Compare commits
13 Commits
a90dd03b0b
...
50fd3e97e7
| Author | SHA1 | Date | |
|---|---|---|---|
50fd3e97e7
|
|||
|
2d4b36cf96
|
|||
|
0a42701e79
|
|||
|
efd4dd587b
|
|||
|
11169fc992
|
|||
|
56d746931f
|
|||
|
875e9598fb
|
|||
|
d55618d75c
|
|||
|
0265c8a5c8
|
|||
|
feefdb676f
|
|||
|
fedd1eada9
|
|||
|
46b24436f5
|
|||
|
9ad046f2be
|
@@ -10,19 +10,28 @@ in {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
port = 8753;
|
||||
mutableSettings = false;
|
||||
settings = {
|
||||
http = {address = "127.0.0.1:${toString port}";};
|
||||
users = mapAttrsToList (name: password: {inherit name password;}) {
|
||||
"admin" = "$2a$12$ciAyKG13D2ViEsy6fACxGu.1qEwwrAfPVgaVQdYgmkmvODHYuVWPa";
|
||||
"admin" = "$2y$10$1oOiKeJJFSmdc8s8QYUZeeNCHLBAb51BbpLdDjoexUI/0KDHlV8d6";
|
||||
};
|
||||
theme = "dark";
|
||||
dns = {
|
||||
bootstrap_dns = [
|
||||
"1.1.1.1"
|
||||
"8.8.8.8"
|
||||
];
|
||||
bind_hosts = [
|
||||
"127.0.0.1"
|
||||
(elemAt config.networking.interfaces."eno1".ipv4.addresses 0).address
|
||||
"100.86.139.22"
|
||||
];
|
||||
upstram_dns = ["9.9.9.9"];
|
||||
upstram_dns = [
|
||||
# "9.9.9.9"
|
||||
"1.1.1.1"
|
||||
"8.8.8.8"
|
||||
];
|
||||
};
|
||||
filtering = {
|
||||
rewrites = mkIf config.services.caddy.enable (pipe config.services.caddy.virtualHosts [
|
||||
@@ -30,6 +39,7 @@ in {
|
||||
(mapAttrsToList (domain: _: {
|
||||
domain = removePrefix "https://" (removePrefix "http://" domain);
|
||||
answer = "100.86.139.22";
|
||||
enabled = true;
|
||||
}))
|
||||
]);
|
||||
parental_enabled = false;
|
||||
|
||||
@@ -14,7 +14,7 @@ in {
|
||||
|
||||
services.nextcloud = {
|
||||
enable = true;
|
||||
package = pkgs.nextcloud31;
|
||||
package = pkgs.nextcloud32;
|
||||
webserver = "caddy";
|
||||
hostName = "nextcloud.local";
|
||||
appstoreEnable = false;
|
||||
|
||||
@@ -147,7 +147,7 @@ in {
|
||||
"storage.repo-archive" = {};
|
||||
"repo-archive" = {};
|
||||
actions = {
|
||||
ENABLE = false; # Temporarily
|
||||
ENABLE = true;
|
||||
DEFAULT_ACTIONS_URL = "self";
|
||||
};
|
||||
};
|
||||
@@ -171,20 +171,28 @@ in {
|
||||
|
||||
services.gitea-actions-runner = {
|
||||
instances = {
|
||||
"gitea-runner-1" = {
|
||||
"gitea-runner" = {
|
||||
enable = true;
|
||||
name = "Gitea Runner (${config.networking.hostName}) 1";
|
||||
url = gitea.settings.server.ROOT_URL;
|
||||
tokenFile = config.sops.secrets."gitea/actions/token".path;
|
||||
labels = [
|
||||
"alpine-3.22:docker://data.forgejo.org/oci/alpine:3.22"
|
||||
"golang-1.24:docker://data.forgejo.org/oci/golang:1.24-alpine3.22"
|
||||
"ubuntu-22.04:docker://docker.gitea.com/runner-images:ubuntu-22.04"
|
||||
"node-latest:docker://node:25-bullseye"
|
||||
"alpine-latest:docker://data.forgejo.org/oci/alpine:3.23"
|
||||
"golang-latest:docker://data.forgejo.org/oci/golang:1.25-alpine3.23"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
users.users.gitea = {
|
||||
isSystemUser = true;
|
||||
useDefaultShell = true;
|
||||
group = "gitea";
|
||||
extraGroups = ["gitea"];
|
||||
home = config.services.gitea.stateDir;
|
||||
};
|
||||
|
||||
# systemd.services.gitea-custom = let
|
||||
# gitea = config.services.gitea;
|
||||
# rsync = lib.getExe pkgs.rsync;
|
||||
|
||||
@@ -31,4 +31,9 @@ in {
|
||||
reverse_proxy http://localhost:${toString cfg-keikos.port}
|
||||
'';
|
||||
};
|
||||
services.caddy.virtualHosts.":${toString (cfg-keikos.port + 2)}" = {
|
||||
extraConfig = ''
|
||||
redir https://kois.work{uri} permanent
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
||||
@@ -99,7 +99,10 @@ with lib; {
|
||||
prefixLength = 24;
|
||||
}
|
||||
];
|
||||
nameservers = ["9.9.9.9"];
|
||||
nameservers = [
|
||||
"1.1.1.1"
|
||||
"8.8.8.8"
|
||||
];
|
||||
};
|
||||
|
||||
# SSH/Mosh configuration
|
||||
|
||||
42
flake.lock
generated
42
flake.lock
generated
@@ -601,16 +601,16 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1757808926,
|
||||
"narHash": "sha256-K6PEI5PYY94TVMH0mX3MbZNYFme7oNRKml/85BpRRAo=",
|
||||
"lastModified": 1765859973,
|
||||
"narHash": "sha256-LN5O0h9GSgcDE/sz4+sLS3CbQALru1x4lh9hrxpeHwI=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "f21d9167782c086a33ad53e2311854a8f13c281e",
|
||||
"rev": "7df150f0d3857cf68dae443813b27acfb201b2d8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"ref": "release-25.05",
|
||||
"ref": "release-25.11",
|
||||
"repo": "home-manager",
|
||||
"type": "github"
|
||||
}
|
||||
@@ -943,11 +943,11 @@
|
||||
"nixpkgs": "nixpkgs_9"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1760046992,
|
||||
"narHash": "sha256-gxn4TqMjccch1ULBNlau9t0HANrElrahaRw0r39oROw=",
|
||||
"lastModified": 1765921137,
|
||||
"narHash": "sha256-u4qyEOZm1+2LQDlG24smmEToO/r1T08s7MCYzE/DnjE=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "d9021491c727caceb47ec2f5a057e9d197ce6f1d",
|
||||
"revCount": 19905,
|
||||
"rev": "96edd617d6daac89d00c080df561818b2fcd7da2",
|
||||
"revCount": 19980,
|
||||
"type": "git",
|
||||
"url": "https://code.capytal.cc/loreddev/gitea"
|
||||
},
|
||||
@@ -1093,11 +1093,11 @@
|
||||
},
|
||||
"nixpkgs-unstable_2": {
|
||||
"locked": {
|
||||
"lastModified": 1757745802,
|
||||
"narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=",
|
||||
"lastModified": 1765779637,
|
||||
"narHash": "sha256-KJ2wa/BLSrTqDjbfyNx70ov/HdgNBCBBSQP3BIzKnv4=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1",
|
||||
"rev": "1306659b587dc277866c7b69eb97e5f07864d8c4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1109,16 +1109,16 @@
|
||||
},
|
||||
"nixpkgs_10": {
|
||||
"locked": {
|
||||
"lastModified": 1757810152,
|
||||
"narHash": "sha256-Vp9K5ol6h0J90jG7Rm4RWZsCB3x7v5VPx588TQ1dkfs=",
|
||||
"lastModified": 1765762245,
|
||||
"narHash": "sha256-3iXM/zTqEskWtmZs3gqNiVtRTsEjYAedIaLL0mSBsrk=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "9a094440e02a699be5c57453a092a8baf569bdad",
|
||||
"rev": "c8cfcd6ccd422e41cc631a0b73ed4d5a925c393d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-25.05",
|
||||
"ref": "nixos-25.11",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
@@ -1237,11 +1237,11 @@
|
||||
},
|
||||
"nixpkgs_9": {
|
||||
"locked": {
|
||||
"lastModified": 1758690382,
|
||||
"narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=",
|
||||
"lastModified": 1765779637,
|
||||
"narHash": "sha256-KJ2wa/BLSrTqDjbfyNx70ov/HdgNBCBBSQP3BIzKnv4=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "e643668fd71b949c53f8626614b21ff71a07379d",
|
||||
"rev": "1306659b587dc277866c7b69eb97e5f07864d8c4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1382,11 +1382,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1758007585,
|
||||
"narHash": "sha256-HYnwlbY6RE5xVd5rh0bYw77pnD8lOgbT4mlrfjgNZ0c=",
|
||||
"lastModified": 1765836173,
|
||||
"narHash": "sha256-hWRYfdH2ONI7HXbqZqW8Q1y9IRbnXWvtvt/ONZovSNY=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "f77d4cfa075c3de66fc9976b80e0c4fc69e2c139",
|
||||
"rev": "443a7f2e7e118c4fc63b7fae05ab3080dd0e5c63",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
||||
27
flake.nix
27
flake.nix
@@ -1,10 +1,10 @@
|
||||
{
|
||||
inputs = {
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
|
||||
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||
|
||||
home-manager = {
|
||||
url = "github:nix-community/home-manager/release-25.05";
|
||||
url = "github:nix-community/home-manager/release-25.11";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
@@ -30,6 +30,10 @@
|
||||
dot013-nix = {
|
||||
url = "github:dot013/nix";
|
||||
};
|
||||
|
||||
# tangled = {
|
||||
# url = "git+https://tangled.org/tangled.org/core";
|
||||
# };
|
||||
};
|
||||
outputs = {
|
||||
self,
|
||||
@@ -37,7 +41,24 @@
|
||||
home-manager,
|
||||
nixpkgs-unstable,
|
||||
...
|
||||
} @ inputs: {
|
||||
} @ inputs: let
|
||||
systems = [
|
||||
"x86_64-linux"
|
||||
"aarch64-linux"
|
||||
"x86_64-darwin"
|
||||
"aarch64-darwin"
|
||||
];
|
||||
forAllSystems = f:
|
||||
nixpkgs.lib.genAttrs systems (
|
||||
system: let
|
||||
pkgs = import nixpkgs {inherit system;};
|
||||
in
|
||||
f {
|
||||
inherit pkgs;
|
||||
inherit (pkgs) lib;
|
||||
}
|
||||
);
|
||||
in {
|
||||
nixosConfigurations = {
|
||||
spacestation = nixpkgs.lib.nixosSystem rec {
|
||||
system = "x86_64-linux";
|
||||
|
||||
@@ -158,7 +158,7 @@ in {
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.gitea-secrets = mkIf (!cfg.useWizard) {
|
||||
systemd.services.gitea-secrets = {
|
||||
description = "Gitea secret bootstrap helper";
|
||||
script = ''
|
||||
if [ ! -s '${cfg.secrets.security.SECRET_KEY}' ]; then
|
||||
@@ -200,7 +200,7 @@ in {
|
||||
++ optionals (cfg.database.type == "mysql") [
|
||||
"mysql.service"
|
||||
]
|
||||
++ optionals (!cfg.useWizard) [
|
||||
++ [
|
||||
"gitea-secrets.service"
|
||||
];
|
||||
requires =
|
||||
@@ -210,7 +210,7 @@ in {
|
||||
++ optionals (cfg.database.createDatabase && cfg.database.type == "mysql") [
|
||||
"mysql.service"
|
||||
]
|
||||
++ optionals (!cfg.useWizard) [
|
||||
++ [
|
||||
"gitea-secrets.service"
|
||||
];
|
||||
|
||||
@@ -218,7 +218,7 @@ in {
|
||||
# https://github.com/NixOS/nixpkgs/blob/20c4598c84a671783f741e02bf05cbfaf4907cff/nixos/modules/services/misc/forgejo.nix#L696
|
||||
preStart = ''
|
||||
# copy custom configuration and generate random secrets if needed
|
||||
${optionalString (!cfg.useWizard) ''
|
||||
${''
|
||||
function gitea_setup {
|
||||
config='${cfg.customDir}/conf/app.ini'
|
||||
cp -f '${format.generate "app.ini" cfg.settings}' "$config"
|
||||
|
||||
Reference in New Issue
Block a user