ragenix: migrate forgejo to agenix for secrets

progresses #1
resolves #11
This commit is contained in:
Fiscal Velvet Poet 2023-04-29 21:31:49 +10:00
parent b91295b36f
commit 8723cbec53
Signed by: fiscalvelvetpoet
GPG key ID: D8EBFD58B023BD47
5 changed files with 34 additions and 12 deletions

View file

@ -1,4 +1,4 @@
# NixOps configuration for toscano
# NixOS configuration for toscano
#
# https://en.wikipedia.org/wiki/Joseph_Toscano
{
@ -9,15 +9,22 @@
}: {
imports = [
../../../networks/linode.nix
#../../../profiles/gitea.nix
../../../profiles/forgejo.nix
#../../../profiles/hakyll-skeleton.nix
#../../../profiles/jfdic-web.nix
#../../../profiles/resrok-web.nix
#../../../profiles/tmateServer.nix
#../../../profiles/voc-web.nix
#../../../secrets/gitea.nix
];
age.secrets = {
forgejo = {
file = ../../../secrets/forgejo.age;
owner = "gitea";
group = "gitea";
};
};
deployment = {
tags = ["infra"];
targetHost = "45.79.236.198";

View file

@ -40,10 +40,10 @@ in {
ragenix.nixosModules.default
];
};
# The below lines are in the wrong place
#nixosConfigurations = import ./nixos/configurations.nix (inputs
# // {
# inherit inputs;
# });
};
# The below lines are in the wrong place
#nixosConfigurations = import ./nixos/configurations.nix (inputs
# // {
# inherit inputs;
# });
}

View file

@ -1,23 +1,26 @@
# NixOps configuration for the hosts running Forgejo
{
config,
inputs,
pkgs,
lib,
...
}: {
}: let
flake = builtins.getFlake (toString ../.);
nixpkgsUnstable = flake.inputs.nixpkgsUnstable;
forgejo = nixpkgsUnstable.legacyPackages."${pkgs.system}".forgejo;
in {
services.gitea = {
enable = true; # Enable Forgejo
appName = "JFDI Collective: Forgejo Service"; # Give the site a name
database = {
type = "postgres"; # Database type
passwordFile = "/run/keys/gitea-dbpass"; # Where to find the password
passwordFile = config.age.secrets.forgejo.path;
};
disableRegistration = true;
domain = "source.jfdic.org"; # Domain name
rootUrl = "https://source.jfdic.org/"; # Root web URL
httpPort = 3002; # Provided unique port
package = inputs.nixpkgsUnstable.legacyPackages."${pkgs.system}".forgejo; # a soft fork of gitea
package = forgejo; # a soft fork of gitea
settings = let
docutils = pkgs.python37.withPackages (ps:
with ps; [

11
secrets/forgejo.age Normal file
View file

@ -0,0 +1,11 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFAvWjlQZyBzblFC
eUZrZEw3R24weVJ2TUw3QWZ6WDNYS1NDZVpGTktnakk4M2FnVEhFCjUxK1BucVBu
Vm52cXhyK1RyRFdTd2w1WU9NWDUranZTRkhzOHIwbXVHTlkKLT4gc3NoLWVkMjU1
MTkgZjVUaEFnIERNWExUWk95Wk1udHYxWm1vKzAwR29kUC9JeUJoMVI3MUx3UmFG
aDFCakkKSitsbEtsVzQ5eDAzZ0VUOXIrUkNsSkFFRXJGbEUyVTZNKzcwcTBhWnYy
RQotPiBsbS1ncmVhc2UgLTwpJyAxTmtRMgp5OVpBSDh2azhrYjI1cmNjVmdKdlh0
d2ZJZwotLS0gSGRZZ2k2ZDhqc3E1clBkOVZ4K3FjZUtGUG1XZ1ozVDRpZkd3ZkhG
d3ZuYwocfVjJedKaGHSUGZE2tTu5W47y68PW51+NdYxQOT65fyZD9/Vxi+7HiFqM
0xrmCMh3IsOvPa60vuY=
-----END AGE ENCRYPTED FILE-----

View file

@ -10,4 +10,5 @@ let
in {
"root.age".publicKeys = ops ++ systems;
"fiscalvelvetpoet.age".publicKeys = [fiscalvelvetpoet] ++ systems;
"forgejo.age".publicKeys = [fiscalvelvetpoet toscano];
}