aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--docs/forgejo.org5
-rw-r--r--docs/keycloak.org36
-rw-r--r--machines/nixos/x86_64-linux/rivendell.nix2
-rw-r--r--profiles/forgejo.nix104
-rw-r--r--profiles/keycloak.nix19
-rw-r--r--secrets/forgejo-fastmail.age7
-rw-r--r--secrets/keycloak-db-password.age8
-rw-r--r--secrets/secrets.nix8
8 files changed, 0 insertions, 189 deletions
diff --git a/docs/forgejo.org b/docs/forgejo.org
deleted file mode 100644
index 28edec1..0000000
--- a/docs/forgejo.org
+++ /dev/null
@@ -1,5 +0,0 @@
-* Forgejo
-
-Running at https://code.fcuny.net
-
-Reverse proxy on the digital ocean host.
diff --git a/docs/keycloak.org b/docs/keycloak.org
deleted file mode 100644
index cd6e773..0000000
--- a/docs/keycloak.org
+++ /dev/null
@@ -1,36 +0,0 @@
-* Keycloak
-
-Running at https://id.fcuny.net.
-
-There's an admin user in 1password.
-** Bootstrap
-#+begin_src shell
-ssh keycloak-host -L 8080:localhost:8080
-#+end_src
-
-Then go to =http://localhost:8080= with your browser to setup the initial user.
-
-** Client for forgejo
-The client is managed by terranix.
-*** forgejo configuration
-- create a new authentication source under https://code.fcuny.net/admin/auths
-- choose OAuth2
-- set the name to =id.fcuny.net=
-- set OAuth2 provider to OpenID Connect
-- configure the OpenID realm to =https://id.fcuny.net/realms/master/.well-known/openid-configuration=
-- the client ID is =forgejo=
-- the client secret is in the =credentials= tab in forgejo for the client
-- select =skip local 2FA=
-** Managing with terranix
-Ultimately we want to manage it with terranix.
-
-First, we need a client ID and a secret. The client can be created in the UI:
-- https://id.fcuny.net/admin/master/console/#/master/clients
-- create a new client (use =terranix= if possible, so that it's descriptive)
-- =Standard Flow Enabled= should be disabled
-- =Direct Access Grants Enabled= should be disabled
-- =Service Accounts Enabled= should be enabled
-
-The go to "Service account roles" for the newly created client, and ensure it has =admin= role (assign role -> filter by realm roles -> admin).
-
-Export the secret with =KEYCLOAK_CLIENT_SECRET= (it might be already be set in =../.envrc.local=).
diff --git a/machines/nixos/x86_64-linux/rivendell.nix b/machines/nixos/x86_64-linux/rivendell.nix
index f0f43a9..6ba2af2 100644
--- a/machines/nixos/x86_64-linux/rivendell.nix
+++ b/machines/nixos/x86_64-linux/rivendell.nix
@@ -9,11 +9,9 @@
../../../profiles/cgroups.nix
../../../profiles/defaults.nix
../../../profiles/disk/btrfs-on-luks.nix
- ../../../profiles/forgejo.nix
../../../profiles/git-server.nix
../../../profiles/hardware/framework-desktop.nix
../../../profiles/home-manager.nix
- ../../../profiles/keycloak.nix
../../../profiles/remote-unlock.nix
../../../profiles/restic-backup.nix
../../../profiles/server.nix
diff --git a/profiles/forgejo.nix b/profiles/forgejo.nix
deleted file mode 100644
index 70af185..0000000
--- a/profiles/forgejo.nix
+++ /dev/null
@@ -1,104 +0,0 @@
-{ config, pkgs, ... }:
-let
- # convenience wrapper for admin commands
- forgejo-admin = pkgs.writeShellScriptBin "forgejo-admin" ''
- sudo -u forgejo ${pkgs.forgejo}/bin/gitea -c ${config.services.forgejo.customDir}/conf/app.ini admin "$@"
- '';
-in
-{
- networking.firewall.allowedTCPPorts = [ 3000 ];
-
- age.secrets.forgejo-fastmail = {
- file = ../secrets/forgejo-fastmail.age;
- };
-
- environment.systemPackages = [ forgejo-admin ];
-
- services.forgejo = {
- enable = true;
- dump = {
- enable = true;
- };
- database.type = "postgres";
- lfs.enable = false;
- secrets = {
- mailer.PASSWD = config.age.secrets.forgejo-fastmail.path;
- };
- settings = {
- DEFAULT.APP_NAME = "¯\\_(ツ)_/¯";
- session = {
- COOKIE_SECURE = true;
- PROVIDER = "db";
- PROVIDER_CONFIG = "";
- SESSION_LIFE_TIME = 86400 * 5;
- };
- server = {
- DOMAIN = "code.fcuny.net";
- ROOT_URL = "https://code.fcuny.net";
- HTTP_PORT = 3000;
- LANDING_PAGE = "explore";
- };
- mailer = {
- ENABLED = true;
- PROTOCOL = "smtp+starttls";
- FROM = "code <forgejo@code.fcuny.net>";
- USER = "franck@fcuny.net";
- SMTP_ADDR = "smtp.fastmail.com";
- };
- metrics = {
- ENABLED = true;
- ENABLED_ISSUE_BY_LABEL = true;
- ENABLED_ISSUE_BY_REPOSITORY = true;
- };
- service = {
- REGISTER_EMAIL_CONFIRM = true;
- DISABLE_REGISTRATION = true;
- ALLOW_ONLY_EXTERNAL_REGISTRATION = false;
- SHOW_REGISTRATION_BUTTON = true;
- };
- openid = {
- ENABLE_OPENID_SIGNIN = true;
- ENABLE_OPENID_SIGNUP = true;
- };
- oauth2_client = {
- REGISTER_EMAIL_CONFIRM = false;
- ENABLE_AUTO_REGISTRATION = true;
- USERNAME = "preferred_username";
- ACCOUNT_LINKING = "auto";
- };
- repository = {
- DEFAULT_PRIVATE = "public";
- DEFAULT_PUSH_CREATE_PRIVATE = true;
- ENABLE_PUSH_CREATE_USER = true;
- PREFERRED_LICENSES = "GPL-3.0-or-later,MIT";
- DEFAULT_REPO_UNITS = "repo.code,repo.issues,repo.pulls";
- DISABLE_STARS = true; # self-hosting so, doesn't make sense
- };
- "service.explore" = {
- DISABLE_USERS_PAGE = true;
- };
- federation = {
- ENABLED = true;
- };
- ui = {
- # To protect privacy of users.
- SHOW_USER_EMAIL = false;
- };
- };
- };
-
- # my.modules.backups = {
- # local.paths = [ "/var/lib/forgejo" ];
- # local.exclude = [
- # "/var/lib/forgejo/data/indexers"
- # "/var/lib/forgejo/data/repo-archive"
- # "/var/lib/forgejo/data/tmp"
- # ];
- # remote.paths = [ "/var/lib/forgejo" ];
- # remote.exclude = [
- # "/var/lib/forgejo/data/indexers"
- # "/var/lib/forgejo/data/repo-archive"
- # "/var/lib/forgejo/data/tmp"
- # ];
- # };
-}
diff --git a/profiles/keycloak.nix b/profiles/keycloak.nix
deleted file mode 100644
index 7aac133..0000000
--- a/profiles/keycloak.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ config, ... }:
-{
- age.secrets.keycloak-db-password = {
- file = ../secrets/keycloak-db-password.age;
- };
-
- networking.firewall.allowedTCPPorts = [ 8080 ];
-
- services.keycloak = {
- enable = true;
- database.passwordFile = config.age.secrets.keycloak-db-password.path;
- settings = {
- hostname = "id.fcuny.net";
- http-port = 8080;
- proxy-headers = "xforwarded";
- http-enabled = true;
- };
- };
-}
diff --git a/secrets/forgejo-fastmail.age b/secrets/forgejo-fastmail.age
deleted file mode 100644
index ab2855b..0000000
--- a/secrets/forgejo-fastmail.age
+++ /dev/null
@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 pFjJaA spgIvVcxzhxSTbuuQERe1ymYyYq3c4dlTPg6I6kUfjU
-R1LLvV9O1N5+Pv7p/nsz22cdfF6Q9UU+XJo95w9Z1OA
--> ssh-ed25519 Y5h84Q bwKm80XHZ6GTnJkswRT+V/s8xilwKtEkS+i/xbpprHg
-vG0LbibRzHTCH7duJ+b/EzYttYCc0HBXUmtvKeaGKas
---- w4oXREsVHU5FGKWwqTTNcl7Yy7DTNpp8CYZzWAhmoec
-ڼEmB`a͘&#A AVJN{'>8r#?ʼw' \ No newline at end of file
diff --git a/secrets/keycloak-db-password.age b/secrets/keycloak-db-password.age
deleted file mode 100644
index a14cdd5..0000000
--- a/secrets/keycloak-db-password.age
+++ /dev/null
@@ -1,8 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 pFjJaA qZ/I4tvWyS6XoRUVCuSsd3fGD4VKVL7RFUwkNExbemk
-FPa9m2xBQjXzSMDn5txSAhSEeiT0NFmNi5kHzgG7nhg
--> ssh-ed25519 Y5h84Q IaNvL/dJHx00hW4MiF5shPDoa/asnrgTCKN0G/f7Xi8
-7eR987Gs3gt8c3m7r19d5cKN/DghK7G8cxG9Hgfor0E
---- 6fP8Wi/hDa1zePylVJnHlPLMJVml9k/UDQpEJjjeYn8
->AUe\`є̑cbV,
-T/m` \ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 5184454..2b6022b 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -10,14 +10,6 @@ let
};
in
{
- "forgejo-fastmail.age".publicKeys = [
- users.fcuny
- hosts.rivendell
- ];
- "keycloak-db-password.age".publicKeys = [
- users.fcuny
- hosts.rivendell
- ];
"cloudflare-nginx.age".publicKeys = [
users.fcuny
hosts.do
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 09:11:08 +0000