derped/nixos
1
0
Fork 0
Code Releases Activity

Migrate from gitea to forgejo.

Browse source
This commit is contained in:
Kevin Baensch 2024-05-09 12:41:24 +02:00
parent 3de8ff246f
commit 4c29603f14
Signed by: derped
GPG key ID: C0F1D326C7626543
5 changed files with 23 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
machines/Ophanim/options.nix
View file

@ -33,7 +33,7 @@ in {
]; ];
services = [ services = [
"acme" "acme"
"gitea" "forgejo"
"tandoor" "tandoor"
# "hydra" # "hydra"
"mailserver" "mailserver"
@ -61,7 +61,7 @@ in {
} }
{ {
domain = "git.${base}"; domain = "git.${base}";
service = "gitea"; service = "forgejo";
} }
{ {
domain = "food.${base}"; domain = "food.${base}";

10
machines/Ophanim/secrets.yaml
View file

@ -4,8 +4,8 @@ users:
mail: ENC[AES256_GCM,data:b8/EiGUiUmCsxeOSFLE4lETrdi6Dn6wpWdYyNb22kHo/Ws0PXMLu4FJKeP/lZj0kKigdm4I94eEYyC8UmZKcJtilW/JtUpfmGzDkiGTxY7VxVFZYbamsQ1wq1r3BuWZorn+m,iv:+kyH2h+0++NnR/NPyUOPkEj1HSMI7+gciCXuebdlvkc=,tag:J6ltTqx34sJbkUAaiZJR6g==,type:str] mail: ENC[AES256_GCM,data:b8/EiGUiUmCsxeOSFLE4lETrdi6Dn6wpWdYyNb22kHo/Ws0PXMLu4FJKeP/lZj0kKigdm4I94eEYyC8UmZKcJtilW/JtUpfmGzDkiGTxY7VxVFZYbamsQ1wq1r3BuWZorn+m,iv:+kyH2h+0++NnR/NPyUOPkEj1HSMI7+gciCXuebdlvkc=,tag:J6ltTqx34sJbkUAaiZJR6g==,type:str]
publicKey: ENC[AES256_GCM,data:n1o+2pBdstnnC7b3Oub8Cen6JYZzR4ouaVlANsqxr2B8apPgY3ZaWoYO7b773MiKlhfPGPDpnL6H+jBGRc+adUjuaLFl2fnWwHCo8bIe/esIMf+bgyMefodg35R6j02bT0BM8dQGRyU/Qw==,iv:zCZdEvdTNvz/pAG6fAlsG5ZTCzOyfpo5OJswFa9n0ws=,tag:efQOpShXKmTJeK3odLt7cw==,type:str] publicKey: ENC[AES256_GCM,data:n1o+2pBdstnnC7b3Oub8Cen6JYZzR4ouaVlANsqxr2B8apPgY3ZaWoYO7b773MiKlhfPGPDpnL6H+jBGRc+adUjuaLFl2fnWwHCo8bIe/esIMf+bgyMefodg35R6j02bT0BM8dQGRyU/Qw==,iv:zCZdEvdTNvz/pAG6fAlsG5ZTCzOyfpo5OJswFa9n0ws=,tag:efQOpShXKmTJeK3odLt7cw==,type:str]
services: services:
gitea: forgejo:
dbPass: ENC[AES256_GCM,data:mZ159aEd0S8blrBtGL5yp9THAH96ru6wr6m5Sp0TFwgOJ4KfoU+1Zj+D2YEP3jc=,iv:JP0WhWZOOfz2ZoM387NVNpOt5mzhJLeVwUGFHJ2cE2c=,tag:cYSzUI4dfa6kql1qlm6Syg==,type:str] dbPass: ENC[AES256_GCM,data:tYQUCQtPpxspfAEeaMavDqEHGqShKXSArIx9ZT70JxaTE7mmW0q+2XxvcZDq1bw=,iv:ZMlTUeyx82jQHPMXKCscShntwqyYcjh9jvLW+v6S238=,tag:ppn/mknIydiBHkAJ1UfTsg==,type:str]
hydra: hydra:
secretKey: ENC[AES256_GCM,data:TkAFImyj7ESA72aPjUTvUwTVzZ3KpXNdw41Bk2yGOJrNRiP3aA/+iK45BzJdeAssc5evZyvhFE+JE4ovOSuaWUz4YFH/TH41N5dkhSmPTND+hU6u24rv/gTcCH9BH/8uvFOnWCBmkKmFopE=,iv:NSCINUwyNCRMsGNjwfO/P1nMpYDQLxt448W2AfCBmLI=,tag:pfMpTExIabCmsHOiOIf6Qg==,type:str] secretKey: ENC[AES256_GCM,data:TkAFImyj7ESA72aPjUTvUwTVzZ3KpXNdw41Bk2yGOJrNRiP3aA/+iK45BzJdeAssc5evZyvhFE+JE4ovOSuaWUz4YFH/TH41N5dkhSmPTND+hU6u24rv/gTcCH9BH/8uvFOnWCBmkKmFopE=,iv:NSCINUwyNCRMsGNjwfO/P1nMpYDQLxt448W2AfCBmLI=,tag:pfMpTExIabCmsHOiOIf6Qg==,type:str]
nextcloud: nextcloud:
@ -26,8 +26,8 @@ sops:
Mzh6aFZKM2k3TTZveWRPc2ZkKzNvYm8KpNozbSJDJ3Yd2FsR0krsPXsn1beIyniD Mzh6aFZKM2k3TTZveWRPc2ZkKzNvYm8KpNozbSJDJ3Yd2FsR0krsPXsn1beIyniD
0tJNmBFphav57LDQrYz5D+J4pMKKQI1P/USCPDDu1km2dJF/RJzeJQ== 0tJNmBFphav57LDQrYz5D+J4pMKKQI1P/USCPDDu1km2dJF/RJzeJQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-09-11T20:01:29Z" lastmodified: "2024-05-09T10:31:53Z"
mac: ENC[AES256_GCM,data:3SvL0KQjxHZYxZHuqri6ghx0/v/UJa0MozNvzldvLzK4mpM5xD0zBxIyZ6LkXwQ7Fhe7BxrPJ6oDa0wiOn5JSbCihJJ7xn4vhjvNWX7HE1Hl9HviNSW6qebO+cgK/oSz+Yi1MZZ/NCqDtkOi08GDwmBoaqXyp84TPGf79fChuTo=,iv:i2vsbTFrb+daXfEgLTRZZdITdhwM/LreFYvKjtykmRU=,tag:iTSR4baH+wBayt4ik+U46A==,type:str] mac: ENC[AES256_GCM,data:wOXASNOZgff1yQ6mRWkuIkRd/351aXnlpr18jNyiBLNfgA6Z6g6LmJnT/n+C5F2+/3f/IWGC/ithyRRhPPovqg0V9UFyKn///vTc8Z87oyVqf83glPN2K+JSXXARa8wcod4F5AKP2Ul7rDCn5ygyKczMSL+oMx995daOQxIiFP8=,iv:STulK5T+ID0F5FBbO/HJI7Y6is5+onhrnjtyV1rMDeI=,tag:QcVQLHLAqcP3Bqv8S2q3Qg==,type:str]
pgp: pgp:
- created_at: "2023-09-10T17:32:58Z" - created_at: "2023-09-10T17:32:58Z"
enc: | enc: |
@ -42,4 +42,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 1F2EA6D9A57A9BE5A7F3AA035BEBEE4EE57DC7E2 fp: 1F2EA6D9A57A9BE5A7F3AA035BEBEE4EE57DC7E2
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.3 version: 3.8.1

24
services/gitea.nix → services/forgejo.nix
View file

@ -4,19 +4,19 @@
... ...
}: }:
with lib; with lib;
mkIf (elem "gitea" config.machine.services) { mkIf (elem "forgejo" config.machine.services) {
services = { services = {
gitea = let forgejo = let
cfg = config.machine; cfg = config.machine;
inherit ((findFirst (s: s.service == "gitea") cfg cfg.vHosts)) domain; inherit ((findFirst (s: s.service == "forgejo") cfg cfg.vHosts)) domain;
in { in {
enable = true; enable = true;
user = "git"; user = "git";
database = { database = {
type = "mysql"; type = "mysql";
user = "git"; user = "git";
name = "gitea"; name = "forgejo";
passwordFile = config.sops.secrets."services/gitea/dbPass".path; passwordFile = config.sops.secrets."services/forgejo/dbPass".path;
}; };
settings = { settings = {
repository = { repository = {
@ -26,8 +26,8 @@ with lib;
security = { security = {
INSTALL_LOCK = true; INSTALL_LOCK = true;
COOKIE_USERNAME = "gitea_username"; COOKIE_USERNAME = "forgejo_username";
COOKIE_REMEMBER_NAME = "gitea_userauth"; COOKIE_REMEMBER_NAME = "forgejo_userauth";
}; };
server = { server = {
@ -45,15 +45,15 @@ with lib;
}; };
}; };
}; };
sops.secrets."services/gitea/dbPass" = { sops.secrets."services/forgejo/dbPass" = {
owner = "git"; owner = "git";
group = "gitea"; group = "forgejo";
}; };
users.users.git = { users.users.git = {
description = "Gitea Service"; description = "Forgejo Service";
isNormalUser = true; isNormalUser = true;
home = config.services.gitea.stateDir; home = config.services.forgejo.stateDir;
createHome = true; createHome = false;
useDefaultShell = true; useDefaultShell = true;
}; };
} }

6
services/nginx_vHosts/gitea.nix → services/nginx_vHosts/forgejo.nix
View file

@ -6,9 +6,9 @@
with lib; with lib;
{ {
vHost = vHost =
if config.services.gitea.enable if config.services.forgejo.enable
then { then {
root = "${config.services.gitea.stateDir}/public"; root = "${config.services.forgejo.stateDir}/public";
extraConfig = '' extraConfig = ''
location / { location / {
try_files maintain.html $uri $uri/index.html @node; try_files maintain.html $uri $uri/index.html @node;
@ -16,7 +16,7 @@ with lib;
location @node { location @node {
client_max_body_size 0; client_max_body_size 0;
proxy_pass http://${config.services.gitea.settings.server.HTTP_ADDR}:${toString config.services.gitea.settings.server.HTTP_PORT}; proxy_pass http://${config.services.forgejo.settings.server.HTTP_ADDR}:${toString config.services.forgejo.settings.server.HTTP_PORT};
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host; proxy_set_header Host $host;

2
services/openssh.nix
View file

@ -22,7 +22,7 @@ with lib;
extraConfig = let extraConfig = let
users = users =
concatMapStrings (user: "${user.name} ") config.machine.administrators concatMapStrings (user: "${user.name} ") config.machine.administrators
+ (optionalString config.services.gitea.enable (config.services.gitea.user + " ")); + (optionalString config.services.forgejo.enable (config.services.forgejo.user + " "));
in '' in ''
UsePAM no UsePAM no
AllowUsers ${users} AllowUsers ${users}