Add gitea, fix emacs warning and build error in obs-gstreamer

2022-04-26 10:59:48 +02:00 · 2022-04-26 10:59:48 +02:00 · 7551396a58
commit 7551396a58
parent 3d75ec7818
8 changed files with 185 additions and 4 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -13,3 +13,7 @@ creation_rules:
      - pgp:
          - *erwin
          - *drone
+  - path_regex: machines/gitea/[^/]+\.yaml$
+    key_groups:
+      - pgp:
+        - *erwin
--- a/flake.nix
+++ b/flake.nix
@ -111,7 +111,7 @@
      defContainer = system: baseConfig:
        nixos-generators.nixosGenerate {
          pkgs = nixpkgs.legacyPackages.${system};
-          format = "lxc";
+          format = "proxmox-lxc";
          modules = [
            {_module.args.inputs = inputs;}
            {_module.args.self-overlay = self.overlay;}
@ -199,6 +199,12 @@
              (import ./machines/proxy/configuration.nix {inherit self;})
            ];
          };
+
+          gitea = defContainer "x86_64-linux" {
+            imports = [
+              (import ./machines/gitea/configuration.nix {inherit self;})
+            ];
+          };
        };
      }
      // (flake-utils.lib.eachSystem ["aarch64-linux" "x86_64-linux"])
--- a/home-manager/modules/emacs/default.nix
+++ b/home-manager/modules/emacs/default.nix
@ -6,7 +6,7 @@
 }:
 with lib; let
  cfg = config.eboskma.programs.emacs;
-  emacs = with pkgs; ((emacsPackagesFor emacsPgtkGcc).emacsWithPackages (epkgs: [epkgs.emacsql epkgs.emacsql-sqlite]));
+  emacs = with pkgs; ((emacsPackagesFor emacsPgtkNativeComp).emacsWithPackages (epkgs: [epkgs.emacsql epkgs.emacsql-sqlite]));

  orgProtocolDesktop = pkgs.makeDesktopItem {
    name = "org-protocol";
@ -34,7 +34,7 @@ in {
  config = mkIf (cfg.enable) {
    programs.emacs = {
      enable = true;
-      package = pkgs.emacsPgtkGcc;
+      package = emacs;
    };

    services.emacs = mkIf (cfg.daemon) {
--- a/home-manager/modules/obs-studio/default.nix
+++ b/home-manager/modules/obs-studio/default.nix
@ -14,7 +14,7 @@ in {
      enable = true;
      plugins = [
        pkgs.obs-studio-plugins.wlrobs
-        pkgs.obs-studio-plugins.obs-gstreamer
+        # pkgs.obs-studio-plugins.obs-gstreamer
        pkgs.obs-backgroundremoval
      ];
    };
--- a/machines/gitea/configuration.nix
+++ b/machines/gitea/configuration.nix
@ -0,0 +1,48 @@
+{ self, ... }@inputs: {
+  imports = [
+    ../../users/root
+    ../../users/erwin
+  ];
+
+  eboskma = {
+    gitea.enable = true;
+    nix-common.enable = true;
+  };
+
+  # boot.isContainer = true;
+
+  time.timeZone = "Europe/Amsterdam";
+
+  system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
+
+  networking = {
+    hostName = "gitea";
+    useDHCP = false;
+
+    interfaces = {
+      eth0 = {
+        ipv4.addresses = [
+          { address = "10.0.0.203";
+        prefixLength = 24;
+          }
+        ];
+      };
+    };
+
+    defaultGateway = "10.0.0.1";
+    nameservers = ["10.0.0.254"];
+  };
+
+  environment.noXlibs = true;
+
+  # services.openssh.enable = true;
+
+  sops.defaultSopsFile = ./secrets.yaml;
+  sops.secrets = {
+    gitea_db_password = {
+      owner = "git";
+    };
+  };
+
+  system.stateVersion = "22.05";
+}
--- a/machines/gitea/secrets.yaml
+++ b/machines/gitea/secrets.yaml
@ -0,0 +1,32 @@
+gitea_db_password: ENC[AES256_GCM,data:DhTDb2LuzEnkdSztIsSoICIz1qIpqNQYp2Z69NDNqPib3u/fzjnt6EyI5k9+0c2s0+AZBKPzItCm61WKquoIV80MsDgROANP2LP63j+id4KHMtIvvT7TBZelN8vaZnM422MutUzOFYB0+SA2LcSDtTHL9WKtqTnF4AjK3UpKjYk=,iv:zK65d01tXoSPYIu2JxRy2O8wURD73AqM7r+80H2nzAs=,tag:qc63u9c9/NaMT/OI5IsuLQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2022-04-25T15:50:15Z"
+    mac: ENC[AES256_GCM,data:r+PbyDB1s0zBoczJVTaTnUvLw8Oqywul1zB7S8clXYtgWDSCIJ2igwupwmH2mYqEzTUutaKNjjAxbaerD8rrBgsJ1K1PSQwk6MawEskVwmdGbIdfCB8r0qHCNOE7pVRgTXyFxjEH6D9xxl/QJhVVTXXnZebR+r9q2SmJyazlFEg=,iv:lV6i7EKu6v0HORk1RhateMB9T0xMhROYKtd67M4fEJk=,tag:iTpNCUruB8Yd/5PlypdmQA==,type:str]
+    pgp:
+        - created_at: "2022-04-25T15:49:31Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA6BoiFpcAxNSAQ//cqGJB1/5LEEG9tmgwYoTAW3hhMaF3yDuMRQbYG8CKw8t
+            ftrqUSltqoZi/9f7AHeQl82LnrdlHyHD3+uzcC1FYgYCU5OslD/IuvYBkVGXlvGh
+            kk7yBNSEsxVo2sPkrUPJzxapFcf1j2gm83WZ4vTUQ8Mn5UYmGBNmVw4cLtO/R732
+            ZhvvLePeF2Za79UxEKIkbh2CWNNA80PLZt8pLUsl+HXnWxNep6fDdwrC6GdU3C8o
+            qcHN7+JGZdDYFqD0bsxpHFYcbg8OWajFJ4vbx9JHSNfjxXRqzaWr+3I93N/aMra/
+            vXyqeRaqowXx9hL2lIAU2Pvpe79+YMeYm3WgEI0ytBz7o86majq3DQ3+XjESIpoy
+            5hNC+cgFiuBUE6e1lBq3812ycsH+HPtha2ppsyr5CX1Fjc63hkszU0bH6UL1jUVk
+            hUAEuLiKADnwPJK1NGrXHqyfEYhIAFkCvEgBK5zoCkcuQ/r2CsO8GfQdOPDwVKcC
+            WLHQU9hq66iCLTd9IxVfOn5YcMjHk6Ie5Dam7cbF3pVAcXrKneYgNK4kdh7aBOqe
+            dasqr/HNJ4Fi15lrVyx2g8c8mb68AbmTCydPX5tZ3RCIc0r8i4iEbYS0Ny8jVPZp
+            6qzI3qo0LnrnMaqqKiJAGH2x3y4bJUlrlab3tV0Kou7e2oM4WhY3jVFXtdAV7+HS
+            XgGGtcTnOE6cSrFRZCSCCzsRrvgDY3NNrrcVBayeCHG+OLqgiHngReG9CdbMzi9E
+            8yIxWF3/8kbKqru6TSheHgOu1v0q/RnCAEqukRynw/Ze8t2/tzGkzETgRMcCoDU=
+            =q/Xc
+            -----END PGP MESSAGE-----
+          fp: b785a9688947edabb9ec8933ee7adefe1d943c7b
+    unencrypted_suffix: _unencrypted
+    version: 3.7.2
--- a/modules/gitea/default.nix
+++ b/modules/gitea/default.nix
@ -2,6 +2,7 @@
 with lib;
 let
  cfg = config.eboskma.gitea;
+  giteaCfg = config.services.gitea;
 in
 {
  options.eboskma.gitea = { enable = mkEnableOption "gitea"; };
@ -9,6 +10,81 @@ in
  config = mkIf (cfg.enable) {
    services.gitea = {
      enable = true;
+      user = "git";
+      domain = "git.datarift.nl";
+      appName = "Gitea Datarift";
+      rootUrl =  "https://git.datarift.nl/";
+      log.level = "Warn";
+      lfs = {
+        enable = true;
+      };
+      disableRegistration = true;
+      cookieSecure = true;
+      
+      database = {
+        type = "postgres";
+        socket = "/run/postgresql";
+        passwordFile = "/run/secrets/gitea_db_password";
+        createDatabase = false;
+      };
+
+      settings = {
+        security = {
+          PASSWORD_HASH_ALGO = "argon2";
+          DISABLE_GIT_HOOKS = false;
+        };
+
+        database = {
+          LOG_SQL = false;
+        };
+
+        repository = {
+          ENABLE_PUSH_CREATE_USER = true;
+          ENABLE_PUSH_CREATE_ORG = true;
+        };
+
+        service = {
+          DEFAULT_KEEP_EMAIL_PRIVATE = true;
+        };
+
+        picture = {
+          ENABLE_FEDERATED_AVATAR = true;
+        };
+
+        session = {
+          PROVIDER = "db";
+          SAME_SITE = "strict";
+        };
+
+        webhook = {
+          ALLOWED_HOST_LIST = "external,10.0.0.202/32,drone.datarift.nl";
+        };
+      };
+    };
+
+    users.users.git = {
+      description = "Gitea service user";
+      home = giteaCfg.stateDir;
+      useDefaultShell = true;
+      group = "gitea";
+      isSystemUser = true;
+    };
+    
+    services.postgresql = {
+      enable = true;
+      # Explicitly specify version here, because upgrading is a manual process that involves dumping and restoring databases:
+      # https://nixos.org/manual/nixos/unstable/index.html#module-services-postgres-upgrading
+      package = pkgs.postgresql_14;
+
+      ensureDatabases = ["gitea"];
+      ensureUsers = [
+        {
+          name = "gitea";
+          ensurePermissions = {
+            "DATABASE gitea" = "ALL PRIVILEGES";
+          };
+        }
+      ];
    };
  };
 }
--- a/users/erwin/desktop.nix
+++ b/users/erwin/desktop.nix
@ -0,0 +1,15 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.eboskma.desktop;
+in {
+  options.eboskma.desktop = {enable = mkEnableOption "desktop configuration";};
+
+  config =
+    mkIf (cfg.enable) {
+    };
+}