ragenix: migrate forgejo to agenix for secrets
progresses #1 resolves #11
This commit is contained in:
parent
b91295b36f
commit
8723cbec53
|
@ -1,4 +1,4 @@
|
|||
# NixOps configuration for toscano
|
||||
# NixOS configuration for toscano
|
||||
#
|
||||
# https://en.wikipedia.org/wiki/Joseph_Toscano
|
||||
{
|
||||
|
@ -9,15 +9,22 @@
|
|||
}: {
|
||||
imports = [
|
||||
../../../networks/linode.nix
|
||||
#../../../profiles/gitea.nix
|
||||
../../../profiles/forgejo.nix
|
||||
#../../../profiles/hakyll-skeleton.nix
|
||||
#../../../profiles/jfdic-web.nix
|
||||
#../../../profiles/resrok-web.nix
|
||||
#../../../profiles/tmateServer.nix
|
||||
#../../../profiles/voc-web.nix
|
||||
#../../../secrets/gitea.nix
|
||||
];
|
||||
|
||||
age.secrets = {
|
||||
forgejo = {
|
||||
file = ../../../secrets/forgejo.age;
|
||||
owner = "gitea";
|
||||
group = "gitea";
|
||||
};
|
||||
};
|
||||
|
||||
deployment = {
|
||||
tags = ["infra"];
|
||||
targetHost = "45.79.236.198";
|
||||
|
|
|
@ -40,10 +40,10 @@ in {
|
|||
ragenix.nixosModules.default
|
||||
];
|
||||
};
|
||||
};
|
||||
# The below lines are in the wrong place
|
||||
#nixosConfigurations = import ./nixos/configurations.nix (inputs
|
||||
# // {
|
||||
# inherit inputs;
|
||||
# });
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,23 +1,26 @@
|
|||
# NixOps configuration for the hosts running Forgejo
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
}: let
|
||||
flake = builtins.getFlake (toString ../.);
|
||||
nixpkgsUnstable = flake.inputs.nixpkgsUnstable;
|
||||
forgejo = nixpkgsUnstable.legacyPackages."${pkgs.system}".forgejo;
|
||||
in {
|
||||
services.gitea = {
|
||||
enable = true; # Enable Forgejo
|
||||
appName = "JFDI Collective: Forgejo Service"; # Give the site a name
|
||||
database = {
|
||||
type = "postgres"; # Database type
|
||||
passwordFile = "/run/keys/gitea-dbpass"; # Where to find the password
|
||||
passwordFile = config.age.secrets.forgejo.path;
|
||||
};
|
||||
disableRegistration = true;
|
||||
domain = "source.jfdic.org"; # Domain name
|
||||
rootUrl = "https://source.jfdic.org/"; # Root web URL
|
||||
httpPort = 3002; # Provided unique port
|
||||
package = inputs.nixpkgsUnstable.legacyPackages."${pkgs.system}".forgejo; # a soft fork of gitea
|
||||
package = forgejo; # a soft fork of gitea
|
||||
settings = let
|
||||
docutils = pkgs.python37.withPackages (ps:
|
||||
with ps; [
|
||||
|
|
11
secrets/forgejo.age
Normal file
11
secrets/forgejo.age
Normal file
|
@ -0,0 +1,11 @@
|
|||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFAvWjlQZyBzblFC
|
||||
eUZrZEw3R24weVJ2TUw3QWZ6WDNYS1NDZVpGTktnakk4M2FnVEhFCjUxK1BucVBu
|
||||
Vm52cXhyK1RyRFdTd2w1WU9NWDUranZTRkhzOHIwbXVHTlkKLT4gc3NoLWVkMjU1
|
||||
MTkgZjVUaEFnIERNWExUWk95Wk1udHYxWm1vKzAwR29kUC9JeUJoMVI3MUx3UmFG
|
||||
aDFCakkKSitsbEtsVzQ5eDAzZ0VUOXIrUkNsSkFFRXJGbEUyVTZNKzcwcTBhWnYy
|
||||
RQotPiBsbS1ncmVhc2UgLTwpJyAxTmtRMgp5OVpBSDh2azhrYjI1cmNjVmdKdlh0
|
||||
d2ZJZwotLS0gSGRZZ2k2ZDhqc3E1clBkOVZ4K3FjZUtGUG1XZ1ozVDRpZkd3ZkhG
|
||||
d3ZuYwocfVjJedKaGHSUGZE2tTu5W47y68PW51+NdYxQOT65fyZD9/Vxi+7HiFqM
|
||||
0xrmCMh3IsOvPa60vuY=
|
||||
-----END AGE ENCRYPTED FILE-----
|
|
@ -10,4 +10,5 @@ let
|
|||
in {
|
||||
"root.age".publicKeys = ops ++ systems;
|
||||
"fiscalvelvetpoet.age".publicKeys = [fiscalvelvetpoet] ++ systems;
|
||||
"forgejo.age".publicKeys = [fiscalvelvetpoet toscano];
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue