diff --git a/mastus/configuration.nix b/mastus/configuration.nix index 89a5cb9..3494096 100644 --- a/mastus/configuration.nix +++ b/mastus/configuration.nix @@ -5,17 +5,17 @@ [ /etc/nixos/hardware-configuration.nix ../basic-tools.nix - ./backup.nix + # ./backup.nix ./duplicity.nix ./mail.nix ./www.nix - ./gogs.nix + ./gitea.nix ./letsencrypt.nix ./website.nix ./wstunnel.nix ./radicale.nix - ./ttrss.nix + # ./ttrss.nix ./dns.nix ]; diff --git a/mastus/gitea.nix b/mastus/gitea.nix new file mode 100644 index 0000000..1df1a62 --- /dev/null +++ b/mastus/gitea.nix @@ -0,0 +1,42 @@ +{ config, pkgs, ... }: +{ + services.gitea = rec { + enable = true; + stateDir = "/srv/git.gebner.org"; + appName = "Gabriel Ebner's git server"; + domain = "git.gebner.org"; + rootUrl = "https://git.gebner.org/"; + httpPort = 8001; + cookieSecure = true; + log.level = "Info"; + disableRegistration = true; + settings = { + picture = { + DISABLE_GRAVATAR = "false"; + AVATAR_UPLOAD_PATH = "${stateDir}/data/avatars"; + }; + }; + }; + + environment.systemPackages = [ + (let cfg = config.services.gitea; in pkgs.writeScriptBin "gitea" '' + exec ${pkgs.sudo}/bin/sudo -u ${cfg.user} \ + env GITEA_WORK_DIR=${cfg.stateDir} ${pkgs.gitea}/bin/gitea "$@" + '') + ]; + + services.nginx = { + recommendedProxySettings = true; + virtualHosts."git.gebner.org" = { + forceSSL = true; + useACMEHost = "gebner.org"; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.gitea.httpPort}"; + extraConfig = '' + proxy_buffering off; + client_max_body_size 30M; + ''; + }; + }; + }; +} diff --git a/mastus/radicale.nix b/mastus/radicale.nix index a5f1aad..4dc3d53 100644 --- a/mastus/radicale.nix +++ b/mastus/radicale.nix @@ -6,22 +6,26 @@ in services.radicale = { enable = true; package = pkgs.radicale2; - config = '' - [server] - hosts = 127.0.0.1:${toString radicalePort} - ssl = false - dns_lookup = false + settings = { + server = { + hosts = "127.0.0.1:${toString radicalePort}"; + ssl = false; + dns_lookup = false; + }; - [storage] - filesystem_folder = /var/lib/radicale/collections + storage = { + filesystem_folder = "/var/lib/radicale/collections"; + }; - [auth] - type = htpasswd - htpasswd_filename = /var/lib/radicale/htpasswd + auth = { + type = "htpasswd"; + htpasswd_filename = "/var/lib/radicale/htpasswd"; + }; - [rights] - type = owner_only - ''; + rights = { + type = "owner_only"; + }; + }; }; security.acme.certs."gebner.org".extraDomainNames = [ "radicale.gebner.org" ]; diff --git a/mastus/ttrss.nix b/mastus/ttrss.nix index 560b975..41bc774 100644 --- a/mastus/ttrss.nix +++ b/mastus/ttrss.nix @@ -2,8 +2,13 @@ { containers.ttrss = { config = { - users.extraUsers.ttrss = {}; - users.extraGroups.ttrss = {}; + users.users.ttrss = { + group = "ttrss"; + isSystemUser = true; + }; + users.groups.ttrss = {}; + + users.users.tt_rss.isSystemUser = true; services.postgresql = { enable = true; diff --git a/mastus/vmtest.nix b/mastus/vmtest.nix index 78d838e..af84200 100644 --- a/mastus/vmtest.nix +++ b/mastus/vmtest.nix @@ -9,7 +9,7 @@ let boot.enableContainers = true; systemd.services.setupVM = rec { - wantedBy = [ "gogs.service" "dovecot2.service" "nginx.service" ]; + wantedBy = [ "gitea.service" "dovecot2.service" "nginx.service" ]; before = wantedBy; serviceConfig = { Type = "oneshot"; @@ -17,7 +17,7 @@ let }; script = '' mkdir -p /srv/git.gebner.org - chown git:git -R /srv/git.gebner.org + chown gitea:gitea -R /srv/git.gebner.org ''; }; @@ -29,7 +29,7 @@ let sqlite-interactive ]; - systemd.services."acme-gebner.org".serviceConfig.ExecStart = pkgs.lib.mkForce "true"; + security.acme.server = "http://localhost"; networking.extraHosts = '' 127.0.0.1 gebner.org www.gebner.org reader.gebner.org git.gebner.org mail.gebner.org radicale.gebner.org gabrielebner.at