jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

gitea with key, mail, and worker

Browse Source
This commit is contained in:
Danilo Reyes 2025-09-20 15:55:37 -06:00
parent c646a58cea
commit 8bc05d559c
3 changed files with 54 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
modules/servers/gitea.nix
View File

@ -11,6 +11,7 @@ in
{
options.my.servers.gitea = setup.mkOptions "gitea" "git" 9083;
config.services = {
sops.secrets = lib.mkIf cfg.enable { gitea.sopsFile = ../../secrets/env.yaml; };
gitea = lib.mkIf cfg.enable {
enable = true;
domain = cfg.host;
@ -20,7 +21,7 @@ in
server.HTTP_PORT = cfg.port;
mailer = {
ENABLED = true;
MAILER_TYPE = "sendmail";
PROTOCOL = "sendmail";
FROM = config.my.smtpemail;
SENDMAIL_PATH = "${pkgs.msmtp}/bin/msmtp";
};
@ -31,6 +32,53 @@ in
createDatabase = false;
};
};
gitea-actions-runner.instances.ryujinx = {
enable = true;
url = cfg.url;
name = "${config.networking.hostName}-ryujinx";
tokenFile = config.sops.secrets.gitea.path;
labels = [
"ubuntu-latest:host"
"ubuntu-20.04:host"
];
hostPackages =
let
python3 = pkgs.python3.withPackages (
ps:
builtins.attrValues {
inherit (ps)
pyyaml
lxml
;
}
);
in
builtins.attrValues {
inherit python3;
inherit (pkgs)
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
gnutar
gzip
dotnet-sdk_8
openal
vulkan-loader
libGL
gtk3
llvm_15
rcodesign
gh
p7zip
;
inherit (pkgs.xorg) libX11;
};
};
nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverseFix cfg);
};
}

5
secrets/env.yaml
View File

@ -2,6 +2,7 @@ stash:
password: ENC[AES256_GCM,data:DVtKQmtOQA/jS3ZncbuPKMukJyo=,iv:FSLl4Qbq58X0WNjqz8LLOW6XpBQxE5W7L9yOTBQkBOA=,tag:Qun+5Vf193Qt8n+Yp9lBJg==,type:str]
jwt: ENC[AES256_GCM,data:C1RcyQn3j5LaCSDGPjBAm6RYsqvVn1HIFxxBP4FNx7NVCroju4VEtkV98Ve0D6Z60L3mB1yOqi8OrEgXNJv+vw==,iv:t8pmLzXwg1g9kkiL98ql9YLaSitaXoJiiLiUf3G1cWk=,tag:D3mdFIe3m3219E4V8yhmpg==,type:str]
session: ENC[AES256_GCM,data:ifUXaGIO7xKPgtTVEeERx0OyBDni2eoWo7dFxazQ4W2DBrnzQfJ7Plqt8EYLhQQRP4I6e33+oEKNzpuiG+XJCw==,iv:AOI0lMcTT02GpOCQuX74hPBKth3WdFN2W2wlqKgrKJM=,tag:1I+brf4G2oKE7o2E90q/CQ==,type:str]
gitea: ENC[AES256_GCM,data:NiR+hByQblQJDC3bfdAb0QZxedXCb4ITJMO2rJUKH0/uXGOaJcV6cA==,iv:FithcaNnQAipFCy3bCffaplND42x92836hMv09eMrDM=,tag:Pl/2gKycua9vc4ma4oNoiA==,type:str]
shiori: ENC[AES256_GCM,data:tV7+1GusZvcli8dM86xOD71dc2mzcyfQwMeTh//LDb0=,iv:ED9wR6QjQgwd9Ll/UC5FK3CyYK3b0RniC/D6Y0nGEOI=,tag:X/aopMc2vhnRW2iTphFflQ==,type:str]
flame: ENC[AES256_GCM,data:XsYRsA2xs+juWje2Od2Yl2xIvU0OS8xMrtwtcK/0NyyRrg==,iv:FR8lHsNQNCaOy4P+7BsIjNCz+H38i5RlwLYQ4fpB2+w=,tag:61EV7H04pcr1bSX4nSvlpw==,type:str]
ryot: ENC[AES256_GCM,data:VMWf3VqcUdyJu2Ygd3XmoqGNWY/W/VJ4213ej0FrA95kAoX+S+j0+4a4B65NtW9UheDSxD1swTXebyenJCIN/tEZwH2wj9I12akNNvSDpt/LG3d1/BZ62cvLCb5n9vyE/vcXgJVfPUqmc67pYDWLpEV/vkKjpqwNH4Y8vnapVo1ytIgsjkTuBb7VFbnRPvYs6J1M0rnaTtkVhOBoRxv+Xg3pWYCgFEXdM/Pg/WKqdHpyh+tJqR74Z91Mwv6G56ZYEDQmAp+Cn+Kk2zZ+t44UAu1SQOgYXPLep+4/PgWw/vQMuyN7GNNP6TrsX3g+ONtJtkdmGu6ArcfbRAky4vM14DxlQP4xSjYSu+FDWGJL/J4TMw6IVDuw/TDVNpMrhBmZdPujYLUW1c6GCCEchBknNfw/Wt+NyTjOzCmZLVw760jY05Fa9kcW2kz+P0iAGTviY7yJZWDctP6PrVNtG1cXc4noJqV/uJ9sQmuGWCiTzaCIIZEhwRKnvjpvZNisKPhx4tctZMWm8l9gKO/TJC/SHMIhvEazmH4v0AzCiRUzdTfnWQZGTNenDrCUetztPh/UUJbLZjhFBH3QR26w/3I5oNpUzUDhfDhcEYtfWuB7ckbkXT8nyYMfe0OR16yJTfQCdnIPBhAUi1g1ZV3jFg+OhYWxk73lPiqC1ADRNh01L1k90PMMWtLXXm6aQ28cB+iQTvvgKbDrr76U8bXoZUyEl30waOQ2HT6nDG61OBUtQHTu6/cFhfhrnU6poAD/k+L7SyqcBoMYAZJN6Us1y3SKhV/3mXVKjRwSl5XZSW+ZpcRe/Cg4bonxFBYsZyY3VjK0LC4Cj8ijh4LpYWrGWtVmWOt/gg7UQPTd81A=,iv:Oa2pvfDpfPr3pqeAg2kYIzjf8KUK9ckMfbVymM78FyE=,tag:XyjYEvWo46BliYXdDH8QrQ==,type:str]
@ -51,7 +52,7 @@ sops:
QXRUYWtGcWZCVW11U3VYRktuUjlCbDgKsTK4WhUza/JuoDTU3uATa6fq/8eYzxtb
9BUK1ddzx9Mghea9XBMS17YGtGmW800OsLBomb3SINnOFvejcnKf8Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-09-16T22:00:36Z"
mac: ENC[AES256_GCM,data:jheq0Qyfn0vduoPSbA8nji0DJZ15qnwyH/v112qKwfU8NFLrhy+PNxd/PcSsy071gGiYYGCcK/OSe2SSE4wOTNBUzJehFjb1Yo/TSAXSvRihHszS+XJzPikzspAxRPn9pdRnOYXPrivOWH7VikOy26BQ8QUS1DxUWS2yEM7r78A=,iv:7/bzlpBhdjh/ThMol/c69T0i68wHfDQIzdvd/cXQPQc=,tag:LZ6xBD/W4PdRGMYsvNGWvw==,type:str]
lastmodified: "2025-09-20T21:53:08Z"
mac: ENC[AES256_GCM,data:AbYdsrIojQanUuC5RFCoMBgX2tAougGeym3VKO03g7czJlKzlwuMJaVYqGNN1STMmzfXk/PTwtFuzQyr0fIm5UDEdp3iC3s2P5QFyWc3ofnXbayghCyN8wnr3VfERzV6NQXdJlc3E75+XSGhq/VdraNpy8kfiSBii2FTribNVfY=,iv:5EuDd3uUyJlV/PsZS0zBExqfuJtKT/NGusHeqyNCQNA=,tag:5K4F22Rv3VIK12v0oD5ywg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

4
secrets/keys.yaml
View File

@ -74,7 +74,7 @@ sops:
dklwODNxYVo4a2FaWDJFM0FnV1l3SlUKMnq/MAJRwR7iEri2KomPrMj0gTkMyhzH
P5E4zheU7chJTAz5jf6iecyOvKAt6q5g9Q1MU0D6dkOcv2gzWSNAAw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-22T18:13:33Z"
mac: ENC[AES256_GCM,data:HWt8KeSEPeV6SBl7LSFfyQ++zI9nRLnG1JpCvvrpvVbQaPJ9oP0ry0YdHz+Es2LiQWnlT1UjJAvLnr23++bY95x6hfi5zeLVyIYpUObebkMp6XrmifF1Oc7URupqxdQ1u2ZFEpIu+9ZEzthgErnM9/DDZpV2XJajZyUIq3sogq4=,iv:p7q+P2S3Uh5HtndOxtAA8q7aq0z1mx3FoGCsfRVLvC4=,tag:eDI/No95VoHU8VtgkTaFiQ==,type:str]
lastmodified: "2025-09-20T21:51:47Z"
mac: ENC[AES256_GCM,data:JwTGOxfNY5nnAIj0s3qBiBrxQoBuTwPVmNEdqplSi76VFzjs6kqLw4PrMgd1GKwO9SUdRz2yYVzBdErMrFiTfpxa3arY9jLAX8eBon0cdkcIQAQa7ZmZwxLjNfbFppdsJygR7t/A12Zku8kAuXecx47CC5VnVvh2aQw4UsuVnOU=,iv:W7QP31dQTnRQpzAOcxX/SQVp6L+PEVrZiZDzF2BlDso=,tag:cfJm2FjwfqlXOV+e+LHcDQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2