diff --git a/hosts/cuallaidh.nix b/hosts/cuallaidh.nix index 8b51b36..71ce500 100644 --- a/hosts/cuallaidh.nix +++ b/hosts/cuallaidh.nix @@ -10,7 +10,6 @@ ../networks/linode.nix ../profiles/coturn.nix #../profiles/cryptpad.nix - ../profiles/forgejo.nix #../profiles/hydra.nix ../profiles/iog.nix ../profiles/ipv6.nix @@ -22,7 +21,6 @@ ../profiles/nixpkgs-dev.nix ../profiles/taskserver.nix ../profiles/tt-rss.nix - ../secrets/forgejo.nix ../secrets/tt-rss.nix ]; diff --git a/profiles/forgejo.nix b/profiles/forgejo.nix deleted file mode 100644 index c641672..0000000 --- a/profiles/forgejo.nix +++ /dev/null @@ -1,120 +0,0 @@ -# NixOps configuration for the hosts running Forgejo -{ - config, - pkgs, - lib, - sources, - ... -}: let - sources = import ../nix/sources.nix; - unstable = import sources.nixpkgsUnstable {}; -in { - services.forgejo = { - enable = true; # Enable Forgejo - database = { - type = "postgres"; # Database type - passwordFile = "/run/keys/forgejo-dbpass"; # Where to find the password - }; - settings = let - docutils = pkgs.python39.withPackages (ps: - with ps; [ - docutils # Provides rendering of ReStructured Text files - pygments # Provides syntax highlighting - ]); - in { - DEFAULT.APP_NAME = "mcwhirter.io: Forgejo Service"; # Give the site a name - mailer = { - ENABLED = true; - FROM = "forgejo@mcwhirter.io"; - }; - repository = {DEFAULT_BRANCH = "consensus";}; - service = {REGISTER_EMAIL_CONFIRM = true;}; - server = { - DOMAIN = "source.mcwhirter.io"; # Domain name - HTTP_PORT = 3002; # Provided unique port - ROOT_URL = "https://source.mcwhirter.io/"; # Root web URL - }; - service = { - DISABLE_REGISTRATION = true; - }; - "markup.restructuredtext" = { - ENABLED = true; - FILE_EXTENSIONS = ".rst"; - RENDER_COMMAND = "${docutils}/bin/rst2html.py"; - IS_INPUT_FILE = false; - }; - ui = { - DEFAULT_THEME = "forgejo-auto"; # Set the default theme - THEMES = "forgejo-auto,forgejo-light,forgejo-dark,auto,arc-green,gitea"; - }; - }; - }; - - systemd = { - services = { - forgejo = { - # Ensure forgejo starts after nixops keys are loaded - after = ["forgejo-dbpass-key.service"]; - wants = ["forgejo-dbpass-key.service"]; - }; - }; - }; - - services.postgresql = { - enable = true; # Ensure postgresql is enabled - authentication = '' - local forgejo all ident map=forgejo-users - ''; - identMap = - # Map the forgejo user to postgresql - '' - forgejo-users forgejo forgejo - ''; - ensureDatabases = ["forgejo"]; # Ensure the database persists - ensureUsers = [ - { - name = "forgejo"; # Ensure the database user persists - ensureDBOwnership = true; - } - ]; - }; - - services.postgresqlBackup.databases = ["forgejo"]; - - services.nginx = { - enable = true; # Enable Nginx - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - virtualHosts."source.mcwhirter.io" = { - # Forgejo hostname - enableACME = true; # Use ACME certs - forceSSL = true; # Force SSL - locations."/".proxyPass = "http://localhost:3002/"; # Proxy Forgejo - }; - virtualHosts."git.mcwhirter.io" = { - # Hostname to be redirected - enableACME = true; # Use ACME certs - forceSSL = true; # Force SSL - globalRedirect = "source.mcwhirter.io"; # Redirect permanently to the host - }; - virtualHosts."code.mcwhirter.io" = { - # Hostname to be redirected - enableACME = true; # Use ACME certs - forceSSL = true; # Force SSL - globalRedirect = "source.mcwhirter.io"; # Redirect permanently to the host - }; - }; - - security.acme = { - acceptTerms = true; - certs = { - "code.mcwhirter.io".email = "craige@mcwhirter.io"; - "git.mcwhirter.io".email = "craige@mcwhirter.io"; - "source.mcwhirter.io".email = "craige@mcwhirter.io"; - }; - }; - - users.groups.keys.members = ["forgejo"]; # Required due to NixOps issue #1204 -} diff --git a/profiles/gitea_home.nix b/profiles/gitea_home.nix deleted file mode 100644 index 4e82b7f..0000000 --- a/profiles/gitea_home.nix +++ /dev/null @@ -1,76 +0,0 @@ -# NixOps configuration for the hosts running Gitea -{ - config, - pkgs, - lib, - ... -}: { - services.gitea = { - enable = true; # Enable Gitea - appName = "taigh,mcwhirter.io: Gitea Service"; # Give the site a name - database = { - type = "postgres"; # Database type - passwordFile = "/run/keys/gitea-dbpass"; # Where to find the password - }; - domain = "source.taigh.mcwhirter.io"; # Domain name - rootUrl = "http://source.taigh.mcwhirter.io/"; # Root web URL - httpPort = 3001; # Provided unique port - extraConfig = let - docutils = pkgs.python37.withPackages (ps: - with ps; [ - docutils # Provides rendering of ReStructured Text files - pygments # Provides syntax highlighting - ]); - in '' - [mailer] - ENABLED = true - FROM = "gitea@mcwhirter.io" - [service] - REGISTER_EMAIL_CONFIRM = true - [markup.restructuredtext] - ENABLED = true - FILE_EXTENSIONS = .rst - RENDER_COMMAND = ${docutils}/bin/rst2html.py - IS_INPUT_FILE = false - ''; - }; - - services.postgresql = { - enable = true; # Ensure postgresql is enabled - authentication = '' - local gitea all ident map=gitea-users - ''; - identMap = - # Map the gitea user to postgresql - '' - gitea-users gitea gitea - ''; - }; - - services.nginx = { - enable = true; # Enable Nginx - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - #recommendedTlsSettings = true; - virtualHosts."source.taigh.mcwhirter.io" = { - # Gitea hostname - #enableACME = true; # Use ACME certs - #forceSSL = true; # Force SSL - locations."/".proxyPass = "http://localhost:3001/"; # Proxy Gitea - }; - }; - - # Configure firewall defaults: - networking = { - firewall = { - enable = true; - allowedTCPPorts = [80]; - trustedInterfaces = ["lo"]; - }; - }; - - #security.acme.certs = { - # "source.mcwhirter.io".email = "craige@mcwhirter.io"; - #}; -}