diff options
Diffstat (limited to 'machines/nixos/x86_64-linux/synology-vm')
3 files changed, 0 insertions, 132 deletions
diff --git a/machines/nixos/x86_64-linux/synology-vm/default.nix b/machines/nixos/x86_64-linux/synology-vm/default.nix index d04a44a..915d851 100644 --- a/machines/nixos/x86_64-linux/synology-vm/default.nix +++ b/machines/nixos/x86_64-linux/synology-vm/default.nix @@ -9,8 +9,6 @@ ./disks.nix ./hardware.nix ./secrets.nix - ./profiles/forgejo.nix - ./profiles/keycloak.nix ./profiles/goget.nix ]; diff --git a/machines/nixos/x86_64-linux/synology-vm/profiles/forgejo.nix b/machines/nixos/x86_64-linux/synology-vm/profiles/forgejo.nix deleted file mode 100644 index 18d6207..0000000 --- a/machines/nixos/x86_64-linux/synology-vm/profiles/forgejo.nix +++ /dev/null @@ -1,110 +0,0 @@ -{ - self, - config, - pkgs, - ... -}: -let - # convenience wrapper for admin commands - forgejo-admin = pkgs.writeShellScriptBin "forgejo-admin" '' - sudo -u forgejo ${pkgs.forgejo}/bin/gitea -c ${config.services.forgejo.customDir}/conf/app.ini admin "$@" - ''; -in -{ - networking.firewall.allowedTCPPorts = [ 3000 ]; - - age.secrets.forgejo-fastmail = { - file = "${self}/secrets/forgejo-fastmail.age"; - }; - - environment.systemPackages = [ forgejo-admin ]; - - services.forgejo = { - enable = true; - dump = { - enable = true; - }; - database.type = "postgres"; - lfs.enable = false; - secrets = { - mailer.PASSWD = config.age.secrets.forgejo-fastmail.path; - }; - settings = { - DEFAULT.APP_NAME = "¯\\_(ツ)_/¯"; - session = { - COOKIE_SECURE = true; - PROVIDER = "db"; - PROVIDER_CONFIG = ""; - SESSION_LIFE_TIME = 86400 * 5; - }; - server = { - DOMAIN = "code.fcuny.net"; - ROOT_URL = "https://code.fcuny.net"; - HTTP_PORT = 3000; - HTTP_ADDR = "10.100.0.40"; - LANDING_PAGE = "explore"; - }; - mailer = { - ENABLED = true; - PROTOCOL = "smtp+starttls"; - FROM = "code <forgejo@code.fcuny.net>"; - USER = "franck@fcuny.net"; - SMTP_ADDR = "smtp.fastmail.com"; - }; - metrics = { - ENABLED = true; - ENABLED_ISSUE_BY_LABEL = true; - ENABLED_ISSUE_BY_REPOSITORY = true; - }; - service = { - REGISTER_EMAIL_CONFIRM = true; - DISABLE_REGISTRATION = true; - ALLOW_ONLY_EXTERNAL_REGISTRATION = false; - SHOW_REGISTRATION_BUTTON = true; - }; - openid = { - ENABLE_OPENID_SIGNIN = true; - ENABLE_OPENID_SIGNUP = true; - }; - oauth2_client = { - REGISTER_EMAIL_CONFIRM = false; - ENABLE_AUTO_REGISTRATION = true; - USERNAME = "preferred_username"; - ACCOUNT_LINKING = "auto"; - }; - repository = { - DEFAULT_PRIVATE = "public"; - DEFAULT_PUSH_CREATE_PRIVATE = true; - ENABLE_PUSH_CREATE_USER = true; - PREFERRED_LICENSES = "GPL-3.0-or-later,MIT"; - DEFAULT_REPO_UNITS = "repo.code,repo.issues,repo.pulls"; - DISABLE_STARS = true; # self-hosting so, doesn't make sense - }; - "service.explore" = { - DISABLE_USERS_PAGE = true; - }; - federation = { - ENABLED = true; - }; - ui = { - # To protect privacy of users. - SHOW_USER_EMAIL = false; - }; - }; - }; - - my.modules.backups = { - local.paths = [ "/var/lib/forgejo" ]; - local.exclude = [ - "/var/lib/forgejo/data/indexers" - "/var/lib/forgejo/data/repo-archive" - "/var/lib/forgejo/data/tmp" - ]; - remote.paths = [ "/var/lib/forgejo" ]; - remote.exclude = [ - "/var/lib/forgejo/data/indexers" - "/var/lib/forgejo/data/repo-archive" - "/var/lib/forgejo/data/tmp" - ]; - }; -} diff --git a/machines/nixos/x86_64-linux/synology-vm/profiles/keycloak.nix b/machines/nixos/x86_64-linux/synology-vm/profiles/keycloak.nix deleted file mode 100644 index b6fb6c3..0000000 --- a/machines/nixos/x86_64-linux/synology-vm/profiles/keycloak.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, self, ... }: -{ - age.secrets.keycloak-db-password = { - file = "${self}/secrets/keycloak-db-password.age"; - }; - - networking.firewall.allowedTCPPorts = [ 8080 ]; - - services.keycloak = { - enable = true; - database.passwordFile = config.age.secrets.keycloak-db-password.path; - settings = { - hostname = "id.fcuny.net"; - http-host = "10.100.0.40"; - http-port = 8080; - proxy-headers = "xforwarded"; - http-enabled = true; - }; - }; -} |