update flake to 23.11 #79
|
|
@ -93,7 +93,7 @@
|
||||||
sysstat
|
sysstat
|
||||||
tree
|
tree
|
||||||
whois
|
whois
|
||||||
exa
|
eza
|
||||||
zsh
|
zsh
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -38,9 +38,7 @@ in
|
||||||
enable = lib.mkForce true; # upstream bacula config wants to disable it, so we need to force
|
enable = lib.mkForce true; # upstream bacula config wants to disable it, so we need to force
|
||||||
ensureUsers = [{
|
ensureUsers = [{
|
||||||
name = "course-management";
|
name = "course-management";
|
||||||
ensurePermissions = {
|
ensureDBOwnership = true;
|
||||||
"DATABASE \"course-management\"" = "ALL PRIVILEGES";
|
|
||||||
};
|
|
||||||
}];
|
}];
|
||||||
ensureDatabases = [ "course-management" ];
|
ensureDatabases = [ "course-management" ];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -67,9 +67,7 @@ in
|
||||||
enableTCPIP = lib.mkForce false;
|
enableTCPIP = lib.mkForce false;
|
||||||
ensureUsers = [{
|
ensureUsers = [{
|
||||||
name = "course-management";
|
name = "course-management";
|
||||||
ensurePermissions = {
|
ensureDBOwnership = true;
|
||||||
"DATABASE \"course-management\"" = "ALL PRIVILEGES";
|
|
||||||
};
|
|
||||||
}];
|
}];
|
||||||
ensureDatabases = [ "course-management" ];
|
ensureDatabases = [ "course-management" ];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -1,40 +1,43 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
let
|
let
|
||||||
domain = "git.${config.networking.domain}";
|
domain = "git.${config.networking.domain}";
|
||||||
giteaUser = "git";
|
gitUser = "git";
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
sops.secrets.gitea_ldap_search = {
|
sops.secrets.gitea_ldap_search = {
|
||||||
key = "portunus/search-password";
|
key = "portunus/search-password";
|
||||||
owner = config.services.gitea.user;
|
owner = config.services.forgejo.user;
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users.${giteaUser} = {
|
users.users.${gitUser} = {
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
home = config.services.gitea.stateDir;
|
home = config.services.gitea.stateDir;
|
||||||
group = giteaUser;
|
group = gitUser;
|
||||||
useDefaultShell = true;
|
useDefaultShell = true;
|
||||||
};
|
};
|
||||||
users.groups.${giteaUser} = { };
|
users.groups.${gitUser} = { };
|
||||||
|
|
||||||
services.gitea = {
|
services.forgejo = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.forgejo; # community fork
|
# package = pkgs.forgejo; # community fork
|
||||||
user = giteaUser;
|
user = gitUser;
|
||||||
group = giteaUser;
|
group = gitUser;
|
||||||
appName = "iFSR Git";
|
|
||||||
lfs.enable = true;
|
lfs.enable = true;
|
||||||
|
|
||||||
database = {
|
database = {
|
||||||
type = "postgres";
|
type = "postgres";
|
||||||
|
name = "git"; # legacy
|
||||||
createDatabase = true;
|
createDatabase = true;
|
||||||
user = giteaUser;
|
user = gitUser;
|
||||||
};
|
};
|
||||||
|
|
||||||
# TODO: enable periodic dumps of the DB and repos, maybe use this for backups?
|
# TODO: enable periodic dumps of the DB and repos, maybe use this for backups?
|
||||||
# dump = { };
|
# dump = { };
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
|
DEFAULT = {
|
||||||
|
APP_NAME = "iFSR Git";
|
||||||
|
};
|
||||||
server = {
|
server = {
|
||||||
PROTOCOL = "http+unix";
|
PROTOCOL = "http+unix";
|
||||||
DOMAIN = domain;
|
DOMAIN = domain;
|
||||||
|
|
@ -68,7 +71,7 @@ in
|
||||||
|
|
||||||
systemd.services.gitea.preStart =
|
systemd.services.gitea.preStart =
|
||||||
let
|
let
|
||||||
exe = lib.getExe config.services.gitea.package;
|
exe = lib.getExe config.services.forgejo.package;
|
||||||
portunus = config.services.portunus;
|
portunus = config.services.portunus;
|
||||||
basedn = "ou=users,${portunus.ldap.suffix}";
|
basedn = "ou=users,${portunus.ldap.suffix}";
|
||||||
ldapConfigArgs = ''
|
ldapConfigArgs = ''
|
||||||
|
|
@ -108,7 +111,7 @@ in
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://unix:${config.services.gitea.settings.server.HTTP_ADDR}:/";
|
proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/";
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
};
|
};
|
||||||
locations."/api/v1/users/search".return = "403";
|
locations."/api/v1/users/search".return = "403";
|
||||||
|
|
|
||||||
|
|
@ -14,9 +14,7 @@ in
|
||||||
ensureUsers = [
|
ensureUsers = [
|
||||||
{
|
{
|
||||||
name = "hedgedoc";
|
name = "hedgedoc";
|
||||||
ensurePermissions = {
|
ensureDBOwnership = true;
|
||||||
"DATABASE hedgedoc" = "ALL PRIVILEGES";
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
ensureDatabases = [ "hedgedoc" ];
|
ensureDatabases = [ "hedgedoc" ];
|
||||||
|
|
|
||||||
|
|
@ -20,7 +20,7 @@
|
||||||
webSettings = {
|
webSettings = {
|
||||||
DATABASES.default = {
|
DATABASES.default = {
|
||||||
ENGINE = "django.db.backends.postgresql";
|
ENGINE = "django.db.backends.postgresql";
|
||||||
NAME = "mailmanweb";
|
NAME = "mailman-web";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
ldap = {
|
ldap = {
|
||||||
|
|
@ -45,18 +45,14 @@
|
||||||
ensureUsers = [
|
ensureUsers = [
|
||||||
{
|
{
|
||||||
name = "mailman";
|
name = "mailman";
|
||||||
ensurePermissions = {
|
ensureDBOwnership = true;
|
||||||
"DATABASE mailman" = "ALL PRIVILEGES";
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
name = "mailman-web";
|
name = "mailman-web";
|
||||||
ensurePermissions = {
|
ensureDBOwnership = true;
|
||||||
"DATABASE mailmanweb" = "ALL PRIVILEGES";
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
ensureDatabases = [ "mailman" "mailmanweb" ];
|
ensureDatabases = [ "mailman" "mailman-web" ];
|
||||||
};
|
};
|
||||||
services.nginx.virtualHosts."lists.${config.networking.domain}" = {
|
services.nginx.virtualHosts."lists.${config.networking.domain}" = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
|
|
||||||
|
|
@ -10,9 +10,7 @@ in
|
||||||
enable = true;
|
enable = true;
|
||||||
ensureUsers = [{
|
ensureUsers = [{
|
||||||
name = "mautrix-telegram";
|
name = "mautrix-telegram";
|
||||||
ensurePermissions = {
|
ensureDBOwnership = true;
|
||||||
"DATABASE \"mautrix-telegram\"" = "ALL PRIVILEGES";
|
|
||||||
};
|
|
||||||
}];
|
}];
|
||||||
ensureDatabases = [ "mautrix-telegram" ];
|
ensureDatabases = [ "mautrix-telegram" ];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,6 @@ in
|
||||||
enable = true;
|
enable = true;
|
||||||
configureRedis = true;
|
configureRedis = true;
|
||||||
package = pkgs.nextcloud27;
|
package = pkgs.nextcloud27;
|
||||||
enableBrokenCiphersForSSE = false; # disable the openssl warning
|
|
||||||
hostName = domain;
|
hostName = domain;
|
||||||
https = true; # Use https for all urls
|
https = true; # Use https for all urls
|
||||||
phpExtraExtensions = all: [
|
phpExtraExtensions = all: [
|
||||||
|
|
|
||||||
|
|
@ -51,9 +51,7 @@ in
|
||||||
ensureUsers = [
|
ensureUsers = [
|
||||||
{
|
{
|
||||||
name = "sogo";
|
name = "sogo";
|
||||||
ensurePermissions = {
|
ensureDBOwnership = true;
|
||||||
"DATABASE sogo" = "ALL PRIVILEGES";
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
ensureDatabases = [ "sogo" ];
|
ensureDatabases = [ "sogo" ];
|
||||||
|
|
|
||||||
|
|
@ -25,9 +25,7 @@ in
|
||||||
ensureUsers = [
|
ensureUsers = [
|
||||||
{
|
{
|
||||||
name = "vaultwarden";
|
name = "vaultwarden";
|
||||||
ensurePermissions = {
|
ensureDBOwnership = true;
|
||||||
"DATABASE vaultwarden" = "ALL PRIVILEGES";
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
ensureDatabases = [ "vaultwarden" ];
|
ensureDatabases = [ "vaultwarden" ];
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue