DerGrumpf/cyper-nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Added Gitea runner
CI / check (push) Failing after 59s
Details

Browse Source
This commit is contained in:
DerGrumpf
2026-06-22 19:53:09 +02:00
parent a92ff8fe58
commit 15f6a5d7d3
6 changed files with 237 additions and 173 deletions
Download Patch File Download Diff File Expand all files Collapse all files
nixos/roles/gitea.nix
+170 -149
View File
@@ -36,6 +36,10 @@ in
owner = "gitea";
group = "gitea";
};
"gitea/runnerToken" = {
owner = "gitea";
group = "gitea";
};
"kanidm_gitea_secret" = {
owner = "gitea";
group = "gitea";
@@ -43,169 +47,186 @@ in
};
};
services.postgresql = {
enable = true;
package = pkgs.postgresql_14;
ensureDatabases = [ "gitea" ];
ensureUsers = [
{
name = "gitea";
ensureDBOwnership = true;
}
];
authentication = lib.mkOverride 10 ''
local all all trust
host all all 127.0.0.1/32 md5
host all all ::1/128 md5
'';
};
systemd.services.gitea-db-password = {
description = "Set gitea postgres user password";
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
before = [ "gitea.service" ];
wantedBy = [ "gitea.service" ];
serviceConfig = {
Type = "oneshot";
User = "postgres";
RemainAfterExit = true;
systemd.services = {
gitea-db-password = {
description = "Set gitea postgres user password";
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
before = [ "gitea.service" ];
wantedBy = [ "gitea.service" ];
serviceConfig = {
Type = "oneshot";
User = "postgres";
RemainAfterExit = true;
};
script = ''
pass=$(cat ${config.sops.secrets."gitea/dbPassword".path})
${pkgs.postgresql_14}/bin/psql -c \
"ALTER USER gitea WITH PASSWORD '$pass';"
'';
};
script = ''
pass=$(cat ${config.sops.secrets."gitea/dbPassword".path})
${pkgs.postgresql_14}/bin/psql -c \
"ALTER USER gitea WITH PASSWORD '$pass';"
gitea.preStart = lib.mkAfter ''
themeDir="${config.services.gitea.stateDir}/custom/public/assets/css"
mkdir -p "$themeDir"
for f in ${giteaTheme}/*.css; do
name=$(basename "$f")
ln -sf "$f" "$themeDir/$name"
done
'';
};
services.gitea = {
enable = true;
package = pkgs.gitea;
user = "gitea";
group = "gitea";
lfs = {
services = {
postgresql = {
enable = true;
contentDir = "/storage/fast/lfs";
package = pkgs.postgresql_14;
ensureDatabases = [ "gitea" ];
ensureUsers = [
{
name = "gitea";
ensureDBOwnership = true;
}
];
authentication = lib.mkOverride 10 ''
local all all trust
host all all 127.0.0.1/32 md5
host all all ::1/128 md5
'';
};
database = {
type = "postgres";
host = "127.0.0.1";
port = 5432;
name = "gitea";
gitea = {
enable = true;
package = pkgs.gitea;
user = "gitea";
passwordFile = config.sops.secrets."gitea/dbPassword".path;
group = "gitea";
lfs = {
enable = true;
contentDir = "/storage/fast/lfs";
};
database = {
type = "postgres";
host = "127.0.0.1";
port = 5432;
name = "gitea";
user = "gitea";
passwordFile = config.sops.secrets."gitea/dbPassword".path;
};
settings = {
server = {
DOMAIN = domain;
HTTP_ADDR = "0.0.0.0";
HTTP_PORT = httpPort;
SSH_PORT = sshPort;
SSH_LISTEN_PORT = sshPort;
ROOT_URL = "https://${domain}/";
DISABLE_SSH = false;
START_SSH_SERVER = true;
LFS_START_SERVER = true;
};
metrics = {
ENABLED = true;
ENABLED_ISSUE_BY_LABEL = true;
ENABLED_ISSUE_BY_REPOSITORY = true;
};
ui = {
DEFAULT_THEME = "catppuccin-mocha-green";
THEMES = lib.concatStringsSep "," [
# built-in
"gitea"
"arc-green"
# latte
"catppuccin-latte-blue"
"catppuccin-latte-flamingo"
"catppuccin-latte-green"
"catppuccin-latte-lavender"
"catppuccin-latte-maroon"
"catppuccin-latte-mauve"
"catppuccin-latte-peach"
"catppuccin-latte-pink"
"catppuccin-latte-red"
"catppuccin-latte-rosewater"
"catppuccin-latte-sapphire"
"catppuccin-latte-sky"
"catppuccin-latte-teal"
"catppuccin-latte-yellow"
# frappe
"catppuccin-frappe-blue"
"catppuccin-frappe-flamingo"
"catppuccin-frappe-green"
"catppuccin-frappe-lavender"
"catppuccin-frappe-maroon"
"catppuccin-frappe-mauve"
"catppuccin-frappe-peach"
"catppuccin-frappe-pink"
"catppuccin-frappe-red"
"catppuccin-frappe-rosewater"
"catppuccin-frappe-sapphire"
"catppuccin-frappe-sky"
"catppuccin-frappe-teal"
"catppuccin-frappe-yellow"
# macchiato
"catppuccin-macchiato-blue"
"catppuccin-macchiato-flamingo"
"catppuccin-macchiato-green"
"catppuccin-macchiato-lavender"
"catppuccin-macchiato-maroon"
"catppuccin-macchiato-mauve"
"catppuccin-macchiato-peach"
"catppuccin-macchiato-pink"
"catppuccin-macchiato-red"
"catppuccin-macchiato-rosewater"
"catppuccin-macchiato-sapphire"
"catppuccin-macchiato-sky"
"catppuccin-macchiato-teal"
"catppuccin-macchiato-yellow"
# mocha
"catppuccin-mocha-blue"
"catppuccin-mocha-flamingo"
"catppuccin-mocha-green"
"catppuccin-mocha-lavender"
"catppuccin-mocha-maroon"
"catppuccin-mocha-mauve"
"catppuccin-mocha-peach"
"catppuccin-mocha-pink"
"catppuccin-mocha-red"
"catppuccin-mocha-rosewater"
"catppuccin-mocha-sapphire"
"catppuccin-mocha-sky"
"catppuccin-mocha-teal"
"catppuccin-mocha-yellow"
];
};
};
};
settings = {
server = {
DOMAIN = domain;
HTTP_ADDR = "0.0.0.0";
HTTP_PORT = httpPort;
SSH_PORT = sshPort;
SSH_LISTEN_PORT = sshPort;
ROOT_URL = "https://${domain}/";
DISABLE_SSH = false;
START_SSH_SERVER = true;
LFS_START_SERVER = true;
};
metrics = {
ENABLED = true;
ENABLED_ISSUE_BY_LABEL = true;
ENABLED_ISSUE_BY_REPOSITORY = true;
};
ui = {
DEFAULT_THEME = "catppuccin-mocha-green";
THEMES = lib.concatStringsSep "," [
# built-in
"gitea"
"arc-green"
# latte
"catppuccin-latte-blue"
"catppuccin-latte-flamingo"
"catppuccin-latte-green"
"catppuccin-latte-lavender"
"catppuccin-latte-maroon"
"catppuccin-latte-mauve"
"catppuccin-latte-peach"
"catppuccin-latte-pink"
"catppuccin-latte-red"
"catppuccin-latte-rosewater"
"catppuccin-latte-sapphire"
"catppuccin-latte-sky"
"catppuccin-latte-teal"
"catppuccin-latte-yellow"
# frappe
"catppuccin-frappe-blue"
"catppuccin-frappe-flamingo"
"catppuccin-frappe-green"
"catppuccin-frappe-lavender"
"catppuccin-frappe-maroon"
"catppuccin-frappe-mauve"
"catppuccin-frappe-peach"
"catppuccin-frappe-pink"
"catppuccin-frappe-red"
"catppuccin-frappe-rosewater"
"catppuccin-frappe-sapphire"
"catppuccin-frappe-sky"
"catppuccin-frappe-teal"
"catppuccin-frappe-yellow"
# macchiato
"catppuccin-macchiato-blue"
"catppuccin-macchiato-flamingo"
"catppuccin-macchiato-green"
"catppuccin-macchiato-lavender"
"catppuccin-macchiato-maroon"
"catppuccin-macchiato-mauve"
"catppuccin-macchiato-peach"
"catppuccin-macchiato-pink"
"catppuccin-macchiato-red"
"catppuccin-macchiato-rosewater"
"catppuccin-macchiato-sapphire"
"catppuccin-macchiato-sky"
"catppuccin-macchiato-teal"
"catppuccin-macchiato-yellow"
# mocha
"catppuccin-mocha-blue"
"catppuccin-mocha-flamingo"
"catppuccin-mocha-green"
"catppuccin-mocha-lavender"
"catppuccin-mocha-maroon"
"catppuccin-mocha-mauve"
"catppuccin-mocha-peach"
"catppuccin-mocha-pink"
"catppuccin-mocha-red"
"catppuccin-mocha-rosewater"
"catppuccin-mocha-sapphire"
"catppuccin-mocha-sky"
"catppuccin-mocha-teal"
"catppuccin-mocha-yellow"
];
};
gitea-actions-runner.instances."cyper-nix" = {
enable = true;
url = "https://git.cyperpunk.de";
tokenFile = config.sops.secrets."gitea/runnerToken".path;
name = "cyper-controller";
labels = [
"nix:host"
];
};
};
# symlink catppuccin css files into gitea's custom dir on every service start
systemd.services.gitea.preStart = lib.mkAfter ''
themeDir="${config.services.gitea.stateDir}/custom/public/assets/css"
mkdir -p "$themeDir"
for f in ${giteaTheme}/*.css; do
name=$(basename "$f")
ln -sf "$f" "$themeDir/$name"
done
'';
users.users.gitea = {
isSystemUser = true;
group = "gitea";
home = "/var/lib/gitea";
createHome = true;
users = {
users = {
gitea = {
isSystemUser = true;
group = "gitea";
home = "/var/lib/gitea";
createHome = true;
};
postgres.extraGroups = [ "gitea" ];
};
groups.gitea = { };
};
users.groups.gitea = { };
users.users.postgres.extraGroups = [ "gitea" ];
networking.firewall.allowedTCPPorts = [
httpPort