diff --git a/README.md b/README.md index c3c279e..3ddaebc 100644 --- a/README.md +++ b/README.md @@ -111,6 +111,7 @@ Most services are served over [tailscale](https://tailscale.com/), using certifi - [Actual](https://actualbudget.org/) — budgeting tool. - [Commafeed](https://github.com/Athou/commafeed) — rss reader +- [Forgejo](https://forgejo.org/) — git forge - [Grafana](https://github.com/grafana/grafana) — pretty dashboards - [Homer](https://github.com/bastienwirtz/homer) — server homepage - [Intray](https://github.com/NorfairKing/intray) — GTD capture tool. diff --git a/common/icons/forgejo.svg b/common/icons/forgejo.svg new file mode 100644 index 0000000..c2a74ee Binary files /dev/null and b/common/icons/forgejo.svg differ diff --git a/docs/ports.md b/docs/ports.md index 47c72ef..193d432 100644 --- a/docs/ports.md +++ b/docs/ports.md @@ -22,3 +22,4 @@ The idea is to always use consecutive ports, but never go back and try to recycl | 8416 | [redlib](../hosts/nixos/lapetus/services/redlib.nix) | | 8417 | [qbittorrent](../hosts/nixos/lapetus/services/qbittorrent.nix) | | 8418 | [microbin](../hosts/nixos/lapetus/services/microbin.nix) | +| 8419 | [forgejo](../hosts/nixos/lapetus/services/forgejo.nix) | diff --git a/hosts/nixos/common/optional/services/gitea.nix b/hosts/nixos/common/optional/services/gitea.nix deleted file mode 100644 index 43827b7..0000000 --- a/hosts/nixos/common/optional/services/gitea.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ lib, ... }: { - services.gitea = { - enable = true; - appName = "pinktea"; - stateDir = "/persist/state/pinktea"; - lfs.enable = true; - - dump = { - enable = true; - type = "tar.gz"; - }; - - # See [the cheatsheet](https://docs.gitea.com/next/administration/config-cheat-sheet) - settings = { - session.COOKIE_SECURE = false; # TODO: set to true when serving over https - repository = { - DISABLED_REPO_UNITS = ""; - DEFAULT_REPO_UNITS = lib.strings.concatStringsSep "," [ - "repo.code" - "repo.releases" - "repo.issues" - "repo.pulls" - ]; - DISABLE_STARS = true; - }; - }; - }; -} diff --git a/hosts/nixos/lapetus/default.nix b/hosts/nixos/lapetus/default.nix index 561a158..3198d12 100644 --- a/hosts/nixos/lapetus/default.nix +++ b/hosts/nixos/lapetus/default.nix @@ -23,6 +23,7 @@ ./services/jellyfin.nix ./services/qbittorrent.nix ./services/microbin.nix + ./services/forgejo.nix # ./services/ddclient.nix ./filesystems ./hardware diff --git a/hosts/nixos/lapetus/secrets.example.yaml b/hosts/nixos/lapetus/secrets.example.yaml index de61ef7..9f2aadb 100644 --- a/hosts/nixos/lapetus/secrets.example.yaml +++ b/hosts/nixos/lapetus/secrets.example.yaml @@ -11,3 +11,4 @@ cloudflare_tunnel_credentials: | microbin_env: | MICROBIN_ADMIN_PASSWORD=... MICROBIN_UPLOAD_PASSWORD=... +forgejo_mail_password: ... diff --git a/hosts/nixos/lapetus/secrets.yaml b/hosts/nixos/lapetus/secrets.yaml index 05915ea..3783cfd 100644 --- a/hosts/nixos/lapetus/secrets.yaml +++ b/hosts/nixos/lapetus/secrets.yaml @@ -5,6 +5,7 @@ grafana_discord_webhook: ENC[AES256_GCM,data:y17UjlnfNmtvim9REkop4abcU6BX0P5JnJY invidious_hmac_key: ENC[AES256_GCM,data:eN3NNPYUSfPNnVz3aZK7IrnzoBA=,iv:eHEiB/TKL0W6TdWpXADCxEdhhGwUPwOLph2RjwTECh0=,tag:P5m6Uw8JkKVegQ840talPQ==,type:str] cloudflare_tunnel_credentials: ENC[AES256_GCM,data:XuXXzhGdxYsF1ik2g7yS2wbaI08/AF60P8CnIhjJlMd+jRk36QovuBRRjkfV8BjOg0K+2b4yNHT/nS/ZSV6eorj4sbczw6D+p7LxrQfeVqqhXWyCjbJwQTTDFU9XB2xUohmmC1PJ1/nwShfn1LocPxgwWQiNpqwhTJroojzqxTHUBzCuAMmcZ7jwvd0SlDpZIszhbTQoLRzedRZpCdoNnWTc,iv:2oBLU3SvNUwJ2OYfCmyKiocUw9zU+yixO+tY/AE9sxc=,tag:T3v+MII+kDzomiAQJ0zUdg==,type:str] microbin_env: ENC[AES256_GCM,data:nxiE9GIvEb0xgqomDdMyy2UtG25pt7h+6JUZkAgIejZbJfsKfpIJcG02WJoj07I2VeTtN10Wd8IbrW9QEt64mLzlG7hqJN0Uwq8bjL1j5IaK,iv:pCWmF52MhMfZtdtMsL7wwt+KB33E/UPNtXzkiJ7NOWE=,tag:79e0u2yyRYckivY85hLqpg==,type:str] +forgejo_mail_password: ENC[AES256_GCM,data:linrpmA8b+8e1+tWNl0=,iv:Mk7suPq0Jt960Zl9s2jj3SSAKt4t8Lv4eKdIo0o8JbE=,tag:TZ0qGJIVSFSUt/0cqamvdw==,type:str] sops: kms: [] gcp_kms: [] @@ -29,8 +30,8 @@ sops: RHZ6alYrUU5BZ2xlMkdGR1dWRG5aeGMKJdsdtVZ6Mk9Vo3a+tS+rzAgaF2wpH+8U lWhA+c0Kbe8EJT8hm7Vr8PqBmElz4V9AnXSCTp7D+Cu4pfWsHopLUQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-05-10T18:21:41Z" - mac: ENC[AES256_GCM,data:JbRf7sVZLNiIR2vy0+Et7PqpZIvxYa8ZbqLUNNUzjilfIxaRcwRTjbV+IryGOXBve1rJoK9I6Y4dnaQOM/YpddNO2Nxb4PKGcgnQc6v4wrHfHBFZJVo7Teyy6jFfxBYCu0DOqIzBeQg7YLs29PpVoOjxjXDLLFfCK1WAlng+Af8=,iv:2yIV0h3jp/JTPhWjfRLI+Nd8kkIheePIKOf6u59wWiw=,tag:eHswLPB7oDJ98jqnJv2V6g==,type:str] + lastmodified: "2024-05-10T22:27:23Z" + mac: ENC[AES256_GCM,data:pH8KM1JvO6OK1yGNT90kPfd7+zoUnyoTNfWhCXHBERzLmxHuI8VopCGfgxqYtjyBE4yYAIsRpzJBMPKSnazoL9EBWB+uoSE3UNXMgwTBK/Oq+aW1Bj7akOfCiR9U8yzgfqI7ReAtbioOVO3K/RlgCzpNFdfvToKwm7tUFrektB8=,iv:ltMnlbzIQumavl96q76sv9iYf4IgKrLS2yRZQ1xb83o=,tag:1PILpbzUR7LXaiuukrH3bw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/hosts/nixos/lapetus/services/forgejo.nix b/hosts/nixos/lapetus/services/forgejo.nix new file mode 100644 index 0000000..9e6399f --- /dev/null +++ b/hosts/nixos/lapetus/services/forgejo.nix @@ -0,0 +1,52 @@ +{ lib, config, ... }: +let + port = 8419; + host = "git.moonythm.dev"; +in +{ + sops.secrets.forgejo_mail_password.sopsFile = ../secrets.yaml; + satellite.cloudflared.targets.${host}.port = port; + + services.forgejo = { + enable = true; + appName = "moonforge"; + stateDir = "/persist/state/var/lib/forgejo"; + mailerPasswordFile = config.sops.secrets.forgejo_mail_password.path; + + dump = { + enable = true; + type = "tar.gz"; + }; + + lfs.enable = true; + + # See [the cheatsheet](https://docs.gitea.com/next/administration/config-cheat-sheet) + settings = { + session.COOKIE_SECURE = true; + server = { + DOMAIN = host; + HTTP_PORT = port; + ROOT_URL = "https://${host}"; + LANDING_PAGE = "prescientmoon"; # Make my profile the landing page + }; + + cron.ENABLED = true; + # service.DISABLE_REGISTRATION = true; + + mailer = { + ENABLED = true; + SMTP_PORT = 465; + SMTP_ADDR = "smtp.migadu.com"; + USER = "git"; + }; + + repository = { + DISABLE_STARS = true; + DISABLED_REPO_UNITS = ""; + DEFAULT_REPO_UNITS = lib.strings.concatStringsSep "," [ + "repo.code" + ]; + }; + }; + }; +} diff --git a/hosts/nixos/lapetus/services/homer.nix b/hosts/nixos/lapetus/services/homer.nix index da40258..e71f87e 100644 --- a/hosts/nixos/lapetus/services/homer.nix +++ b/hosts/nixos/lapetus/services/homer.nix @@ -63,6 +63,58 @@ in ]; } # }}} + # {{{ External + { + name = "External"; + icon = fa "arrow-up-right-from-square"; + items = [ + { + name = "Tailscale"; + subtitle = "Access this homelab from anywhere"; + logo = icon "tailscale.png"; + url = "https://tailscale.com/"; + } + { + name = "Dotfiles"; + subtitle = "Configuration for all my machines"; + logo = icon "github.png"; + url = "https://github.com/mateiadrielrafael/everything-nix"; + } + { + name = "Cloudflare"; + subtitle = "Domain management"; + logo = icon "cloudflare.png"; + url = "https://dash.cloudflare.com/761d3e81b3e42551e33c4b73274ecc82/moonythm.dev/"; + } + ]; + } + # }}} + # {{{ Productivity + { + name = "Productivity"; + icon = fa "rocket"; + items = [ + { + name = "Intray"; + subtitle = "GTD capture tool"; + icon = fa "inbox"; + url = "https://intray.moonythm.dev"; + } + { + name = "Smos"; + subtitle = "A comprehensive self-management system."; + icon = fa "cubes-stacked"; + url = "https://smos.moonythm.dev"; + } + { + name = "Actual"; + subtitle = "Budgeting tool"; + logo = icon "actual.png"; + url = "https://actual.moonythm.dev"; + } + ]; + } + # }}} # {{{ Pillars { name = "Tooling"; @@ -92,31 +144,11 @@ in logo = icon "microbin.png"; url = "https://cal.moonythm.dev"; } - ]; - } - # }}} - # {{{ Productivity - { - name = "Productivity"; - icon = fa "rocket"; - items = [ { - name = "Intray"; - subtitle = "GTD capture tool"; - icon = fa "inbox"; - url = "https://intray.moonythm.dev"; - } - { - name = "Smos"; - subtitle = "A comprehensive self-management system."; - icon = fa "cubes-stacked"; - url = "https://smos.moonythm.dev"; - } - { - name = "Actual"; - subtitle = "Budgeting tool"; - logo = icon "actual.png"; - url = "https://actual.moonythm.dev"; + name = "Forgejo"; + subtitle = "Git forge"; + logo = icon "forgejo.svg"; + url = "https://git.moonythm.dev"; } ]; } @@ -165,32 +197,6 @@ in ]; } # }}} - # {{{ External - { - name = "External"; - icon = fa "arrow-up-right-from-square"; - items = [ - { - name = "Tailscale"; - subtitle = "Access this homelab from anywhere"; - logo = icon "tailscale.png"; - url = "https://tailscale.com/"; - } - { - name = "Dotfiles"; - subtitle = "Configuration for all my machines"; - logo = icon "github.png"; - url = "https://github.com/mateiadrielrafael/everything-nix"; - } - { - name = "Cloudflare"; - subtitle = "Domain management"; - logo = icon "cloudflare.png"; - url = "https://dash.cloudflare.com/761d3e81b3e42551e33c4b73274ecc82/moonythm.dev/"; - } - ]; - } - # }}} ]; }; }); diff --git a/hosts/nixos/lapetus/services/microbin.nix b/hosts/nixos/lapetus/services/microbin.nix index d966be6..0b857eb 100644 --- a/hosts/nixos/lapetus/services/microbin.nix +++ b/hosts/nixos/lapetus/services/microbin.nix @@ -7,9 +7,7 @@ in imports = [ ./cloudflared.nix ]; sops.secrets.microbin_env.sopsFile = ../secrets.yaml; - - services.cloudflared.tunnels = - config.satellite.cloudflared.proxy host; + satellite.cloudflared.targets.${host}.port = port; services.microbin = { enable = true; diff --git a/hosts/nixos/tethys/default.nix b/hosts/nixos/tethys/default.nix index b19a034..294692d 100644 --- a/hosts/nixos/tethys/default.nix +++ b/hosts/nixos/tethys/default.nix @@ -16,6 +16,7 @@ ./hardware ./boot.nix ./services/syncthing.nix + ./services/forgejo.nix ]; # }}} diff --git a/modules/nixos/cloudflared.nix b/modules/nixos/cloudflared.nix index ae71611..5ef4f08 100644 --- a/modules/nixos/cloudflared.nix +++ b/modules/nixos/cloudflared.nix @@ -5,18 +5,33 @@ in options.satellite.cloudflared = { tunnel = lib.mkOption { type = lib.types.string; - description = "Cloudflare tunnel id to use for the `satellite.cloudflared.proxy` helper"; + description = "Cloudflare tunnel id to use for the `satellite.cloudflared.targets` helper"; }; - proxy = lib.mkOption { - type = lib.types.functionTo lib.types.anything; - description = "Helper function for generating a quick proxy config"; + targets = lib.mkOption { + description = "List of hosts to set up ingress rules for"; + default = { }; + type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: { + options = { + port = lib.mkOption { + type = lib.types.port; + description = "Localhost port to point the tunnel at"; + }; + + host = lib.mkOption { + default = name; + type = lib.types.string; + description = "Host to direct traffic from"; + }; + }; + })); }; }; - config.satellite.cloudflared.proxy = from: { - ${cfg.tunnel} = { - ingress.${from} = "http://localhost:8418"; - }; - }; + config.services.cloudflared.tunnels.${cfg.tunnel}.ingress = lib.attrsets.mapAttrs' + (_: { port, host }: { + name = host; + value = "http://localhost:${toString port}"; + }) + cfg.targets; } diff --git a/scripts/dns/dns.txt b/scripts/dns/dns.txt index d80247d..9078523 100644 --- a/scripts/dns/dns.txt +++ b/scripts/dns/dns.txt @@ -13,7 +13,9 @@ actual IN CNAME lapetus api.intray IN CNAME lapetus api.smos IN CNAME lapetus cal IN CNAME lapetus +diptime IN CNAME lapetus docs.smos IN CNAME lapetus +git IN CNAME lapetus grafana IN CNAME lapetus intray IN CNAME lapetus irc IN CNAME lapetus @@ -28,7 +30,6 @@ search IN CNAME lapetus smos IN CNAME lapetus warden IN CNAME lapetus yt IN CNAME lapetus -diptime IN CNAME lapetus *.irc IN CNAME irc ; Tunnel used by lapetus