From 624f18f54b848c86120500302994c38a95c32398 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Tue, 26 Dec 2023 16:35:33 +0100 Subject: [PATCH] Gitea added, some mail config improvements --- flake.lock | 36 ++++++++++++++--------------- nixos/queen/configuration.nix | 3 ++- nixos/queen/gittea.nix | 43 +++++++++++++++++++++++++++++++++++ nixos/queen/gotosocial.nix | 2 +- nixos/queen/postgres.nix | 5 ++++ secrets/queen-Lillian.yaml | 5 ++-- 6 files changed, 72 insertions(+), 22 deletions(-) create mode 100644 nixos/queen/gittea.nix diff --git a/flake.lock b/flake.lock index 8b27426..7706688 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1703355189, - "narHash": "sha256-fflRwsyW+R3u0kScApX6uP7oSln9ToFoFy9/5LOKTK0=", + "lastModified": 1703527373, + "narHash": "sha256-AjypRssRtS6F3xkf7rE3/bXkIF2WJOZLbTIspjcE1zM=", "owner": "nix-community", "repo": "home-manager", - "rev": "de9134144b456104953c2533debb27a02787891f", + "rev": "80679ea5074ab7190c4cce478c600057cfb5edae", "type": "github" }, "original": { @@ -23,11 +23,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1703013332, - "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", + "lastModified": 1703255338, + "narHash": "sha256-Z6wfYJQKmDN9xciTwU3cOiOk+NElxdZwy/FiHctCzjU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", + "rev": "6df37dc6a77654682fe9f071c62b4242b5342e04", "type": "github" }, "original": { @@ -39,11 +39,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1702777222, - "narHash": "sha256-/SYmqgxTYzqZnQEfbOCHCN4GzqB9uAIsR9IWLzo0/8I=", + "lastModified": 1703351344, + "narHash": "sha256-9FEelzftkE9UaJ5nqxidaJJPEhe9TPhbypLHmc2Mysc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a19a71d1ee93226fd71984359552affbc1cd3dc3", + "rev": "7790e078f8979a9fcd543f9a47427eeaba38f268", "type": "github" }, "original": { @@ -55,11 +55,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1703013332, - "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", + "lastModified": 1703255338, + "narHash": "sha256-Z6wfYJQKmDN9xciTwU3cOiOk+NElxdZwy/FiHctCzjU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", + "rev": "6df37dc6a77654682fe9f071c62b4242b5342e04", "type": "github" }, "original": { @@ -71,11 +71,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1702539185, - "narHash": "sha256-KnIRG5NMdLIpEkZTnN5zovNYc0hhXjAgv6pfd5Z4c7U=", + "lastModified": 1703134684, + "narHash": "sha256-SQmng1EnBFLzS7WSRyPM9HgmZP2kLJcPAz+Ug/nug6o=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "aa9d4729cbc99dabacb50e3994dcefb3ea0f7447", + "rev": "d6863cbcbbb80e71cecfc03356db1cda38919523", "type": "github" }, "original": { @@ -99,11 +99,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1702937567, - "narHash": "sha256-bUNl3GPqRgTGp13+oV1DrYa1/NHuGHo5SKmr+RqC/2g=", + "lastModified": 1703387502, + "narHash": "sha256-JnWuQmyanPtF8c5yAEFXVWzaIlMxA3EAZCh8XNvnVqE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "f7db64b88dabc95e4f7bee20455f418e7ab805d4", + "rev": "e523e89763ff45f0a6cf15bcb1092636b1da9ed3", "type": "github" }, "original": { diff --git a/nixos/queen/configuration.nix b/nixos/queen/configuration.nix index dbf8a97..717609e 100644 --- a/nixos/queen/configuration.nix +++ b/nixos/queen/configuration.nix @@ -22,7 +22,7 @@ ./webmail.nix ./gotosocial.nix ../upgrade/postgresql.nix - #./akkoma.nix + ./akkoma.nix ]; boot.tmp.cleanOnBoot = true; @@ -88,6 +88,7 @@ docker docker-compose git + gitea gotosocial alejandra exiftool diff --git a/nixos/queen/gittea.nix b/nixos/queen/gittea.nix new file mode 100644 index 0000000..238220e --- /dev/null +++ b/nixos/queen/gittea.nix @@ -0,0 +1,43 @@ +{ + inputs, + outputs, + lib, + config, + pkgs, + ... +}: { + imports = []; + users.users = { + gitea = { + isSystemUser = true; + isNormalUser = false; + extraGroups = ["virtualMail"]; + }; + }; + sops.secrets."mailpassunhash".mode = "0440"; + sops.secrets."mailpassunhash".owner = config.users.users.virtualMail.name; + + services.gitea = { + enable = true; + #TODO: different mail passwords for different services + mailerPasswordFile = config.sops.secrets."mailpassunhash".path; + database = { + type = "postgres"; + }; + domain = "git.lillianviolet.dev"; + rootUrl = "https://git.lillianviolet.dev/"; + httpPort = 3218; + }; + + services.nginx = { + virtualHosts = { + "git.lillianviolet.dev" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:3218"; + }; + }; + }; + }; +} diff --git a/nixos/queen/gotosocial.nix b/nixos/queen/gotosocial.nix index 576f419..a09cc3e 100644 --- a/nixos/queen/gotosocial.nix +++ b/nixos/queen/gotosocial.nix @@ -38,7 +38,7 @@ smtp-host = "localhost"; smtp-port = 587; smtp-username = "no-reply@social.gladtherescake.eu"; - smtp-password = config.sops.secrets."mailpass".path; + smtp-password = config.sops.secrets."mailpassunhash".path; smtp-from = "no-reply@social.gladtherescake.eu"; }; }; diff --git a/nixos/queen/postgres.nix b/nixos/queen/postgres.nix index 9d4cd88..92b9478 100644 --- a/nixos/queen/postgres.nix +++ b/nixos/queen/postgres.nix @@ -14,6 +14,7 @@ "onlyoffice" "akkoma" "gotosocial" + "gitea" ]; ensureUsers = [ { @@ -32,6 +33,10 @@ name = "gotosocial"; ensureDBOwnership = true; } + { + name = "gitea"; + ensureDBOwnership = true; + } ]; }; } diff --git a/secrets/queen-Lillian.yaml b/secrets/queen-Lillian.yaml index 6ee2f99..df84d54 100644 --- a/secrets/queen-Lillian.yaml +++ b/secrets/queen-Lillian.yaml @@ -4,6 +4,7 @@ local.json: ENC[AES256_GCM,data:EWMZTvnP9DmJKZq3mejvlSc8e2BZxcREn+XB1tAM5NLS0G2f mailpass: ENC[AES256_GCM,data:UVrc1RUV0xJFPiZ8J4refglR0p35gUd21EvvTSoeXHVE9/xC0biKmjdPu8cBmimNPmKJMvZRf8wOz+/x,iv:zIYI9JY/bfUc3nNPNopKMbh09B6KUotMUAmNDzVUBN8=,tag:53N8WlQ5CDlrp/KIEQiHgQ==,type:str] releaseCookie: ENC[AES256_GCM,data:oG8DcUP+gIm5xPzIJdmjrtX/TdrcS8IgeGJeu0oOmZb0/J0AP0o3qw==,iv:zS12xjcNbLaLaLd3VQT8+o9hDqTo1cZdxoPjjhiExDU=,tag:nJFelasEUjebEBpvmfcDEA==,type:str] mssqlpass: ENC[AES256_GCM,data:XEu4bQC5qM5Cm8UDVX3qAzTuL/t3xbx+qcEbZM4h3Hg=,iv:jgpZ93THYBlUvJDC5+YZiIxu/14e7nFSy76J0vc8Hek=,tag:iKsEDp/KZ5juqzmUgtP8iA==,type:str] +mailpassunhash: ENC[AES256_GCM,data:q/P3nrNLy3hCISDmalw94nzWIFhoCdCTyflj27D2Ltr8,iv:oAFna87l3sL/42ljUF1QsRL0xBrP82uYdKLxK/8HcQE=,tag:liFFGHbNPOpOHyMsjnvMOQ==,type:str] sops: kms: [] gcp_kms: [] @@ -19,8 +20,8 @@ sops: KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-11-27T22:46:02Z" - mac: ENC[AES256_GCM,data:8aObcXuGWeb3XeOxEh+rvkGKGl9FXAB3jzAE0IbvoOpGFK0mpeOlIp+4BsGVo6LjecGfE80mBE49mCgC27KqYEq+jUC4onFiIgWB0VQSD367vd4BLZJqIYH7H+X3bShw7JGHq9Kq+CDwbCOzAQJHltYDg4jhJ5qbWqNINJ6t7tY=,iv:OWmROKYvN4nCwGNSFrue2icqNQ+QOp9xVlfLXUwuS1s=,tag:N3AHph2pnTSKwlO1Px/TwQ==,type:str] + lastmodified: "2023-12-26T15:30:39Z" + mac: ENC[AES256_GCM,data:j0ZX7F0etvbL1Th3I3eO36PSA5/IiXHzPFWJdxeZEUN9N40hshppeRQ/54Nnn//k9uFennC4F/CIFu5fZioBcQJUnxuCy2EmpztWiGSIbiO94+H2ovMy9Wly8NgvG/DnYb1uSBhTEdXJoEDbzJ/ngb/MtvgB1mCZKbhIw88IDM0=,iv:5XcfXAu6mORLd/O2UCfaPhiPQul7b807xy1PyZo3MF0=,tag:mC5JAmb7jgezJjm5AXT+sg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1