This commit is contained in:
Michael Thomas 2024-06-03 11:43:55 -04:00
commit 63ac50fa23
5 changed files with 52 additions and 3 deletions

View File

@ -77,6 +77,7 @@
age.secrets.keycloakDb.file = ../../secrets/keycloak-db.age;
services.keycloak = {
enable = true;
package = pkgs.unstable.keycloak;
settings = {
hostname-url = "https://auth.s.michaelt.xyz";
hostname-admin-url = "https://auth.s.michaelt.xyz";
@ -116,6 +117,7 @@
my.services.forgejo = {
enable = true;
port = 3000;
actions.enable = true;
};
swapDevices = [

View File

@ -1,6 +1,7 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
@ -12,6 +13,11 @@ in {
options.my.services.forgejo = {
enable = mkEnableOption "Forgejo";
proxy = mkEnableOption "Forgejo reverse proxy entry";
actions = mkOption {
type = types.submodule (_: {
options.enable = mkEnableOption "Forgejo Actions";
});
};
subdomain = mkOption {
type = types.str;
default = "git";
@ -30,6 +36,7 @@ in {
(mkIf cfg.enable {
services.forgejo = {
enable = true;
package = pkgs.unstable.forgejo;
settings.server = {
DOMAIN = forgejoDomain;
ROOT_URL = forgejoUrl;
@ -52,9 +59,43 @@ in {
};
networking.firewall.interfaces."${firewallInterface}".allowedTCPPorts = [cfg.port];
age.secrets.forgejoActions.file = ../../../secrets/forgejo-actions.age;
services.gitea-actions-runner = mkIf cfg.actions.enable {
package = pkgs.unstable.forgejo-runner;
instances.venus = {
enable = true;
name = "venus";
url = forgejoUrl;
settings = {
# log = {
# level = "debug";
# };
options = "-v /var/run/podman/podman.sock:/var/run/podman/podman.sock";
runner = {
capacity = 5;
timeout = "45m";
};
container = {
privileged = true;
valid_volumes = ["*"];
force_pull = false;
};
};
labels = [];
tokenFile = config.age.secrets.forgejoActions.path;
};
};
})
(mkIf cfg.proxy {
services.caddy.virtualHosts."${forgejoDomain}".extraConfig = ''
handle_errors {
status 502
respond "This server is currently unavailable."
}
redir /user/login /user/oauth2/Keycloak?{query}
reverse_proxy http://${proxyIP}:${toString cfg.port}
'';

View File

@ -7,10 +7,10 @@ stdenv.mkDerivation {
version = "0.0.1-dev";
src = fetchFromGitHub {
owner = "lukin";
owner = "michaelhthomas";
repo = "keywind";
rev = "bdf966fdae0071ccd46dab4efdc38458a643b409";
hash = "sha256-8N+OQ6Yg9RKxqGd8kgsbvrYuVgol49bo/iJeIJXr3Sg=";
rev = "f3f016ab34ac9731ef8dadd6e79406a3c2433a34";
hash = "sha256-wronX44qyUIuoTSdKj01UlLrwH9U5qNkUuSouV+xSUU=";
};
installPhase = ''

View File

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 jBnYqQ THVbnor+AP7CyleSBNaSbxQEkmHlrQ2u+auPOgFXexM
ntnmIaGTpQEFo438GAU/UJZ7217I27TkkbLaqYq+uKM
--- uYDKB1BuWSUCUsdNm4xA2ugOLq27Vz811FbjlK+qYes
³dô ¬ªÍM±ÞhÑ*$j®Øj²*½jÃÅÉ>Ý›Å!œ®>v<>Ù@hj7q¾§¡>í+…ÄÄy<15>ã¢Cþ ¨5¯W†ŸƒØ1NÙDâ—^и

View File

@ -6,6 +6,7 @@ in {
# Venus
"wireguard-thinkcentre.age".publicKeys = [venus];
"keycloak-db.age".publicKeys = [venus];
"forgejo-actions.age".publicKeys = [venus];
# Oracle
"wireguard-oracle.age".publicKeys = [oracle];