feat(g18-next): migrate gitea

2024-06-19 01:09:37 +08:00 · 2024-06-19 01:09:37 +08:00 · 55bc6030eb
commit 55bc6030eb
parent 94ccff2d72
2 changed files with 47 additions and 4 deletions
--- a/flake.lock
+++ b/flake.lock
@ -34,11 +34,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1716715802,
-        "narHash": "sha256-usk0vE7VlxPX8jOavrtpOqphdfqEQpf9lgedlY/r66c=",
+        "lastModified": 1718543737,
+        "narHash": "sha256-e8S/ODM1vkKHIexSVn9nIvne7vRO5M+35VAq/6JOYto=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "e2dd4e18cc1c7314e24154331bae07df76eb582f",
+        "rev": "683aa7c4e385509ca651d49eeb35e58c7a1baad6",
        "type": "github"
      },
      "original": {
--- a/hosts/g18-next/configuration.nix
+++ b/hosts/g18-next/configuration.nix
@ -1,5 +1,10 @@
-{ config, lib, pkgs, ... }:
+{ inputs, config, lib, pkgs, ... }:

+let
+  unstable = import inputs.nixpkgs-unstable {
+    system = config.nixpkgs.system;
+  };
+in
 {
  imports =
    [
@ -20,6 +25,7 @@
  boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/vda";
+  # networking
  networking.hostName = lib.mkForce "g18-next";
  networking.hostId = "11f1fad0";
  systemd.network.networks."10-veth0" = {
@ -39,6 +45,43 @@
      }
    ];
  };
+  networking.firewall.extraCommands = ''
+    iptables -A INPUT -s 192.168.122.1 -j ACCEPT
+  '';
+  # service: gitea
+  services.gitea = {
+    enable = true;
+    package = unstable.gitea;
+    stateDir = "/data0/lib/gitea";
+    database.type = "sqlite3";
+    settings = {
+      server = {
+        SSH_DOMAIN = "nasp.fit";
+        DOMAIN = "git.nasp.fit";
+        HTTP_PORT = 3000;
+        ROOT_URL = "https://git.nasp.fit/";
+        DISABLE_SSH = false;
+        SSH_PORT = 22;
+        OFFLINE_MODE = false;
+        START_SSH_SERVER = true;
+        BUILTIN_SSH_SERVER_USER = "git";
+      };
+      "repository.pull-request" = {
+        DEFAULT_MERGE_STYLE = "squash";
+      };
+      "repository.signing" = {
+        DEFAULT_TRUST_MODEL = "committer";
+      };
+      proxy = {
+        PROXY_ENABLED = true;
+        PROXY_URL = "http://192.168.255.1:20171";
+        PROXY_HOSTS = "github.com";
+      };
+    };
+  };
+  systemd.sockets.gitea.listenStreams = [ "22" ];
+  systemd.services.gitea.requires = [ "gitea.socket" ];
+

  system.stateVersion = "24.05";
 }