mirror of
https://github.com/SebastianStork/nixos-config.git
synced 2026-01-21 16:21:34 +01:00
Add basic forgejo container
This commit is contained in:
parent
0f9e3cbbc9
commit
acefd7ce46
4 changed files with 73 additions and 2 deletions
|
|
@ -3,6 +3,7 @@ keys:
|
||||||
- &north age18x6herevmcuhcmeh47ll6p9ck9zk4ga6gfxwlc8yl49rwjxm7qusylwfgc
|
- &north age18x6herevmcuhcmeh47ll6p9ck9zk4ga6gfxwlc8yl49rwjxm7qusylwfgc
|
||||||
- &inspiron age1jl9s4vp78wuwymjxaje6fg4ax0gg5aq8pn8khfmtn5rvap0d83tqfr05dv
|
- &inspiron age1jl9s4vp78wuwymjxaje6fg4ax0gg5aq8pn8khfmtn5rvap0d83tqfr05dv
|
||||||
- &stratus age1pryafed9elaea6zk5gnf6drjt4nznc02385y973lwt9t2s7j7vmsfnggkp
|
- &stratus age1pryafed9elaea6zk5gnf6drjt4nznc02385y973lwt9t2s7j7vmsfnggkp
|
||||||
|
- &forgejo age12k607dpdjt5dyq0w3hpgyfdyfrrfuutxgra0tgt8qja30er7cupsfps60n
|
||||||
- &nextcloud age1jutruntzdaqs26mpe68pafje23m9n4klm04fva05fcdyvyqnaamsvqf3jr
|
- &nextcloud age1jutruntzdaqs26mpe68pafje23m9n4klm04fva05fcdyvyqnaamsvqf3jr
|
||||||
- &onlyoffice age1es9tg5225aum5k5ahu8u9q0jprzzte6d64jmwxr2w33ylctqs4lqykdtx5
|
- &onlyoffice age1es9tg5225aum5k5ahu8u9q0jprzzte6d64jmwxr2w33ylctqs4lqykdtx5
|
||||||
- &paperless age1y82j460w5fh0fpquatqar0zqet0vzzfzjnegrp686na3gejapdtsc37vuh
|
- &paperless age1y82j460w5fh0fpquatqar0zqet0vzzfzjnegrp686na3gejapdtsc37vuh
|
||||||
|
|
@ -24,6 +25,11 @@ creation_rules:
|
||||||
- age:
|
- age:
|
||||||
- *admin
|
- *admin
|
||||||
- *stratus
|
- *stratus
|
||||||
|
- path_regex: hosts/stratus/containers/forgejo/secrets.yaml$
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *admin
|
||||||
|
- *forgejo
|
||||||
- path_regex: hosts/stratus/containers/nextcloud/secrets.yaml$
|
- path_regex: hosts/stratus/containers/nextcloud/secrets.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
|
|
|
||||||
32
hosts/stratus/containers/forgejo/default.nix
Normal file
32
hosts/stratus/containers/forgejo/default.nix
Normal file
|
|
@ -0,0 +1,32 @@
|
||||||
|
{
|
||||||
|
containers.forgejo.config =
|
||||||
|
{ config, lib, ... }:
|
||||||
|
{
|
||||||
|
sops.secrets."forgejo-admin-password" = {
|
||||||
|
owner = config.users.users.forgejo.name;
|
||||||
|
inherit (config.users.users.forgejo) group;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.forgejo = {
|
||||||
|
enable = true;
|
||||||
|
stateDir = "/data/forgejo";
|
||||||
|
|
||||||
|
lfs.enable = true;
|
||||||
|
database.type = "postgres";
|
||||||
|
settings = {
|
||||||
|
server = {
|
||||||
|
DOMAIN = config.networking.fqdn;
|
||||||
|
ROOT_URL = "https://${config.services.forgejo.settings.server.DOMAIN}/";
|
||||||
|
};
|
||||||
|
service.DISABLE_REGISTRATION = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.forgejo.preStart = ''
|
||||||
|
create="${lib.getExe config.services.forgejo.package} admin user create"
|
||||||
|
$create --admin --email "sebastian.stork@pm.me" --username seb --password "$(cat ${config.sops.secrets.forgejo-admin-password.path})" || true
|
||||||
|
'';
|
||||||
|
|
||||||
|
myConfig.tailscale.serve = "3000";
|
||||||
|
};
|
||||||
|
}
|
||||||
31
hosts/stratus/containers/forgejo/secrets.yaml
Normal file
31
hosts/stratus/containers/forgejo/secrets.yaml
Normal file
|
|
@ -0,0 +1,31 @@
|
||||||
|
tailscale-auth-key: ENC[AES256_GCM,data:OnCmxHy5wFAOOIv3G3rhMsjg9JjHnjENORDQGfVe+cxNSrcqb/Vb0n12jd5SCnxlqrUM+QLjo7yUaKa43M4=,iv:VWf+KsjMsAr6E7SyaXJivJzN7udZmle1LKvXXx2cSvY=,tag:DkqNwLvf2xXu5aUMvCSLWw==,type:str]
|
||||||
|
forgejo-admin-password: ENC[AES256_GCM,data:l/6pYXwUEsu6dvEXQAhN46dXk08XCk33G1GeoLrm,iv:Z635DD5ca4wZ9vO2VAlo1rzockKL/XC0/GrQPV/59XA=,tag:XZVQS5tOPdBfYAIURfZ5vQ==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1mpq8m4p7dnxh5ze3fh7etd2k6sp85zdnmp9te3e9chcw4pw07pcq960zh5
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZejdhUzZyQ1RROGZmZUdX
|
||||||
|
UFR6NlBsbVZDMjJwM3pidi8waWNWVS9id2tnClBxQ3J6N0IwOGZ5eFZFZHU1ZEN3
|
||||||
|
YUh2c3VUd2xLa3NEdWUzdE1aOUZONFUKLS0tIHpGM1pMeUFQYytoQmdncHJWUHlz
|
||||||
|
L003dzV4Z0lTRllkVDJlSm16S1crMlUKtW70ZGOCC9iwfQ7kxzx+DT7l2qSub9Bf
|
||||||
|
VfdlHP1XHXhEw3Don3OLrzwaIzXBbfqGGtpd0rWIoxISqjguBulR9g==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age12k607dpdjt5dyq0w3hpgyfdyfrrfuutxgra0tgt8qja30er7cupsfps60n
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkdVFCOUt0TDdOZnA1c3NZ
|
||||||
|
UDVJcUNUS3dqVmJMOVIra0tEVEJ5cjVNYnljCkcxMXF2SGJFRDVDeEFFTEh5dUdV
|
||||||
|
MkEzQXE3TjhHcUJjdXhGSHZyanpVZ1UKLS0tIERlVXNXNjV5OHdyeG5LdCtIVWNG
|
||||||
|
YzNSUG5HWStBemtRZ0s4NzNOOTZRWDAKJHKjfzIPOQUoizt5SffPP/n4d+hOfGLg
|
||||||
|
bXsKSa99E5JMxskzYZQGH0G4OLZrJEMzegRW0DsJtEFwj8YORmn6iw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-09-11T19:43:05Z"
|
||||||
|
mac: ENC[AES256_GCM,data:3PK5wU8J1Q3wOyFuW3N2nbHgLzQm8OIWOFw79DpmmUFxTEkuRkXPyL3sCOoiie7oX07vkijRQc9PTYlE92CaeoiWS17kdYVOQt309izMsqK6A4Ga01uBt3tsWUsKfkawdM2nQ6Nlft4S55lZUEwYrcX5gJrbmWsdwf4boQ7HVMA=,iv:gZ5sazElY7l1FKns1qQcXBdPQiS2exod0XTFbXdMkqk=,tag:2da6i6jVSHIsgRsfQdEZ9w==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.9.0
|
||||||
|
|
@ -1,6 +1,8 @@
|
||||||
seb-password: ENC[AES256_GCM,data:N3w7niUZsyFmF2gF+gMhlDb6XfoYZ8yNrZvv2J0Cb3zDhstW7LsgYZVcM3+MXPbTDE9xJ00VGBayOT7fW+5IYYWdGgbRWvOH0w==,iv:rLCKJ9wUL+3sjIaqwV89pYJtt/ERuoR4AAgbt9H4oHg=,tag:nuh9rT0W500w8+y76MqC1Q==,type:str]
|
seb-password: ENC[AES256_GCM,data:N3w7niUZsyFmF2gF+gMhlDb6XfoYZ8yNrZvv2J0Cb3zDhstW7LsgYZVcM3+MXPbTDE9xJ00VGBayOT7fW+5IYYWdGgbRWvOH0w==,iv:rLCKJ9wUL+3sjIaqwV89pYJtt/ERuoR4AAgbt9H4oHg=,tag:nuh9rT0W500w8+y76MqC1Q==,type:str]
|
||||||
tailscale-auth-key: ENC[AES256_GCM,data:zKjJsG23GYrAIAoTe9pRI/b9w6JPB/0EDrdtspQq1/dw7eQq7BuzYMT5O5EAy+5A9ZP3fDaleO5nFXRFvg==,iv:p7Dpq30TZyb20E5TfscycxMiN1XUx66DbNPhwuZkwaA=,tag:V/fc99Zv4xJ6PDxNIWHRew==,type:str]
|
tailscale-auth-key: ENC[AES256_GCM,data:zKjJsG23GYrAIAoTe9pRI/b9w6JPB/0EDrdtspQq1/dw7eQq7BuzYMT5O5EAy+5A9ZP3fDaleO5nFXRFvg==,iv:p7Dpq30TZyb20E5TfscycxMiN1XUx66DbNPhwuZkwaA=,tag:V/fc99Zv4xJ6PDxNIWHRew==,type:str]
|
||||||
container:
|
container:
|
||||||
|
forgejo:
|
||||||
|
ssh-key: ENC[AES256_GCM,data:PbPRioKPPE/sv8jceAzuV5NFSVSBNOZAejCfUJUYmhLblLSuDsZ7fdgk5+TFjf7baVPhWasUGAo588z7fqzMlTgHfT/RtwDJ4QUMaPXts68CxdZemdjVa8LbV96i9UNlCJP8Sz/7Wvc8axnmyIApAhcLBA7d9KTQn/7lXgaGs9QtDDpSSmJluQHDe1t4QG2UqV73ZZ4I1MY9nVYO9lmaKBej43247cnw8FrkeCQLx4nXuArCp88rBug0CpgY8z15eK4RWXonBjBe5TDoCOWpENyD/6uVFeQIow5TSJgKlkh1w+dj9IiCBfYBllH5xQxjsjlVpDba4A+hfoBhah+EWhK3J765UGn4ufslVMNTQeL9yD87WMa1EkYwGSCVgCTD+/BfgP4HjzgGbM0OuU2Z5t2WV/R9Dm69w+wISbcjTmqqk+q6hle0RR5SkY9bOax2AKsOkcp/k6BS9QmNnajD7qnIVgGTLEwqgWjbQJGFLEE5mSNmZU5oV2gatrbPnN609LbaH6d6Zj28l7Hwr6jH,iv:fgUklpj946AqYe5hh3gwII4CUoUXsrrk3cW2TVugm0c=,tag:ypVvK3K/lSunq2g/LFIWRA==,type:str]
|
||||||
nextcloud:
|
nextcloud:
|
||||||
ssh-key: ENC[AES256_GCM,data:HXCYEpNL6Y5GOLp5bhQY9M6NTLV0+e8DiQz2PbnCskvMSiZSp4yHr3wcAzgZttWhLmAydY4moelGzsmkvH8O/DiR2Gkw9Ex4uFEffS2HjlEzTwi7qL70Av6ZbF395NCP82M34Gnnl143+y7wZiJjCPL/oY5QZSzbgg3FgHrqo7f1xcSPcv4LukZ33zcsn4irOGRi2KktiDgcvAdVMLiChWxO0snqS+h7zPIaX4NIcNFW3BgOmUJ42cAoKcsR2ORDDbq0FmSSePh67pKqQJPbBoya6OzfYufNKek0nuwfWVkIjnQbqi0sicx4lks4WXYWMj1WapbIFzPkabfVysfHXcYPpt6OXNqnXTN9bn9Ww/dgEeQyyO+Qc7MHjfXxcLZd8p4bmiP+9bVJ6/ed0YHdCUkt14IxTOiXu0n5lI8/NMam4YLaGiMbRyYAGN6q8W7UYurFBOoKajVByUPTa7FK4H8rZDsNd6HYtTc4lqyeqzKYA9EU/99P9GCmMhrkQYMcoF77tLAAsDdn74OfS2AY86z7xGHCRg67ROMb,iv:pj3P1p5wBn67wGyguLFHJs2+Qhz1X7U9EoD8OsdNTKc=,tag:lKogFelSJIXugKYm/gVy8w==,type:str]
|
ssh-key: ENC[AES256_GCM,data:HXCYEpNL6Y5GOLp5bhQY9M6NTLV0+e8DiQz2PbnCskvMSiZSp4yHr3wcAzgZttWhLmAydY4moelGzsmkvH8O/DiR2Gkw9Ex4uFEffS2HjlEzTwi7qL70Av6ZbF395NCP82M34Gnnl143+y7wZiJjCPL/oY5QZSzbgg3FgHrqo7f1xcSPcv4LukZ33zcsn4irOGRi2KktiDgcvAdVMLiChWxO0snqS+h7zPIaX4NIcNFW3BgOmUJ42cAoKcsR2ORDDbq0FmSSePh67pKqQJPbBoya6OzfYufNKek0nuwfWVkIjnQbqi0sicx4lks4WXYWMj1WapbIFzPkabfVysfHXcYPpt6OXNqnXTN9bn9Ww/dgEeQyyO+Qc7MHjfXxcLZd8p4bmiP+9bVJ6/ed0YHdCUkt14IxTOiXu0n5lI8/NMam4YLaGiMbRyYAGN6q8W7UYurFBOoKajVByUPTa7FK4H8rZDsNd6HYtTc4lqyeqzKYA9EU/99P9GCmMhrkQYMcoF77tLAAsDdn74OfS2AY86z7xGHCRg67ROMb,iv:pj3P1p5wBn67wGyguLFHJs2+Qhz1X7U9EoD8OsdNTKc=,tag:lKogFelSJIXugKYm/gVy8w==,type:str]
|
||||||
onlyoffice:
|
onlyoffice:
|
||||||
|
|
@ -31,8 +33,8 @@ sops:
|
||||||
aW00MUpGdXpYam5LYVFUenh2VndzcE0KT6Hfx1CYJFseFaEZxwi4Fds4v1HEFzBo
|
aW00MUpGdXpYam5LYVFUenh2VndzcE0KT6Hfx1CYJFseFaEZxwi4Fds4v1HEFzBo
|
||||||
FdSC6pzpZkfXso8EtSftq0lPx10GfJ6GZXYb+bCB2S9ROvUMPYDH3A==
|
FdSC6pzpZkfXso8EtSftq0lPx10GfJ6GZXYb+bCB2S9ROvUMPYDH3A==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-09-03T18:12:20Z"
|
lastmodified: "2024-09-11T19:29:49Z"
|
||||||
mac: ENC[AES256_GCM,data:S8voLybmFyDRuAnNZHDRmpK08u2oCKFtdjeMi6cVxThqAZ2Eqwinqp/9HzLsbfQeEGvZdqAWFA0t0k39UfOjTEnfalP2UUukf/+G8UfMfEp0ph6RRDvHeCfKE/7zXMopdiVP+kNzc87iSSrbUUHrGwsO18sQYjIaMIsU8/2eHG4=,iv:R8YBo6wqxQssmvNE8mJUSGPjyuQklh7SN5OC24Cdp+o=,tag:yN4wd4mI1rRQaLo5H874Ag==,type:str]
|
mac: ENC[AES256_GCM,data:ODCELoSBEbUvj9IDPXHTPMG1LPM9wrUCIyCBJt+2z9oZbA9gYzI8qfxBQazW94WNBxzPHFMnmPPql7L3amx0ghlc7L0U3fLhYkHeaKf2cA5AYMb9BtFk7V+ZKAiihDrnEG3xllJFfFpCf1zNmcuG0MoOPhP2UIl7ED1UuqKwTtw=,iv:c6sF1zKQ/UN9/GY2CRRBDm0AV9oD8TWZWN0SQdbNVpg=,tag:4pVPKn8qk3tiGNQUEjvZGw==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.9.0
|
version: 3.9.0
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue