diff --git a/flake.lock b/flake.lock index 4d59e10..be643a8 100644 --- a/flake.lock +++ b/flake.lock @@ -73,6 +73,22 @@ "type": "github" } }, + "nixpkgsUnstable": { + "locked": { + "lastModified": 1683014792, + "narHash": "sha256-6Va9iVtmmsw4raBc3QKvQT2KT/NGRWlvUlJj46zN8B8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "1a411f23ba299db155a5b45d5e145b85a7aafc42", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1683028696, @@ -92,7 +108,8 @@ "root": { "inputs": { "arion": "arion", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_2", + "nixpkgsUnstable": "nixpkgsUnstable" } } }, diff --git a/flake.nix b/flake.nix index 5e27324..0fca916 100644 --- a/flake.nix +++ b/flake.nix @@ -1,11 +1,12 @@ { inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11"; + nixpkgsUnstable.url = "github:NixOS/nixpkgs/nixos-unstable"; #nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; arion.url = "github:hercules-ci/arion"; }; - outputs = { self, nixpkgs, ... }@inputs: + outputs = { self, nixpkgs, nixpkgsUnstable, ... }@inputs: let hostPkgs = import nixpkgs { system = "x86_64-linux"; }; in { @@ -20,10 +21,14 @@ }; specialArgs = { inherit inputs; + pkgsUnstable = import nixpkgsUnstable { + system = "aarch64-linux"; + overlays = []; + }; }; }; - katzencafe = { name, nodes, pkgs, inputs, ... }: { + katzencafe = { name, nodes, pkgs, pkgsUnstable, inputs, ... }: { deployment = { targetHost = "katzen.cafe"; buildOnTarget = true; @@ -32,9 +37,10 @@ ./modules/base-stuff.nix ./modules/proxy.nix ./modules/postgres.nix - ./modules/jitsi.nix + #./modules/jitsi.nix ./modules/containers ./modules/keycloak.nix + ./modules/forgejo.nix ]; system.stateVersion = "22.11"; diff --git a/modules/containers/penpot.nix b/modules/containers/penpot.nix index dc85a23..477c1a0 100644 --- a/modules/containers/penpot.nix +++ b/modules/containers/penpot.nix @@ -16,7 +16,7 @@ "PENPOT_FLAGS" = "enable-registration disable-login disable-login-with-password enable-login-with-oidc"; "PENPOT_PREPL_HOST" = "0.0.0.0"; - "PENPOT_PUBLIC_URI" = "https://design.katzen.cafe/"; + "PENPOT_PUBLIC_URI" = "https://design.katzen.cafe"; "PENPOT_DATABASE_URI" = "postgresql://penpot-postgres/penpot"; "PENPOT_DATABASE_USERNAME" = "penpot"; @@ -30,7 +30,7 @@ "PENPOT_TELEMETRY_ENABLED" = "false"; "PENPOT_OIDC_CLIENT_ID" = "penpot"; - "PENPOT_OIDC_BASE_URI" = "https://auth.katzen.cafe/realms/master/"; + "PENPOT_OIDC_BASE_URI" = "https://auth.katzen.cafe/realms/katzen.cafe/"; #"PENPOT_OIDC_" = ""; #"PENPOT_SMTP_DEFAULT_FROM" = "Penpot "; diff --git a/modules/forgejo.nix b/modules/forgejo.nix new file mode 100644 index 0000000..7b4c1c8 --- /dev/null +++ b/modules/forgejo.nix @@ -0,0 +1,33 @@ +{ pkgs, pkgsUnstable, ... }: +{ + services.gitea = { + enable = true; + package = pkgsUnstable.forgejo; + repositoryRoot = "/forgejo/repos"; + appName = "Katzenschmiede"; + rootUrl = "https://forge.katzen.cafe/"; + httpPort = 8082; + domain = "forge.katzen.cafe"; + database = { + type = "postgres"; + }; + settings = { + openid = { + ENABLE_OPENID_SIGNIN = true; + ENABLE_OPENID_SIGNUP = true; + DISABLE_REGISTRATION = true; + }; + #server = { + #ROOT_URL = "https://forge.katzen.cafe/"; + #HTTP_PORT = 8082; + #}; + }; + }; + deployment.keys = { + "forgejoDbPw" = { + keyCommand = [ "cat" "/home/jade/keys-tmp/forgejo-db-pw" ]; + destDir = "/forgejo/secret/"; + permissions = "0604"; + }; + }; +} diff --git a/modules/postgres.nix b/modules/postgres.nix index 8fdb97f..a578297 100644 --- a/modules/postgres.nix +++ b/modules/postgres.nix @@ -2,5 +2,16 @@ { services.postgresql = { enable = true; + ensureUsers = [ + { + name = "forgejo"; + ensurePermissions = { + "DATABASE \"forgejo\"" = "ALL PRIVILEGES"; + }; + } + ]; + ensureDatabases = [ + "forgejo" + ]; }; } diff --git a/modules/proxy.nix b/modules/proxy.nix index 96b06b2..bae9454 100644 --- a/modules/proxy.nix +++ b/modules/proxy.nix @@ -11,6 +11,10 @@ group = "nginx"; keyType = "rsa4096"; }; + "forge.katzen.cafe" = { + group = "nginx"; + keyType = "rsa4096"; + }; "wiki.phtanum-b.katzen.cafe" = { group = "nginx"; keyType = "rsa4096"; @@ -41,6 +45,13 @@ proxyPass = "http://127.0.0.2:8081"; }; }; + "forge.katzen.cafe" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8082"; + }; + }; "auth.katzen.cafe" = { forceSSL = true; enableACME = true;