diff --git a/hosts/12kingdoms-rakushun/caddy.nix b/hosts/12kingdoms-rakushun/caddy.nix new file mode 100644 index 00000000..fbd200bb --- /dev/null +++ b/hosts/12kingdoms-rakushun/caddy.nix @@ -0,0 +1,28 @@ +{myvars, ...}: { + services.caddy = { + enable = true; + # Reload Caddy instead of restarting it when configuration file changes. + enableReload = true; + user = "caddy"; # User account under which caddy runs. + dataDir = "/var/lib/caddy"; + logDir = "/var/log/caddy"; + + # Additional lines of configuration appended to the global config section of the Caddyfile. + # Refer to https://caddyserver.com/docs/caddyfile/options#global-options for details on supported values. + globalConfig = '' + http_port 80 + https_port 443 + auto_https off + ''; + + # ACME related settings. + # email = myvars.useremail; + # acmeCA = "https://acme-v02.api.letsencrypt.org/directory"; + + virtualHosts."http://git.writefor.fun".extraConfig = '' + encode zstd gzip + reverse_proxy http://localhost:3000 + ''; + }; + networking.firewall.allowedTCPPorts = [80 443]; +} diff --git a/hosts/12kingdoms-rakushun/default.nix b/hosts/12kingdoms-rakushun/default.nix index 574aa994..dce1c3b5 100644 --- a/hosts/12kingdoms-rakushun/default.nix +++ b/hosts/12kingdoms-rakushun/default.nix @@ -20,6 +20,9 @@ in { ./hardware-configuration.nix ./disko-fs.nix ./impermanence.nix + + ./gitea.nix + ./caddy.nix ]; networking = { diff --git a/hosts/12kingdoms-rakushun/gitea.nix b/hosts/12kingdoms-rakushun/gitea.nix new file mode 100644 index 00000000..83770494 --- /dev/null +++ b/hosts/12kingdoms-rakushun/gitea.nix @@ -0,0 +1,88 @@ +{pkgs, ...}: let +in { + # https://github.com/NixOS/nixpkgs/blob/nixos-23.11/nixos/modules/services/misc/gitea.nix + services.gitea = { + enable = true; + user = "gitea"; + group = "gitea"; + stateDir = "/var/lib/gitea"; + appName = "Ryan Yin's Gitea Service"; + lfs.enable = true; + # Enable a timer that runs gitea dump to generate backup-files of the current gitea database and repositories. + dump = { + enable = false; + interval = "hourly"; + file = "gitea-dump"; + type = "tar.zst"; + }; + # Path to a file containing the SMTP password. + # mailerPasswordFile = ""; + settings = { + server = { + SSH_PORT = 2222; + PROTOCOL = "http"; + HTTP_PORT = 3000; + HTTP_ADDR = "127.0.0.1"; + DOMAIN = "git.writefor.fun"; + }; + # one of "Trace", "Debug", "Info", "Warn", "Error", "Critical" + log.LEVEL = "Info"; + session.COOKIE_SECURE = false; + service.DISABLE_REGISTRATION = true; + + # "cron.sync_external_users" = { + # RUN_AT_START = true; + # SCHEDULE = "@every 24h"; + # UPDATE_EXISTING = true; + # }; + mailer = { + ENABLED = true; + MAILER_TYPE = "sendmail"; + FROM = "do-not-reply@writefor.fun"; + SENDMAIL_PATH = "${pkgs.system-sendmail}/bin/sendmail"; + }; + other = { + SHOW_FOOTER_VERSION = false; + }; + }; + database = { + type = "sqlite3"; + # create a local database automatically. + createDatabase = true; + }; + }; + + # services.gitea-actions-runner.instances."default" = { + # enable = true; + # name = "default"; + # labels = [ + # # provide a debian base with nodejs for actions + # "debian-latest:docker://node:18-bullseye" + # # fake the ubuntu name, because node provides no ubuntu builds + # "ubuntu-latest:docker://node:18-bullseye" + # # provide native execution on the host + # "native:host" + # ]; + # gitea = "http://git.writefor.fun"; + # # Path to an environment file, + # # containing the TOKEN environment variable, + # # that holds a token to register at the configured Gitea instance. + # tokenFile = "xxx"; # use agenix for secrets. + # # Configuration for act_runner daemon. + # # For an example configuration, see: + # # https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml + # settings = {}; + # # List of packages, that are available to actions, + # # when the runner is configured with a host execution label. + # hostPackages = with pkgs; [ + # bash + # coreutils + # curl + # gawk + # gitMinimal + # gnused + # nodejs + # wget + # ]; + # }; +}