backup_forgejo.sh

@@ -1,119 +0,0 @@
-#!/bin/bash
-
-version="0.1"
-
-backup_path=none
-backup_user=none
-server=none
-ssh_port=none
-mail_config=none
-mail=none
-
-usage()
-{
-    echo "[-v] [-h] [-d directory] [-u user] [-s server] [-p port] [-a mail-config] [-m mail]"
-}
-
-version()
-{
-    echo "backup script: $version"
-}
-
-get_ops()
-{
-    while getopts duspam: opt; do
-        case $opt in
-            d) backup_path=$OPTARG ;;
-            u) backup_user=$OPTARG ;;
-            s) server=$OPTARG ;;
-            p) ssh_port=$OPTARG ;;
-            a) mail_config=$OPTARG ;;
-            m) mail=$OPTARG ;;
-            *) echo 'error in command line parsing' >&2
-            exit 1
-        esac
-    done
-}
-
-get_ops $*
-
-if [ "$backup_path" = "none" ]; then
-    echo "missing backup path";
-    exit 1
-fi
-
-if [ "$backup_user" = "none" ]; then
-    echo "missing backup user";
-    exit 1
-fi
-
-if [ "$server" = "none" ]; then
-    echo "missing backup server address";
-    exit 1
-fi
-
-if [ "$ssh_port" = "none" ]; then
-    echo "missing backup server port";
-    exit 1
-fi
-
-# make sure we are in the correct dir (locally)
-cd $backup_path
-mkdir -p backups
-outfile="backups/backup_$(date +%Y_%m_%d).zip"
-
-# result flags
-success=true
-failure_reason="Unknown."
-
-# create backup
-forgejo dump -c /etc/forgejo/app.ini -f $outfile
-
-# check for success
-if [ $? -ne 0 ]; then
-    failure_reason="Failed to create forgejo backup."
-    echo $failure_reason
-    success=false
-fi
-
-# query size of output file
-outfile_size=$(ls -l $outfile | cut -d ' ' -f5 | numfmt --to iec)
-backup_dir_size=0
-
-# copy backup to backup server
-if [ "$success" = true ] ; then
-    # check if ssh files are present (went missing in the past)
-    if [[ -f ~/.ssh/id_rsa && -f ~/.ssh/id_rsa.pub ]]; then
-        # simple scp to backup server
-        scp -P $ssh_port $outfile $backup_user@$server:$backup_path
-        scp_return=$?
-        echo scp code $scp_return
-
-        # check for success
-        if [ $scp_return -eq 0 ]; then
-            rm $outfile
-            backup_dir_size=$(ssh -n $backup_user@$server -p $ssh_port "ls -l $backup_path" | awk '{sum += $5} END {print sum}' | numfmt --to iec)
-            success=true
-        else
-            failure_reason="scp failed."
-            success=false
-        fi
-    else
-        failure_reason="Missing rsa file."
-        echo $failure_reason
-        success=false
-    fi
-fi
-
-echo $success
-
-if [ "$mail_config" != "none" ] && [ "$mail" != "none" ]; then
-    # send info mail to configured mail address
-    if [ "$success" = true ] ; then
-        echo "reporting success"
-        printf "Subject: Forgejo Backup - Success\n\nBackup ran successfully. Backup size: $outfile_size. Backup dir size: $backup_dir_size" | msmtp -a $mail_config $mail
-    else
-        echo "reporting failure"
-        printf "Subject: Forgejo Backup - Failure\n\n$failure_reason" | msmtp -a $mail_config $mail
-    fi
-fi

dev_system.nix

@@ -19,26 +19,6 @@ in
     };
   };
 
-  users.users = {
-    # connection only via ssh key
-    pipeline = {
-      isNormalUser = true;
-      home = "/home/pipeline";
-      description = "User used by forgejo runners to connect to this system";
-      extraGroups = [ "docker" ];
-      openssh.authorizedKeys.keys = [ "TODO" ];
-    };
-
-    # connection only via hashed password;
-    dev = {
-      isNormalUser = true;
-      home = "/home/dev";
-      description = "User used to manually connect to this system (e.g. for maintenance)";
-      extraGroups = [ "docker" "wheel" ];
-      hashesPassword = "TODO";
-    }
-  };
-
   environment.systemPackages = with pkgs; [
     git
   ];

git_system.nix

@@ -11,6 +11,14 @@ let
   srv = cfg.settings.server;
 in
 {
+  imports = [
+    # include NixOS-WSL modules
+    <nixos-wsl/modules>
+  ];
+
+  wsl.enable = true;
+  wsl.defaultUser = "nixos";
+
   system.stateVersion = "24.11";
 
   nix = {
@@ -23,17 +31,6 @@ in
     git
   ];
 
-  users.users = {
-    # connection only via hashed password;
-    dev = {
-      isNormalUser = true;
-      home = "/home/dev";
-      description = "User used to manually connect to this system (e.g. for maintenance)";
-      extraGroups = [ "docker" "wheel" ];
-      hashesPassword = "TODO";
-    }
-  };
-
   virtualisation.docker = {
     enable = true;
   };
@@ -84,30 +81,5 @@ in
         };
       };
     };
-
-    renovate = {
-      enable = true;
-      schedule = "TODO";
-      credentials = {
-        RENOVATE_TOKEN = "/etc/renovate/token";
-      };
-      settings = {
-        endpoint = "http://<TODO>.de/api/v1/";
-        persistRepoData = true;
-        platform = "forgejo";
-        autodiscover = true;
-        onboardingConfig= {
-          extends= ["config:recommended"];
-        };
-        prCommitsPerRunLimit= 0;
-      };
-    };
-
-    cron = {
-      enable = true;
-      systemCronJobs = [
-        "00 03 * * * forgejo sh backup_forgejo.sh -d /var/lib/forgejo -u TODO -s TODO -p TODO"
-      ];
-    };
   };
 }

runner_system.nix

@@ -24,17 +24,6 @@ in
     forgejo-runner
   ];
 
-  users.users = {
-    # connection only via hashed password;
-    dev = {
-      isNormalUser = true;
-      home = "/home/dev";
-      description = "User used to manually connect to this system (e.g. for maintenance)";
-      extraGroups = [ "docker" "wheel" ];
-      hashesPassword = "TODO";
-    }
-  };
-
   virtualisation.docker = {
     enable = true;
   };
@@ -51,19 +40,5 @@ in
     };
 
     # TODO: forgejo runner
-    gitea-actions-runner = {
-      package = pkgs.forgejo-actions-runner;
-      instances.default = {
-        enable = true;
-        name = "default-runner";
-        url = "TODO";
-        tokenFile = config.age.secrets.forgejo-runner-token.path;
-        labels = [
-          "ubuntu-latest:docker://node:16-bullseye"
-          "ubuntu-22.04:docker://node:16-bullseye"
-          "ubuntu-20.04:docker://node:16-bullseye"
-        ];
-      }
-    }
   };
 }