felix/nixos
1
0
Fork 0
mirror of https://github.com/Stunkymonkey/nixos.git synced 2025-05-24 01:44:40 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

service/git: migrate to forgejo from gitea
Some checks failed
/ Build Nix targets (push) Has been cancelled
Details

Browse source
This commit is contained in:
Felix Buehler 2025-04-01 22:27:51 +02:00
parent b41344a212
commit 3b20c0a25b
6 changed files with 55 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

8
machines/newton/secrets.yaml
View file

@ -15,6 +15,8 @@ nextcloud:
password: ENC[AES256_GCM,data:uE507Ij34zJVYnd2YkNCGj8hpFpEM5w=,iv:x8BNCUaAas0poQ/Lo0izZApF6l52xal8DDrClIzWjvk=,tag:sA08dmcVQbKswX9hF/txag==,type:str] password: ENC[AES256_GCM,data:uE507Ij34zJVYnd2YkNCGj8hpFpEM5w=,iv:x8BNCUaAas0poQ/Lo0izZApF6l52xal8DDrClIzWjvk=,tag:sA08dmcVQbKswX9hF/txag==,type:str]
nextcloud-exporter: nextcloud-exporter:
password: ENC[AES256_GCM,data:ziQ/rVJx9NELSQA6/BeniH7joJPnc6Q=,iv:LtZ2Inm0V4ZRv0blRUNfXJOyFY85NkZo+5r31fs0oXM=,tag:5maJ5fkJU+JnbpLGf/MhOg==,type:str] password: ENC[AES256_GCM,data:ziQ/rVJx9NELSQA6/BeniH7joJPnc6Q=,iv:LtZ2Inm0V4ZRv0blRUNfXJOyFY85NkZo+5r31fs0oXM=,tag:5maJ5fkJU+JnbpLGf/MhOg==,type:str]
git:
password: ENC[AES256_GCM,data:uUN/BJ1JMwahgq6sqb+bWaIgolfu6pHq+pnt/2zl,iv:x8KjU4tNfK2xkxcIk9dkIs3j1V+CGY/rc4DbhEdoH+U=,tag:9lRP2CQHbAtrxvMAjqMJKg==,type:str]
photos: photos:
secrets: ENC[AES256_GCM,data:eUlyoAx9odHPjuSSL63WFJJntRm77FvcxSzf8+6r6qNGtlnx,iv:IEq+NpZx4JIQ/hDCcNEHh+I2B7tD9BbbB7Y1XyW4yW0=,tag:+Ar83rwchWdaMvTYGHAoDQ==,type:str] secrets: ENC[AES256_GCM,data:eUlyoAx9odHPjuSSL63WFJJntRm77FvcxSzf8+6r6qNGtlnx,iv:IEq+NpZx4JIQ/hDCcNEHh+I2B7tD9BbbB7Y1XyW4yW0=,tag:+Ar83rwchWdaMvTYGHAoDQ==,type:str]
grafana: grafana:
@ -52,8 +54,8 @@ sops:
NmNwT3N5UEVabFdLTDhseFRjeVZaWFkKL3HGFqfttU1tXY4OhnIr1ABFsHB0R0CX NmNwT3N5UEVabFdLTDhseFRjeVZaWFkKL3HGFqfttU1tXY4OhnIr1ABFsHB0R0CX
s6wxb0ilut32ijjtnGXMIIa9y6XsMTpYskTb9FdRP9VnQQGVrMfdew== s6wxb0ilut32ijjtnGXMIIa9y6XsMTpYskTb9FdRP9VnQQGVrMfdew==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-17T21:17:38Z" lastmodified: "2025-04-01T20:14:13Z"
mac: ENC[AES256_GCM,data:pPuvSlWqiCsNFjAoQOH6/0D5lb9Z7giKCHpz0/kWvbug5K730bpeYSfqvEc01VLb+RV6JugvblwF/SXhMEhe1KmvvGOmWPPCufhw4LEhnLotegKkZ5h1bcKLREEqy3nhSDmqbfELNPWxLOxO/fzJjhBTpuNuWZ0nLIAQP+MidWY=,iv:uQaMI9MJ3SZB7h7W7SRBOC6Ig6yoiATGP4eU/kjoO+Q=,tag:YUvl0Og8ckVIBOlW/Zi/hQ==,type:str] mac: ENC[AES256_GCM,data:TYsCSFADZkIqN+CggAoyBLHYBnF8XG9c7zGzsjyDG35Xty/JP6K6pC/7IPUEKtvStm0hUCS5seil5gTNmBBIgynVI3xTqhzIQ5UJ6QgxbVIcKR9j3lXF0FpuVSwh8p2Q6jL3LRM3nItCvtYYdw2CFL7pBSuk5BKkPVWbb1n1oyU=,iv:xYZSTv25Af0XSO0SpbwA3F/ORYOdDCemSS8uyFTklXA=,tag:y03I0hQweArU83l1nKFxfw==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.2 version: 3.9.4

8
machines/newton/services.nix
View file

@ -12,6 +12,9 @@ in
"sso/felix/password-hash" = { }; "sso/felix/password-hash" = { };
"sso/felix/totp-secret" = { }; "sso/felix/totp-secret" = { };
"paperless/password" = { }; "paperless/password" = { };
"git/password" = {
owner = config.users.users.forgejo.name;
};
"nextcloud/password" = { "nextcloud/password" = {
owner = config.users.users.nextcloud.name; owner = config.users.users.nextcloud.name;
}; };
@ -85,9 +88,10 @@ in
defaultUser = "felix"; defaultUser = "felix";
passwordFile = secrets."freshrss/password".path; passwordFile = secrets."freshrss/password".path;
}; };
# self-hosted git service # self-hosted git server
gitea = { git = {
enable = true; enable = true;
passwordFile = secrets."git/password".path;
}; };
# collaborative markdown editor # collaborative markdown editor
hedgedoc = { hedgedoc = {

2
modules/services/default.nix
View file

@ -12,7 +12,7 @@
./finance ./finance
./freshrss ./freshrss
./fritzbox ./fritzbox
./gitea ./git
./grafana ./grafana
./hedgedoc ./hedgedoc
./home-automation ./home-automation

56
modules/services/gitea/default.nix → modules/services/git/default.nix
View file

@ -6,17 +6,41 @@
... ...
}: }:
let let
cfg = config.my.services.gitea; cfg = config.my.services.git;
inherit (config.networking) domain; inherit (config.networking) domain;
in in
{ {
options.my.services.gitea = with lib; { options.my.services.git = {
enable = mkEnableOption "Gitea"; enable = lib.mkEnableOption "Git server";
passwordFile = lib.mkOption {
type = lib.types.path;
example = "/var/lib/somewhere/password.txt";
description = ''
Path to a file containing the admin's password.
'';
};
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
# configure admin user
systemd.services.forgejo.preStart =
let
adminCmd = "${lib.getExe config.services.forgejo.package} admin user";
user = "felix";
in
''
admin="${adminCmd}"
if ! $admin list | grep "${user}"; then
${adminCmd} create --admin --email "server@localhost" --username ${user} --password "$(tr -d '\n' < ${cfg.passwordFile})" || true
else
${adminCmd} change-password --username ${user} --password "$(tr -d '\n' < ${cfg.passwordFile})" || true
fi
'';
services = { services = {
gitea = { forgejo = {
enable = true; enable = true;
settings = { settings = {
server = { server = {
@ -35,10 +59,10 @@ in
prometheus = { prometheus = {
scrapeConfigs = [ scrapeConfigs = [
{ {
job_name = "gitea"; job_name = "forgejo";
static_configs = [ static_configs = [
{ {
targets = [ "localhost:${toString config.services.gitea.settings.server.HTTP_PORT}" ]; targets = [ "localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}" ];
labels = { labels = {
instance = config.networking.hostName; instance = config.networking.hostName;
}; };
@ -50,39 +74,39 @@ in
grafana.provision = { grafana.provision = {
dashboards.settings.providers = [ dashboards.settings.providers = [
{ {
name = "Gitea"; name = "Forgejo";
options.path = pkgs.grafana-dashboards.gitea; options.path = pkgs.grafana-dashboards.forgejo;
disableDeletion = true; disableDeletion = true;
} }
]; ];
}; };
}; };
# Proxy to Gitea # Proxy to forgejo
my.services = { my.services = {
webserver.virtualHosts = [ webserver.virtualHosts = [
{ {
subdomain = "code"; subdomain = "code";
port = config.services.gitea.settings.server.HTTP_PORT; port = config.services.forgejo.settings.server.HTTP_PORT;
} }
]; ];
backup = { backup = {
paths = [ paths = [
config.services.gitea.lfs.contentDir config.services.forgejo.lfs.contentDir
config.services.gitea.repositoryRoot config.services.forgejo.repositoryRoot
]; ];
}; };
prometheus.rules = { prometheus.rules = {
gitea = { forgejo = {
condition = ''rate(promhttp_metric_handler_requests_total{job="gitea", code="500"}[5m]) > 3''; condition = ''rate(promhttp_metric_handler_requests_total{job="forgejo", code="500"}[5m]) > 3'';
description = "{{$labels.instance}}: gitea instances error rate went up: {{$value}} errors in 5 minutes"; description = "{{$labels.instance}}: forgejo instances error rate went up: {{$value}} errors in 5 minutes";
}; };
}; };
}; };
webapps.apps.gitea = { webapps.apps.git = {
dashboard = { dashboard = {
name = "Code"; name = "Code";
category = "app"; category = "app";

6
pkgs/grafana-dashboards/default.nix
View file

@ -123,15 +123,15 @@ lib.makeScope pkgs.newScope (
hash = "sha256-/scCKBKqTjRKKImIrEYLBKGweOUnkx+QsD5yLfdXW5o="; hash = "sha256-/scCKBKqTjRKKImIrEYLBKGweOUnkx+QsD5yLfdXW5o=";
}; };
gitea = forgejo =
(buildGrafanaDashboard { (buildGrafanaDashboard {
id = 13192; id = 13192;
pname = "gitea"; pname = "forgejo";
version = "1"; version = "1";
hash = "sha256-IAaI/HvMxcWE3PGQFK8avNjgj88DgcDvkWRcDAWSejM="; hash = "sha256-IAaI/HvMxcWE3PGQFK8avNjgj88DgcDvkWRcDAWSejM=";
}).overrideAttrs }).overrideAttrs
(_: { (_: {
src = ./gitea.json; # sadly not yet updated to latest grafana src = ./forgejo.json; # sadly not yet updated to latest grafana
}); });
prometheus = prometheus =

0
pkgs/grafana-dashboards/gitea.json → pkgs/grafana-dashboards/forgejo.json
View file