diff --git a/modules/update.nix b/modules/update.nix index 143a4f8..0146082 100644 --- a/modules/update.nix +++ b/modules/update.nix @@ -1,7 +1,7 @@ { lib, ... }: { services.autopull = { - enable = lib.mkDefault false; + enable = lib.mkDefault true; repo.dotfiles = { enable = lib.mkDefault false; ssh-key = lib.mkDefault "/root/.ssh/id_ed25519_ghdeploy"; diff --git a/systems/palatine-hill/configuration.nix b/systems/palatine-hill/configuration.nix index 1c9b253..3767cdb 100644 --- a/systems/palatine-hill/configuration.nix +++ b/systems/palatine-hill/configuration.nix @@ -8,6 +8,7 @@ imports = [ ./attic ./docker.nix + ./gitea.nix ./haproxy ./hardware-changes.nix ./hydra.nix diff --git a/systems/palatine-hill/gitea.nix b/systems/palatine-hill/gitea.nix new file mode 100644 index 0000000..ae0050e --- /dev/null +++ b/systems/palatine-hill/gitea.nix @@ -0,0 +1,30 @@ +{ + config, + lib, + pkgs, + ... +}: +let + base_path = "/ZFS/ZFS-primary/gitea"; +in +{ + services.gitea = { + enable = true; + appName = "Nyx's Gitea"; # Give the site a name + database = { + type = "postgres"; + passwordFile = config.sops.secrets."gitea/dbpass".path; + host = "127.0.0.1:5432"; + }; + domain = "git.alicehuston.xyz"; + rootUrl = "https://git.alicehuston.xyz/"; + httpPort = 443; + stateDir = base_path; + lfs.enable = true; + recommendedDefaults = true; + }; + + sops.secrets = { + "gitea/dbpass".owner = "gitea"; + }; +} diff --git a/systems/palatine-hill/secrets.yaml b/systems/palatine-hill/secrets.yaml index 0ff3f91..50bf7f5 100644 --- a/systems/palatine-hill/secrets.yaml +++ b/systems/palatine-hill/secrets.yaml @@ -8,6 +8,8 @@ attic: adm: ENC[AES256_GCM,data:fTXg7sVtyjzm2zPLBSYX0wsAjhPZz/fwOWjk6bYEFNDAz9Esw2VFqG84E53cSj62KxClx8jlakA6RyXH5betcrxoRybrEuvdej76TS4kAP3cgK1OUEbcw0gWsgJPleH2BVAn6/5AhtISmglx0RykyKDtjBoxO1ewwwKesd5brIBD2DhLyaYJLFB42to1HmLe7FgYDaR2Q/W5B6W7RMueFwjA4/Y2ELoFQpwqF2HvcyFO58x8BFhIla6T+MB5l5I2qoYNlN5AayUur5xlALRUGH2PCJEiTrt8hXhYPkSlkiiwORBwwK7w89kO+tsHoDW8u3F/aKBbBnikIkaXnSa694mg0twmTOYL,iv:OBk9nrRA2t/9DvEI/OJTwp8nX4iP+foohueZON9Tlgs=,tag:Y1hVX2wva9QridJ5els9Fg==,type:str] postgres: init: ENC[AES256_GCM,data:Pq24kdMXLAbePqIHPiJx3xXYEm2UbY598iNDf+z2k1HDhStHAd10CCyJYEgppCw2lkDNY54A3PQ=,iv:RE9DQ9Xw4tDFBD67dk3ggyqYqoGVhZf5kO53WoF3fJ4=,tag:dZwZfgI2H9JTClkyUI1MqQ==,type:str] +gitea: + dbpass: ENC[AES256_GCM,data:UXc/5vBoe07DUbWrw6o=,iv:sDNK+g+9YLoN54UVVCe0ZSZQ1BrUCLVCSDfp5/A65A0=,tag:La0PXWzplDiT5eoXDheP7w==,type:str] upsmon: password: ENC[AES256_GCM,data:0tZKzQOYaij9jdnDTv61ma8i,iv:GEqlCOOUHTjUzfz+X5lCnqcX9SjAG6bVc8Luv97wnSg=,tag:XLvsucW6sIMHKG2AHmxZEw==,type:str] minio: @@ -29,8 +31,8 @@ sops: d241ZnZ2MWg3YVNBbkh2S0NqeE5PdFEKWqnQH4kZszkKZTSgur0c5hGMoMx9zBdz tSvUbe2+WKX7q6y7XqsD1KjFI+POVDF+YN7H9ja96+JqvKRteXNhCg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-07-07T23:09:33Z" - mac: ENC[AES256_GCM,data:nr1JAEr2FGrYtiUhrQFsBPbiR+toxzYRZVPqq7zYBMeNy70a5jMgw6qm37M8Hmt7omO/KePE+Ol27FI9Aqn8OP3CQZoSWZbul+TTItV5UWC84G3MebaesnIiFQwbpM9hz08VoQ1zxUiUFnUY4bBr6okNSyJeqq/QmkkyqhK4Wlo=,iv:0MR7AiQEX2Cl7FUtRlxaY+R2oqSbanIhwaXAN/UnHH0=,tag:RpQCtsuelu3VQVB9HzJE+g==,type:str] + lastmodified: "2024-10-20T05:31:08Z" + mac: ENC[AES256_GCM,data:YA4sgsQkb5wdz5dYpFZ7tA7ioOijurTbmfHdWXPC6bvvfyZymR+SwlLtAxoD/oN0/AUYgPJWzOuisARuxLB+zmZf6fHs/mOAlzNVZreigACJkKqRwtOfY0K8IlaWZgANB7Y524UNmDzsalnmNAsdp0pWkeuvKTUw5FwJHoUHOxU=,iv:r+DTXMqTHf+SQbgI6WodYLt0E7CTmz4CtgotE+lNdSg=,tag:Zh3/4IYIkCb1mq4foj4PqQ==,type:str] pgp: - created_at: "2024-09-05T06:10:49Z" enc: |- @@ -45,4 +47,4 @@ sops: -----END PGP MESSAGE----- fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330 unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.1