From 1874463c4ec9fd7e2252a7892aecdcb8d370a6ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 29 Jan 2023 21:51:29 +0100 Subject: [PATCH] flora-6/gitea: Move towards docker containers --- hosts/flora-6/gitea.nix | 61 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) diff --git a/hosts/flora-6/gitea.nix b/hosts/flora-6/gitea.nix index 091be889..3593cc42 100644 --- a/hosts/flora-6/gitea.nix +++ b/hosts/flora-6/gitea.nix @@ -16,6 +16,67 @@ owner = "gitea"; }; + users.users.git = { + description = "Gitea SSH Service"; + home = "/var/lib/gitea/git"; + useDefaultShell = false; + uid = 995; + isSystemUser = true; + }; + + virtualisation = { + docker = { + enable = true; # sadly podman is not supported rightnow + }; + + oci-containers = { + backend = "docker"; + containers."gitea" = { + image = "gitea:gitea:1.18.3"; + autoStart = true; + user = "995"; + ports = [ + "127.0.0.1:3000:3000" + "127.0.0.1:2222:22" + ]; + volumes = [ + "/var/lib/gitea:/data" + # Secrets go in the app.ini file, the rest wil be done in nix via environment variables + "/var/lib/gitea/custom/conf/app.ini:/${config.age.secrets.gitea-secrets-app-ini.path}" + "/etc/timezone:/etc/timezone:ro" + "/etc/localtime:/etc/localtime:ro" + ]; + extraOptions = [ + "--network=gitea" + ]; + environment = { + USER_UID = "postgres"; + USER_GID = "postgres"; + RUN_MODE = "prod"; + SSH_DOMAIN = "git.pub.solar"; + ROOT_URL = "git.pub.solar"; + DB_TYPE = "postgres"; + DB_HOST = "gitea-db"; + DISABLE_REGISTRATION = "true"; + }; + }; + + containers."gitea-db" = { + image = "postgres:14"; + autoStart = true; + volumes = [ + "/var/lib/gitea-db:/var/lib/postgresql/data" + ]; + extraOptions = [ + "--network=gitea" + ]; + environmentFiles = [ + config.age.secrets.gitea-db-secrets.path + ]; + }; + }; + }; + # gitea services.gitea = { enable = true;