Gitea added, some mail config improvements

This commit is contained in:
Lillian Violet 2023-12-26 16:35:33 +01:00
parent ea2a74a4a2
commit 624f18f54b
6 changed files with 72 additions and 22 deletions

View file

@ -7,11 +7,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1703355189, "lastModified": 1703527373,
"narHash": "sha256-fflRwsyW+R3u0kScApX6uP7oSln9ToFoFy9/5LOKTK0=", "narHash": "sha256-AjypRssRtS6F3xkf7rE3/bXkIF2WJOZLbTIspjcE1zM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "de9134144b456104953c2533debb27a02787891f", "rev": "80679ea5074ab7190c4cce478c600057cfb5edae",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -23,11 +23,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1703013332, "lastModified": 1703255338,
"narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", "narHash": "sha256-Z6wfYJQKmDN9xciTwU3cOiOk+NElxdZwy/FiHctCzjU=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", "rev": "6df37dc6a77654682fe9f071c62b4242b5342e04",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -39,11 +39,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1702777222, "lastModified": 1703351344,
"narHash": "sha256-/SYmqgxTYzqZnQEfbOCHCN4GzqB9uAIsR9IWLzo0/8I=", "narHash": "sha256-9FEelzftkE9UaJ5nqxidaJJPEhe9TPhbypLHmc2Mysc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a19a71d1ee93226fd71984359552affbc1cd3dc3", "rev": "7790e078f8979a9fcd543f9a47427eeaba38f268",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -55,11 +55,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1703013332, "lastModified": 1703255338,
"narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", "narHash": "sha256-Z6wfYJQKmDN9xciTwU3cOiOk+NElxdZwy/FiHctCzjU=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", "rev": "6df37dc6a77654682fe9f071c62b4242b5342e04",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -71,11 +71,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1702539185, "lastModified": 1703134684,
"narHash": "sha256-KnIRG5NMdLIpEkZTnN5zovNYc0hhXjAgv6pfd5Z4c7U=", "narHash": "sha256-SQmng1EnBFLzS7WSRyPM9HgmZP2kLJcPAz+Ug/nug6o=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "aa9d4729cbc99dabacb50e3994dcefb3ea0f7447", "rev": "d6863cbcbbb80e71cecfc03356db1cda38919523",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -99,11 +99,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1702937567, "lastModified": 1703387502,
"narHash": "sha256-bUNl3GPqRgTGp13+oV1DrYa1/NHuGHo5SKmr+RqC/2g=", "narHash": "sha256-JnWuQmyanPtF8c5yAEFXVWzaIlMxA3EAZCh8XNvnVqE=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "f7db64b88dabc95e4f7bee20455f418e7ab805d4", "rev": "e523e89763ff45f0a6cf15bcb1092636b1da9ed3",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -22,7 +22,7 @@
./webmail.nix ./webmail.nix
./gotosocial.nix ./gotosocial.nix
../upgrade/postgresql.nix ../upgrade/postgresql.nix
#./akkoma.nix ./akkoma.nix
]; ];
boot.tmp.cleanOnBoot = true; boot.tmp.cleanOnBoot = true;
@ -88,6 +88,7 @@
docker docker
docker-compose docker-compose
git git
gitea
gotosocial gotosocial
alejandra alejandra
exiftool exiftool

43
nixos/queen/gittea.nix Normal file
View file

@ -0,0 +1,43 @@
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [];
users.users = {
gitea = {
isSystemUser = true;
isNormalUser = false;
extraGroups = ["virtualMail"];
};
};
sops.secrets."mailpassunhash".mode = "0440";
sops.secrets."mailpassunhash".owner = config.users.users.virtualMail.name;
services.gitea = {
enable = true;
#TODO: different mail passwords for different services
mailerPasswordFile = config.sops.secrets."mailpassunhash".path;
database = {
type = "postgres";
};
domain = "git.lillianviolet.dev";
rootUrl = "https://git.lillianviolet.dev/";
httpPort = 3218;
};
services.nginx = {
virtualHosts = {
"git.lillianviolet.dev" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:3218";
};
};
};
};
}

View file

@ -38,7 +38,7 @@
smtp-host = "localhost"; smtp-host = "localhost";
smtp-port = 587; smtp-port = 587;
smtp-username = "no-reply@social.gladtherescake.eu"; smtp-username = "no-reply@social.gladtherescake.eu";
smtp-password = config.sops.secrets."mailpass".path; smtp-password = config.sops.secrets."mailpassunhash".path;
smtp-from = "no-reply@social.gladtherescake.eu"; smtp-from = "no-reply@social.gladtherescake.eu";
}; };
}; };

View file

@ -14,6 +14,7 @@
"onlyoffice" "onlyoffice"
"akkoma" "akkoma"
"gotosocial" "gotosocial"
"gitea"
]; ];
ensureUsers = [ ensureUsers = [
{ {
@ -32,6 +33,10 @@
name = "gotosocial"; name = "gotosocial";
ensureDBOwnership = true; ensureDBOwnership = true;
} }
{
name = "gitea";
ensureDBOwnership = true;
}
]; ];
}; };
} }

View file

@ -4,6 +4,7 @@ local.json: ENC[AES256_GCM,data:EWMZTvnP9DmJKZq3mejvlSc8e2BZxcREn+XB1tAM5NLS0G2f
mailpass: ENC[AES256_GCM,data:UVrc1RUV0xJFPiZ8J4refglR0p35gUd21EvvTSoeXHVE9/xC0biKmjdPu8cBmimNPmKJMvZRf8wOz+/x,iv:zIYI9JY/bfUc3nNPNopKMbh09B6KUotMUAmNDzVUBN8=,tag:53N8WlQ5CDlrp/KIEQiHgQ==,type:str] mailpass: ENC[AES256_GCM,data:UVrc1RUV0xJFPiZ8J4refglR0p35gUd21EvvTSoeXHVE9/xC0biKmjdPu8cBmimNPmKJMvZRf8wOz+/x,iv:zIYI9JY/bfUc3nNPNopKMbh09B6KUotMUAmNDzVUBN8=,tag:53N8WlQ5CDlrp/KIEQiHgQ==,type:str]
releaseCookie: ENC[AES256_GCM,data:oG8DcUP+gIm5xPzIJdmjrtX/TdrcS8IgeGJeu0oOmZb0/J0AP0o3qw==,iv:zS12xjcNbLaLaLd3VQT8+o9hDqTo1cZdxoPjjhiExDU=,tag:nJFelasEUjebEBpvmfcDEA==,type:str] releaseCookie: ENC[AES256_GCM,data:oG8DcUP+gIm5xPzIJdmjrtX/TdrcS8IgeGJeu0oOmZb0/J0AP0o3qw==,iv:zS12xjcNbLaLaLd3VQT8+o9hDqTo1cZdxoPjjhiExDU=,tag:nJFelasEUjebEBpvmfcDEA==,type:str]
mssqlpass: ENC[AES256_GCM,data:XEu4bQC5qM5Cm8UDVX3qAzTuL/t3xbx+qcEbZM4h3Hg=,iv:jgpZ93THYBlUvJDC5+YZiIxu/14e7nFSy76J0vc8Hek=,tag:iKsEDp/KZ5juqzmUgtP8iA==,type:str] mssqlpass: ENC[AES256_GCM,data:XEu4bQC5qM5Cm8UDVX3qAzTuL/t3xbx+qcEbZM4h3Hg=,iv:jgpZ93THYBlUvJDC5+YZiIxu/14e7nFSy76J0vc8Hek=,tag:iKsEDp/KZ5juqzmUgtP8iA==,type:str]
mailpassunhash: ENC[AES256_GCM,data:q/P3nrNLy3hCISDmalw94nzWIFhoCdCTyflj27D2Ltr8,iv:oAFna87l3sL/42ljUF1QsRL0xBrP82uYdKLxK/8HcQE=,tag:liFFGHbNPOpOHyMsjnvMOQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -19,8 +20,8 @@ sops:
KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw== NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-11-27T22:46:02Z" lastmodified: "2023-12-26T15:30:39Z"
mac: ENC[AES256_GCM,data:8aObcXuGWeb3XeOxEh+rvkGKGl9FXAB3jzAE0IbvoOpGFK0mpeOlIp+4BsGVo6LjecGfE80mBE49mCgC27KqYEq+jUC4onFiIgWB0VQSD367vd4BLZJqIYH7H+X3bShw7JGHq9Kq+CDwbCOzAQJHltYDg4jhJ5qbWqNINJ6t7tY=,iv:OWmROKYvN4nCwGNSFrue2icqNQ+QOp9xVlfLXUwuS1s=,tag:N3AHph2pnTSKwlO1Px/TwQ==,type:str] mac: ENC[AES256_GCM,data:j0ZX7F0etvbL1Th3I3eO36PSA5/IiXHzPFWJdxeZEUN9N40hshppeRQ/54Nnn//k9uFennC4F/CIFu5fZioBcQJUnxuCy2EmpztWiGSIbiO94+H2ovMy9Wly8NgvG/DnYb1uSBhTEdXJoEDbzJ/ngb/MtvgB1mCZKbhIw88IDM0=,iv:5XcfXAu6mORLd/O2UCfaPhiPQul7b807xy1PyZo3MF0=,tag:mC5JAmb7jgezJjm5AXT+sg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1