Merge branch 'main' of https://git.thomasfmly.org/michael/nix-dots
This commit is contained in:
commit
63ac50fa23
@ -77,6 +77,7 @@
|
||||
age.secrets.keycloakDb.file = ../../secrets/keycloak-db.age;
|
||||
services.keycloak = {
|
||||
enable = true;
|
||||
package = pkgs.unstable.keycloak;
|
||||
settings = {
|
||||
hostname-url = "https://auth.s.michaelt.xyz";
|
||||
hostname-admin-url = "https://auth.s.michaelt.xyz";
|
||||
@ -116,6 +117,7 @@
|
||||
my.services.forgejo = {
|
||||
enable = true;
|
||||
port = 3000;
|
||||
actions.enable = true;
|
||||
};
|
||||
|
||||
swapDevices = [
|
||||
|
@ -1,6 +1,7 @@
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
@ -12,6 +13,11 @@ in {
|
||||
options.my.services.forgejo = {
|
||||
enable = mkEnableOption "Forgejo";
|
||||
proxy = mkEnableOption "Forgejo reverse proxy entry";
|
||||
actions = mkOption {
|
||||
type = types.submodule (_: {
|
||||
options.enable = mkEnableOption "Forgejo Actions";
|
||||
});
|
||||
};
|
||||
subdomain = mkOption {
|
||||
type = types.str;
|
||||
default = "git";
|
||||
@ -30,6 +36,7 @@ in {
|
||||
(mkIf cfg.enable {
|
||||
services.forgejo = {
|
||||
enable = true;
|
||||
package = pkgs.unstable.forgejo;
|
||||
settings.server = {
|
||||
DOMAIN = forgejoDomain;
|
||||
ROOT_URL = forgejoUrl;
|
||||
@ -52,9 +59,43 @@ in {
|
||||
};
|
||||
|
||||
networking.firewall.interfaces."${firewallInterface}".allowedTCPPorts = [cfg.port];
|
||||
|
||||
age.secrets.forgejoActions.file = ../../../secrets/forgejo-actions.age;
|
||||
services.gitea-actions-runner = mkIf cfg.actions.enable {
|
||||
package = pkgs.unstable.forgejo-runner;
|
||||
instances.venus = {
|
||||
enable = true;
|
||||
name = "venus";
|
||||
url = forgejoUrl;
|
||||
settings = {
|
||||
# log = {
|
||||
# level = "debug";
|
||||
# };
|
||||
options = "-v /var/run/podman/podman.sock:/var/run/podman/podman.sock";
|
||||
runner = {
|
||||
capacity = 5;
|
||||
timeout = "45m";
|
||||
};
|
||||
container = {
|
||||
privileged = true;
|
||||
valid_volumes = ["*"];
|
||||
force_pull = false;
|
||||
};
|
||||
};
|
||||
labels = [];
|
||||
tokenFile = config.age.secrets.forgejoActions.path;
|
||||
};
|
||||
};
|
||||
})
|
||||
(mkIf cfg.proxy {
|
||||
services.caddy.virtualHosts."${forgejoDomain}".extraConfig = ''
|
||||
handle_errors {
|
||||
status 502
|
||||
respond "This server is currently unavailable."
|
||||
}
|
||||
|
||||
redir /user/login /user/oauth2/Keycloak?{query}
|
||||
|
||||
reverse_proxy http://${proxyIP}:${toString cfg.port}
|
||||
'';
|
||||
|
||||
|
@ -7,10 +7,10 @@ stdenv.mkDerivation {
|
||||
version = "0.0.1-dev";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "lukin";
|
||||
owner = "michaelhthomas";
|
||||
repo = "keywind";
|
||||
rev = "bdf966fdae0071ccd46dab4efdc38458a643b409";
|
||||
hash = "sha256-8N+OQ6Yg9RKxqGd8kgsbvrYuVgol49bo/iJeIJXr3Sg=";
|
||||
rev = "f3f016ab34ac9731ef8dadd6e79406a3c2433a34";
|
||||
hash = "sha256-wronX44qyUIuoTSdKj01UlLrwH9U5qNkUuSouV+xSUU=";
|
||||
};
|
||||
|
||||
installPhase = ''
|
||||
|
5
secrets/forgejo-actions.age
Normal file
5
secrets/forgejo-actions.age
Normal file
@ -0,0 +1,5 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 jBnYqQ THVbnor+AP7CyleSBNaSbxQEkmHlrQ2u+auPOgFXexM
|
||||
ntnmIaGTpQEFo438GAU/UJZ7217I27TkkbLaqYq+uKM
|
||||
--- uYDKB1BuWSUCUsdNm4xA2ugOLq27Vz811FbjlK+qYes
|
||||
³dô
¬ªÍM±ÞhÑ*$j®Øj²*½jÃÅÉ>Ý›Å!œ®>v<>Ù@hj7q¾§¡>í+…ÄÄy<15>ã¢Cþ¨5¯W†ŸƒØ1NÙDâ—^и
|
@ -6,6 +6,7 @@ in {
|
||||
# Venus
|
||||
"wireguard-thinkcentre.age".publicKeys = [venus];
|
||||
"keycloak-db.age".publicKeys = [venus];
|
||||
"forgejo-actions.age".publicKeys = [venus];
|
||||
|
||||
# Oracle
|
||||
"wireguard-oracle.age".publicKeys = [oracle];
|
||||
|
Loading…
x
Reference in New Issue
Block a user