From e87843f3716c4369d2b60239f4774b11e3d7b96b Mon Sep 17 00:00:00 2001 From: Xavier Morel Date: Fri, 14 Nov 2025 20:12:17 +0100 Subject: [PATCH] feat: add gitea --- config/git-gitea.nix | 33 +++++++++++++++++++++++++++++++++ config/proxy-traefik.nix | 11 +++++++++++ containers/git.nix | 30 ++++++++++++++++++++++++++++++ flake.nix | 6 +++--- modules/lxc-template.nix | 6 ++++++ 5 files changed, 83 insertions(+), 3 deletions(-) create mode 100644 config/git-gitea.nix create mode 100644 containers/git.nix diff --git a/config/git-gitea.nix b/config/git-gitea.nix new file mode 100644 index 0000000..77daf04 --- /dev/null +++ b/config/git-gitea.nix @@ -0,0 +1,33 @@ +{ + pkgs, + config, + tools, + ... +}: +{ + services = { + gitea = { + enable = true; + database = { + type = "postgres"; + user = "git"; + name = "git"; + password = config.my-lxc.git.db.password; + host = tools.build_ip "db"; + createDatabase = false; + }; + # TODO: dump ... + settings = { + server.HTTP_PORT = 3000; + }; + # user = "git"; + }; + # gitea-actions-runner.instances.default = { + # enable = true; + # labels = [ + # "test" + # "nixos" + # ]; + # }; + }; +} diff --git a/config/proxy-traefik.nix b/config/proxy-traefik.nix index c9dff06..e5d635f 100644 --- a/config/proxy-traefik.nix +++ b/config/proxy-traefik.nix @@ -25,6 +25,17 @@ in staticConfigOptions = { api.insecure = true; log.level = "INFO"; + accessLog = { + filters.statusCodes = [ + "200" + "400-404" + "500-503" + ]; + fields = { + names.ClientUsername = "drop"; + headers.defaultMode = "drop"; + }; + }; entryPoints = { web.address = ":80"; websecure.address = ":443"; diff --git a/containers/git.nix b/containers/git.nix new file mode 100644 index 0000000..c94a7c9 --- /dev/null +++ b/containers/git.nix @@ -0,0 +1,30 @@ +{ ... }: +let + db_pass = import ../config/_passwords.nix; +in +{ + my-lxc.git = { + container = { + cores = 1; + memory = 2048; + disk = "10G"; + swap = 512; + }; + db = { + enable = true; + password = db_pass.git; + }; + system = { + port = 3000; + importConfig = [ + ../config/git-gitea.nix + ]; + }; + logging = { + enable = true; + metricsEnable = true; + }; + private = true; # available only on private lan + auth = false; # auth overlay + }; +} diff --git a/flake.nix b/flake.nix index 14d4296..9204c6b 100644 --- a/flake.nix +++ b/flake.nix @@ -101,7 +101,7 @@ languages.opentofu.enable = true; scripts.build-template.exec = '' - nix build .#lxc-template -o nixos-template + nix build .#lxc-template -o nixos-template --impure echo 'Template should be available at nixos-template/tarball/*.tar.xz' ''; @@ -110,7 +110,7 @@ ''; scripts.build-terraform-json.exec = '' - nix build .#terraform-json -o config.tf.json + nix build .#terraform-json -o config.tf.json --impure echo 'Terraform build available as config.tf.json' ''; @@ -142,7 +142,7 @@ IP_SUFFIX=$((CONTID - 1000)) # TODO Verify mapping exists... echo "Redeploying LXC on container '$1' ('$CONTID')" - nixos-rebuild switch --flake .#$1 --target-host root@${globals.ip_prefix}$IP_SUFFIX + nixos-rebuild switch --impure --flake .#$1 --target-host root@${globals.ip_prefix}$IP_SUFFIX echo "Done." else echo "Error: Container definition 'containers/$1.nix' not found!" diff --git a/modules/lxc-template.nix b/modules/lxc-template.nix index c01ce7a..37908be 100644 --- a/modules/lxc-template.nix +++ b/modules/lxc-template.nix @@ -6,6 +6,7 @@ let lib = pkgs.lib; modulesPath = pkgs.path + "/nixos/modules"; config = import ../config/_globals.nix { }; + id = (import ../config/_ids.nix { }).id; in { imports = [ @@ -37,6 +38,11 @@ in dates = "weekly"; options = "--delete-older-than 7d"; }; + networking.nameservers = + ( + if (lib.hasAttr "dns" id) then [ "${config.globals.ip_prefix}${toString (id.dns - 1000)}" ] else [ ] + ) + ++ [ "9.9.9.9" ]; time.timeZone = config.globals.default_tz;