Gitea added, some mail config improvements
This commit is contained in:
parent
ea2a74a4a2
commit
624f18f54b
36
flake.lock
36
flake.lock
|
@ -7,11 +7,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1703355189,
|
"lastModified": 1703527373,
|
||||||
"narHash": "sha256-fflRwsyW+R3u0kScApX6uP7oSln9ToFoFy9/5LOKTK0=",
|
"narHash": "sha256-AjypRssRtS6F3xkf7rE3/bXkIF2WJOZLbTIspjcE1zM=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "de9134144b456104953c2533debb27a02787891f",
|
"rev": "80679ea5074ab7190c4cce478c600057cfb5edae",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -23,11 +23,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1703013332,
|
"lastModified": 1703255338,
|
||||||
"narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
|
"narHash": "sha256-Z6wfYJQKmDN9xciTwU3cOiOk+NElxdZwy/FiHctCzjU=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
|
"rev": "6df37dc6a77654682fe9f071c62b4242b5342e04",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -39,11 +39,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-stable": {
|
"nixpkgs-stable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1702777222,
|
"lastModified": 1703351344,
|
||||||
"narHash": "sha256-/SYmqgxTYzqZnQEfbOCHCN4GzqB9uAIsR9IWLzo0/8I=",
|
"narHash": "sha256-9FEelzftkE9UaJ5nqxidaJJPEhe9TPhbypLHmc2Mysc=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "a19a71d1ee93226fd71984359552affbc1cd3dc3",
|
"rev": "7790e078f8979a9fcd543f9a47427eeaba38f268",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -55,11 +55,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-unstable": {
|
"nixpkgs-unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1703013332,
|
"lastModified": 1703255338,
|
||||||
"narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
|
"narHash": "sha256-Z6wfYJQKmDN9xciTwU3cOiOk+NElxdZwy/FiHctCzjU=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
|
"rev": "6df37dc6a77654682fe9f071c62b4242b5342e04",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -71,11 +71,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1702539185,
|
"lastModified": 1703134684,
|
||||||
"narHash": "sha256-KnIRG5NMdLIpEkZTnN5zovNYc0hhXjAgv6pfd5Z4c7U=",
|
"narHash": "sha256-SQmng1EnBFLzS7WSRyPM9HgmZP2kLJcPAz+Ug/nug6o=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "aa9d4729cbc99dabacb50e3994dcefb3ea0f7447",
|
"rev": "d6863cbcbbb80e71cecfc03356db1cda38919523",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -99,11 +99,11 @@
|
||||||
"nixpkgs-stable": "nixpkgs-stable"
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1702937567,
|
"lastModified": 1703387502,
|
||||||
"narHash": "sha256-bUNl3GPqRgTGp13+oV1DrYa1/NHuGHo5SKmr+RqC/2g=",
|
"narHash": "sha256-JnWuQmyanPtF8c5yAEFXVWzaIlMxA3EAZCh8XNvnVqE=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "f7db64b88dabc95e4f7bee20455f418e7ab805d4",
|
"rev": "e523e89763ff45f0a6cf15bcb1092636b1da9ed3",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -22,7 +22,7 @@
|
||||||
./webmail.nix
|
./webmail.nix
|
||||||
./gotosocial.nix
|
./gotosocial.nix
|
||||||
../upgrade/postgresql.nix
|
../upgrade/postgresql.nix
|
||||||
#./akkoma.nix
|
./akkoma.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.tmp.cleanOnBoot = true;
|
boot.tmp.cleanOnBoot = true;
|
||||||
|
@ -88,6 +88,7 @@
|
||||||
docker
|
docker
|
||||||
docker-compose
|
docker-compose
|
||||||
git
|
git
|
||||||
|
gitea
|
||||||
gotosocial
|
gotosocial
|
||||||
alejandra
|
alejandra
|
||||||
exiftool
|
exiftool
|
||||||
|
|
43
nixos/queen/gittea.nix
Normal file
43
nixos/queen/gittea.nix
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
{
|
||||||
|
inputs,
|
||||||
|
outputs,
|
||||||
|
lib,
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
imports = [];
|
||||||
|
users.users = {
|
||||||
|
gitea = {
|
||||||
|
isSystemUser = true;
|
||||||
|
isNormalUser = false;
|
||||||
|
extraGroups = ["virtualMail"];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
sops.secrets."mailpassunhash".mode = "0440";
|
||||||
|
sops.secrets."mailpassunhash".owner = config.users.users.virtualMail.name;
|
||||||
|
|
||||||
|
services.gitea = {
|
||||||
|
enable = true;
|
||||||
|
#TODO: different mail passwords for different services
|
||||||
|
mailerPasswordFile = config.sops.secrets."mailpassunhash".path;
|
||||||
|
database = {
|
||||||
|
type = "postgres";
|
||||||
|
};
|
||||||
|
domain = "git.lillianviolet.dev";
|
||||||
|
rootUrl = "https://git.lillianviolet.dev/";
|
||||||
|
httpPort = 3218;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx = {
|
||||||
|
virtualHosts = {
|
||||||
|
"git.lillianviolet.dev" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://localhost:3218";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -38,7 +38,7 @@
|
||||||
smtp-host = "localhost";
|
smtp-host = "localhost";
|
||||||
smtp-port = 587;
|
smtp-port = 587;
|
||||||
smtp-username = "no-reply@social.gladtherescake.eu";
|
smtp-username = "no-reply@social.gladtherescake.eu";
|
||||||
smtp-password = config.sops.secrets."mailpass".path;
|
smtp-password = config.sops.secrets."mailpassunhash".path;
|
||||||
smtp-from = "no-reply@social.gladtherescake.eu";
|
smtp-from = "no-reply@social.gladtherescake.eu";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -14,6 +14,7 @@
|
||||||
"onlyoffice"
|
"onlyoffice"
|
||||||
"akkoma"
|
"akkoma"
|
||||||
"gotosocial"
|
"gotosocial"
|
||||||
|
"gitea"
|
||||||
];
|
];
|
||||||
ensureUsers = [
|
ensureUsers = [
|
||||||
{
|
{
|
||||||
|
@ -32,6 +33,10 @@
|
||||||
name = "gotosocial";
|
name = "gotosocial";
|
||||||
ensureDBOwnership = true;
|
ensureDBOwnership = true;
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
name = "gitea";
|
||||||
|
ensureDBOwnership = true;
|
||||||
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,6 +4,7 @@ local.json: ENC[AES256_GCM,data:EWMZTvnP9DmJKZq3mejvlSc8e2BZxcREn+XB1tAM5NLS0G2f
|
||||||
mailpass: ENC[AES256_GCM,data:UVrc1RUV0xJFPiZ8J4refglR0p35gUd21EvvTSoeXHVE9/xC0biKmjdPu8cBmimNPmKJMvZRf8wOz+/x,iv:zIYI9JY/bfUc3nNPNopKMbh09B6KUotMUAmNDzVUBN8=,tag:53N8WlQ5CDlrp/KIEQiHgQ==,type:str]
|
mailpass: ENC[AES256_GCM,data:UVrc1RUV0xJFPiZ8J4refglR0p35gUd21EvvTSoeXHVE9/xC0biKmjdPu8cBmimNPmKJMvZRf8wOz+/x,iv:zIYI9JY/bfUc3nNPNopKMbh09B6KUotMUAmNDzVUBN8=,tag:53N8WlQ5CDlrp/KIEQiHgQ==,type:str]
|
||||||
releaseCookie: ENC[AES256_GCM,data:oG8DcUP+gIm5xPzIJdmjrtX/TdrcS8IgeGJeu0oOmZb0/J0AP0o3qw==,iv:zS12xjcNbLaLaLd3VQT8+o9hDqTo1cZdxoPjjhiExDU=,tag:nJFelasEUjebEBpvmfcDEA==,type:str]
|
releaseCookie: ENC[AES256_GCM,data:oG8DcUP+gIm5xPzIJdmjrtX/TdrcS8IgeGJeu0oOmZb0/J0AP0o3qw==,iv:zS12xjcNbLaLaLd3VQT8+o9hDqTo1cZdxoPjjhiExDU=,tag:nJFelasEUjebEBpvmfcDEA==,type:str]
|
||||||
mssqlpass: ENC[AES256_GCM,data:XEu4bQC5qM5Cm8UDVX3qAzTuL/t3xbx+qcEbZM4h3Hg=,iv:jgpZ93THYBlUvJDC5+YZiIxu/14e7nFSy76J0vc8Hek=,tag:iKsEDp/KZ5juqzmUgtP8iA==,type:str]
|
mssqlpass: ENC[AES256_GCM,data:XEu4bQC5qM5Cm8UDVX3qAzTuL/t3xbx+qcEbZM4h3Hg=,iv:jgpZ93THYBlUvJDC5+YZiIxu/14e7nFSy76J0vc8Hek=,tag:iKsEDp/KZ5juqzmUgtP8iA==,type:str]
|
||||||
|
mailpassunhash: ENC[AES256_GCM,data:q/P3nrNLy3hCISDmalw94nzWIFhoCdCTyflj27D2Ltr8,iv:oAFna87l3sL/42ljUF1QsRL0xBrP82uYdKLxK/8HcQE=,tag:liFFGHbNPOpOHyMsjnvMOQ==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -19,8 +20,8 @@ sops:
|
||||||
KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
|
KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
|
||||||
NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
|
NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-11-27T22:46:02Z"
|
lastmodified: "2023-12-26T15:30:39Z"
|
||||||
mac: ENC[AES256_GCM,data:8aObcXuGWeb3XeOxEh+rvkGKGl9FXAB3jzAE0IbvoOpGFK0mpeOlIp+4BsGVo6LjecGfE80mBE49mCgC27KqYEq+jUC4onFiIgWB0VQSD367vd4BLZJqIYH7H+X3bShw7JGHq9Kq+CDwbCOzAQJHltYDg4jhJ5qbWqNINJ6t7tY=,iv:OWmROKYvN4nCwGNSFrue2icqNQ+QOp9xVlfLXUwuS1s=,tag:N3AHph2pnTSKwlO1Px/TwQ==,type:str]
|
mac: ENC[AES256_GCM,data:j0ZX7F0etvbL1Th3I3eO36PSA5/IiXHzPFWJdxeZEUN9N40hshppeRQ/54Nnn//k9uFennC4F/CIFu5fZioBcQJUnxuCy2EmpztWiGSIbiO94+H2ovMy9Wly8NgvG/DnYb1uSBhTEdXJoEDbzJ/ngb/MtvgB1mCZKbhIw88IDM0=,iv:5XcfXAu6mORLd/O2UCfaPhiPQul7b807xy1PyZo3MF0=,tag:mC5JAmb7jgezJjm5AXT+sg==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
Loading…
Reference in a new issue