Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

try to run gitea in container

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2023-12-03 19:27:13 +01:00
parent a4ce928926
commit a1bbf635d3
2 changed files with 144 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

206
hosts/fw.cloonar.com/modules/gitea.nix
View File

@@ -14,70 +14,152 @@ in
users.groups.gitea = { users.groups.gitea = {
gid = 989; gid = 989;
}; };
services.nginx.virtualHosts."${domain}" = { # services.nginx.virtualHosts."${domain}" = {
enableACME = true; # enableACME = true;
forceSSL = true; # forceSSL = true;
locations."/" = { # locations."/" = {
proxyPass = "https://${ip}:443/"; # proxyPass = "https://${ip}:443/";
extraConfig = '' # extraConfig = ''
proxy_set_header=Host ${domain} # proxy_set_header=Host ${domain}
''; # '';
}; # };
}; # };
#
# environment.etc."gitea/app.ini".text = ''
# APP_NAME = Cloonar Gitea server
# RUN_MODE = prod
#
# [cron.update_checker]
# ENABLED=false
#
# [database]
# DB_TYPE=sqlite3
# PATH=/bitnami/gitea/data/gitea.db
#
# [openid]
# ENABLE_OPENID_SIGNIN=false
# ENABLE_OPENID_SIGNUP=true
# WHITELISTED_URIS=auth.cloonar.com
#
# [server]
# DISABLE_SSH=false
# DOMAIN=git.cloonar.com
# HTTP_ADDR=0.0.0.0
# HTTP_PORT=443
# PROTOCOL=https
# ROOT_URL=https://git.cloonar.com/
# SSH_PORT=22
# CERT_FILE=/ssl/fullchain.pem
# KEY_FILE=/ssl/key.pem
#
# [service]
# ALLOW_ONLY_EXTERNAL_REGISTRATION=true
# DISABLE_REGISTRATION=false
# SHOW_REGISTRATION_BUTTON=false
#
# [webhook]
# ALLOWED_HOST_LIST=drone.cloonar.com
# '';
#
# virtualisation = {
# oci-containers.containers = {
# gitea = {
# image = "gitea/gitea:1";
# volumes = [
# "/var/lib/gitea:/data"
# "/etc/gitea/app.ini:/data/custom/conf/app.ini:ro"
# "/var/lib/acme/git.cloonar.com:/ssl:ro"
# ];
# environment = {
# USER_UID = builtins.toString config.users.users.gitea.uid;
# USER_GID = builtins.toString config.users.groups.gitea.gid;
# };
# extraOptions = [
# "--ip=${ip}"
# ];
# };
# gitea = {
# image = "gitea/gitea:1";
# volumes = [
# "/var/lib/gitea:/data"
# "/etc/gitea/app.ini:/data/custom/conf/app.ini:ro"
# "/var/lib/acme/git.cloonar.com:/ssl:ro"
# ];
# environment = {
# USER_UID = builtins.toString config.users.users.gitea.uid;
# USER_GID = builtins.toString config.users.groups.gitea.gid;
# };
# extraOptions = [
# "--ip=${ip}"
# ];
# };
# };
# };
environment.etc."gitea/app.ini".text = '' containers.gitea = {
APP_NAME = Cloonar Gitea server autoStart = true;
RUN_MODE = prod macvlans = [ "server" ];
bindMounts = {
[cron.update_checker] "/var/lib/gitea" = {
ENABLED=false hostPath = "/var/lib/gitea/";
isReadOnly = false;
[database]
DB_TYPE=sqlite3
PATH=/bitnami/gitea/data/gitea.db
[openid]
ENABLE_OPENID_SIGNIN=false
ENABLE_OPENID_SIGNUP=true
WHITELISTED_URIS=auth.cloonar.com
[server]
DISABLE_SSH=false
DOMAIN=git.cloonar.com
HTTP_ADDR=0.0.0.0
HTTP_PORT=443
PROTOCOL=https
ROOT_URL=https://git.cloonar.com/
SSH_PORT=22
CERT_FILE=/ssl/fullchain.pem
KEY_FILE=/ssl/key.pem
[service]
ALLOW_ONLY_EXTERNAL_REGISTRATION=true
DISABLE_REGISTRATION=false
SHOW_REGISTRATION_BUTTON=false
[webhook]
ALLOWED_HOST_LIST=drone.cloonar.com
'';
virtualisation = {
oci-containers.containers = {
gitea = {
image = "gitea/gitea:1";
volumes = [
"/var/lib/gitea:/data"
"/etc/gitea/app.ini:/data/custom/conf/app.ini:ro"
"/var/lib/acme/git.cloonar.com:/ssl:ro"
];
environment = {
USER_UID = builtins.toString config.users.users.gitea.uid;
USER_GID = builtins.toString config.users.groups.gitea.gid;
};
extraOptions = [
"--ip=${ip}"
];
}; };
}; };
bindMounts = {
"${security.acme.certs.${domain}.directory}" = {
hostPath = "/var/lib/acme/gitea/";
isReadOnly = true;
};
};
config = { config, pkgs, ... }: {
networking.hostName = "fw";
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
sslCertificate = "/var/lib/acme/gitea/fullchain.pem";
sslCertificateKey = "/var/lib/acme/gitea/key.pem";
sslTrustedCertificate = "/var/lib/acme/gitea/chain.pem";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3001/";
};
};
services.gitea = {
enable = true;
appName = "Cloonar Gitea server"; # Give the site a name
settings = {
server = {
ROOT_URL = "https://${domain}/";
HTTP_PORT = 3001;
DOMAIN = domain;
};
openid = {
ENABLE_OPENID_SIGNIN = false;
ENABLE_OPENID_SIGNUP = true;
WHITELISTED_URIS = "auth.example.com";
};
service = {
DISABLE_REGISTRATION = false;
ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
SHOW_REGISTRATION_BUTTON = false;
};
webhook.ALLOWED_HOST_LIST = "drone.cloonar.com";
};
};
system.stateVersion = "23.05";
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ 22 80 443 ];
};
# Use systemd-resolved inside the container
useHostResolvConf = mkForce false;
};
services.resolved.enable = true;
};
}; };
} }

9
utils/pkgs/sysbox.nix
View File

@@ -24,8 +24,6 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ dpkg makeWrapper ]; nativeBuildInputs = [ dpkg makeWrapper ];
# buildInputs = [ openssl ];
unpackPhase = '' unpackPhase = ''
runHook preUnpack runHook preUnpack
@@ -40,14 +38,7 @@ stdenv.mkDerivation rec {
mkdir -p "$out" mkdir -p "$out"
cp -r src/* "$out" cp -r src/* "$out"
# Flatten /usr and manually merge lib/ and usr/lib/, since mv refuses to.
# mv "$out/lib" "$out/orig_lib"
mv "$out/usr/"* "$out/" mv "$out/usr/"* "$out/"
# mkdir -p "$out/lib/systemd/system/"
# mv "$out/orig_lib/systemd/system/"* "$out/lib/systemd/system/"
# rmdir "$out/orig_lib/systemd/system"
# rmdir "$out/orig_lib/systemd"
# rmdir "$out/orig_lib"
rmdir "$out/usr" rmdir "$out/usr"
for f in "$out/lib/systemd/system/"*.service; do for f in "$out/lib/systemd/system/"*.service; do