Gitea added, some mail config improvements

2023-12-26 16:35:33 +01:00 · 2023-12-26 16:35:33 +01:00 · 624f18f54b
parent ea2a74a4a2
commit 624f18f54b
6 changed files with 72 additions and 22 deletions
--- a/flake.lock
+++ b/flake.lock
@ -7,11 +7,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1703355189,
-        "narHash": "sha256-fflRwsyW+R3u0kScApX6uP7oSln9ToFoFy9/5LOKTK0=",
+        "lastModified": 1703527373,
+        "narHash": "sha256-AjypRssRtS6F3xkf7rE3/bXkIF2WJOZLbTIspjcE1zM=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "de9134144b456104953c2533debb27a02787891f",
+        "rev": "80679ea5074ab7190c4cce478c600057cfb5edae",
        "type": "github"
      },
      "original": {
@ -23,11 +23,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1703013332,
-        "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
+        "lastModified": 1703255338,
+        "narHash": "sha256-Z6wfYJQKmDN9xciTwU3cOiOk+NElxdZwy/FiHctCzjU=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
+        "rev": "6df37dc6a77654682fe9f071c62b4242b5342e04",
        "type": "github"
      },
      "original": {
@ -39,11 +39,11 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1702777222,
-        "narHash": "sha256-/SYmqgxTYzqZnQEfbOCHCN4GzqB9uAIsR9IWLzo0/8I=",
+        "lastModified": 1703351344,
+        "narHash": "sha256-9FEelzftkE9UaJ5nqxidaJJPEhe9TPhbypLHmc2Mysc=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "a19a71d1ee93226fd71984359552affbc1cd3dc3",
+        "rev": "7790e078f8979a9fcd543f9a47427eeaba38f268",
        "type": "github"
      },
      "original": {
@ -55,11 +55,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1703013332,
-        "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
+        "lastModified": 1703255338,
+        "narHash": "sha256-Z6wfYJQKmDN9xciTwU3cOiOk+NElxdZwy/FiHctCzjU=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
+        "rev": "6df37dc6a77654682fe9f071c62b4242b5342e04",
        "type": "github"
      },
      "original": {
@ -71,11 +71,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1702539185,
-        "narHash": "sha256-KnIRG5NMdLIpEkZTnN5zovNYc0hhXjAgv6pfd5Z4c7U=",
+        "lastModified": 1703134684,
+        "narHash": "sha256-SQmng1EnBFLzS7WSRyPM9HgmZP2kLJcPAz+Ug/nug6o=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "aa9d4729cbc99dabacb50e3994dcefb3ea0f7447",
+        "rev": "d6863cbcbbb80e71cecfc03356db1cda38919523",
        "type": "github"
      },
      "original": {
@ -99,11 +99,11 @@
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
-        "lastModified": 1702937567,
-        "narHash": "sha256-bUNl3GPqRgTGp13+oV1DrYa1/NHuGHo5SKmr+RqC/2g=",
+        "lastModified": 1703387502,
+        "narHash": "sha256-JnWuQmyanPtF8c5yAEFXVWzaIlMxA3EAZCh8XNvnVqE=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "f7db64b88dabc95e4f7bee20455f418e7ab805d4",
+        "rev": "e523e89763ff45f0a6cf15bcb1092636b1da9ed3",
        "type": "github"
      },
      "original": {
--- a/nixos/queen/configuration.nix
+++ b/nixos/queen/configuration.nix
@ -22,7 +22,7 @@
    ./webmail.nix
    ./gotosocial.nix
    ../upgrade/postgresql.nix
-    #./akkoma.nix
+    ./akkoma.nix
  ];

  boot.tmp.cleanOnBoot = true;
@ -88,6 +88,7 @@
    docker
    docker-compose
    git
+    gitea
    gotosocial
    alejandra
    exiftool
--- a/nixos/queen/gittea.nix
+++ b/nixos/queen/gittea.nix
@ -0,0 +1,43 @@
+{
+  inputs,
+  outputs,
+  lib,
+  config,
+  pkgs,
+  ...
+}: {
+  imports = [];
+  users.users = {
+    gitea = {
+      isSystemUser = true;
+      isNormalUser = false;
+      extraGroups = ["virtualMail"];
+    };
+  };
+  sops.secrets."mailpassunhash".mode = "0440";
+  sops.secrets."mailpassunhash".owner = config.users.users.virtualMail.name;
+
+  services.gitea = {
+    enable = true;
+    #TODO: different mail passwords for different services
+    mailerPasswordFile = config.sops.secrets."mailpassunhash".path;
+    database = {
+      type = "postgres";
+    };
+    domain = "git.lillianviolet.dev";
+    rootUrl = "https://git.lillianviolet.dev/";
+    httpPort = 3218;
+  };
+
+  services.nginx = {
+    virtualHosts = {
+      "git.lillianviolet.dev" = {
+        forceSSL = true;
+        enableACME = true;
+        locations."/" = {
+          proxyPass = "http://localhost:3218";
+        };
+      };
+    };
+  };
+}
--- a/nixos/queen/gotosocial.nix
+++ b/nixos/queen/gotosocial.nix
@ -38,7 +38,7 @@
      smtp-host = "localhost";
      smtp-port = 587;
      smtp-username = "no-reply@social.gladtherescake.eu";
-      smtp-password = config.sops.secrets."mailpass".path;
+      smtp-password = config.sops.secrets."mailpassunhash".path;
      smtp-from = "no-reply@social.gladtherescake.eu";
    };
  };
--- a/nixos/queen/postgres.nix
+++ b/nixos/queen/postgres.nix
@ -14,6 +14,7 @@
      "onlyoffice"
      "akkoma"
      "gotosocial"
+      "gitea"
    ];
    ensureUsers = [
      {
@ -32,6 +33,10 @@
        name = "gotosocial";
        ensureDBOwnership = true;
      }
+      {
+        name = "gitea";
+        ensureDBOwnership = true;
+      }
    ];
  };
 }
--- a/secrets/queen-Lillian.yaml
+++ b/secrets/queen-Lillian.yaml
@ -4,6 +4,7 @@ local.json: ENC[AES256_GCM,data:EWMZTvnP9DmJKZq3mejvlSc8e2BZxcREn+XB1tAM5NLS0G2f
 mailpass: ENC[AES256_GCM,data:UVrc1RUV0xJFPiZ8J4refglR0p35gUd21EvvTSoeXHVE9/xC0biKmjdPu8cBmimNPmKJMvZRf8wOz+/x,iv:zIYI9JY/bfUc3nNPNopKMbh09B6KUotMUAmNDzVUBN8=,tag:53N8WlQ5CDlrp/KIEQiHgQ==,type:str]
 releaseCookie: ENC[AES256_GCM,data:oG8DcUP+gIm5xPzIJdmjrtX/TdrcS8IgeGJeu0oOmZb0/J0AP0o3qw==,iv:zS12xjcNbLaLaLd3VQT8+o9hDqTo1cZdxoPjjhiExDU=,tag:nJFelasEUjebEBpvmfcDEA==,type:str]
 mssqlpass: ENC[AES256_GCM,data:XEu4bQC5qM5Cm8UDVX3qAzTuL/t3xbx+qcEbZM4h3Hg=,iv:jgpZ93THYBlUvJDC5+YZiIxu/14e7nFSy76J0vc8Hek=,tag:iKsEDp/KZ5juqzmUgtP8iA==,type:str]
+mailpassunhash: ENC[AES256_GCM,data:q/P3nrNLy3hCISDmalw94nzWIFhoCdCTyflj27D2Ltr8,iv:oAFna87l3sL/42ljUF1QsRL0xBrP82uYdKLxK/8HcQE=,tag:liFFGHbNPOpOHyMsjnvMOQ==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -19,8 +20,8 @@ sops:
            KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
            NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-11-27T22:46:02Z"
-    mac: ENC[AES256_GCM,data:8aObcXuGWeb3XeOxEh+rvkGKGl9FXAB3jzAE0IbvoOpGFK0mpeOlIp+4BsGVo6LjecGfE80mBE49mCgC27KqYEq+jUC4onFiIgWB0VQSD367vd4BLZJqIYH7H+X3bShw7JGHq9Kq+CDwbCOzAQJHltYDg4jhJ5qbWqNINJ6t7tY=,iv:OWmROKYvN4nCwGNSFrue2icqNQ+QOp9xVlfLXUwuS1s=,tag:N3AHph2pnTSKwlO1Px/TwQ==,type:str]
+    lastmodified: "2023-12-26T15:30:39Z"
+    mac: ENC[AES256_GCM,data:j0ZX7F0etvbL1Th3I3eO36PSA5/IiXHzPFWJdxeZEUN9N40hshppeRQ/54Nnn//k9uFennC4F/CIFu5fZioBcQJUnxuCy2EmpztWiGSIbiO94+H2ovMy9Wly8NgvG/DnYb1uSBhTEdXJoEDbzJ/ngb/MtvgB1mCZKbhIw88IDM0=,iv:5XcfXAu6mORLd/O2UCfaPhiPQul7b807xy1PyZo3MF0=,tag:mC5JAmb7jgezJjm5AXT+sg==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1