grunger

yippee
gitea :)
2024-06-20 16:39:06 +02:00 · 2024-06-20 16:14:35 +02:00 · 2024-06-20 16:10:34 +02:00
20 changed files with 13461 additions and 82 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
 cafe.qcow2
+result
--- a/flake.lock
+++ b/flake.lock
@ -208,26 +208,37 @@
    },
    "nixpkgs_3": {
      "locked": {
-        "lastModified": 1716361217,
-        "narHash": "sha256-mzZDr00WUiUXVm1ujBVv6A0qRd8okaITyUp4ezYRgc4=",
+        "lastModified": 1718717462,
+        "narHash": "sha256-qddfQLMaWR2gxfEzUM/zFZVK6H1kTv9WBQSBQxbP3MU=",
        "owner": "NixOs",
        "repo": "nixpkgs",
-        "rev": "46397778ef1f73414b03ed553a3368f0e7e33c2f",
+        "rev": "938aa157bbd6e3c6fd7dcb77998b1f92c2ad1631",
        "type": "github"
      },
      "original": {
        "owner": "NixOs",
-        "ref": "nixos-23.11",
+        "ref": "nixos-24.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
+    "nixpkgs_4": {
+      "locked": {
+        "lastModified": 1701263465,
+        "narHash": "sha256-lNXUIlkfyDyp9Ox21hr+wsEf/IBklLvb6bYcyeXbdRc=",
+        "path": "/nix/store/7i525k013ds687vgp12lyhwmx79qd4qj-source",
+        "rev": "50aa30a13c4ab5e7ba282da460a3e3d44e9d0eb3",
+        "type": "path"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "type": "indirect"
+      }
+    },
    "rachelcafe": {
      "inputs": {
        "flake-utils": "flake-utils_3",
-        "nixpkgs": [
-          "nixpkgs"
-        ]
+        "nixpkgs": "nixpkgs_4"
      },
      "locked": {
        "lastModified": 1705262863,
--- a/flake.nix
+++ b/flake.nix
@ -2,10 +2,9 @@
  description = "NixOs configuration for my server";

  inputs = {
-    nixpkgs.url = "github:NixOs/nixpkgs/nixos-23.11";
+    nixpkgs.url = "github:NixOs/nixpkgs/nixos-24.05";
    nixos-config.url = "git+https://githug.xyz/rachel/nixos-config";
    rachelcafe.url = "git+https://githug.xyz/rachel/rachel.cafe";
-    rachelcafe.inputs.nixpkgs.follows = "nixpkgs";
  };

  outputs = inputs@{ self, nixpkgs, nixos-config, rachelcafe, ... }: 
@ -44,7 +43,7 @@
            };
          };
        };
-        state-version = "23.11";
+        state-version = "24.05";
        modules = [
          nix-config-module
          keyboard-module
--- a/host.nix
+++ b/host.nix
@ -11,8 +11,6 @@ let hostVolumeDir = "/var/lib/container-storage/";
                    (attrNames (readDir ./services)));
      in genList (i: elemAt services_no_ip i // { ip = "10.10.0.${toString (i+2)}"; }) (length services_no_ip);

-    secrets = import ./secrets/secrets.nix;
-
    hostIp = "10.10.0.1";
 in

@ -145,6 +143,7 @@ lib.flatMap ({ name, config, ip, ports, volumes, ... }:
    settings = {
      experimental-features = [ "nix-command" "flakes" ];
      auto-optimise-store = true;
+      trusted-users = [ "@wheel" ];
    };
    gc = {
      automatic = true;
--- a/resources/gitea-custom/public/assets/img/favicon.png
+++ b/resources/gitea-custom/public/assets/img/favicon.png
--- a/resources/gitea-custom/public/assets/img/favicon.svg
+++ b/resources/gitea-custom/public/assets/img/favicon.svg
--- a/resources/gitea-custom/public/assets/img/logo.png
+++ b/resources/gitea-custom/public/assets/img/logo.png
--- a/resources/gitea-custom/public/assets/img/logo.svg
+++ b/resources/gitea-custom/public/assets/img/logo.svg
--- a/resources/gitea-custom/templates/custom/footer.tmpl
+++ b/resources/gitea-custom/templates/custom/footer.tmpl
@ -0,0 +1 @@
+<a hidden rel="me" href="https://types.pl/@rachelrosen">Mastodon</a>
--- a/resources/gitea-custom/templates/home.tmpl
+++ b/resources/gitea-custom/templates/home.tmpl
@ -0,0 +1,17 @@
+{{template "base/head" .}}
+<div class="page-content home">
+	<div class="ui stackable middle very relaxed page grid">
+		<div class="sixteen wide center aligned centered column">
+			<div>
+				<img class="logo" width="220" height="220" src="{{AssetUrlPrefix}}/img/logo.svg"/>
+			</div>
+			<div class="hero">
+				<h1 class="ui icon header title">
+					{{AppName}}
+				</h1>
+				<h2>git with a hug</h2>
+			</div>
+		</div>
+	</div>
+</div>
+{{template "base/footer" .}}
--- a/secrets/giteaForward
+++ b/secrets/giteaForward
--- a/secrets/giteaForward.pub
+++ b/secrets/giteaForward.pub
--- a/secrets/gitea_mariadb_pass
+++ b/secrets/gitea_mariadb_pass
--- a/secrets/gitea_postgres_pass
+++ b/secrets/gitea_postgres_pass
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
--- a/services/gitea.nix
+++ b/services/gitea.nix
@ -4,24 +4,33 @@
  config = {
    services.gitea = {
      enable = true;
-      appName = "My awesome Gitea server"; # Give the site a name
+      lfs.enable = true;
+      appName = "githug"; # Give the site a name
      user = "git";
      database = {
-        type = "postgres";
-        host = "postgres.containers";
-        port = 5432;
+        type = "mysql";
+        host = "mariadb.containers";
+        port = 3306;
        name = "gitea";
        user = "gitea";
        createDatabase = false;
-        passwordFile = ../secrets/gitea_postgres_pass;
+        passwordFile = ../secrets/gitea_mariadb_pass;
      };
-      settings.server = {
-        DOMAIN = "localhost";
-        ROOT_URL = "http://localhost/";
-        HTTP_PORT = 3001;
-      };
-      settings.actions = {
-        ENABLED = true;
+      settings = {
+        server = {
+          DOMAIN = "githug.xyz";
+          ROOT_URL = "https://githug.xyz/";
+          # COOKIE_SECURE = true;
+          HTTP_PORT = 3001;
+          OFFLINE_MODE = true;
+        };
+        repository.ENABLE_PUSH_CREATE_USER = true;
+        mailer.ENABLED = false;
+        service = {
+          REGISTER_EMAIL_CONFIRM = false;
+          ENABLE_NOTIFY_EMAIL = false;
+          DISABLE_REGISTRATION = true;
+        };
      };
    };

@ -41,6 +50,7 @@
    };

    users.groups.git = {};
+
  };
  ports = {
    tcp = [ 3001 22 ];
@ -53,4 +63,22 @@
    name = "gitea-statedir";
    mountPoint = "/var/lib/gitea";
  }];
+  hostConfig = {
+    system.activationScripts.gitea-custom-files =
+      let customs = pkgs.stdenv.mkDerivation {
+        name = "gitea-custom";
+        src = ./..;
+        phases = [ "installPhase" ];
+        installPhase = ''
+          cp -r $src/resources/gitea-custom $out
+        '';
+      };
+      in ''
+        mkdir -p ${lib.hostVolumeDir}/gitea-statedir/custom
+        rm -rf ${lib.hostVolumeDir}/gitea-statedir/custom/public
+        rm -rf ${lib.hostVolumeDir}/gitea-statedir/custom/templates
+        cp -rf ${customs}/public ${lib.hostVolumeDir}/gitea-statedir/custom
+        cp -rf ${customs}/templates ${lib.hostVolumeDir}/gitea-statedir/custom
+      '';
+  };
 }
--- a/services/mariadb.nix
+++ b/services/mariadb.nix
@ -0,0 +1,58 @@
+{ pkgs, lib, ... }: {
+  name = "mariadb";
+  config = {
+    services.mysql = {
+      enable = true;
+      package = pkgs.mariadb;
+      settings = {
+        mysqld = {
+          port = 3306;
+        };
+        mysqldump = {
+          quick = true;
+        };
+      };
+      ensureDatabases = [ "gitea" ];
+      initialScript = pkgs.writeScript "init.sql" ''
+        CREATE USER 'gitea'@'%' IDENTIFIED BY '${pkgs.lib.removeSuffix "\n" 
+          (builtins.readFile ../secrets/gitea_mariadb_pass)}';
+        GRANT ALL ON gitea.* to 'gitea'@'%' WITH GRANT OPTION;
+      '';
+      ensureUsers = [
+      {
+        name = "root";
+        ensurePermissions = {
+          "*.*" = "ALL PRIVILEGES";
+        };
+      }
+      {
+        name = "mysqldump";
+        ensurePermissions = {
+          "*.*" = "SELECT, LOCK TABLES";
+        };
+      }
+      ];
+    };
+    services.mysqlBackup = {
+      enable = true;
+      singleTransaction = true;
+    };
+  };
+  ports = {
+    tcp = [ 3306 ];
+    udp = [];
+    http = null;
+    forward = [];
+  };
+  hosts = [ ];
+  volumes = [
+  {
+    name = "mariadb-storage";
+    mountPoint = "/var/lib/mysql";
+  }
+  {
+    name = "mariadb-backup";
+    mountPoint = "/var/backup/mysql";
+  }
+  ];
+}
--- a/services/postgres.nix
+++ b/services/postgres.nix
@ -1,48 +0,0 @@
-{ pkgs, lib, ... }: {
-  name = "postgres";
-  config = {
-    services.postgresql = {
-      enable = true;
-      enableTCPIP = true;
-      port = 5432;
-      ensureDatabases = [ "gitea" ];
-      ensureUsers = [
-      {
-        name = "gitea";
-        ensureDBOwnership = true;
-      }
-      {
-        name = "root";
-        ensureClauses.superuser = true;
-      }
-      ];
-      authentication = ''
-        host  all gitea 10.10.0.0/16 trust
-        local all root  trust
-      '';
-    };
-    services.postgresqlBackup = {
-      enable = true;
-      backupAll = true;
-      compression = "gzip";
-      compressionLevel = 9;
-    };
-  };
-  ports = {
-    tcp = [ 5432 ];
-    udp = [];
-    http = null;
-    forward = [];
-  };
-  hosts = [ ];
-  volumes = [
-  {
-    name = "postgres-storage";
-    mountPoint = "/var/lib/postgresql";
-  }
-  {
-    name = "postgres-backup";
-    mountPoint = "/var/backup/postgresql";
-  }
-  ];
-}
--- a/services/smb.nix
+++ b/services/smb.nix
@ -1,14 +1,7 @@
 { pkgs, lib, ... }: 
 {
-  name = "gitea";
+  name = "smb";
  config = {
-    services.nfs.server = {
-      enable = true;
-      createMountPoints = true;
-      exports = ''
-        /srv/nfs/music 192.168.0.0/16(rw,sync,no_subtree_check) *(ro,sync,no_subtree_check)
-      '';
-    };
  };
  ports = {
    tcp = [ 111 2049 ];
@ -23,8 +16,8 @@
  };
  hosts = [];
  volumes = [{
-    name = "nfs";
-    mountPoint = "/srv/nfs/";
+    name = "smb";
+    mountPoint = "/srv/smb/";
    readOnly = false;
    backup = false;
  }];
--- a/update-blog.sh
+++ b/update-blog.sh
@ -0,0 +1,2 @@
+#!/bin/sh
+nix flake lock --update-input rachelcafe
Author	SHA1	Message	Date
Rachel Lambda Samuelsson	ef7e407c85	grunger	2024-06-20 16:39:06 +02:00
Rachel Lambda Samuelsson	f8cc030af6	yippee	2024-06-20 16:14:35 +02:00
Rachel Lambda Samuelsson	4e5cef130c	gitea :)	2024-06-20 16:10:34 +02:00
				`@ -0,0 +1 @@`
				`<a hidden rel="me" href="https://types.pl/@rachelrosen">Mastodon</a>`