caspervk/nixos
1
0
Fork 0
Code Actions Activity

Compare commits

base: caspervk:8a6e3b6ab40295934368a6d7e41e099aa62e3338
Branches Tags
caspervk:master
caspervk:dev
...
compare: caspervk:dca01d2851d73372fa7ed8969e23d448bdabd35e
Branches Tags
caspervk:master
caspervk:dev

3 commits
8a6e3b6ab4 ... dca01d2851

Author SHA1 Message Date
Casper V. Kristensen dca01d2851 forgejo on sigma 2024-04-28 18:07:50 +02:00
Casper V. Kristensen 16a24a12c7 flake.lock: Update 
Flake lock file updates:

• Updated input 'agenix':
    'github:ryantm/agenix/1381a759b205dff7a6818733118d02253340fd5e' (2024-04-02)
  → 'github:ryantm/agenix/24a7ea390564ccd5b39b7884f597cfc8d7f6f44e' (2024-04-26)
• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/0c5704eceefcb7bb238a958f532a86e3b59d76db' (2024-04-25)
  → 'github:nix-community/home-manager/c1609d584a6b5e9e6a02010f51bd368cb4782f8e' (2024-04-27)
• Updated input 'nix-index-database':
    'github:nix-community/nix-index-database/dcb6ac44922858ce3a5b46f77a36d6030181460c' (2024-04-23)
  → 'github:nix-community/nix-index-database/941c4973c824509e0356be455d89613611f76c8a' (2024-04-28)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/797f8d8082c7cc3259cba7275c699d4991b09ecc' (2024-04-23)
  → 'github:NixOS/nixos-hardware/53db5e1070d07e750030bf65f1b9963df8f0c678' (2024-04-27)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/dd37924974b9202f8226ed5d74a252a9785aedf8' (2024-04-24)
  → 'github:NixOS/nixpkgs/12430e43bd9b81a6b4e79e64f87c624ade701eaf' (2024-04-28)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/572af610f6151fd41c212f897c71f7056e3fb518' (2024-04-23)
  → 'github:NixOS/nixpkgs/58a1abdbae3217ca6b702f03d3b35125d88a2994' (2024-04-27)
• Updated input 'secrets':
    'git+ssh://git@git.caspervk.net/caspervk/nixos-secrets.git?ref=refs/heads/master&rev=47eb86e9edd7b602e6a169ddd8570928ab191294' (2024-04-25)
  → 'git+ssh://git@git.caspervk.net/caspervk/nixos-secrets.git?ref=refs/heads/master&rev=3cb27fc185eceef3c6efc4e6084a275c153fe9ee' (2024-04-28)
 2024-04-28 18:06:58 +02:00
Casper V. Kristensen a32ec38b73 mumble: remove trailing slash for consistency 2024-04-28 18:04:57 +02:00
3 changed files with 106 additions and 23 deletions
Show stats Expand all files Collapse all files

44
flake.lock
View file

@ -12,11 +12,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1712079060,
"narHash": "sha256-/JdiT9t+zzjChc5qQiF+jhrVhRt8figYH29rZO7pFe4=",
"lastModified": 1714136352,
"narHash": "sha256-BtWQ2Th/jamO1SlD+2ASSW5Jaf7JhA/JLpQHk0Goqpg=",
"owner": "ryantm",
"repo": "agenix",
"rev": "1381a759b205dff7a6818733118d02253340fd5e",
"rev": "24a7ea390564ccd5b39b7884f597cfc8d7f6f44e",
"type": "github"
},
"original": {
@ -85,11 +85,11 @@
]
},
"locked": {
"lastModified": 1714042918,
"narHash": "sha256-4AItZA3EQIiSNAxliuYEJumw/LaVfrMv84gYyrs0r3U=",
"lastModified": 1714203603,
"narHash": "sha256-eT7DENhYy7EPLOqHI9zkIMD9RvMCXcqh6gGqOK5BWYQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "0c5704eceefcb7bb238a958f532a86e3b59d76db",
"rev": "c1609d584a6b5e9e6a02010f51bd368cb4782f8e",
"type": "github"
},
"original": {
@ -121,11 +121,11 @@
]
},
"locked": {
"lastModified": 1713869268,
"narHash": "sha256-o3CMQeu/S8/4zU0pMtYg51rd1FWdJsI2Xohzng1Ysdg=",
"lastModified": 1714273701,
"narHash": "sha256-bmoeZ5zMSSO/e8P51yjrzaxA9uzA3SZAEFvih6S3LFo=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "dcb6ac44922858ce3a5b46f77a36d6030181460c",
"rev": "941c4973c824509e0356be455d89613611f76c8a",
"type": "github"
},
"original": {
@ -136,11 +136,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1713864415,
"narHash": "sha256-/BPDMJEkrsFAFOsQWhwm31wezlgshPFlLBn34KEUdVA=",
"lastModified": 1714201532,
"narHash": "sha256-nk0W4rH7xYdDeS7k1SqqNtBaNrcgIBYNmOVc8P2puEY=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "797f8d8082c7cc3259cba7275c699d4991b09ecc",
"rev": "53db5e1070d07e750030bf65f1b9963df8f0c678",
"type": "github"
},
"original": {
@ -152,11 +152,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1713995372,
"narHash": "sha256-fFE3M0vCoiSwCX02z8VF58jXFRj9enYUSTqjyHAjrds=",
"lastModified": 1714272655,
"narHash": "sha256-3/ghIWCve93ngkx5eNPdHIKJP/pMzSr5Wc4rNKE1wOc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dd37924974b9202f8226ed5d74a252a9785aedf8",
"rev": "12430e43bd9b81a6b4e79e64f87c624ade701eaf",
"type": "github"
},
"original": {
@ -198,11 +198,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1713895582,
"narHash": "sha256-cfh1hi+6muQMbi9acOlju3V1gl8BEaZBXBR9jQfQi4U=",
"lastModified": 1714253743,
"narHash": "sha256-mdTQw2XlariysyScCv2tTE45QSU9v/ezLcHJ22f0Nxc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "572af610f6151fd41c212f897c71f7056e3fb518",
"rev": "58a1abdbae3217ca6b702f03d3b35125d88a2994",
"type": "github"
},
"original": {
@ -228,11 +228,11 @@
},
"secrets": {
"locked": {
"lastModified": 1714088208,
"narHash": "sha256-uKIiV3COI4j0no6pfs2JIQLCsBVBBhmlemEgKmCjPd8=",
"lastModified": 1714320269,
"narHash": "sha256-hc1oeeIyhoSwz4uW1i6XbKyPrUmmjj/EwnqEjpLD1N8=",
"ref": "refs/heads/master",
"rev": "47eb86e9edd7b602e6a169ddd8570928ab191294",
"revCount": 28,
"rev": "3cb27fc185eceef3c6efc4e6084a275c153fe9ee",
"revCount": 30,
"type": "git",
"url": "ssh://git@git.caspervk.net/caspervk/nixos-secrets.git"
},

2
hosts/alpha/mumble.nix
View file

@ -37,7 +37,7 @@
environment.persistence."/nix/persist" = {
directories = [
{
directory = "/var/lib/murmur/";
directory = "/var/lib/murmur";
user = "murmur";
group = "murmur";
mode = "0700";

83
hosts/sigma/forgejo.nix
View file

@ -1,9 +1,81 @@
{
config,
nixpkgs-unstable,
pkgs,
secrets,
...
}: {
# Forgejo is a lightweight software forge (Git host), with a highlight on
# being completely free software. It's a fork of Gitea.
# https://wiki.nixos.org/wiki/Forgejo
services.forgejo = {
enable = true;
# TODO: remove package override in NixOS 24.04
package = nixpkgs-unstable.legacyPackages.x86_64-linux.forgejo;
# Run Forgejo under git:git for better ssh clone urls.
user = "git";
group = "git";
# https://forgejo.org/docs/latest/admin/config-cheat-sheet/
settings = {
DEFAULT = {
# Application name, used in the page title.
APP_NAME = "Git";
};
repository = {
# Default branch name of all repositories.
DEFAULT_BRANCH = "master";
# Comma separated list of globally disabled repo units.
DISABLED_REPO_UNITS = "repo.issues,repo.ext_issues,repo.pulls,repo.wiki,repo.ext_wiki,repo.projects,repo.packages";
};
ui = {
# Default theme.
DEFAULT_THEME = "gitea";
};
server = {
# Domain name of the server.
DOMAIN = "git.caspervk.net";
# Full public URL of Forgejo server.
ROOT_URL = "https://git.caspervk.net/";
# Landing page for unauthenticated users.
LANDING_PAGE = "/caspervk";
};
security = {
# Cookie lifetime, in days.
LOGIN_REMEMBER_DAYS = 365;
};
service = {
# Disable registration, after which only admin can create accounts for
# users.
DISABLE_REGISTRATION = true;
};
session = {
# Marks session cookies as “secure” as a hint for browsers to only send
# them via HTTPS. This option is recommend, if Forgejo is being served
# over HTTPS.
COOKIE_SECURE = true;
# Session engine provider.
PROVIDER = "db";
};
};
};
# The configured Forgejo user and group is only created automatically if it
# is left at the default "forgejo". The following is copied from
# https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/misc/forgejo.nix
# but with the mkIf removed and "forgejo" substituted for "git".
users.users = {
git = {
home = config.services.forgejo.stateDir;
useDefaultShell = true;
group = "git";
isSystemUser = true;
};
};
users.groups = {
git = {};
};
# https://wiki.nixos.org/wiki/Forgejo
# https://forgejo.org/docs/latest/admin/actions/
services.gitea-actions-runner = {
package = pkgs.forgejo-actions-runner;
@ -31,6 +103,17 @@
};
};
environment.persistence."/nix/persist" = {
directories = [
{
directory = "/var/lib/forgejo";
user = "git";
group = "git";
mode = "0750";
}
];
};
age.secrets.forgejo-actions-runner-token-file = {
file = "${secrets}/secrets/forgejo-actions-runner-token-file.age";
mode = "400";