diff --git a/hosts/nas/apps.nix b/hosts/nas/apps.nix index 243a8dd..d8b4e2e 100755 --- a/hosts/nas/apps.nix +++ b/hosts/nas/apps.nix @@ -3,6 +3,7 @@ imports = [ ./apps/arrs # ./apps/crowdsec + ./apps/gitea ./apps/jellyfin ./apps/jellyseerr ./apps/netbootxyz @@ -30,7 +31,7 @@ port2 = "4080"; }; - paperless-ai.enable = true; + paperless-ai.enable = false; tdarr.enable = true; diff --git a/hosts/nas/apps/gitea/default.nix b/hosts/nas/apps/gitea/default.nix new file mode 100644 index 0000000..4cb61e0 --- /dev/null +++ b/hosts/nas/apps/gitea/default.nix @@ -0,0 +1,29 @@ +{ config, ... }: +{ + services.gitea = { + enable = true; + stateDir = "/media/nas/ssd/nix-app-data/gitea"; + useWizard = false; + mailerPasswordFile = config.sops.secrets."jallen-nas/gitea/mail-key".path; + metricsTokenFile = config.sops.secrets."jallen-nas/gitea/metrics-key".path; + settings = { + server = { + DOMAIN = "jallen-nas"; + HTTP_ADDR = "0.0.0.0"; + HTTP_PORT = 3000; + PROTOCOL = "http"; + ROOT_URL = "https://gitea.mjallen.dev/"; + }; + service = { + REGISTER_EMAIL_CONFIRM = false; + ENABLE_CAPTCHA = false; + DISABLE_REGISTRATION = true; + ENABLE_OPENID_SIGNIN = false; + ENABLE_LDAP_SIGNIN = false; + ENABLE_SSH_SIGNIN = true; + ENABLE_BUILTIN_SSH_SERVER = true; + ENABLE_REVERSE_PROXY_AUTHENTICATION = true; + }; + }; + }; +} \ No newline at end of file diff --git a/hosts/nas/apps/netbootxyz/options.nix b/hosts/nas/apps/netbootxyz/options.nix index 4473dc5..7c5bd55 100755 --- a/hosts/nas/apps/netbootxyz/options.nix +++ b/hosts/nas/apps/netbootxyz/options.nix @@ -11,7 +11,7 @@ with lib; port = mkOption { type = types.str; - default = "3000"; + default = "3003"; }; port2 = mkOption { diff --git a/hosts/nas/apps/paperless-ai/options.nix b/hosts/nas/apps/paperless-ai/options.nix index 31857f6..eba05ba 100755 --- a/hosts/nas/apps/paperless-ai/options.nix +++ b/hosts/nas/apps/paperless-ai/options.nix @@ -11,7 +11,7 @@ with lib; port = mkOption { type = types.str; - default = "3000"; + default = "3023"; }; name = mkOption { diff --git a/hosts/nas/apps/traefik/default.nix b/hosts/nas/apps/traefik/default.nix index 51e4adc..da31cda 100755 --- a/hosts/nas/apps/traefik/default.nix +++ b/hosts/nas/apps/traefik/default.nix @@ -12,6 +12,7 @@ let openWebUIUrl = "http://10.0.1.18:8888"; paperlessUrl = "http://10.0.1.20:28981"; cacheUrl = "http://10.0.1.18:5000"; + giteaUrl = "http://10.0.1.18:3000"; in { networking.firewall = { @@ -177,6 +178,11 @@ in url = paperlessUrl; } ]; + gitea.loadBalancer.servers = [ + { + url = giteaUrl; + } + ]; }; routers = { @@ -218,6 +224,12 @@ in service = "jellyseerr"; tls.certResolver = "letsencrypt"; }; + gitea = { + entryPoints = [ "websecure" ]; + rule = "Host(`gitea.${domain}`)"; + service = "gitea"; + tls.certResolver = "letsencrypt"; + }; hass = { entryPoints = [ "websecure" ]; rule = "Host(`hass.${domain}`)"; diff --git a/hosts/nas/networking.nix b/hosts/nas/networking.nix index 3c90cba..cbd7227 100755 --- a/hosts/nas/networking.nix +++ b/hosts/nas/networking.nix @@ -15,6 +15,7 @@ let 9980 # onlyoffice 4000 # netbootxyz 4080 # netbootxyz + 3000 # gitea ]; in { diff --git a/hosts/nas/sops.nix b/hosts/nas/sops.nix index a237a4f..d9e5356 100755 --- a/hosts/nas/sops.nix +++ b/hosts/nas/sops.nix @@ -113,6 +113,16 @@ in "jallen-nas/paperless/authentik-client-secret" = { restartUnits = [ "container@paperless.service" ]; }; + "jallen-nas/gitea/mail-key" = { + owner = "gitea"; + group = "gitea"; + restartUnits = [ "gitea.service" ]; + }; + "jallen-nas/gitea/metrics-key" = { + owner = "gitea"; + group = "gitea"; + restartUnits = [ "gitea.service" ]; + }; "jallen-nas/free-games/eg-email" = { }; "jallen-nas/free-games/eg-pass" = { }; "jallen-nas/free-games/eg-otp" = { }; diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 6a5b04b..f36b3ea 100755 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -13,6 +13,9 @@ jallen-nas: dbpassword: ENC[AES256_GCM,data:Xu92h2psR4jAJDM=,iv:UsJD1zq9Uy0Exxk58nkyPGyI8m2BOuvr2DK843h5pSk=,tag:k4MvHT8BoahCf9ZxQw8ovA==,type:str] adminpassword: ENC[AES256_GCM,data:y4PXSbrAAw3A6cg=,iv:10Dm3IYqKJz2FNRteauuYSKXCHE2IKHv4ytidUvblXA=,tag:OAsZ69s4g2p0JEenLbkXdA==,type:str] smtp_settings: ENC[AES256_GCM,data:JCbXCQwJtTFgHeLTIJ2ZNWwOreZV3uKWl9qNvE9uQcOULToZDWLQoOGyuGzl7Xlb2yyLiaYYlOFRV9bbbfjBljz+4I9b6cw0dNdhaKg3CpUzdFqRq3dvi4zCy/HEf1Rp/ccU92JelYkfP9S3yNdYq3i+52kr98g5F722ktDC79RiRtJJ44CRff5NBYnDJdGa5OWBf7yPW/5xsX7oqaDI/3yzYTbPGImnQkYfG0GUFP3tRVul0EM++0UoOTcKXEUvolAc0Ij672ONYm+ZqJp8wckouZu2Gae1AK0DficffiZfy4jI1obJPPkQYzoPBWSr7UU9s8PC7zsx2o8OklWZu2LqFxzd1J59qCfIhHrbz2N8OeJhwD+nySrKj1jPdz5amXJT1b4xHE4/YJg7LJmsAYmbEH6OH4928CqYLLwJcaZeVZ6EmeDT,iv:GLy1n7lun9OaOgQJw607moJQwWf4PuD9kUONJOjXuXQ=,tag:AqRJnISyoRkA6I/prZoQpg==,type:str] + gitea: + mail-key: ENC[AES256_GCM,data:hTyl3Kk7wTiDdlWngiMVe5Vysw==,iv:8yK+OZancbZ191qNHpc1ORewiy+pKMes5BXtLIXnUYU=,tag:KmTTSNnJ60dEA4sfwjDh7A==,type:str] + metrics-key: ENC[AES256_GCM,data:1+G1Hyz3IzSOdJY=,iv:q7rcuFeXg5TTvHrkd2HN2ZIh0ZBvkeFwwvw98GottVk=,tag:HfKnAoC5rZsGROnkuqvfGg==,type:str] onlyoffice-key: ENC[AES256_GCM,data:KEX5GfFJgQJulSI=,iv:5yss7JSyyvf2I5Mdn7iJsMBQps59XSEUzWdfyZ7WyLg=,tag:7i1Y3cx4QQzB5LjrfuhCKw==,type:str] manyfold: secretkeybase: ENC[AES256_GCM,data:b+fgTrtnZcp34DOQ0dtKc6bX6/dm9j0o3QJr,iv:e4hOwgTFCXVokGqhwKsYHt5IQgtaKcMmEqvDoMly5aI=,tag:E8gFiOuozA4T1mmcgXfbDg==,type:str] @@ -145,8 +148,8 @@ sops: TWRvYVZ5eklJQU81SzBVZ1BBbENuTkEKwMTa1cAH3sNm2npVhQ/dDl5M7Q8T3vOx 9slEt5EVUgqaJVhVr9AM9aAhghWJa5i5+Eh628C6p53XFxrO+6zUYA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-25T22:09:20Z" - mac: ENC[AES256_GCM,data:H5gAX9yvLdIU26HvNLQ3TwZOEb/ZPII7Odl5R2Bm/UYZYr2Rsqwf9Rwqa1kvxwFBjgKkpepfb13Qr8rHyclCLqaf4sVyFnZiKyf3a5E88NS6LcVe9nBnwBH5U/ZuFBFT+5lKtd39nyOc/vMI45whnXxCx5kwHx6BEbXfk83ht7U=,iv:Onm6Rq16IWcU/0KA2++x+XFd7QSJbWnO6r+15ltKJIs=,tag:QGI4tbRVZpb9bKU35P5WQg==,type:str] + lastmodified: "2025-04-17T23:22:06Z" + mac: ENC[AES256_GCM,data:jF1j6evEZsdvYkOLIXtdeEX8I7i+Exv6bwZeL0hZGJOap/RiMAitm54BFSrovwRS5/5Y1ZlEBQvlB91KltlZqOA1iq8mANN48U02p5O6ow3Piu04DrLkRGBbOaxri+3zWAzLf+g6qkJF9PzTaQkxOF0a44MZVxMqK69GdaZrqxw=,iv:0ngj011CKZAJFaBVDASp35h+OwYDXgreUNrQNr5OI24=,tag:Aqtv27sj7zTsJh7O1MseVw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4