feat: commit other 'private' files from external repo

config/_globals.nix

@@ -0,0 +1 @@
+/home/xmorel/homelab-private/_globals.nix

config/_ids.nix

@@ -0,0 +1 @@
+/home/xmorel/homelab-private/_ids.nix

config/_keys.nix

@@ -0,0 +1 @@
+/home/xmorel/homelab-private/_keys.nix

config/_matrix_secrets.nix

@@ -0,0 +1 @@
+/home/xmorel/homelab-private/_matrix_secrets.nix

config/_passwords.nix

@@ -0,0 +1 @@
+/home/xmorel/homelab-private/_passwords.nix

config/git-gitea.nix

@@ -0,0 +1,33 @@
+{
+  pkgs,
+  config,
+  tools,
+  ...
+}:
+{
+  services = {
+    gitea = {
+      enable = true;
+      database = {
+        type = "postgres";
+        user = "git";
+        name = "git";
+        password = config.my-lxc.git.db.password;
+        host = tools.build_ip "db";
+        createDatabase = false;
+      };
+      # TODO: dump ...
+      settings = {
+        server.HTTP_PORT = 3000;
+      };
+      # user = "git";
+    };
+    # gitea-actions-runner.instances.default = {
+    #   enable = true;
+    #   labels = [
+    #     "test"
+    #     "nixos"
+    #   ];
+    # };
+  };
+}

config/proxy-traefik.nix

@@ -25,6 +25,17 @@ in
       staticConfigOptions = {
         api.insecure = true;
         log.level = "INFO";
+        accessLog = {
+          filters.statusCodes = [
+            "200"
+            "400-404"
+            "500-503"
+          ];
+          fields = {
+            names.ClientUsername = "drop";
+            headers.defaultMode = "drop";
+          };
+        };
         entryPoints = {
           web.address = ":80";
           websecure.address = ":443";

containers/git.nix

@@ -0,0 +1,30 @@
+{ ... }:
+let
+  db_pass = import ../config/_passwords.nix;
+in
+{
+  my-lxc.git = {
+    container = {
+      cores = 1;
+      memory = 2048;
+      disk = "10G";
+      swap = 512;
+    };
+    db = {
+      enable = true;
+      password = db_pass.git;
+    };
+    system = {
+      port = 3000;
+      importConfig = [
+        ../config/git-gitea.nix
+      ];
+    };
+    logging = {
+      enable = true;
+      metricsEnable = true;
+    };
+    private = true; # available only on private lan
+    auth = false; # auth overlay
+  };
+}

flake.nix

@@ -101,7 +101,7 @@
               languages.opentofu.enable = true;
 
               scripts.build-template.exec = ''
-                nix build .#lxc-template -o nixos-template
+                nix build .#lxc-template -o nixos-template --impure
                 echo 'Template should be available at nixos-template/tarball/*.tar.xz'
               '';
 
@@ -110,7 +110,7 @@
               '';
 
               scripts.build-terraform-json.exec = ''
-                nix build .#terraform-json -o config.tf.json
+                nix build .#terraform-json -o config.tf.json --impure
                 echo 'Terraform build available as config.tf.json'
               '';
 
@@ -142,7 +142,7 @@
                   IP_SUFFIX=$((CONTID - 1000))
                   # TODO Verify mapping exists...
                   echo "Redeploying LXC on container '$1' ('$CONTID')"
-                  nixos-rebuild switch --flake .#$1 --target-host root@${globals.ip_prefix}$IP_SUFFIX
+                  nixos-rebuild switch --impure --flake .#$1 --target-host root@${globals.ip_prefix}$IP_SUFFIX
                   echo "Done."
                 else
                   echo "Error: Container definition 'containers/$1.nix' not found!"

modules/lxc-template.nix

@@ -6,6 +6,7 @@ let
   lib = pkgs.lib;
   modulesPath = pkgs.path + "/nixos/modules";
   config = import ../config/_globals.nix { };
+  id = (import ../config/_ids.nix { }).id;
 in
 {
   imports = [
@@ -37,6 +38,11 @@ in
     dates = "weekly";
     options = "--delete-older-than 7d";
   };
+  networking.nameservers =
+    (
+      if (lib.hasAttr "dns" id) then [ "${config.globals.ip_prefix}${toString (id.dns - 1000)}" ] else [ ]
+    )
+    ++ [ "9.9.9.9" ];
 
   time.timeZone = config.globals.default_tz;