adding gitea
This commit is contained in:
@@ -5,6 +5,8 @@ authentik:
|
||||
secret_key: ENC[AES256_GCM,data:tIWDGtB/z7Ysizz9FPQJe2EeSTAxDPkeHJnaDfytDvbqvRaiCgg7qGpEF6hAQFdZ,iv:gloup5aI0qY+SYJt8V6lvUdE+18IWH09BXtz8dRi6JE=,tag:vFwF9h1Rsa/X1bjvdSRSfQ==,type:str]
|
||||
pihole:
|
||||
pass: ENC[AES256_GCM,data:hintZA==,iv:HA5K8mHYlLtf5s8iaLI/QRolYgcKwG8DWCH+LXnWI4k=,tag:DlnXxG0n9dBVpk2kILlPKg==,type:str]
|
||||
gitea:
|
||||
db_pass: ENC[AES256_GCM,data:7VrEOF8syRIS7b/LcIDME1YQ,iv:eHobpNwEXMpKNohFTqpiYMXWaRXoe0vz8d6XH0bqfdk=,tag:Ghzvi5XfL2hgwUlDwU29Rg==,type:str]
|
||||
gitlab:
|
||||
db_pass: ENC[AES256_GCM,data:N3KvXkXql/PDjxZSpGo/Apr/,iv:OOzhR4BEmV3T01PA50vqdJMg7D2OGKHn/8hiqKEaOd4=,tag:jzdonXH/D/5kZ5Cld2W//w==,type:str]
|
||||
root_pass: ENC[AES256_GCM,data:bALaUkoJw3N0ugZP/4MCnEsD,iv:LJdJpXlyzA6o00UVlK+l5WCCFIL/sT/fQNjI8wA5LAg=,tag:BYk1o/rjubyEpeHbgYA1Sg==,type:str]
|
||||
@@ -33,8 +35,8 @@ sops:
|
||||
S0NMRGJSeks0Q0UrVnZmUVdyU2NqVm8KLu2kQpD1fJdU0fTdR9A2cTQzRp+waJ6M
|
||||
8vA+E8xYb2U4d7m0YnwKkGzw0CBPb0BvdEgvWvqpFViftoDwRv5KGA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-11-17T20:28:11Z"
|
||||
mac: ENC[AES256_GCM,data:O2+ukRfxK1WEmdrJSP9ljURixeLiAMuzNZkLKyhHTrC7GteNC43FYehO7Wj33fVDJO5ZK/MKwcGdGT0tLylqqcrELaZdHyGlHqcQ97DuxwZ5WxOHlpOXq3HKkjG2NrHkn8Vt4+sF/Ui4R0oCjIunyKqVUHyVFXdH63sg5XjVORA=,iv:6cWKf8UWH+SAenrd7zj1cgur5xKXecqS81fbHDmWL94=,tag:0JZcfFjX74Rj45Q7lg3wGg==,type:str]
|
||||
lastmodified: "2025-01-12T20:25:52Z"
|
||||
mac: ENC[AES256_GCM,data:xvx9QvhvUO2oFOgC/ODNuP+8r4Wz1nD/fkdP8MpWC0RUKln/OxMXIDiM+M4OM/eaWFJjTDFkVZUBt7isZo801ecAP+xrz+yh+7A5c5ZfyIOhCAkpVIC8HDDsgP4kdpO/vh+ejlQ0pveSvK4U9lgG7FRFF3Ko1P3DhcXzRv9zCv8=,iv:5HeZl0l/31+aSoSoxj45Z2C+T3dlr+yyIzFiTE8WT3Q=,tag:LjxHserD1VJvPeIZd2f8AQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
version: 3.9.2
|
||||
|
||||
93
system-config/services/containers/gitea/default.nix
Normal file
93
system-config/services/containers/gitea/default.nix
Normal file
@@ -0,0 +1,93 @@
|
||||
{ config, lib, pkgs, ... }: {
|
||||
|
||||
options.sysconfig.opts.virtualization.gitea.enable = lib.options.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
};
|
||||
|
||||
config = lib.mkIf config.sysconfig.opts.virtualization.gitea.enable {
|
||||
|
||||
sops.secrets = {
|
||||
"gitea/db_pass" = {};
|
||||
};
|
||||
|
||||
services.openssh.ports = [
|
||||
2222
|
||||
];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
22
|
||||
2222
|
||||
];
|
||||
|
||||
containers.gitea = {
|
||||
|
||||
autoStart = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = "192.168.100.10";
|
||||
localAddress = "192.168.100.20";
|
||||
|
||||
forwardPorts = [
|
||||
{
|
||||
containerPort = 22;
|
||||
hostPort = 22;
|
||||
}
|
||||
];
|
||||
|
||||
bindMounts = {
|
||||
"/etc/gitea/data" = {
|
||||
hostPath = "/ssd1/Gitea/data";
|
||||
isReadOnly = false;
|
||||
};
|
||||
};
|
||||
|
||||
extraFlags = [
|
||||
"--load-credential=dbpass:${config.sops.secrets."gitlab/db_pass".path}"
|
||||
];
|
||||
config = {
|
||||
|
||||
systemd.services.secrets_setup = {
|
||||
wantedBy = [ "gitea.service" ];
|
||||
|
||||
serviceConfig = {
|
||||
LoadCredential = [
|
||||
"dbpass"
|
||||
];
|
||||
};
|
||||
|
||||
script = ''
|
||||
cat ''${CREDENTIALS_DIRECTORY}/dbpass > /etc/gitea/dbpass
|
||||
chown gitea:gitea /etc/gitea/*
|
||||
'';
|
||||
};
|
||||
|
||||
services.gitea = {
|
||||
enable = true;
|
||||
|
||||
stateDir = "/etc/gitea/data";
|
||||
|
||||
dump.enable = true;
|
||||
|
||||
settings = {
|
||||
server = {
|
||||
DOMAIN = "gitea.blunkall.us";
|
||||
HTTP_PORT = 80;
|
||||
};
|
||||
service.DISABLE_REGISTRATION = false;
|
||||
session.COOKIE_SECURE = true;
|
||||
};
|
||||
|
||||
database = {
|
||||
passwordFile = "/etc/gitea/dbpass";
|
||||
type = "postgres";
|
||||
};
|
||||
};
|
||||
services.openssh.enable = true;
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 22 80 ];
|
||||
|
||||
system.stateVersion = "24.11";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -165,7 +165,6 @@
|
||||
service = "authentik";
|
||||
tls.certResolver = "cloudflare";
|
||||
};
|
||||
|
||||
gitlab = {
|
||||
entryPoints = [ "localsecure" "websecure" ];
|
||||
rule = "Host(`gitlab.blunkall.us`)";
|
||||
@@ -173,6 +172,13 @@
|
||||
tls.certResolver = "cloudflare";
|
||||
};
|
||||
|
||||
gitea = {
|
||||
entryPoints = [ "localsecure" "websecure" ];
|
||||
rule = "Host(`gitea.blunkall.us`)";
|
||||
service = "gitea";
|
||||
tls.certResolver = "cloudflare";
|
||||
};
|
||||
|
||||
nextcloud = {
|
||||
entryPoints = [ "localsecure" "websecure" ];
|
||||
rule = "Host(`nextcloud.blunkall.us`)";
|
||||
@@ -234,6 +240,7 @@
|
||||
|
||||
services = {
|
||||
gitlab.loadBalancer.servers = [ { url = "http://192.168.100.16:80"; } ];
|
||||
gitea.loadBalancer.servers = [ { url = "http://192.168.100.20:80"; } ];
|
||||
|
||||
homepage.loadBalancer.servers = [ { url = "http://192.168.100.13:80"; } ];
|
||||
|
||||
|
||||
Reference in New Issue
Block a user