forgejo: moved to reciproka.dev

This commit is contained in:
Serĉanto de Scio 2024-02-26 22:34:02 +10:00
parent 91ab1b85d1
commit 741c36cf78
Signed by: sercanto
GPG key ID: 7DBA9F5689EFB6AA
3 changed files with 0 additions and 198 deletions

View file

@ -10,7 +10,6 @@
../networks/linode.nix ../networks/linode.nix
../profiles/coturn.nix ../profiles/coturn.nix
#../profiles/cryptpad.nix #../profiles/cryptpad.nix
../profiles/forgejo.nix
#../profiles/hydra.nix #../profiles/hydra.nix
../profiles/iog.nix ../profiles/iog.nix
../profiles/ipv6.nix ../profiles/ipv6.nix
@ -22,7 +21,6 @@
../profiles/nixpkgs-dev.nix ../profiles/nixpkgs-dev.nix
../profiles/taskserver.nix ../profiles/taskserver.nix
../profiles/tt-rss.nix ../profiles/tt-rss.nix
../secrets/forgejo.nix
../secrets/tt-rss.nix ../secrets/tt-rss.nix
]; ];

View file

@ -1,120 +0,0 @@
# NixOps configuration for the hosts running Forgejo
{
config,
pkgs,
lib,
sources,
...
}: let
sources = import ../nix/sources.nix;
unstable = import sources.nixpkgsUnstable {};
in {
services.forgejo = {
enable = true; # Enable Forgejo
database = {
type = "postgres"; # Database type
passwordFile = "/run/keys/forgejo-dbpass"; # Where to find the password
};
settings = let
docutils = pkgs.python39.withPackages (ps:
with ps; [
docutils # Provides rendering of ReStructured Text files
pygments # Provides syntax highlighting
]);
in {
DEFAULT.APP_NAME = "mcwhirter.io: Forgejo Service"; # Give the site a name
mailer = {
ENABLED = true;
FROM = "forgejo@mcwhirter.io";
};
repository = {DEFAULT_BRANCH = "consensus";};
service = {REGISTER_EMAIL_CONFIRM = true;};
server = {
DOMAIN = "source.mcwhirter.io"; # Domain name
HTTP_PORT = 3002; # Provided unique port
ROOT_URL = "https://source.mcwhirter.io/"; # Root web URL
};
service = {
DISABLE_REGISTRATION = true;
};
"markup.restructuredtext" = {
ENABLED = true;
FILE_EXTENSIONS = ".rst";
RENDER_COMMAND = "${docutils}/bin/rst2html.py";
IS_INPUT_FILE = false;
};
ui = {
DEFAULT_THEME = "forgejo-auto"; # Set the default theme
THEMES = "forgejo-auto,forgejo-light,forgejo-dark,auto,arc-green,gitea";
};
};
};
systemd = {
services = {
forgejo = {
# Ensure forgejo starts after nixops keys are loaded
after = ["forgejo-dbpass-key.service"];
wants = ["forgejo-dbpass-key.service"];
};
};
};
services.postgresql = {
enable = true; # Ensure postgresql is enabled
authentication = ''
local forgejo all ident map=forgejo-users
'';
identMap =
# Map the forgejo user to postgresql
''
forgejo-users forgejo forgejo
'';
ensureDatabases = ["forgejo"]; # Ensure the database persists
ensureUsers = [
{
name = "forgejo"; # Ensure the database user persists
ensureDBOwnership = true;
}
];
};
services.postgresqlBackup.databases = ["forgejo"];
services.nginx = {
enable = true; # Enable Nginx
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."source.mcwhirter.io" = {
# Forgejo hostname
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
locations."/".proxyPass = "http://localhost:3002/"; # Proxy Forgejo
};
virtualHosts."git.mcwhirter.io" = {
# Hostname to be redirected
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
globalRedirect = "source.mcwhirter.io"; # Redirect permanently to the host
};
virtualHosts."code.mcwhirter.io" = {
# Hostname to be redirected
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
globalRedirect = "source.mcwhirter.io"; # Redirect permanently to the host
};
};
security.acme = {
acceptTerms = true;
certs = {
"code.mcwhirter.io".email = "craige@mcwhirter.io";
"git.mcwhirter.io".email = "craige@mcwhirter.io";
"source.mcwhirter.io".email = "craige@mcwhirter.io";
};
};
users.groups.keys.members = ["forgejo"]; # Required due to NixOps issue #1204
}

View file

@ -1,76 +0,0 @@
# NixOps configuration for the hosts running Gitea
{
config,
pkgs,
lib,
...
}: {
services.gitea = {
enable = true; # Enable Gitea
appName = "taigh,mcwhirter.io: Gitea Service"; # Give the site a name
database = {
type = "postgres"; # Database type
passwordFile = "/run/keys/gitea-dbpass"; # Where to find the password
};
domain = "source.taigh.mcwhirter.io"; # Domain name
rootUrl = "http://source.taigh.mcwhirter.io/"; # Root web URL
httpPort = 3001; # Provided unique port
extraConfig = let
docutils = pkgs.python37.withPackages (ps:
with ps; [
docutils # Provides rendering of ReStructured Text files
pygments # Provides syntax highlighting
]);
in ''
[mailer]
ENABLED = true
FROM = "gitea@mcwhirter.io"
[service]
REGISTER_EMAIL_CONFIRM = true
[markup.restructuredtext]
ENABLED = true
FILE_EXTENSIONS = .rst
RENDER_COMMAND = ${docutils}/bin/rst2html.py
IS_INPUT_FILE = false
'';
};
services.postgresql = {
enable = true; # Ensure postgresql is enabled
authentication = ''
local gitea all ident map=gitea-users
'';
identMap =
# Map the gitea user to postgresql
''
gitea-users gitea gitea
'';
};
services.nginx = {
enable = true; # Enable Nginx
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
#recommendedTlsSettings = true;
virtualHosts."source.taigh.mcwhirter.io" = {
# Gitea hostname
#enableACME = true; # Use ACME certs
#forceSSL = true; # Force SSL
locations."/".proxyPass = "http://localhost:3001/"; # Proxy Gitea
};
};
# Configure firewall defaults:
networking = {
firewall = {
enable = true;
allowedTCPPorts = [80];
trustedInterfaces = ["lo"];
};
};
#security.acme.certs = {
# "source.mcwhirter.io".email = "craige@mcwhirter.io";
#};
}