mastus: migrate to 21.05

mastus/configuration.nix

@@ -5,17 +5,17 @@
     [
       /etc/nixos/hardware-configuration.nix
       ../basic-tools.nix
-      ./backup.nix
+      # ./backup.nix
       ./duplicity.nix
 
       ./mail.nix
       ./www.nix
-      ./gogs.nix
+      ./gitea.nix
       ./letsencrypt.nix
       ./website.nix
       ./wstunnel.nix
       ./radicale.nix
-      ./ttrss.nix
+      # ./ttrss.nix
       ./dns.nix
     ];
 

mastus/gitea.nix

@@ -0,0 +1,42 @@
+{ config, pkgs, ... }:
+{
+  services.gitea = rec {
+    enable = true;
+    stateDir = "/srv/git.gebner.org";
+    appName = "Gabriel Ebner's git server";
+    domain = "git.gebner.org";
+    rootUrl = "https://git.gebner.org/";
+    httpPort = 8001;
+    cookieSecure = true;
+    log.level = "Info";
+    disableRegistration = true;
+    settings = {
+      picture = {
+        DISABLE_GRAVATAR = "false";
+        AVATAR_UPLOAD_PATH = "${stateDir}/data/avatars";
+      };
+    };
+  };
+
+  environment.systemPackages = [
+    (let cfg = config.services.gitea; in pkgs.writeScriptBin "gitea" ''
+      exec ${pkgs.sudo}/bin/sudo -u ${cfg.user} \
+        env GITEA_WORK_DIR=${cfg.stateDir} ${pkgs.gitea}/bin/gitea "$@"
+    '')
+  ];
+
+  services.nginx = {
+    recommendedProxySettings = true;
+    virtualHosts."git.gebner.org" = {
+      forceSSL = true;
+      useACMEHost = "gebner.org";
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:${toString config.services.gitea.httpPort}";
+        extraConfig = ''
+          proxy_buffering off;
+          client_max_body_size 30M;
+        '';
+      };
+    };
+  };
+}

mastus/radicale.nix

@@ -6,22 +6,26 @@ in
   services.radicale = {
     enable = true;
     package = pkgs.radicale2;
-    config = ''
-      [server]
-      hosts = 127.0.0.1:${toString radicalePort}
-      ssl = false
-      dns_lookup = false
+    settings = {
+      server = {
+        hosts = "127.0.0.1:${toString radicalePort}";
+        ssl = false;
+        dns_lookup = false;
+      };
 
-      [storage]
-      filesystem_folder = /var/lib/radicale/collections
+      storage = {
+        filesystem_folder = "/var/lib/radicale/collections";
+      };
 
-      [auth]
-      type = htpasswd
-      htpasswd_filename = /var/lib/radicale/htpasswd
+      auth = {
+        type = "htpasswd";
+        htpasswd_filename = "/var/lib/radicale/htpasswd";
+      };
 
-      [rights]
-      type = owner_only
-    '';
+      rights = {
+        type = "owner_only";
+      };
+    };
   };
 
   security.acme.certs."gebner.org".extraDomainNames = [ "radicale.gebner.org" ];

mastus/ttrss.nix

@@ -2,8 +2,13 @@
 {
   containers.ttrss = {
     config = {
-      users.extraUsers.ttrss = {};
-      users.extraGroups.ttrss = {};
+      users.users.ttrss = {
+        group = "ttrss";
+        isSystemUser = true;
+      };
+      users.groups.ttrss = {};
+
+      users.users.tt_rss.isSystemUser = true;
 
       services.postgresql = {
         enable = true;

mastus/vmtest.nix

@@ -9,7 +9,7 @@ let
     boot.enableContainers = true;
 
     systemd.services.setupVM = rec {
-      wantedBy = [ "gogs.service" "dovecot2.service" "nginx.service" ];
+      wantedBy = [ "gitea.service" "dovecot2.service" "nginx.service" ];
       before = wantedBy;
       serviceConfig = {
         Type = "oneshot";
@@ -17,7 +17,7 @@ let
       };
       script = ''
         mkdir -p /srv/git.gebner.org
-        chown git:git -R /srv/git.gebner.org
+        chown gitea:gitea -R /srv/git.gebner.org
       '';
     };
 
@@ -29,7 +29,7 @@ let
       sqlite-interactive
     ];
 
-    systemd.services."acme-gebner.org".serviceConfig.ExecStart = pkgs.lib.mkForce "true";
+    security.acme.server = "http://localhost";
 
     networking.extraHosts = ''
       127.0.0.1 gebner.org www.gebner.org reader.gebner.org git.gebner.org mail.gebner.org radicale.gebner.org gabrielebner.at