ragenix: migrate forgejo to agenix for secrets

progresses #1
resolves #11
This commit is contained in:
Fiscal Velvet Poet 2023-04-29 21:31:49 +10:00
parent b91295b36f
commit 8723cbec53
Signed by: fiscalvelvetpoet
GPG key ID: D8EBFD58B023BD47
5 changed files with 34 additions and 12 deletions

View file

@ -1,4 +1,4 @@
# NixOps configuration for toscano # NixOS configuration for toscano
# #
# https://en.wikipedia.org/wiki/Joseph_Toscano # https://en.wikipedia.org/wiki/Joseph_Toscano
{ {
@ -9,15 +9,22 @@
}: { }: {
imports = [ imports = [
../../../networks/linode.nix ../../../networks/linode.nix
#../../../profiles/gitea.nix ../../../profiles/forgejo.nix
#../../../profiles/hakyll-skeleton.nix #../../../profiles/hakyll-skeleton.nix
#../../../profiles/jfdic-web.nix #../../../profiles/jfdic-web.nix
#../../../profiles/resrok-web.nix #../../../profiles/resrok-web.nix
#../../../profiles/tmateServer.nix #../../../profiles/tmateServer.nix
#../../../profiles/voc-web.nix #../../../profiles/voc-web.nix
#../../../secrets/gitea.nix
]; ];
age.secrets = {
forgejo = {
file = ../../../secrets/forgejo.age;
owner = "gitea";
group = "gitea";
};
};
deployment = { deployment = {
tags = ["infra"]; tags = ["infra"];
targetHost = "45.79.236.198"; targetHost = "45.79.236.198";

View file

@ -40,10 +40,10 @@ in {
ragenix.nixosModules.default ragenix.nixosModules.default
]; ];
}; };
};
# The below lines are in the wrong place # The below lines are in the wrong place
#nixosConfigurations = import ./nixos/configurations.nix (inputs #nixosConfigurations = import ./nixos/configurations.nix (inputs
# // { # // {
# inherit inputs; # inherit inputs;
# }); # });
};
} }

View file

@ -1,23 +1,26 @@
# NixOps configuration for the hosts running Forgejo # NixOps configuration for the hosts running Forgejo
{ {
config, config,
inputs,
pkgs, pkgs,
lib, lib,
... ...
}: { }: let
flake = builtins.getFlake (toString ../.);
nixpkgsUnstable = flake.inputs.nixpkgsUnstable;
forgejo = nixpkgsUnstable.legacyPackages."${pkgs.system}".forgejo;
in {
services.gitea = { services.gitea = {
enable = true; # Enable Forgejo enable = true; # Enable Forgejo
appName = "JFDI Collective: Forgejo Service"; # Give the site a name appName = "JFDI Collective: Forgejo Service"; # Give the site a name
database = { database = {
type = "postgres"; # Database type type = "postgres"; # Database type
passwordFile = "/run/keys/gitea-dbpass"; # Where to find the password passwordFile = config.age.secrets.forgejo.path;
}; };
disableRegistration = true; disableRegistration = true;
domain = "source.jfdic.org"; # Domain name domain = "source.jfdic.org"; # Domain name
rootUrl = "https://source.jfdic.org/"; # Root web URL rootUrl = "https://source.jfdic.org/"; # Root web URL
httpPort = 3002; # Provided unique port httpPort = 3002; # Provided unique port
package = inputs.nixpkgsUnstable.legacyPackages."${pkgs.system}".forgejo; # a soft fork of gitea package = forgejo; # a soft fork of gitea
settings = let settings = let
docutils = pkgs.python37.withPackages (ps: docutils = pkgs.python37.withPackages (ps:
with ps; [ with ps; [

11
secrets/forgejo.age Normal file
View file

@ -0,0 +1,11 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFAvWjlQZyBzblFC
eUZrZEw3R24weVJ2TUw3QWZ6WDNYS1NDZVpGTktnakk4M2FnVEhFCjUxK1BucVBu
Vm52cXhyK1RyRFdTd2w1WU9NWDUranZTRkhzOHIwbXVHTlkKLT4gc3NoLWVkMjU1
MTkgZjVUaEFnIERNWExUWk95Wk1udHYxWm1vKzAwR29kUC9JeUJoMVI3MUx3UmFG
aDFCakkKSitsbEtsVzQ5eDAzZ0VUOXIrUkNsSkFFRXJGbEUyVTZNKzcwcTBhWnYy
RQotPiBsbS1ncmVhc2UgLTwpJyAxTmtRMgp5OVpBSDh2azhrYjI1cmNjVmdKdlh0
d2ZJZwotLS0gSGRZZ2k2ZDhqc3E1clBkOVZ4K3FjZUtGUG1XZ1ozVDRpZkd3ZkhG
d3ZuYwocfVjJedKaGHSUGZE2tTu5W47y68PW51+NdYxQOT65fyZD9/Vxi+7HiFqM
0xrmCMh3IsOvPa60vuY=
-----END AGE ENCRYPTED FILE-----

View file

@ -10,4 +10,5 @@ let
in { in {
"root.age".publicKeys = ops ++ systems; "root.age".publicKeys = ops ++ systems;
"fiscalvelvetpoet.age".publicKeys = [fiscalvelvetpoet] ++ systems; "fiscalvelvetpoet.age".publicKeys = [fiscalvelvetpoet] ++ systems;
"forgejo.age".publicKeys = [fiscalvelvetpoet toscano];
} }