home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

mount forgejo runner data on NFS

Browse source 
convert forgejo config from nix to ini
This commit is contained in:
Pim Kunis 2024-04-20 13:00:41 +02:00
parent e196077ea1
commit 44013d3a78
4 changed files with 123 additions and 124 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
kubenix-modules/all.nix
View file

@ -13,7 +13,7 @@
./hedgedoc.nix
./paperless-ngx.nix
./kitchenowl.nix
./forgejo.nix
./forgejo
./media.nix
./bind9
./dnsmasq.nix

101
kubenix-modules/forgejo/config.nix Normal file
View file

@ -0,0 +1,101 @@
{
"repository.local".LOCAL_COPY_PATH = "/data/gitea/tmp/local-repo";
"repository.upload".TEMP_PATH = "/data/gitea/uploads";
attachment.PATH = "/data/gitea/attachments";
lfs.PATH = "/data/git/lfs";
mailer.ENABLED = false;
"repository.pull-request".DEFAULT_MERGE_STYLE = "merge";
"repository.signing".DEFAULT_TRUST_MODEL = "committer";
ui.DEFAULT_THEME = "forgejo-light";
oauth2.ENABLE = false;
DEFAULT = {
APP_NAME = "Forgejo: Beyond coding. We forge.";
RUN_MODE = "prod";
RUN_USER = "git";
WORK_PATH = "/data/gitea";
};
repository = {
ROOT = "/data/git/repositories";
DEFAULT_BRANCH = "master";
};
server = {
APP_DATA_PATH = "/data/gitea";
DOMAIN = "git.kun.is";
SSH_DOMAIN = "ssh.git.kun.is";
HTTP_PORT = 3000;
ROOT_URL = "https://git.kun.is";
DISABLE_SSH = false;
SSH_PORT = 56287;
SSH_LISTEN_PORT = 22;
LFS_START_SERVER = true;
LFS_JWT_SECRET = "ref+sops://secrets/sops.yaml#/forgejo/lfsJwtSecret";
OFFLINE_MODE = false;
};
database = {
PATH = "/data/gitea/gitea.db";
DB_TYPE = "sqlite3";
HOST = "localhost:3306";
NAME = "gitea";
USER = "root";
PASSWD = "";
LOG_SQL = false;
SCHEMA = "";
SSL_MODE = "disable";
CHARSET = "utf8";
};
indexer = {
ISSUE_INDEXER_PATH = "/data/gitea/indexers/issues.bleve";
ISSUE_INDEXER_TYPE = "db";
};
session = {
PROVIDER_CONFIG = "/data/gitea/sessions";
PROVIDER = "file";
};
picture = {
AVATAR_UPLOAD_PATH = "/data/gitea/avatars";
REPOSITORY_AVATAR_UPLOAD_PATH = "/data/gitea/repo-avatars";
ENABLE_FEDERATED_AVATAR = false;
};
log = {
MODE = "console";
LEVEL = "info";
"logger.router.MODE" = "console";
ROOT_PATH = "/data/gitea/log";
"logger.access.MODE" = "console";
};
security = {
INSTALL_LOCK = true;
SECRET_KEY = "";
REVERSE_PROXY_LIMIT = 1;
REVERSE_PROXY_TRUSTED_PROXIES = "*";
INTERNAL_TOKEN = "ref+sops://secrets/sops.yaml#/forgejo/internalToken";
PASSWORD_HASH_ALGO = "pbkdf2";
};
service = {
DISABLE_REGISTRATION = true;
REQUIRE_SIGNIN_VIEW = false;
REGISTER_EMAIL_CONFIRM = false;
ENABLE_NOTIFY_MAIL = false;
ALLOW_ONLY_EXTERNAL_REGISTRATION = false;
ENABLE_CAPTCHA = false;
DEFAULT_KEEP_EMAIL_PRIVATE = true;
DEFAULT_ALLOW_CREATE_ORGANIZATION = true;
DEFAULT_ENABLE_TIMETRACKING = true;
NO_REPLY_ADDRESS = "noreply.localhost";
};
openid = {
ENABLE_OPENID_SIGNIN = true;
ENABLE_OPENID_SIGNUP = false;
};
}

140
kubenix-modules/forgejo.nix → kubenix-modules/forgejo/default.nix
View file

@ -1,117 +1,9 @@
{ myLib, ... }: {
{ lib, myLib, ... }: {
kubernetes.resources = {
secrets.runner-secret.stringData.token = "ref+sops://secrets/sops.yaml#/forgejo/runnerToken";
configMaps = {
forgejo-config.data = {
# TODO: Generate from nix code?
config = ''
APP_NAME = Forgejo: Beyond coding. We forge.
RUN_MODE = prod
RUN_USER = git
WORK_PATH=/data/gitea
[repository]
ROOT = /data/git/repositories
DEFAULT_BRANCH = master
[repository.local]
LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
[repository.upload]
TEMP_PATH = /data/gitea/uploads
[server]
APP_DATA_PATH = /data/gitea
DOMAIN = git.kun.is
SSH_DOMAIN = ssh.git.kun.is
HTTP_PORT = 3000
ROOT_URL = https://git.kun.is
DISABLE_SSH = false
SSH_PORT = 56287
SSH_LISTEN_PORT = 22
LFS_START_SERVER = true
LFS_JWT_SECRET = ref+sops://secrets/sops.yaml#/forgejo/lfsJwtSecret
OFFLINE_MODE = false
[database]
PATH = /data/gitea/gitea.db
DB_TYPE = sqlite3
HOST = localhost:3306
NAME = gitea
USER = root
PASSWD =
LOG_SQL = false
SCHEMA =
SSL_MODE = disable
CHARSET = utf8
[indexer]
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
ISSUE_INDEXER_TYPE = db
[session]
PROVIDER_CONFIG = /data/gitea/sessions
PROVIDER = file
[picture]
AVATAR_UPLOAD_PATH = /data/gitea/avatars
REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
ENABLE_FEDERATED_AVATAR = false
[attachment]
PATH = /data/gitea/attachments
[log]
MODE = console
LEVEL = info
logger.router.MODE = console
ROOT_PATH = /data/gitea/log
logger.access.MODE=console
[security]
INSTALL_LOCK = true
SECRET_KEY =
REVERSE_PROXY_LIMIT = 1
REVERSE_PROXY_TRUSTED_PROXIES = *
INTERNAL_TOKEN = ref+sops://secrets/sops.yaml#/forgejo/internalToken
PASSWORD_HASH_ALGO = pbkdf2
[service]
DISABLE_REGISTRATION = true
REQUIRE_SIGNIN_VIEW = false
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = false
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = false
DEFAULT_KEEP_EMAIL_PRIVATE = true
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = noreply.localhost
[lfs]
PATH = /data/git/lfs
[mailer]
ENABLED = false
[openid]
ENABLE_OPENID_SIGNIN = true
ENABLE_OPENID_SIGNUP = false
[repository.pull-request]
DEFAULT_MERGE_STYLE = merge
[repository.signing]
DEFAULT_TRUST_MODEL = committer
[ui]
DEFAULT_THEME = forgejo-light
[oauth2]
ENABLE=false
'';
};
forgejo-config.data.config = lib.generators.toINI { } (import ./config.nix);
forgejo-env.data = {
USER_UID = "1000";
@ -193,11 +85,6 @@
spec = {
restartPolicy = "Always";
volumes = {
docker-certs.emptyDir = { };
runner-data.emptyDir = { };
};
initContainers.runner-register = {
image = "code.forgejo.org/forgejo/runner:3.2.0";
command = [ "forgejo-runner" "register" "--no-interactive" "--token" "$(RUNNER_SECRET)" "--name" "$(RUNNER_NAME)" "--instance" "$(FORGEJO_INSTANCE_URL)" ];
@ -217,7 +104,7 @@
};
volumeMounts = [{
name = "runner-data";
name = "data";
mountPath = "/data";
}];
};
@ -235,12 +122,12 @@
volumeMounts = [
{
name = "docker-certs";
mountPath = "/certs";
name = "data";
mountPath = "/data";
}
{
name = "runner-data";
mountPath = "/data";
name = "certs";
mountPath = "/certs";
}
];
};
@ -251,11 +138,16 @@
env.DOCKER_TLS_CERTDIR.value = "/certs";
volumeMounts = [{
name = "docker-certs";
name = "certs";
mountPath = "/certs";
}];
};
};
volumes = {
data.persistentVolumeClaim.claimName = "forgejo-runner-data";
certs.persistentVolumeClaim.claimName = "forgejo-runner-certs";
};
};
};
};
@ -289,7 +181,11 @@
};
lab = {
nfsVolumes.forgejo.path = "forgejo";
nfsVolumes = {
forgejo.path = "forgejo/data";
forgejo-runner-data.path = "forgejo/runner/data";
forgejo-runner-certs.path = "forgejo/runner/certs";
};
ingresses.forgejo = {
host = "git.kun.is";

4
nixos-modules/data-sharing.nix
View file

@ -11,7 +11,9 @@ let
"/pihole/dnsmasq"
"/hedgedoc/uploads"
"/traefik/acme"
"/forgejo"
"/forgejo/data"
"/forgejo/runner/data"
"/forgejo/runner/certs"
"/kitchenowl/data"
"/syncthing/config"
"/paperless-ngx/data"