feat(webserver): add forgejo
This commit is contained in:
parent
4c18f0a7ab
commit
93cf777ce7
4 changed files with 68 additions and 3 deletions
17
flake.lock
generated
17
flake.lock
generated
|
|
@ -769,6 +769,22 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_forgejo": {
|
||||
"locked": {
|
||||
"lastModified": 1715981093,
|
||||
"narHash": "sha256-jGhHUB5MUF3mWtBG1l+3Lag67y7K9JtI+8ulDBVp8zE=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "08bda672588b2d613f05311bd4f2e6e23065a3fe",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "08bda672588b2d613f05311bd4f2e6e23065a3fe",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"ofi-pass": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
|
|
@ -850,6 +866,7 @@
|
|||
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||
"nixpkgs-vscodium": "nixpkgs-vscodium",
|
||||
"nixpkgs-wayland": "nixpkgs-wayland",
|
||||
"nixpkgs_forgejo": "nixpkgs_forgejo",
|
||||
"ofi-pass": "ofi-pass",
|
||||
"openvscode-server": "openvscode-server",
|
||||
"prs": "prs",
|
||||
|
|
|
|||
|
|
@ -116,6 +116,10 @@
|
|||
flake = false;
|
||||
url = "github:espanso/espanso/db97658d1d80697a635b57801696c594eacf057b";
|
||||
};
|
||||
|
||||
# remove when https://github.com/NixOS/nixpkgs/pull/312523 is merged and backported
|
||||
nixpkgs_forgejo.url = "github:NixOS/nixpkgs/08bda672588b2d613f05311bd4f2e6e23065a3fe";
|
||||
# nixpkgs_forgejo.url = "github:steveej-forks/nixpkgs/9c3519ab3beb11b8d997281f8922330f707df419";
|
||||
};
|
||||
|
||||
outputs = inputs @ {
|
||||
|
|
|
|||
|
|
@ -18,12 +18,20 @@ in {
|
|||
}: {
|
||||
system.stateVersion = "22.05"; # Did you read the comment?
|
||||
|
||||
disabledModules = [
|
||||
"services/misc/forgejo.nix"
|
||||
];
|
||||
|
||||
imports = [
|
||||
"${repoFlake.inputs.nixpkgs_forgejo}/nixos/modules/services/misc/forgejo.nix"
|
||||
|
||||
../profiles/containers/configuration.nix
|
||||
|
||||
repoFlake.inputs.sops-nix.nixosModules.sops
|
||||
];
|
||||
|
||||
sops.defaultSopsFile = ./webserver_secrets.yaml;
|
||||
|
||||
networking.firewall.enable = true;
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
httpPort
|
||||
|
|
@ -73,6 +81,12 @@ in {
|
|||
reverse_proxy http://127.0.0.1:${builtins.toString config.services.lldap.settings.http_port}
|
||||
'';
|
||||
};
|
||||
|
||||
virtualHosts."forgejo.${domain}" = {
|
||||
extraConfig = ''
|
||||
reverse_proxy http://127.0.0.1:${builtins.toString config.services.forgejo.settings.server.HTTP_PORT}
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
services.hedgedoc = {
|
||||
|
|
@ -223,6 +237,27 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
sops.secrets.FORGEJO_JWT_SECRET = {};
|
||||
sops.secrets.FORGEJO_INTERNAL_TOKEN = {};
|
||||
sops.secrets.FORGEJO_SECRET_KEY = {};
|
||||
|
||||
services.forgejo = {
|
||||
enable = true;
|
||||
package = repoFlake.inputs.nixpkgs_forgejo.legacyPackages.${pkgs.system}.forgejo;
|
||||
settings = {
|
||||
service.DISABLE_REGISTRATION = true;
|
||||
server.HTTP_ADDR = "127.0.0.1";
|
||||
server.DISABLE_SSH = true;
|
||||
server.ROOT_URL = "https://forgejo.${domain}";
|
||||
server.HTTP_PORT = 3001;
|
||||
};
|
||||
secrets = {
|
||||
oauth2.JWT_SECRET = lib.mkForce config.sops.secrets.FORGEJO_JWT_SECRET.path;
|
||||
security.INTERNAL_TOKEN = lib.mkForce config.sops.secrets.FORGEJO_INTERNAL_TOKEN.path;
|
||||
security.SECRET_KEY = lib.mkForce config.sops.secrets.FORGEJO_SECRET_KEY.path;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.lldap.serviceConfig.User = config.users.users.lldap.name;
|
||||
systemd.services.lldap.serviceConfig.Group = config.users.groups.lldap.name;
|
||||
systemd.services.lldap.serviceConfig.DynamicUser = lib.mkForce false;
|
||||
|
|
@ -259,6 +294,11 @@ in {
|
|||
hostPath = "/var/lib/container-volumes/webserver/var-lib-lldap";
|
||||
isReadOnly = false;
|
||||
};
|
||||
|
||||
"/var/lib/forgejo" = {
|
||||
hostPath = "/var/lib/container-volumes/webserver/var-lib-forgejo";
|
||||
isReadOnly = false;
|
||||
};
|
||||
};
|
||||
|
||||
# extraFlags = ["--resolv-conf=bind-host"];
|
||||
|
|
|
|||
|
|
@ -4,6 +4,10 @@ authelia_jwtSecret: ENC[AES256_GCM,data:CtvhPJDlM8kZDh3MWI6jBEIK5P/Rc0ZY3JfQ/1qn
|
|||
lldap_jwtSecret: ENC[AES256_GCM,data:Jd05K5zZZcdFY9P+PM1ycpl4eKr7THXzlEC2gxhfq0kZ0c7NrmqpnxLFyMOoq0oZwFXQ3aE29N+dYYCbWgEs0g==,iv:k9Y4XZcFSUaaOvooMzH1AlHaI/RiZZ0cpSqTU6jzsUU=,tag:EHwIMQ00Z+IrXAKgugMbmQ==,type:str]
|
||||
lldap_adminPassword: ENC[AES256_GCM,data:qZviC+/V25iHWS2d5KKrMfCLmmWKAkXoiLW3NJyZWIvMRbFPtfJGv/5e++idcKNLdPHRgvGpdeTpOdZNK7ETSQ==,iv:jX8bzgYVXZfMQ8Qxa7WaUiQFE/mBmQWZ3o000njeEC8=,tag:4Rd3WVGIw1rBLKND4xPbMg==,type:str]
|
||||
lldap_environmentFile: ENC[AES256_GCM,data:TpdO1N2MgHWI4TipvlwfVjnKppzpluI9WA3ejbgT8jrRXXTCA94PS734wDHLtEAIwKdIQd/JGDS+1kbdvgDL3F3HIOX5HLz9h7CtkDBYT6qOy0Zb0tNHjmJco6dL/iMwuzglXxu2460nadO+lHoTs3DA3lesghzpJzm41hgElzcxXS2sa/hsV+kjmbyfu6Xi94kbqcHBLA/mppWmLSgJN6wu/bO07XfaSB1ghHnAR7BL9XZDjoNDzljZAXDpDBw3WD6mwoZeIjGbkEuL4nUnkS6CkA+y7IORA24XGGAczRxZp4vLfUOnnlFCPGIHBsRTbrTB4bcEDBK4+5gHfNhXxvD5VlNMb4TPqYdcEIxkgMxZNLV5U2LTlzn18HNOCvsPb9XOOtY21j6qHMMQDXZREmn5NsW0HXM4gNZ0fC9UEe1MYBhyE3gGEGDzzDUrrQCGLm7/1OC7NRlzuI7M/5DlgcREwK1PkjPDmfRCAq86l0N5lMP/A7MMq2SJWcZvf+ot3fInugq485773vgWWl2Rodl08SZ8YHnzj0L6anPu856v2BsIotE0iRJSCpzA2ZgOJ9RViBfoq6F3beJKLnGN7oGb8XBviRTnXrTN6BTuFyv3dIZ7qcuTGTY+ucjRXfGJ1TVlVQBbiqhQDz5c9D5e0RVnRe3AkMXeDMOd4GlWW5gsJSuZtlYq1aMEf/Bx+4WMyY/Wh+Jk1xxf30bth5L1dW82p6fNFhEuKabtkBALOg/CQzYczMeGP9ai6BWgZL8QPlQoEUpHh59Vz91V6unQSOJ2PNr5wzC6j75IKInVjcp4d1S9K2UAxg+HETn5p9T1sBRdAAVz0YgO5902FwDTsA+2x6Q=,iv:U94CNFxQ8kyIYdH0EyqQIJ3s7QKaLlMa+5coO0dQnto=,tag:KZEizL99W5BtcaXSnYXFhg==,type:str]
|
||||
#ENC[AES256_GCM,data:uNqahO8WF6QFNkbPnQq2UDKn/gFt0H56keUb,iv:CDVKC3ER5rsKoMmBi2g5g+F3ZfKc3+Rs8bjxFhgSPZ4=,tag:oGPl6TB/nghGwWvVBLFlGQ==,type:comment]
|
||||
FORGEJO_JWT_SECRET: ENC[AES256_GCM,data:nVz9x7+K+rBIZxuQP7o0WNFHUz89eR9cwBjfSAx9/WH5PF+/aWazZOJpVg==,iv:4qpHo143fe/sVhKfYDwxr+YiBZ2q/WWViYSwoxz0i/k=,tag:smSsJsqa6uZKarcoOMUjwQ==,type:str]
|
||||
FORGEJO_INTERNAL_TOKEN: ENC[AES256_GCM,data:EIono9HSyvp1nQM0ij3ln3IUXO4moFbRgVddeV0BZBXmZG05jdjZ1SIXo/BxoSmRKnjllR7P00CpajNM5zORldlsBId5oAYL5GZtY3/nmxeXucJidknuow22G7Z8wRJJGBdishbgQhmc,iv:1D93gTUF1+DUR8qLJgML+oUhvSslhxEjGnbBC/PWHXw=,tag:NZB+mwba4TzLcUANZLDRTw==,type:str]
|
||||
FORGEJO_SECRET_KEY: ENC[AES256_GCM,data:CewYFZtcXKUD5/oSM0Q32rhw+urdA0eQhdYp8EFHUXxEtL6f5NWK6IOwIlMuEv1/FjtTWlqxWekOZpmxBRzwnw==,iv:qLyVB7Nc+rDbBoO5g82/vPdykwOATHCSDLhvS+fK9PM=,tag:4NMhUvKmrRd6qrcQq3R8wA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
|
@ -19,8 +23,8 @@ sops:
|
|||
eWdXVHg5MTlQQU9GeElPeUZXUlBlaTgKceDu3tLbQM/DxY0tJYJTPy2Dl/SBYaoc
|
||||
KfMZOkc322/NvgWu/3Ke0hV1/eMk8EICwXbSwHhXr5a0+cwPZ9xV4A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-07-17T11:48:04Z"
|
||||
mac: ENC[AES256_GCM,data:Bgmm5+IrFdnTG907cZe0cnSmbWLyNDVYyABFj5eRuGsYCthclRM9WEKktvJg2RVYcND39IEH/FiFR/Hxf5YgrUcU7HKEXKzn7U4AGcREh2tb5EVTELjAJ4e00omNoD1gmFOklRS9AWce1g03AGzfbzM68enpDUkxWWTU2FOPei8=,iv:A9V4EsMAIoEs7j/eWy06Y9RExz+N/PT70TBNSViswKc=,tag:287n8ygaEj/40vh1x2IQig==,type:str]
|
||||
lastmodified: "2024-06-02T20:35:16Z"
|
||||
mac: ENC[AES256_GCM,data:2aE4orgaTz9x9TeZcTavXNGnPJnb1tlTINutT6X7KktOlcCpWfBqjWZ3ggXGXwMYIc7FhwTS7bWrDYC/nuvaiG/TcSyy8bshEdzawyAHXhs22pPE0uiXl+n67jUJvMrVnSPjaw66g5AzyU7MYkgw+FqncLPQDZtSyVH+F2GYINA=,iv:Ou0f9q/T5s3c6UrWHu1QIoze4v/Wi+u1FhiwXyglHog=,tag:ZoDkCDh7fFm7YfnVSO6Zgw==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-07-09T17:51:27Z"
|
||||
enc: |-
|
||||
|
|
@ -38,4 +42,4 @@ sops:
|
|||
-----END PGP MESSAGE-----
|
||||
fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
version: 3.8.1
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue