tadpole: Enable gitea

tadpole: Add gitea module
tadpole: Add secret for gitea
2024-08-29 20:30:32 +02:00 · 2024-08-29 20:30:32 +02:00 · 2024-08-29 20:08:09 +02:00 · 2024-08-29 13:43:37 +02:00 · 2024-08-27 09:50:38 +02:00 · 2024-08-27 09:50:25 +02:00
11 changed files with 128 additions and 3 deletions
--- a/hosts/backwards/modules/jellyfin/default.nix
+++ b/hosts/backwards/modules/jellyfin/default.nix
@@ -0,0 +1,30 @@
 { pkgs, ... }:
 {
  # 1. enable vaapi on OS-level
  nixpkgs.config.packageOverrides = pkgs: {
    vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
  };
  hardware.opengl = {
    enable = true;
    extraPackages = with pkgs; [
      intel-media-driver
      intel-vaapi-driver # previously vaapiIntel
      vaapiVdpau
      libvdpau-va-gl
      intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
      vpl-gpu-rt # QSV on 11th gen or newer
    ];
  };
  services.jellyfin = {
    enable = true;
    openFirewall = true;
  };
  environment.systemPackages = [
    pkgs.jellyfin
    pkgs.jellyfin-web
    pkgs.jellyfin-ffmpeg
  ];
 }
--- a/hosts/pinwheel/modules/tailscale/default.nix
+++ b/hosts/pinwheel/modules/tailscale/default.nix
@@ -0,0 +1,10 @@
 { ... }:
 {
  services.tailscale.enable = true;
  networking.firewall = {
    checkReversePath = "loose";
    allowedUDPPorts = [ 41641 ];
  };
 }
--- a/hosts/pinwheel/modules/work/default.nix
+++ b/hosts/pinwheel/modules/work/default.nix
@@ -1,4 +1,4 @@
-{ inputs, pkgs, lib, config, ... }:
+{ pkgs, lib, config, ... }:
 let
  gitEnabled = config.mod.git.enable;
  goEnabled = config.mod.go.enable;
@@ -18,7 +18,7 @@ in
      (pkgs.jetbrains.plugins.addPlugins pkgs.jetbrains.idea-ultimate [ "ideavim" ])
      (pkgs.google-cloud-sdk.withExtraComponents [ pkgs.google-cloud-sdk.components.gke-gcloud-auth-plugin ])
      (pkgs.graphite-cli.overrideAttrs(_: {
-        version = "1.3.7";
+        version = "1.4.3";
      }))
      pkgs.xdg-utils # needed by graphite-cli
--- a/hosts/sombrero/modules/tailscale/default.nix
+++ b/hosts/sombrero/modules/tailscale/default.nix
@@ -0,0 +1,9 @@
 { ... }:
 {
  services.tailscale.enable = true;
  networking.firewall = {
    checkReversePath = "loose";
    allowedUDPPorts = [ 41641 ];
  };
 }
--- a/hosts/tadpole/home.nix
+++ b/hosts/tadpole/home.nix
@@ -23,5 +23,4 @@
      };
    };
  };
 }
--- a/hosts/tadpole/modules/default.nix
+++ b/hosts/tadpole/modules/default.nix
@@ -13,6 +13,11 @@ in
      ssh.enable = true;
      nginx.enable = true;
      gitea = {
        enable = true;
        domain = "git.ppp.pm";
      };
      pppdotpm-site.enable = true;
    };
  };
--- a/hosts/tadpole/modules/gitea/default.nix
+++ b/hosts/tadpole/modules/gitea/default.nix
@@ -0,0 +1,64 @@
 { lib, config, ... }:
 let
  enable = config.mod.gitea.enable;
  domain = config.mod.gitea.domain;
  nginxEnable = config.mod.nginx.enable;
 in
 {
  options = {
    mod.gitea = {
      enable = lib.mkEnableOption "Enable gitea";
      domain = lib.mkOption {
        type = lib.types.str;
        default = "";
        description = "The domain that nginx will use as a virtual host";
      };
    };
  };
  config = lib.mkIf (enable && nginxEnable) {
    services.gitea = {
      enable = true;
      settings = {
        service = {
          DISABLE_REGISTRATION = false;
        };
        server = {
          DOMAIN = domain;
          ROOT_URL = "https://${domain}";
          SSH_PORT = 1122; # See `ssh` module
        };
        database = {
          type = "sqlite3";
          passwordFile = config.age.secrets.gitea-dbpassword.path;
        };
        session = {
          COOKIE_SECURE = true;
        };
      };
    };
    services.nginx = {
      virtualHosts."${domain}" = {
          forceSSL = true;
          enableACME = true;
          locations."/" = {
            proxyPass = "http://0.0.0:3000";
            proxyWebsockets = true;
          };
        };
      };
    age.secrets = {
      "gitea-dbpassword".file = ../../../../secrets/tadpole/gitea-dbpassword.age;
    };
  };
 }
--- a/secrets/pinwheel/alex.pinwheel-andromeda.age
+++ b/secrets/pinwheel/alex.pinwheel-andromeda.age
--- a/secrets/pinwheel/alex.pinwheel-andromeda.pub.age
+++ b/secrets/pinwheel/alex.pinwheel-andromeda.pub.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -46,4 +46,5 @@ in {
  "tadpole/root.tadpole.pub.age".publicKeys = [ tadpole alex ];
  "tadpole/alex.tadpole-codeberg.org.age".publicKeys = [ tadpole alex ];
  "tadpole/alex.tadpole-codeberg.org.pub.age".publicKeys = [ tadpole alex ];
  "tadpole/gitea-dbpassword.age".publicKeys = [ tadpole alex ];
 }
--- a/secrets/tadpole/gitea-dbpassword.age
+++ b/secrets/tadpole/gitea-dbpassword.age
@@ -0,0 +1,7 @@
 age-encryption.org/v1
 -> ssh-ed25519 5R7G9A Lysw9DIQKwVeQ1SOOdCIavwUd8aP81gug+v1k2lRg3k
 PuK/xzBMdmbyC1exYZCcNEullu4yQ0mUZL3k9cRaexA
 -> ssh-ed25519 +oNaHQ yDg4AtwU/jdwJASQox2ATR5P6wcLiAdMPp02m8yUkSI
 7H3Wc7biPmk/ZwkaWuZjdyqyRzcdueR+QUCxzFrn284
 --- wdBS0fjrSy/JpbxPYClvMEuRQuDwn6X9sVyaUyLpSsw
 <EFBFBD>XPz8/S<>,<2C>AG
Author	SHA1	Message	Date
Alexander Heldt	5e84d0147b	tadpole: Enable `gitea`	2024-08-29 20:30:32 +02:00
Alexander Heldt	69b4b1cd21	tadpole: Add `gitea` module	2024-08-29 20:30:32 +02:00
Alexander Heldt	81839ad84d	tadpole: Add secret for `gitea`	2024-08-29 20:08:09 +02:00
Alexander Heldt	79f939c5c9	pinwheel: Update `graphite`	2024-08-29 13:43:37 +02:00
Alexander Heldt	f3c6358110	tadpole: Cleanup `home` module	2024-08-27 09:50:38 +02:00
Alexander Heldt	2e0622fecc	pinwheel: Cleanup `work` module	2024-08-27 09:50:25 +02:00
Alexander Heldt	4db229d5c0	sombrero: Add `tailscale` module	2024-08-26 10:22:16 +02:00
Alexander Heldt	dd2cd91d7f	pinwheel: Add `tailscale` module	2024-08-26 10:22:16 +02:00
Alexander Heldt	1bbd8d8eb9	pinwheel: Update `ssh` key for `alex.pinwheel-andromeda`	2024-08-23 22:36:53 +02:00
Alexander Heldt	2fd40004e2	backwards: Add `jellyfin` module	2024-08-19 08:44:09 +02:00