;
secrets = import ./secrets/secrets.nix;
hostIp = "10.10.0.1";
@ -32,6 +32,11 @@ lib.flatMap ({ name, config, ip, ports, volumes, ... }:
};
}
) volumes;
forwardPorts = builtins.map ({ container, host, proto }: {
containerPort = container;
hostPort = host;
protocol = proto;
}) ports.forward;
config = config // {
boot.isContainer = true;
@ -56,8 +61,14 @@ lib.flatMap ({ name, config, ip, ports, volumes, ... }:
//
{
imports = builtins.map (service:
if service ? hostConfig
then service.hostConfig
else {}) services;
system.activationScripts.makeBindMounts = with builtins;
lib.flatMapS (name: ''
mkdir -p ${hostVolumeDir + name}
@ -86,6 +97,7 @@ lib.flatMap ({ name, config, ip, ports, volumes, ... }:
# [SSHD]
services.openssh = {
enable = true;
ports = [ 222 ];
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
@ -96,7 +108,7 @@ lib.flatMap ({ name, config, ip, ports, volumes, ... }:
networking = {
hostName = "cafe";
firewall.allowedTCPPorts = [ 22 80 443 ];
firewall.allowedTCPPorts = [ 22 222 80 443 ];
firewall.allowedUDPPorts = [ ];
nat = {

15
lib.nix
View File

@ -1,4 +1,19 @@
{ pkgs, ... }:
{
flatMap = (f: list: builtins.foldl' (acc: elem: acc // elem) {} (builtins.map f list));
flatMapS = (f: list: builtins.foldl' (acc: elem: acc + elem) "" (builtins.map f list));
git-forward-shell = pkgs.stdenv.mkDerivation {
name = "git-forward-shell";
passthru = {
shellPath = "/bin/git-forward-shell";
};
phases = [ "installPhase" ];
src = pkgs.writeScriptBin "git-forward-shell" ''
#!/bin/sh
ssh -p 2222 -o StrictHostKeyChecking=no git@gitea.containers "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" bash $@"
'';
installPhase = ''
cp -r $src $out
'';
};
}

BIN
secrets/giteaForward Normal file

Binary file not shown.

BIN
secrets/giteaForward.pub Normal file

Binary file not shown.

View File

@ -1,9 +1,11 @@
{ pkgs, ... }: {
{ pkgs, lib, ... }:
{
name = "gitea";
config = {
services.gitea = {
enable = true;
appName = "My awesome Gitea server"; # Give the site a name
user = "git";
database = {
type = "postgres";
host = "postgres.containers";
@ -19,15 +21,33 @@
HTTP_PORT = 3001;
};
};
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
};
};
users.users.git = {
home = "/var/lib/gitea";
group = "git";
shell = pkgs.bashInteractive;
isSystemUser = true;
};
users.groups.git = {};
};
ports = {
tcp = [ 3001 ];
tcp = [ 3001 22 ];
udp = [];
http = 3001;
forward = [ { container = 22; host = 22; proto = "tcp"; } ];
};
hosts = [ "localhost" ];
volumes = [{
name = "gitea-statedir";
mountPoint = "/var/lib/gitea";
}]; # TODO
}];
}

View File

@ -1,4 +1,4 @@
{ pkgs, ... }: {
{ pkgs, lib, ... }: {
name = "postgres";
config = {
services.postgresql = {
@ -19,6 +19,7 @@
tcp = [ 3306 ];
udp = [];
http = null;
forward = [];
};
hosts = [ ];
volumes = [{

View File

@ -1,18 +1,17 @@
# Services
TODO: volumes
Contains files defining services.
Services are of the form:
```nix
{ pkgs, ... }: {
{ pkgs, lib, ... }: {
name = "name";
config = { ... };
ports = {
tcp = [ 80 ];
udp = [ 111 ];
http = 80;
forward = [ { container = 22; host = 22; proto = "tcp"; } ];
};
hosts = [ "myservice.domain.mjau" ];
volumes = [
@ -22,5 +21,6 @@ Services are of the form:
readOnly = false;
};
];
hostConfig = { ... }
}
```