diff --git a/dev_system.nix b/dev_system.nix index 94091d4..38f3b91 100644 --- a/dev_system.nix +++ b/dev_system.nix @@ -5,27 +5,33 @@ # NixOS-WSL specific options are documented on the NixOS-WSL repository: # https://github.com/nix-community/NixOS-WSL -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let - cfg = config.services.forgejo; - srv = cfg.settings.server; + cfg = config.services.forgejo; + srv = cfg.settings.server; in { - imports = [ - "shared/system.nix" - "shared/dev_user.nix" - "shared/docker.nix" - "shared/ssh.nix" - ]; + imports = [ + ./shared/system.nix + ./shared/dev_user.nix + ./shared/docker.nix + ./shared/ssh.nix + ]; - users.users = { - # connection only via ssh key - pipeline = { - isNormalUser = true; - home = "/home/pipeline"; - description = "User used by forgejo runners to connect to this system"; - extraGroups = [ "docker" ]; - openssh.authorizedKeys.keys = [ "TODO" ]; - }; + users.users = { + # connection only via ssh key + pipeline = { + isNormalUser = true; + home = "/home/pipeline"; + description = "User used by forgejo runners to connect to this system"; + extraGroups = [ "docker" ]; + openssh.authorizedKeys.keys = [ "TODO" ]; }; -} \ No newline at end of file + }; +} + diff --git a/execute.sh b/execute.sh index f86548f..0d6a765 100644 --- a/execute.sh +++ b/execute.sh @@ -2,4 +2,4 @@ openssl passwd -6 $1 > dev_user_password.pw -colmena apply -f colmena.nix \ No newline at end of file +colmena apply diff --git a/git_system.nix b/git_system.nix index d2c6f87..3c3d9b9 100644 --- a/git_system.nix +++ b/git_system.nix @@ -5,99 +5,105 @@ # NixOS-WSL specific options are documented on the NixOS-WSL repository: # https://github.com/nix-community/NixOS-WSL -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let - cfg = config.services.forgejo; - srv = cfg.settings.server; + cfg = config.services.forgejo; + srv = cfg.settings.server; in { - imports = [ - "shared/system.nix" - "shared/dev_user.nix" - "shared/docker.nix" - "shared/ssh.nix" - ]; + imports = [ + ./shared/system.nix + ./shared/dev_user.nix + ./shared/docker.nix + ./shared/ssh.nix + ]; - programs = { - msmtp = { - enable = true; - defaults = { - tls = true; - }; - accounts = { - default = { - auth = true; - host = "TODO: e.g. smtp.strato.de"; - port = 587; - tls_starttls = true; - from = "TODO: email"; - user = "TODO: email"; - password = "TODO"; - }; - }; + programs = { + msmtp = { + enable = true; + defaults = { + tls = true; + }; + accounts = { + default = { + auth = true; + host = "TODO: e.g. smtp.strato.de"; + port = 587; + tls_starttls = true; + from = "TODO: email"; + user = "TODO: email"; + password = "TODO"; }; + }; + }; + }; + + security.acme = { + defaults.email = "michael.huebner@ptspaper.de"; + acceptTerms = true; + }; + + services = { + nginx = { + enable = true; + virtualHosts.${srv.DOMAIN} = { + forceSSL = true; + enableACME = true; + extraConfig = '' + client_max_body_size 512M; + ''; + locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}"; + }; }; - security.acme = { - defaults.email = "michael.huebner@ptspaper.de"; - acceptTerms = true; + forgejo = { + enable = true; + database.type = "postgres"; + lfs.enable = true; + settings = { + server = { + DOMAIN = "localhost"; + ROOT_URL = "https://${srv.DOMAIN}"; + HTTP_PORT = 3000; + SSH_PORT = 62; + }; + service.DISABLE_REGISTRATION = true; + actions = { + ENABLED = true; + DEFAULT_ACTIONS_URL = "github"; + }; + }; }; - services = { - nginx = { - enable = true; - virtualHosts.${srv.DOMAIN} = { - forceSSL = true; - enableACME = true; - extraConfig = '' - client_max_body_size 512M; - ''; - locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}"; - }; - }; - - forgejo = { - enable = true; - database.type = "postgres"; - lfs.enable = true; - settings = { - server = { - DOMAIN = "localhost"; - ROOT_URL = "https://${srv.DOMAIN}"; - HTTP_PORT = 3000; - SSH_PORT = 62; - }; - service.DISABLE_REGISTRATION = true; - actions = { - ENABLED = true; - DEFAULT_ACTIONS_URL = "github"; - }; - }; - }; - - renovate = { - enable = true; - schedule = "TODO"; - credentials = { - RENOVATE_TOKEN = "/etc/renovate/token"; - }; - settings = { - endpoint = "http://.de/api/v1/"; - persistRepoData = true; - platform = "forgejo"; - autodiscover = true; - onboardingConfig= { - extends= ["config:recommended"]; - }; - prCommitsPerRunLimit= 0; - }; - }; - - cron = { - enable = true; - systemCronJobs = [ - "00 03 * * * forgejo sh backup_forgejo.sh -d /var/lib/forgejo -u TODO -s TODO -p TODO" - ]; + renovate = { + enable = true; + schedule = "TODO"; + credentials = { + RENOVATE_TOKEN = "/etc/renovate/token"; + }; + settings = { + endpoint = "http://.de/api/v1/"; + persistRepoData = true; + platform = "forgejo"; + autodiscover = true; + onboardingConfig = { + extends = [ "config:recommended" ]; }; + prCommitsPerRunLimit = 0; + }; }; -} \ No newline at end of file + + cron = { + enable = true; + systemCronJobs = [ + "00 03 * * * forgejo sh backup_forgejo.sh -d /var/lib/forgejo -u TODO -s TODO -p TODO" + ]; + }; + }; +} + diff --git a/runner_system.nix b/runner_system.nix index c6e300a..c732376 100644 --- a/runner_system.nix +++ b/runner_system.nix @@ -5,34 +5,40 @@ # NixOS-WSL specific options are documented on the NixOS-WSL repository: # https://github.com/nix-community/NixOS-WSL -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let - cfg = config.services.forgejo; - srv = cfg.settings.server; + cfg = config.services.forgejo; + srv = cfg.settings.server; in { - imports = [ - "shared/system.nix" - "shared/dev_user.nix" - "shared/docker.nix" - "shared/ssh.nix" - ]; + imports = [ + ./shared/system.nix + ./shared/dev_user.nix + ./shared/docker.nix + ./shared/ssh.nix + ]; - services = { - # TODO: forgejo runner - gitea-actions-runner = { - package = pkgs.forgejo-actions-runner; - instances.default = { - enable = true; - name = "default-runner"; - url = "TODO"; - tokenFile = config.age.secrets.forgejo-runner-token.path; - labels = [ - "ubuntu-latest:docker://node:16-bullseye" - "ubuntu-22.04:docker://node:16-bullseye" - "ubuntu-20.04:docker://node:16-bullseye" - ]; - } - } + services = { + # TODO: forgejo runner + gitea-actions-runner = { + package = pkgs.forgejo-actions-runner; + instances.default = { + enable = true; + name = "default-runner"; + url = "TODO"; + tokenFile = config.age.secrets.forgejo-runner-token.path; + labels = [ + "ubuntu-latest:docker://node:16-bullseye" + "ubuntu-22.04:docker://node:16-bullseye" + "ubuntu-20.04:docker://node:16-bullseye" + ]; + }; }; -} \ No newline at end of file + }; +} + diff --git a/shared/dev_user.nix b/shared/dev_user.nix index 4528ed6..5d7d7f4 100644 --- a/shared/dev_user.nix +++ b/shared/dev_user.nix @@ -1,13 +1,23 @@ -{ config, lib, pkgs, modulesPath, ... }: { - users.users = { - # connection only via hashed password; - dev = { - isNormalUser = true; - home = "/home/dev"; - description = "User used to manually connect to this system (e.g. for maintenance)"; - extraGroups = [ "docker" "wheel" ]; - hashedPasswordFile = "dev_user_password.pw"; - } + config, + lib, + pkgs, + modulesPath, + ... +}: +{ + users.users = { + # connection only via hashed password; + dev = { + isNormalUser = true; + home = "/home/dev"; + description = "User used to manually connect to this system (e.g. for maintenance)"; + extraGroups = [ + "docker" + "wheel" + ]; + hashedPasswordFile = ./.; }; -} \ No newline at end of file + }; +} + diff --git a/shared/system.nix b/shared/system.nix index 31a4229..d1df77c 100644 --- a/shared/system.nix +++ b/shared/system.nix @@ -1,15 +1,24 @@ -{ config, lib, pkgs, modulesPath, ... }: { - system = "x86_64-linux"; - system.stateVersion = "24.11"; + config, + lib, + pkgs, + modulesPath, + ... +}: +{ + system.stateVersion = "24.11"; - nix = { - settings = { - experimental-features = [ "nix-command" "flakes" ]; - }; + nix = { + settings = { + experimental-features = [ + "nix-command" + "flakes" + ]; }; + }; + + environment.systemPackages = with pkgs; [ + git + ]; +} - environment.systemPackages = with pkgs; [ - git - ]; -} \ No newline at end of file