Compare commits

...

6 commits

Author SHA1 Message Date
Ingolf Wagner
f97ab14238
🔧 renamed forgejo-runners
Some checks failed
Build all NixOS Configurations / nix build (push) Has been cancelled
2024-10-13 02:13:39 +09:00
Ingolf Wagner
b20dff2899
🐛 forgejo ssh port should be public available 2024-10-13 02:12:48 +09:00
Ingolf Wagner
94759e4a67
🏗️ update flake.nix inputs 2024-10-13 01:30:09 +09:00
Ingolf Wagner
dc890c2d5d
🔧 new git.ingolf-wagner.de:2222 knowhost key 2024-10-13 01:26:20 +09:00
Ingolf Wagner
f026fa1fdc
🏗️ forgejo: sqlite -> mysql 2024-10-13 01:25:39 +09:00
Ingolf Wagner
05fbad21e1
test mysqlPort in photoprism 2024-10-13 01:24:32 +09:00
7 changed files with 129 additions and 22 deletions

View file

@ -15,11 +15,18 @@ in
services.openssh.knownHosts = { services.openssh.knownHosts = {
orbi = { orbi = {
hostNames = [ hostNames = [
"git.ingolf-wagner.de"
"95.216.66.212" "95.216.66.212"
]; ];
publicKey = publicKey "orbi"; publicKey = publicKey "orbi";
}; };
forgejo = {
hostNames = [
"[git.ingolf-wagner.de]:2222"
];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQVomwXedtY4ZAKA1Bcsz6Ud2Ys3mjjGJXLcWQLceXKmmAQfOWqqLrTddhrLjmZImS3HTexGK7iNmYYCd/lG+7j1rMebmk3cddH6qr/4WB5SSexbLV4/vlk18kia6O+52ybrMzejwcfr9qNEg+bkrmc4btsWcT/w21vRyOzsmRRnk+S54prLGtiCypFqwGYnyr6HPXO3lqCLHIR/XurcFvh/aM/RGusWh889TXA39FezDcV6OZisZTTC4BBoUAS8r6XJnrIahZJmfEHp/FbKJV0pShCCQXtpkUBu7g6B2T+8u91fY4kc8O293XhaxjTBfkZH2lGodppGG12vAQSeznppbzlT82uTx80jyt7Hw/IAjn9j8D+iKC7fA9qawVz+p1UtqHQd43+8gOSiHILOUMhVxp7ZrfhYmaiOKrkR4+Juc9P2UsqrAvxS1WaYT4KaEZfze7/DCdK0h2SSY2jgCU9sNeJG6M4s/pPj+iI/O+AagHfBZ+bF2y+OKEZOW4J+OpqnEY3lANdxsMsD9PwBpAVAn9FAJzAy+gfXINu0wqGhtA3qWM0QVjcSXsfQJQ2XrbMPd9+pvOl1Ej5SSbjXYcPt9dXWl+L69dbU5qb8WRGl2ZxloUaRcOrOkmhybwI/61LfaGzLslnNn8ARjJgzu9xSipT5D4cZ1FgB9ezqC73Q==";
};
}; };
}; };

View file

@ -1034,12 +1034,12 @@
"rev": "24639d955322eac0efc8a2418c4dd9aa181f8c91", "rev": "24639d955322eac0efc8a2418c4dd9aa181f8c91",
"revCount": 79, "revCount": 79,
"type": "git", "type": "git",
"url": "ssh://forgejo@git.ingolf-wagner.de/palo/nixos-private-parts.git" "url": "ssh://forgejo@git.ingolf-wagner.de:2222/palo/nixos-private-parts.git"
}, },
"original": { "original": {
"ref": "main", "ref": "main",
"type": "git", "type": "git",
"url": "ssh://forgejo@git.ingolf-wagner.de/palo/nixos-private-parts.git" "url": "ssh://forgejo@git.ingolf-wagner.de:2222/palo/nixos-private-parts.git"
} }
}, },
"retiolum": { "retiolum": {

View file

@ -33,7 +33,7 @@
permown.url = "github:mrVanDalo/module.permown"; permown.url = "github:mrVanDalo/module.permown";
polygon-art.url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git"; polygon-art.url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git";
private-parts.inputs.nixpkgs.follows = "nixpkgs"; # only private input private-parts.inputs.nixpkgs.follows = "nixpkgs"; # only private input
private-parts.url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/nixos-private-parts.git?ref=main"; private-parts.url = "git+ssh://forgejo@git.ingolf-wagner.de:2222/palo/nixos-private-parts.git?ref=main";
#private-parts.url = "git+file:///home/palo/dev/nixos/nixos-private-parts"; #private-parts.url = "git+file:///home/palo/dev/nixos/nixos-private-parts";
retiolum.url = "github:Mic92/retiolum"; retiolum.url = "github:Mic92/retiolum";
srvos.url = "github:nix-community/srvos"; srvos.url = "github:nix-community/srvos";

View file

@ -137,6 +137,18 @@ in
#"com.sun:auto-snapshot:monthly" = toString true; #"com.sun:auto-snapshot:monthly" = toString true;
}; };
}; };
"forgejo" = {
type = "zfs_fs";
mountpoint = "/var/lib/nixos-containers/forgejo";
options = {
mountpoint = "legacy";
compression = "lz4";
"com.sun:auto-snapshot:hourly" = toString true;
"com.sun:auto-snapshot:daily" = toString true;
#"com.sun:auto-snapshot:weekly" = toString true;
#"com.sun:auto-snapshot:monthly" = toString true;
};
};
"taskchampion" = { "taskchampion" = {
type = "zfs_fs"; type = "zfs_fs";
mountpoint = config.services.taskchampion-sync-server.dataDir; mountpoint = config.services.taskchampion-sync-server.dataDir;

View file

@ -30,12 +30,12 @@ in
prompt = "please enter your gitea-runner password"; prompt = "please enter your gitea-runner password";
path = with pkgs; [ coreutils ]; path = with pkgs; [ coreutils ];
script = '' script = ''
echo "$prompt_value" > "$secrets"/gitea-runner.token echo "TOKEN=$prompt_value" > "$secrets"/gitea-runner.token
''; '';
}; };
}; };
systemd.services."gitea-runner-${escapeSystemdPath "git.ingolf-wagner.de"}" = { systemd.services."gitea-runner-orbi" = {
serviceConfig = { serviceConfig = {
DynamicUser = lib.mkForce false; DynamicUser = lib.mkForce false;
}; };
@ -43,7 +43,7 @@ in
services.gitea-actions-runner = { services.gitea-actions-runner = {
package = pkgs.forgejo-runner; package = pkgs.forgejo-runner;
instances."git.ingolf-wagner.de" = { instances."orbi" = {
enable = true; enable = true;
settings = { settings = {
runner = { runner = {
@ -64,7 +64,8 @@ in
]; ];
url = "https://git.ingolf-wagner.de"; url = "https://git.ingolf-wagner.de";
tokenFile = config.clan.core.facts.services.gitea-runner.secret."gitea-runner.token".path; tokenFile = config.clan.core.facts.services.gitea-runner.secret."gitea-runner.token".path;
name = "fick_deine_mudda"; name = "orbi";
labels = [ labels = [
# provide a debian base with nodejs for actions # provide a debian base with nodejs for actions
#"debian-latest:docker://node:18-bullseye" #"debian-latest:docker://node:18-bullseye"

View file

@ -2,14 +2,29 @@
config, config,
lib, lib,
pkgs, pkgs,
components,
inputs,
... ...
}: }:
let
mysqlPort = 3333;
sshPort = 2222;
mysqlPackage = pkgs.mysql;
forgejoPort = 3000;
in
{ {
healthchecks.http.forgejjo = { healthchecks.http.forgejjo = {
url = "https://git.ingolf-wagner.de/explore/repos"; url = "https://git.ingolf-wagner.de/explore/repos";
expectedContent = "palo/nixos-config"; expectedContent = "palo/nixos-config";
}; };
healthchecks.closed.public.ports.forgejo = [
mysqlPort
forgejoPort
];
networking.firewall.allowedTCPPorts = [ sshPort ];
networking.firewall.allowedUDPPorts = [ sshPort ];
# todo : make a healthcheck on open ssh port
services.nginx = { services.nginx = {
enable = true; enable = true;
@ -25,20 +40,89 @@
}; };
}; };
services.forgejo = { containers.forgejo = {
enable = true; privateNetwork = false;
package = pkgs.forgejo; autoStart = true;
settings = { specialArgs = {
server.ROOT_URL = "https://git.ingolf-wagner.de/"; inherit components;
server.DOMAIN = "git.ingolf-wagner.de";
DEFAULT.APP_NAME = "git.ingolf-wagner.de";
service.DISABLE_REGISTRATION = true;
session.COOKIE_SECURE = true;
log.LEVEL = "Warn";
other = {
SHOW_FOOTER_VERSION = false;
};
}; };
config =
{
config,
lib,
components,
...
}:
{
nixpkgs.pkgs = pkgs;
imports = [
"${components}/monitor/container.nix"
inputs.nix-topology.nixosModules.default
];
system.stateVersion = "24.11";
services.logrotate.checkConfig = false; # because uid 3000 does not exist in here
# ssh server (not really needed)
# ------------------------------
#services.openssh = {
# enable = true;
# ports = [ sshPort ];
# settings.X11Forwarding = false;
# settings.PasswordAuthentication = false;
#};
# forgejo
# -------
services.forgejo = {
enable = true;
package = pkgs.forgejo;
database = {
type = "mysql";
port = mysqlPort;
};
settings = {
server.SSH_PORT = sshPort;
server.START_SSH_SERVER = true;
server.HTTP_PORT = forgejoPort;
server.ROOT_URL = "https://git.ingolf-wagner.de/";
server.DOMAIN = "git.ingolf-wagner.de";
DEFAULT.APP_NAME = "git.ingolf-wagner.de";
service.DISABLE_REGISTRATION = true;
session.COOKIE_SECURE = true;
log.LEVEL = "Warn";
other = {
SHOW_FOOTER_VERSION = false;
};
};
};
# MySQL Database
# --------------
services.mysql = {
enable = true;
package = mysqlPackage;
settings.mysqld.port = mysqlPort;
ensureDatabases = [ config.services.forgejo.database.name ];
ensureUsers = [
{
name = config.services.forgejo.database.user;
ensurePermissions = {
"${config.services.forgejo.database.name}.*" = "ALL PRIVILEGES";
};
}
];
};
# Backup Database
# ---------------
services.mysqlBackup = {
enable = false;
databases = config.services.mysql.ensureDatabases;
singleTransaction = true;
};
};
}; };
} }

View file

@ -16,7 +16,10 @@ in
networking.firewall.interfaces.wg0.allowedTCPPorts = [ photoprismPort ]; networking.firewall.interfaces.wg0.allowedTCPPorts = [ photoprismPort ];
# networking.firewall.interfaces.wg0.allowedUDPPorts = [ photoprismPort ]; # networking.firewall.interfaces.wg0.allowedUDPPorts = [ photoprismPort ];
healthchecks.closed.public.ports.photoprism = [ photoprismPort ]; healthchecks.closed.public.ports.photoprism = [
photoprismPort
mysqlPort
];
healthchecks.http.photoprism = { healthchecks.http.photoprism = {
url = "http://10.100.0.1:2342/library/login"; url = "http://10.100.0.1:2342/library/login";
expectedContent = "AI-Powered Photos App"; expectedContent = "AI-Powered Photos App";