diff --git a/flake.nix b/flake.nix index 7e5dfbf..a52e34a 100644 --- a/flake.nix +++ b/flake.nix @@ -18,8 +18,8 @@ nixos-hardware.url = "github:nixos/nixos-hardware/master"; - #opi-zero2w.url = "github:virusdave/nixos-opi-zero2w"; - opi-zero2w.url = "git+file:///home/nathan/Projects/tests/nixos-opi-zero2w"; + opi-zero2w.url = "github:virusdave/nixos-opi-zero2w"; + #opi-zero2w.url = "git+file:///home/nathan/Projects/tests/nixos-opi-zero2w"; sops-nix = { url = "github:Mic92/sops-nix"; diff --git a/modules/features/gitea.nix b/modules/features/gitea.nix index 237c650..4cf143a 100644 --- a/modules/features/gitea.nix +++ b/modules/features/gitea.nix @@ -80,6 +80,13 @@ repository = { DEFAULT_BRANCH = "master"; }; + + migrations = { + ALLOWED_DOMAINS = "*"; + ALLOW_LOCALNETWORKS = true; + SKIP_TLS_VERIFY = true; + BLOCKED_DOMAINS = ""; + }; }; database = { @@ -118,6 +125,25 @@ config = { + sops.secrets = { + "gitea/dbpass" = {}; + }; + + sops.templates."gitea.env".content = '' + USER_UID=1000 + USER_GID=1000 + GITEA__database__DB_TYPE=postgres + GITEA__database__HOST=db:5432 + GITEA__database__NAME=gitea + GITEA__database__USER=gitea + GITEA__database__PASSWD=${config.sops.placeholder."gitea/dbpass"} + ''; + + sops.templates."gitea-db.env".content = '' + POSTGRES_USER=gitea + POSTGRES_DB=gitea + POSTGRES_PASSWORD=${config.sops.placeholder."gitea/dbpass"} + ''; virtualisation.oci-containers.containers."${name}" = { image = "docker.gitea.com/gitea:1.25.4"; @@ -145,22 +171,27 @@ "traefik.tcp.routers.${name}-ssh.rule" = "HostSNI(`*`)"; "traefik.tcp.routers.${name}-ssh.service" = "${name}-ssh"; - "traefik.tcp.services.${name}-ssh.loadbalancer.server.port" = "22"; + "traefik.tcp.services.${name}-ssh.loadbalancer.server.port" = "2222"; }; ports = [ ]; extraOptions = [ - "--ip=192.168.101.20" + "--ip=192.168.101.25" ]; volumes = [ - "vol_gitea:/data" + "/etc/gitea/data:/data" ]; - environment = { - }; + environmentFiles = [ + config.sops.templates."gitea.env".path + ]; + + dependsOn = [ + "${name}-db" + ]; }; virtualisation.oci-containers.containers."${name}-db" = { @@ -182,15 +213,16 @@ ]; extraOptions = [ - "--ip=192.168.101.21" + "--ip=192.168.101.26" ]; volumes = [ "/etc/gitea/db:/var/lib/postgresql/data" ]; - environment = { - }; + environmentFiles = [ + config.sops.templates."gitea-db.env".path + ]; }; systemd.services."docker-gitea" = { @@ -202,12 +234,10 @@ }; after = [ "docker-network-setup.service" - "docker-volume-gitea.service" "docker-gitea-db.service" ]; requires = [ "docker-network-setup.service" - "docker-volume-gitea.service" "docker-gitea-db.service" ]; partOf = [ @@ -238,21 +268,6 @@ "docker-compose-gitea-root.target" ]; }; - - systemd.services."docker-volume-gitea" = { - path = [ pkgs.docker ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = '' - docker volume inspect vol_gitea || docker volume create vol_gitea --driver=local - ''; - partOf = [ "docker-compose-gitea-root.target" ]; - wantedBy = [ "docker-compose-gitea-root.target" ]; - }; - }; }; - } diff --git a/modules/features/traefik/config/routing.yml b/modules/features/traefik/config/routing.yml index 280ef38..a555b40 100644 --- a/modules/features/traefik/config/routing.yml +++ b/modules/features/traefik/config/routing.yml @@ -20,15 +20,6 @@ http: tls: certResolver: "cloudflare" - gitea: - entryPoints: - - "localsecure" - - "websecure" - rule: "Host(`gitea.esotericbytes.com`)" - service: "gitea" - tls: - certResolver: "cloudflare" - octoprint: entryPoints: - "localsecure" @@ -49,27 +40,9 @@ http: servers: - url: "http://192.168.100.31:4444" - gitea: - loadBalancer: - servers: - - url: "http://192.168.100.20:3000" - octoprint: loadBalancer: servers: - url: "http://rpi-3dp.local" passHostHeader: true -tcp: - routers: - gitea-ssh: - entryPoints: - - "gitea-ssh" - rule: "HostSNI(`*`)" - service: "gitea-ssh" - - services: - gitea-ssh: - loadBalancer: - servers: - - address: "192.168.100.20:2222" diff --git a/modules/hosts/homebox/configuration.nix b/modules/hosts/homebox/configuration.nix index 9033631..6230dff 100644 --- a/modules/hosts/homebox/configuration.nix +++ b/modules/hosts/homebox/configuration.nix @@ -25,6 +25,7 @@ n8n code-server gitea + gitea-docker jellyfin nginx ollama-docker diff --git a/modules/hosts/laptop/configuration.nix b/modules/hosts/laptop/configuration.nix index 9efb3bd..ee91382 100644 --- a/modules/hosts/laptop/configuration.nix +++ b/modules/hosts/laptop/configuration.nix @@ -32,6 +32,7 @@ efi.canTouchEfiVariables = true; timeout = null; }; + binfmt.emulatedSystems = [ "aarch64-linux" ]; }; systemd.settings.Manager.DefaultLimitNOFILE = 2048; diff --git a/modules/hosts/pi4/configuration.nix b/modules/hosts/pi4/configuration.nix index 5964f98..ea24734 100644 --- a/modules/hosts/pi4/configuration.nix +++ b/modules/hosts/pi4/configuration.nix @@ -33,7 +33,7 @@ imports = with self.nixosModules; [ - pi4-core-disko + pi4-core netbird-sbc remoteBuilds diff --git a/modules/hosts/pi4/default.nix b/modules/hosts/pi4/default.nix index 781ad0e..2128487 100644 --- a/modules/hosts/pi4/default.nix +++ b/modules/hosts/pi4/default.nix @@ -11,7 +11,7 @@ modules = [ self.nixosModules.pi4 self.nixosModules.pi4-hardware - self.diskoConfigurations.pi4 + #self.diskoConfigurations.pi4 ]; };