forgejo!

2023-05-03 14:38:40 +02:00 · 2023-05-03 14:38:40 +02:00 · f0546c8a59
commit f0546c8a59
parent 530087cf05
6 changed files with 84 additions and 6 deletions
--- a/modules/containers/penpot.nix
+++ b/modules/containers/penpot.nix
@ -16,7 +16,7 @@
            "PENPOT_FLAGS" = "enable-registration disable-login disable-login-with-password enable-login-with-oidc";
            "PENPOT_PREPL_HOST" = "0.0.0.0";

-            "PENPOT_PUBLIC_URI" = "https://design.katzen.cafe/";
+            "PENPOT_PUBLIC_URI" = "https://design.katzen.cafe";

            "PENPOT_DATABASE_URI" = "postgresql://penpot-postgres/penpot";
            "PENPOT_DATABASE_USERNAME" = "penpot";
@ -30,7 +30,7 @@
            "PENPOT_TELEMETRY_ENABLED" = "false";

            "PENPOT_OIDC_CLIENT_ID" = "penpot";
-            "PENPOT_OIDC_BASE_URI" = "https://auth.katzen.cafe/realms/master/";
+            "PENPOT_OIDC_BASE_URI" = "https://auth.katzen.cafe/realms/katzen.cafe/";
            #"PENPOT_OIDC_" = "";

            #"PENPOT_SMTP_DEFAULT_FROM" = "Penpot <noreply-pp@schrottkatze.de>";
--- a/modules/forgejo.nix
+++ b/modules/forgejo.nix
@ -0,0 +1,33 @@
+{ pkgs, pkgsUnstable, ... }: 
+{
+  services.gitea = {
+    enable = true;
+    package = pkgsUnstable.forgejo;
+    repositoryRoot = "/forgejo/repos";
+    appName = "Katzenschmiede";
+    rootUrl = "https://forge.katzen.cafe/";
+    httpPort = 8082;
+    domain = "forge.katzen.cafe";
+    database = {
+      type = "postgres";
+    };
+    settings = {
+      openid = {
+        ENABLE_OPENID_SIGNIN = true;
+        ENABLE_OPENID_SIGNUP = true;
+        DISABLE_REGISTRATION = true;
+      };
+      #server = {
+        #ROOT_URL = "https://forge.katzen.cafe/";
+        #HTTP_PORT = 8082;
+      #};
+    };
+  };
+  deployment.keys = {
+    "forgejoDbPw" = {
+      keyCommand = [ "cat" "/home/jade/keys-tmp/forgejo-db-pw" ];
+      destDir = "/forgejo/secret/";
+      permissions = "0604";
+    };
+  };
+}
--- a/modules/postgres.nix
+++ b/modules/postgres.nix
@ -2,5 +2,16 @@
 {
  services.postgresql = {
    enable = true;
+    ensureUsers = [
+      {
+        name = "forgejo";
+        ensurePermissions = {
+          "DATABASE \"forgejo\"" = "ALL PRIVILEGES";
+        };
+      }
+    ];
+    ensureDatabases = [
+      "forgejo"
+    ];
  };
 }
--- a/modules/proxy.nix
+++ b/modules/proxy.nix
@ -11,6 +11,10 @@
        group = "nginx";
        keyType = "rsa4096";
      };
+      "forge.katzen.cafe" = {
+        group = "nginx";
+        keyType = "rsa4096";
+      };
      "wiki.phtanum-b.katzen.cafe" = {
        group = "nginx";
        keyType = "rsa4096";
@ -41,6 +45,13 @@
          proxyPass = "http://127.0.0.2:8081";
        };
      };
+      "forge.katzen.cafe" = {
+        forceSSL = true;
+        enableACME = true;
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:8082";
+        };
+      };
      "auth.katzen.cafe" = {
        forceSSL = true;
        enableACME = true;