networkException/katzen-cafe
1
0
Fork 0
forked from katzen-cafe/katzen-cafe
Code Pull requests Activity

forgejo!

Browse source
This commit is contained in:
Schrottkatze 2023-05-03 14:38:40 +02:00
parent 530087cf05
commit f0546c8a59
6 changed files with 84 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
flake.lock
View file

@ -73,6 +73,22 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgsUnstable": {
"locked": {
"lastModified": 1683014792,
"narHash": "sha256-6Va9iVtmmsw4raBc3QKvQT2KT/NGRWlvUlJj46zN8B8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1a411f23ba299db155a5b45d5e145b85a7aafc42",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1683028696, "lastModified": 1683028696,
@ -92,7 +108,8 @@
"root": { "root": {
"inputs": { "inputs": {
"arion": "arion", "arion": "arion",
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2",
"nixpkgsUnstable": "nixpkgsUnstable"
} }
} }
}, },

12
flake.nix
View file

@ -1,11 +1,12 @@
{ {
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11";
nixpkgsUnstable.url = "github:NixOS/nixpkgs/nixos-unstable";
#nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; #nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
arion.url = "github:hercules-ci/arion"; arion.url = "github:hercules-ci/arion";
}; };
outputs = { self, nixpkgs, ... }@inputs: outputs = { self, nixpkgs, nixpkgsUnstable, ... }@inputs:
let let
hostPkgs = import nixpkgs { system = "x86_64-linux"; }; hostPkgs = import nixpkgs { system = "x86_64-linux"; };
in { in {
@ -20,10 +21,14 @@
}; };
specialArgs = { specialArgs = {
inherit inputs; inherit inputs;
pkgsUnstable = import nixpkgsUnstable {
system = "aarch64-linux";
overlays = [];
};
}; };
}; };
katzencafe = { name, nodes, pkgs, inputs, ... }: { katzencafe = { name, nodes, pkgs, pkgsUnstable, inputs, ... }: {
deployment = { deployment = {
targetHost = "katzen.cafe"; targetHost = "katzen.cafe";
buildOnTarget = true; buildOnTarget = true;
@ -32,9 +37,10 @@
./modules/base-stuff.nix ./modules/base-stuff.nix
./modules/proxy.nix ./modules/proxy.nix
./modules/postgres.nix ./modules/postgres.nix
./modules/jitsi.nix #./modules/jitsi.nix
./modules/containers ./modules/containers
./modules/keycloak.nix ./modules/keycloak.nix
./modules/forgejo.nix
]; ];
system.stateVersion = "22.11"; system.stateVersion = "22.11";

4
modules/containers/penpot.nix
View file

@ -16,7 +16,7 @@
"PENPOT_FLAGS" = "enable-registration disable-login disable-login-with-password enable-login-with-oidc"; "PENPOT_FLAGS" = "enable-registration disable-login disable-login-with-password enable-login-with-oidc";
"PENPOT_PREPL_HOST" = "0.0.0.0"; "PENPOT_PREPL_HOST" = "0.0.0.0";
"PENPOT_PUBLIC_URI" = "https://design.katzen.cafe/"; "PENPOT_PUBLIC_URI" = "https://design.katzen.cafe";
"PENPOT_DATABASE_URI" = "postgresql://penpot-postgres/penpot"; "PENPOT_DATABASE_URI" = "postgresql://penpot-postgres/penpot";
"PENPOT_DATABASE_USERNAME" = "penpot"; "PENPOT_DATABASE_USERNAME" = "penpot";
@ -30,7 +30,7 @@
"PENPOT_TELEMETRY_ENABLED" = "false"; "PENPOT_TELEMETRY_ENABLED" = "false";
"PENPOT_OIDC_CLIENT_ID" = "penpot"; "PENPOT_OIDC_CLIENT_ID" = "penpot";
"PENPOT_OIDC_BASE_URI" = "https://auth.katzen.cafe/realms/master/"; "PENPOT_OIDC_BASE_URI" = "https://auth.katzen.cafe/realms/katzen.cafe/";
#"PENPOT_OIDC_" = ""; #"PENPOT_OIDC_" = "";
#"PENPOT_SMTP_DEFAULT_FROM" = "Penpot <noreply-pp@schrottkatze.de>"; #"PENPOT_SMTP_DEFAULT_FROM" = "Penpot <noreply-pp@schrottkatze.de>";

33
modules/forgejo.nix Normal file
View file

@ -0,0 +1,33 @@
{ pkgs, pkgsUnstable, ... }:
{
services.gitea = {
enable = true;
package = pkgsUnstable.forgejo;
repositoryRoot = "/forgejo/repos";
appName = "Katzenschmiede";
rootUrl = "https://forge.katzen.cafe/";
httpPort = 8082;
domain = "forge.katzen.cafe";
database = {
type = "postgres";
};
settings = {
openid = {
ENABLE_OPENID_SIGNIN = true;
ENABLE_OPENID_SIGNUP = true;
DISABLE_REGISTRATION = true;
};
#server = {
#ROOT_URL = "https://forge.katzen.cafe/";
#HTTP_PORT = 8082;
#};
};
};
deployment.keys = {
"forgejoDbPw" = {
keyCommand = [ "cat" "/home/jade/keys-tmp/forgejo-db-pw" ];
destDir = "/forgejo/secret/";
permissions = "0604";
};
};
}

11
modules/postgres.nix
View file

@ -2,5 +2,16 @@
{ {
services.postgresql = { services.postgresql = {
enable = true; enable = true;
ensureUsers = [
{
name = "forgejo";
ensurePermissions = {
"DATABASE \"forgejo\"" = "ALL PRIVILEGES";
};
}
];
ensureDatabases = [
"forgejo"
];
}; };
} }

11
modules/proxy.nix
View file

@ -11,6 +11,10 @@
group = "nginx"; group = "nginx";
keyType = "rsa4096"; keyType = "rsa4096";
}; };
"forge.katzen.cafe" = {
group = "nginx";
keyType = "rsa4096";
};
"wiki.phtanum-b.katzen.cafe" = { "wiki.phtanum-b.katzen.cafe" = {
group = "nginx"; group = "nginx";
keyType = "rsa4096"; keyType = "rsa4096";
@ -41,6 +45,13 @@
proxyPass = "http://127.0.0.2:8081"; proxyPass = "http://127.0.0.2:8081";
}; };
}; };
"forge.katzen.cafe" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8082";
};
};
"auth.katzen.cafe" = { "auth.katzen.cafe" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;