mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

gitea

Browse Source
This commit is contained in:
mjallen18
2025-04-17 19:11:23 -05:00
parent 92f8eebaa3
commit 3453c74bc3
8 changed files with 61 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
hosts/nas/apps.nix
View File

@@ -3,6 +3,7 @@
imports = [ imports = [
./apps/arrs ./apps/arrs
# ./apps/crowdsec # ./apps/crowdsec
./apps/gitea
./apps/jellyfin ./apps/jellyfin
./apps/jellyseerr ./apps/jellyseerr
./apps/netbootxyz ./apps/netbootxyz
@@ -30,7 +31,7 @@
port2 = "4080"; port2 = "4080";
}; };
paperless-ai.enable = true; paperless-ai.enable = false;
tdarr.enable = true; tdarr.enable = true;

29
hosts/nas/apps/gitea/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{ config, ... }:
{
services.gitea = {
enable = true;
stateDir = "/media/nas/ssd/nix-app-data/gitea";
useWizard = false;
mailerPasswordFile = config.sops.secrets."jallen-nas/gitea/mail-key".path;
metricsTokenFile = config.sops.secrets."jallen-nas/gitea/metrics-key".path;
settings = {
server = {
DOMAIN = "jallen-nas";
HTTP_ADDR = "0.0.0.0";
HTTP_PORT = 3000;
PROTOCOL = "http";
ROOT_URL = "https://gitea.mjallen.dev/";
};
service = {
REGISTER_EMAIL_CONFIRM = false;
ENABLE_CAPTCHA = false;
DISABLE_REGISTRATION = true;
ENABLE_OPENID_SIGNIN = false;
ENABLE_LDAP_SIGNIN = false;
ENABLE_SSH_SIGNIN = true;
ENABLE_BUILTIN_SSH_SERVER = true;
ENABLE_REVERSE_PROXY_AUTHENTICATION = true;
};
};
};
}

2
hosts/nas/apps/netbootxyz/options.nix
View File

@@ -11,7 +11,7 @@ with lib;
port = mkOption { port = mkOption {
type = types.str; type = types.str;
default = "3000"; default = "3003";
}; };
port2 = mkOption { port2 = mkOption {

2
hosts/nas/apps/paperless-ai/options.nix
View File

@@ -11,7 +11,7 @@ with lib;
port = mkOption { port = mkOption {
type = types.str; type = types.str;
default = "3000"; default = "3023";
}; };
name = mkOption { name = mkOption {

12
hosts/nas/apps/traefik/default.nix
View File

@@ -12,6 +12,7 @@ let
openWebUIUrl = "http://10.0.1.18:8888"; openWebUIUrl = "http://10.0.1.18:8888";
paperlessUrl = "http://10.0.1.20:28981"; paperlessUrl = "http://10.0.1.20:28981";
cacheUrl = "http://10.0.1.18:5000"; cacheUrl = "http://10.0.1.18:5000";
giteaUrl = "http://10.0.1.18:3000";
in in
{ {
networking.firewall = { networking.firewall = {
@@ -177,6 +178,11 @@ in
url = paperlessUrl; url = paperlessUrl;
} }
]; ];
gitea.loadBalancer.servers = [
{
url = giteaUrl;
}
];
}; };
routers = { routers = {
@@ -218,6 +224,12 @@ in
service = "jellyseerr"; service = "jellyseerr";
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
gitea = {
entryPoints = [ "websecure" ];
rule = "Host(`gitea.${domain}`)";
service = "gitea";
tls.certResolver = "letsencrypt";
};
hass = { hass = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`hass.${domain}`)"; rule = "Host(`hass.${domain}`)";

1
hosts/nas/networking.nix
View File

@@ -15,6 +15,7 @@ let
9980 # onlyoffice 9980 # onlyoffice
4000 # netbootxyz 4000 # netbootxyz
4080 # netbootxyz 4080 # netbootxyz
3000 # gitea
]; ];
in in
{ {

10
hosts/nas/sops.nix
View File

@@ -113,6 +113,16 @@ in
"jallen-nas/paperless/authentik-client-secret" = { "jallen-nas/paperless/authentik-client-secret" = {
restartUnits = [ "container@paperless.service" ]; restartUnits = [ "container@paperless.service" ];
}; };
"jallen-nas/gitea/mail-key" = {
owner = "gitea";
group = "gitea";
restartUnits = [ "gitea.service" ];
};
"jallen-nas/gitea/metrics-key" = {
owner = "gitea";
group = "gitea";
restartUnits = [ "gitea.service" ];
};
"jallen-nas/free-games/eg-email" = { }; "jallen-nas/free-games/eg-email" = { };
"jallen-nas/free-games/eg-pass" = { }; "jallen-nas/free-games/eg-pass" = { };
"jallen-nas/free-games/eg-otp" = { }; "jallen-nas/free-games/eg-otp" = { };

7
secrets/secrets.yaml
View File

@@ -13,6 +13,9 @@ jallen-nas:
dbpassword: ENC[AES256_GCM,data:Xu92h2psR4jAJDM=,iv:UsJD1zq9Uy0Exxk58nkyPGyI8m2BOuvr2DK843h5pSk=,tag:k4MvHT8BoahCf9ZxQw8ovA==,type:str] dbpassword: ENC[AES256_GCM,data:Xu92h2psR4jAJDM=,iv:UsJD1zq9Uy0Exxk58nkyPGyI8m2BOuvr2DK843h5pSk=,tag:k4MvHT8BoahCf9ZxQw8ovA==,type:str]
adminpassword: ENC[AES256_GCM,data:y4PXSbrAAw3A6cg=,iv:10Dm3IYqKJz2FNRteauuYSKXCHE2IKHv4ytidUvblXA=,tag:OAsZ69s4g2p0JEenLbkXdA==,type:str] adminpassword: ENC[AES256_GCM,data:y4PXSbrAAw3A6cg=,iv:10Dm3IYqKJz2FNRteauuYSKXCHE2IKHv4ytidUvblXA=,tag:OAsZ69s4g2p0JEenLbkXdA==,type:str]
smtp_settings: ENC[AES256_GCM,data:JCbXCQwJtTFgHeLTIJ2ZNWwOreZV3uKWl9qNvE9uQcOULToZDWLQoOGyuGzl7Xlb2yyLiaYYlOFRV9bbbfjBljz+4I9b6cw0dNdhaKg3CpUzdFqRq3dvi4zCy/HEf1Rp/ccU92JelYkfP9S3yNdYq3i+52kr98g5F722ktDC79RiRtJJ44CRff5NBYnDJdGa5OWBf7yPW/5xsX7oqaDI/3yzYTbPGImnQkYfG0GUFP3tRVul0EM++0UoOTcKXEUvolAc0Ij672ONYm+ZqJp8wckouZu2Gae1AK0DficffiZfy4jI1obJPPkQYzoPBWSr7UU9s8PC7zsx2o8OklWZu2LqFxzd1J59qCfIhHrbz2N8OeJhwD+nySrKj1jPdz5amXJT1b4xHE4/YJg7LJmsAYmbEH6OH4928CqYLLwJcaZeVZ6EmeDT,iv:GLy1n7lun9OaOgQJw607moJQwWf4PuD9kUONJOjXuXQ=,tag:AqRJnISyoRkA6I/prZoQpg==,type:str] smtp_settings: ENC[AES256_GCM,data:JCbXCQwJtTFgHeLTIJ2ZNWwOreZV3uKWl9qNvE9uQcOULToZDWLQoOGyuGzl7Xlb2yyLiaYYlOFRV9bbbfjBljz+4I9b6cw0dNdhaKg3CpUzdFqRq3dvi4zCy/HEf1Rp/ccU92JelYkfP9S3yNdYq3i+52kr98g5F722ktDC79RiRtJJ44CRff5NBYnDJdGa5OWBf7yPW/5xsX7oqaDI/3yzYTbPGImnQkYfG0GUFP3tRVul0EM++0UoOTcKXEUvolAc0Ij672ONYm+ZqJp8wckouZu2Gae1AK0DficffiZfy4jI1obJPPkQYzoPBWSr7UU9s8PC7zsx2o8OklWZu2LqFxzd1J59qCfIhHrbz2N8OeJhwD+nySrKj1jPdz5amXJT1b4xHE4/YJg7LJmsAYmbEH6OH4928CqYLLwJcaZeVZ6EmeDT,iv:GLy1n7lun9OaOgQJw607moJQwWf4PuD9kUONJOjXuXQ=,tag:AqRJnISyoRkA6I/prZoQpg==,type:str]
gitea:
mail-key: ENC[AES256_GCM,data:hTyl3Kk7wTiDdlWngiMVe5Vysw==,iv:8yK+OZancbZ191qNHpc1ORewiy+pKMes5BXtLIXnUYU=,tag:KmTTSNnJ60dEA4sfwjDh7A==,type:str]
metrics-key: ENC[AES256_GCM,data:1+G1Hyz3IzSOdJY=,iv:q7rcuFeXg5TTvHrkd2HN2ZIh0ZBvkeFwwvw98GottVk=,tag:HfKnAoC5rZsGROnkuqvfGg==,type:str]
onlyoffice-key: ENC[AES256_GCM,data:KEX5GfFJgQJulSI=,iv:5yss7JSyyvf2I5Mdn7iJsMBQps59XSEUzWdfyZ7WyLg=,tag:7i1Y3cx4QQzB5LjrfuhCKw==,type:str] onlyoffice-key: ENC[AES256_GCM,data:KEX5GfFJgQJulSI=,iv:5yss7JSyyvf2I5Mdn7iJsMBQps59XSEUzWdfyZ7WyLg=,tag:7i1Y3cx4QQzB5LjrfuhCKw==,type:str]
manyfold: manyfold:
secretkeybase: ENC[AES256_GCM,data:b+fgTrtnZcp34DOQ0dtKc6bX6/dm9j0o3QJr,iv:e4hOwgTFCXVokGqhwKsYHt5IQgtaKcMmEqvDoMly5aI=,tag:E8gFiOuozA4T1mmcgXfbDg==,type:str] secretkeybase: ENC[AES256_GCM,data:b+fgTrtnZcp34DOQ0dtKc6bX6/dm9j0o3QJr,iv:e4hOwgTFCXVokGqhwKsYHt5IQgtaKcMmEqvDoMly5aI=,tag:E8gFiOuozA4T1mmcgXfbDg==,type:str]
@@ -145,8 +148,8 @@ sops:
TWRvYVZ5eklJQU81SzBVZ1BBbENuTkEKwMTa1cAH3sNm2npVhQ/dDl5M7Q8T3vOx TWRvYVZ5eklJQU81SzBVZ1BBbENuTkEKwMTa1cAH3sNm2npVhQ/dDl5M7Q8T3vOx
9slEt5EVUgqaJVhVr9AM9aAhghWJa5i5+Eh628C6p53XFxrO+6zUYA== 9slEt5EVUgqaJVhVr9AM9aAhghWJa5i5+Eh628C6p53XFxrO+6zUYA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-25T22:09:20Z" lastmodified: "2025-04-17T23:22:06Z"
mac: ENC[AES256_GCM,data:H5gAX9yvLdIU26HvNLQ3TwZOEb/ZPII7Odl5R2Bm/UYZYr2Rsqwf9Rwqa1kvxwFBjgKkpepfb13Qr8rHyclCLqaf4sVyFnZiKyf3a5E88NS6LcVe9nBnwBH5U/ZuFBFT+5lKtd39nyOc/vMI45whnXxCx5kwHx6BEbXfk83ht7U=,iv:Onm6Rq16IWcU/0KA2++x+XFd7QSJbWnO6r+15ltKJIs=,tag:QGI4tbRVZpb9bKU35P5WQg==,type:str] mac: ENC[AES256_GCM,data:jF1j6evEZsdvYkOLIXtdeEX8I7i+Exv6bwZeL0hZGJOap/RiMAitm54BFSrovwRS5/5Y1ZlEBQvlB91KltlZqOA1iq8mANN48U02p5O6ow3Piu04DrLkRGBbOaxri+3zWAzLf+g6qkJF9PzTaQkxOF0a44MZVxMqK69GdaZrqxw=,iv:0ngj011CKZAJFaBVDASp35h+OwYDXgreUNrQNr5OI24=,tag:Aqtv27sj7zTsJh7O1MseVw==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.4 version: 3.9.4