pub-solar/os
5
0
Fork 2
Code Issues 4 Pull requests Packages Projects 1 Releases Wiki Activity

WIP: flora-6/gitea: Move towards docker containers #161

Closed
b12f wants to merge 1 commit from update/gitea-docker into infra
pull from: update/gitea-docker
merge into: pub-solar:infra
Conversation 1 Commits 1 Files changed 1 +61
1 changed files with 61 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

61
hosts/flora-6/gitea.nix
View file

@ -16,6 +16,67 @@
owner = "gitea"; owner = "gitea";
}; };
users.users.git = {
description = "Gitea SSH Service";
home = "/var/lib/gitea/git";
teutat3s commented 2023-02-01 09:39:11 +00:00
Review
Copy link

Let's stick to the gitea docs:

    home = "/home/git";
Let's stick to the gitea docs: ``` home = "/home/git"; ```
useDefaultShell = false;
teutat3s commented 2023-02-01 09:40:49 +00:00
Review
Copy link
    shell = "/home/git/ssh-shell";
``` shell = "/home/git/ssh-shell"; ```
uid = 995;
teutat3s commented 2023-02-01 09:19:13 +00:00
Review
Copy link

995 is taken by user systemd-oom, uid 992 is still free on flora-6.

`995` is taken by user `systemd-oom`, uid `992` is still free on flora-6.
isSystemUser = true;
};
virtualisation = {
docker = {
enable = true; # sadly podman is not supported rightnow
};
oci-containers = {
backend = "docker";
containers."gitea" = {
image = "gitea:gitea:1.18.3";
teutat3s commented 2023-02-01 09:46:08 +00:00
Review
Copy link
       image = "gitea/gitea:1.18.3";
``` image = "gitea/gitea:1.18.3"; ```
autoStart = true;
user = "995";
teutat3s commented 2023-02-01 09:19:42 +00:00
Review
Copy link

Let's use 992 here, too.

Let's use `992` here, too.
ports = [
"127.0.0.1:3000:3000"
"127.0.0.1:2222:22"
];
volumes = [
"/var/lib/gitea:/data"
teutat3s commented 2023-02-01 09:41:41 +00:00
Review
Copy link
          "/home/git/.ssh/:/data/git/.ssh"
``` "/home/git/.ssh/:/data/git/.ssh"
# Secrets go in the app.ini file, the rest wil be done in nix via environment variables
"/var/lib/gitea/custom/conf/app.ini:/${config.age.secrets.gitea-secrets-app-ini.path}"
teutat3s commented 2023-02-01 09:31:22 +00:00
Review
Copy link
          "${config.age.secrets.gitea-secrets-app-ini.path}:/data/gitea/conf/app.ini"
``` "${config.age.secrets.gitea-secrets-app-ini.path}:/data/gitea/conf/app.ini" ```
"/etc/timezone:/etc/timezone:ro"
"/etc/localtime:/etc/localtime:ro"
];
extraOptions = [
"--network=gitea"
];
environment = {
USER_UID = "postgres";
USER_GID = "postgres";
teutat3s commented 2023-02-01 09:24:20 +00:00
Review
Copy link

Let's match the user inside the container with the git user on the host

          USER = "git";
          USER_UID = "992";
          USER_GID = "991";
Let's match the user inside the container with the `git` user on the host ``` USER = "git"; USER_UID = "992"; USER_GID = "991"; ```
RUN_MODE = "prod";
SSH_DOMAIN = "git.pub.solar";
ROOT_URL = "git.pub.solar";
DB_TYPE = "postgres";
DB_HOST = "gitea-db";
DISABLE_REGISTRATION = "true";
};
teutat3s commented 2023-02-01 09:25:39 +00:00
Review
Copy link
        dependsOn = ["gitea-db"];
``` dependsOn = ["gitea-db"]; ```
};
containers."gitea-db" = {
image = "postgres:14";
autoStart = true;
volumes = [
"/var/lib/gitea-db:/var/lib/postgresql/data"
];
extraOptions = [
"--network=gitea"
];
environmentFiles = [
config.age.secrets.gitea-db-secrets.path
];
};
};
};
# gitea # gitea
services.gitea = { services.gitea = {
enable = true; enable = true;