From 537c46caf6b8bd6f7761c51efc918b26370e7e28 Mon Sep 17 00:00:00 2001 From: Dmitriy Kholkin Date: Thu, 10 Mar 2022 19:12:07 +0300 Subject: [PATCH] add gitea --- machines/NixOS-CT/default.nix | 4 ++-- profiles/servers/gitea.nix | 33 ++++++++++++++++++++++++++++++++ profiles/servers/nginx.nix | 18 +++++++++++------ profiles/servers/vaultwarden.nix | 2 +- 4 files changed, 48 insertions(+), 9 deletions(-) create mode 100644 profiles/servers/gitea.nix diff --git a/machines/NixOS-CT/default.nix b/machines/NixOS-CT/default.nix index 340f9de..69dfbea 100644 --- a/machines/NixOS-CT/default.nix +++ b/machines/NixOS-CT/default.nix @@ -3,10 +3,10 @@ ./hardware-configuration.nix inputs.self.nixosRoles.container - nginx - coturn fail2ban + gitea mailserver + nginx vaultwarden ]; diff --git a/profiles/servers/gitea.nix b/profiles/servers/gitea.nix new file mode 100644 index 0000000..bdd217f --- /dev/null +++ b/profiles/servers/gitea.nix @@ -0,0 +1,33 @@ +{ pkgs, config, lib, ... }: +{ + secrets.gitea = { + owner = "gitea"; + }; + + services.gitea = { + enable = true; + appName = "AtaraxiaDev's Gitea Instance"; + cookieSecure = true; + database = { + type = "postgres"; + passwordFile = config.secrets.gitea.decrypted; + }; + disableRegistration = true; + domain = "code.ataraxiadev.com"; + httpPort = 6000; + lfs.enable = true; + rootUrl = "https://code.ataraxiadev.com"; + stateDir = "/gitea/data"; + # ssh = { + # enable = true; + # clonePort = 2222; + # }; + # settings = { + # server = { + # START_SSH_SERVER = true; + # SSH_LISTEN_HOST = "0.0.0.0"; + # SSH_LISTEN_PORT = 2222; + # }; + # }; + }; +} \ No newline at end of file diff --git a/profiles/servers/nginx.nix b/profiles/servers/nginx.nix index e01de5d..a029e6d 100644 --- a/profiles/servers/nginx.nix +++ b/profiles/servers/nginx.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: { security.acme = { acceptTerms = true; - email = "ataraxiadev@ataraxiadev.com"; + defaults.email = "ataraxiadev@ataraxiadev.com"; certs = { "ataraxiadev.com" = { webroot = "/var/lib/acme/acme-challenge"; @@ -15,6 +15,7 @@ "stats.ataraxiadev.com" "startpage.ataraxiadev.com" "vw.ataraxiadev.com" + "code.ataraxiadev.com" ]; }; }; @@ -57,7 +58,7 @@ extraConfig = '' proxy_set_header X-Forwarded-For $remote_addr; ''; - } // hardened; + }; } // default; "matrix:443" = { serverAliases = [ @@ -75,8 +76,8 @@ ssl = true; }]; locations."/" = { - proxyPass = "http://matrix-ct:81"; - } // proxySettings // hardened; + proxyPass = "http://matrix.pve:81"; + } // proxySettings; } // default; "matrix:8448" = { serverAliases = [ "matrix.ataraxiadev.com" ]; @@ -86,8 +87,8 @@ ssl = true; }]; locations."/" = { - proxyPass = "http://matrix-ct:8449"; - } // proxySettings // hardened; + proxyPass = "http://matrix.pve:8449"; + } // proxySettings; } // default; "startpage.ataraxiadev.com" = { locations."/" = { @@ -112,6 +113,11 @@ proxyPass = "http://localhost:8812"; } // proxySettings // hardened; } // default; + "code.ataraxiadev.com" = { + locations."/" = { + proxyPass = "http://localhost:6000"; + } // proxySettings // hardened; + } // default; }; }; diff --git a/profiles/servers/vaultwarden.nix b/profiles/servers/vaultwarden.nix index f1006fb..ce1c09b 100644 --- a/profiles/servers/vaultwarden.nix +++ b/profiles/servers/vaultwarden.nix @@ -6,7 +6,7 @@ services.vaultwarden = { enable = true; - backupDir = "/backups/vaultwarden"; + # backupDir = "/backups/vaultwarden"; config = { domain = "https://vw.ataraxiadev.com"; extendedLogging = true;