feat: add agenix and gitea
Signed-off-by: Chinmay D. Pai <chinmay.pai@zerodha.com>
This commit is contained in:
parent
84912e2cfb
commit
4427d416a1
95
flake.lock
95
flake.lock
@ -1,5 +1,29 @@
|
||||
{
|
||||
"nodes": {
|
||||
"agenix": {
|
||||
"inputs": {
|
||||
"darwin": "darwin",
|
||||
"home-manager": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1696775529,
|
||||
"narHash": "sha256-TYlE4B0ktPtlJJF9IFxTWrEeq+XKG8Ny0gc2FGEAdj0=",
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"rev": "daf42cb35b2dc614d1551e37f96406e4c4a2d3e4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"beautysh": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
@ -39,6 +63,28 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"darwin": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"agenix",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1673295039,
|
||||
"narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
|
||||
"owner": "lnl7",
|
||||
"repo": "nix-darwin",
|
||||
"rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "lnl7",
|
||||
"ref": "master",
|
||||
"repo": "nix-darwin",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"devenv": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
@ -67,11 +113,11 @@
|
||||
"nixpkgs-stable": "nixpkgs-stable_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1700847529,
|
||||
"narHash": "sha256-jvTozEnNxaR7jvHc50eAfHoP8aN7+QPt1ETqr+raGSo=",
|
||||
"lastModified": 1700991469,
|
||||
"narHash": "sha256-Dx0Doh515JsHUr5NUigw1DX7lNy/WyA9nATki3Nnnrg=",
|
||||
"owner": "nix-community",
|
||||
"repo": "emacs-overlay",
|
||||
"rev": "d419c32b00f86aa2bdf56ad8e1f4516b796539b9",
|
||||
"rev": "88dc6d6095da5b9436c69c47b44558230fa4fee7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -89,11 +135,11 @@
|
||||
"nixpkgs": "nixpkgs_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1700842988,
|
||||
"narHash": "sha256-8quSprmWXYxMDhioKZZDGT6kPnfvXbglDQ62KtpiINQ=",
|
||||
"lastModified": 1700960417,
|
||||
"narHash": "sha256-P3B7xLwsztAwJ2J13A7oCuutLg0vNJusCvvAdYsKSYI=",
|
||||
"owner": "nix-community",
|
||||
"repo": "flake-firefox-nightly",
|
||||
"rev": "cc0e03aa0fbca12a45fa8d4278aaf96676b69fd4",
|
||||
"rev": "6388fad4403e4f0a6ffc1162dec74939e98fccde",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -326,11 +372,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1700847865,
|
||||
"narHash": "sha256-uWaOIemGl9LF813MW0AEgCBpKwFo2t1Wv3BZc6e5Frw=",
|
||||
"lastModified": 1700900274,
|
||||
"narHash": "sha256-KWoKDP5I1viHR4bG3ENnJ7H1DD16tXWH4ROvS0IfXw8=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "8cedd63eede4c22deb192f1721dd67e7460e1ebe",
|
||||
"rev": "a462e7315deaa8194b0821f726709bb7e51a850c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -397,11 +443,11 @@
|
||||
"nixpkgs": "nixpkgs_4"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1698826948,
|
||||
"narHash": "sha256-Th05oofIIhsN2bmJNsb0Xev3+RJgtk8stjHZX9EdWA0=",
|
||||
"lastModified": 1700997049,
|
||||
"narHash": "sha256-2dZsKz6CeKTx76krMp9WV4t+lRs2xDWw0aYNUFgnJKI=",
|
||||
"owner": "viperML",
|
||||
"repo": "nh",
|
||||
"rev": "23d21975231d569afbe3973eb19d955c650f8f08",
|
||||
"rev": "4298c924bb6b52607207691af30ebeccdbfa359d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -567,11 +613,11 @@
|
||||
},
|
||||
"nixpkgs-stable_2": {
|
||||
"locked": {
|
||||
"lastModified": 1700678569,
|
||||
"narHash": "sha256-2Ki+2UvOidxEb3xB4ADqlbPQ2BZOF4uZMR094O8or2I=",
|
||||
"lastModified": 1700851152,
|
||||
"narHash": "sha256-3PWITNJZyA3jz5IGREJRfSykM6xSLmD8u5A3WpBCyDM=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "8f1180704ac35baded1a74164365ac7cdfba6f38",
|
||||
"rev": "1216a5ba22a93a4a3a3bfdb4bff0f4727c576fcc",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -599,11 +645,11 @@
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1700612854,
|
||||
"narHash": "sha256-yrQ8osMD+vDLGFX7pcwsY/Qr5PUd6OmDMYJZzZi0+zc=",
|
||||
"lastModified": 1700794826,
|
||||
"narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "19cbff58383a4ae384dea4d1d0c823d72b49d614",
|
||||
"rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -615,11 +661,11 @@
|
||||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1700612854,
|
||||
"narHash": "sha256-yrQ8osMD+vDLGFX7pcwsY/Qr5PUd6OmDMYJZzZi0+zc=",
|
||||
"lastModified": 1700794826,
|
||||
"narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "19cbff58383a4ae384dea4d1d0c823d72b49d614",
|
||||
"rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -663,11 +709,11 @@
|
||||
},
|
||||
"nixpkgs_6": {
|
||||
"locked": {
|
||||
"lastModified": 1700612854,
|
||||
"narHash": "sha256-yrQ8osMD+vDLGFX7pcwsY/Qr5PUd6OmDMYJZzZi0+zc=",
|
||||
"lastModified": 1700794826,
|
||||
"narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "19cbff58383a4ae384dea4d1d0c823d72b49d614",
|
||||
"rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -796,6 +842,7 @@
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"agenix": "agenix",
|
||||
"devenv": "devenv",
|
||||
"emacs-overlay": "emacs-overlay",
|
||||
"firefox-nightly": "firefox-nightly",
|
||||
|
@ -25,6 +25,7 @@
|
||||
};
|
||||
|
||||
commons = [
|
||||
inputs.agenix.nixosModules.default
|
||||
inputs.nh.nixosModules.default
|
||||
inputs.nixvim.nixosModules.nixvim
|
||||
];
|
||||
@ -83,6 +84,9 @@
|
||||
};
|
||||
|
||||
inputs = {
|
||||
agenix.url = "github:ryantm/agenix";
|
||||
agenix.inputs.nixpkgs.follows = "nixpkgs";
|
||||
agenix.inputs.home-manager.follows = "nixpkgs";
|
||||
devenv.url = "github:cachix/devenv";
|
||||
emacs-overlay.url = "github:nix-community/emacs-overlay";
|
||||
firefox-nightly.url = "github:nix-community/flake-firefox-nightly";
|
||||
|
@ -6,6 +6,7 @@
|
||||
../../modules/nixos/user-group.nix
|
||||
../../modules/programs/nixvim
|
||||
../../modules/programs/nomad
|
||||
../../modules/programs/gitea
|
||||
];
|
||||
|
||||
environment.systemPackages = with pkgs; [tailscale];
|
||||
|
@ -7,6 +7,7 @@
|
||||
boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
agenix
|
||||
bottom
|
||||
busybox
|
||||
curl
|
||||
|
82
modules/programs/gitea/default.nix
Normal file
82
modules/programs/gitea/default.nix
Normal file
@ -0,0 +1,82 @@
|
||||
{config, ...}:
|
||||
let
|
||||
domain = "git.deku.moe";
|
||||
httpPort = 3001;
|
||||
sshPort = 22022;
|
||||
in {
|
||||
age.secrets.gitea = {
|
||||
file = "../../../secrets/gitea.age";
|
||||
owner = config.services.gitea.user;
|
||||
group = config.services.gitea.user;
|
||||
};
|
||||
|
||||
services.postgresql = {
|
||||
ensureDatabases = [ config.services.gitea.user ];
|
||||
ensureUsers = [
|
||||
{
|
||||
name = config.services.gitea.database.user;
|
||||
ensurePermissions."DATABASE ${config.services.gitea.database.name}" = "ALL PRIVILEGES";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
services.gitea = {
|
||||
enable = true;
|
||||
lfs.enable = true;
|
||||
|
||||
database = {
|
||||
type = "postgres";
|
||||
passwordFile = config.age.secrets.gitea.path;
|
||||
};
|
||||
|
||||
settings = {
|
||||
actions = {
|
||||
ENABLED = true;
|
||||
};
|
||||
picture = {
|
||||
DISABLE_GRAVATAR = true;
|
||||
};
|
||||
server = {
|
||||
DOMAIN = domain;
|
||||
HTTP_ADDR = "127.0.0.1";
|
||||
HTTP_PORT = httpPort;
|
||||
ROOT_URL = "https://${domain}/";
|
||||
SSH_PORT = sshPort;
|
||||
};
|
||||
service = {
|
||||
DISABLE_REGISTRATION = true;
|
||||
SHOW_REGISTRATION_BUTTON = false;
|
||||
};
|
||||
session = {
|
||||
COOKIE_SECURE = true;
|
||||
};
|
||||
security = {
|
||||
LOGIN_REMEMBER_DAYS = 14;
|
||||
MIN_PASSWORD_LENGTH = 12;
|
||||
PASSWORD_COMPLEXITY = "lower,upper,digit,spec";
|
||||
PASSWORD_CHECK_PWN = true;
|
||||
};
|
||||
other = {
|
||||
SHOW_FOOTER_VERSION = false;
|
||||
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
virtualHosts = {
|
||||
"${domain}" = {
|
||||
serverName = "${domain}";
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:${toString httpPort}/";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
11
secrets/secrets.nix
Normal file
11
secrets/secrets.nix
Normal file
@ -0,0 +1,11 @@
|
||||
let
|
||||
codingcoffee = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJQWA+bAwpm9ca5IhC6q2BsxeQH4WAiKyaht48b7/xkN cc@predator"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJnFvU6nBXEuZF08zRLFfPpxYjV3o0UayX0zTPbDb7C cc@eden"
|
||||
];
|
||||
thunderbottom = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG3PeMbehJBkmv8Ee7xJimTzXoSdmAnxhBatHSdS+saM"];
|
||||
|
||||
users = thunderbottom ++ codingcoffee;
|
||||
in {
|
||||
"gitea.age".publicKeys = users;
|
||||
}
|
Loading…
Reference in New Issue
Block a user