Prometheus (#14)

2025-10-14 21:08:39 +00:00 · 2023-07-21 23:14:12 +01:00
parent 8218d37a15
commit 65446c5a25
11 changed files with 146 additions and 14 deletions
--- a/PulumiWebServer/Nix/gitea/gitea-config.nix
+++ b/PulumiWebServer/Nix/gitea/gitea-config.nix
@@ -0,0 +1,110 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  options = {
+    services.gitea-config = {
+      domain = lib.mkOption {
+        type = lib.types.str;
+        example = "example.com";
+        description = lib.mdDoc "Top-level domain to configure";
+      };
+      subdomain = lib.mkOption {
+        type = lib.types.str;
+        example = "gitea";
+        description = lib.mdDoc "Subdomain in which to put Gitea";
+      };
+      port = lib.mkOption {
+        type = lib.types.port;
+        description = lib.mdDoc "Gitea localhost port";
+        default = 3001;
+      };
+    };
+  };
+  config = {
+    users.users."gitea".extraGroups = [config.users.groups.keys.name];
+    services.gitea = {
+      enable = true;
+      appName = "Gitea";
+      lfs.enable = true;
+      stateDir = "/preserve/gitea/data";
+      database = {
+        type = "postgres";
+        passwordFile = "/run/secrets/gitea_server_password";
+      };
+      settings = let
+        docutils = pkgs.python311.withPackages (ps:
+          with ps; [
+            docutils
+            pygments
+          ]);
+      in {
+        mailer = {
+          ENABLED = true;
+          FROM = "gitea@" + config.services.gitea-config.domain;
+        };
+        server = {
+          ROOT_URL = "https://${config.services.gitea-config.subdomain}.${config.services.gitea-config.domain}/";
+          HTTP_PORT = config.services.gitea-config.port;
+          DOMAIN = "${config.services.gitea-config.subdomain}.${config.services.gitea-config.domain}";
+        };
+        service = {
+          REGISTER_EMAIL_CONFIRM = true;
+          DISABLE_REGISTRATION = true;
+          COOKIE_SECURE = true;
+        };
+        webhook = {
+          ALLOWED_HOST_LIST = "external,loopback";
+        };
+        "markup.restructuredtext" = {
+          ENABLED = true;
+          FILE_EXTENSIONS = ".rst";
+          RENDER_COMMAND = ''${docutils}/bin/rst2html.py'';
+          IS_INPUT_FILE = false;
+        };
+      };
+    };
+
+    services.postgresql = {
+      enable = true;
+      # TODO: make this use the /preserve mount
+      # dataDir = "/preserve/postgresql/data";
+      authentication = ''
+        local gitea all ident map=gitea-users
+      '';
+      identMap = ''
+        gitea-users gitea gitea
+      '';
+    };
+
+    services.nginx.virtualHosts."${config.services.gitea-config.subdomain}.${config.services.gitea-config.domain}" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://localhost:${toString config.services.gitea-config.port}/";
+      };
+    };
+
+    # The Gitea module does not allow adding users declaratively
+    systemd.services.gitea-add-user = {
+      description = "gitea-add-user";
+      wantedBy = ["multi-user.target"];
+      path = [pkgs.gitea];
+      script = builtins.readFile ./add-user.sh;
+      serviceConfig = {
+        Restart = "no";
+        Type = "oneshot";
+        User = "gitea";
+        Group = "gitea";
+        WorkingDirectory = config.services.gitea.stateDir;
+        SupplementaryGroups = [config.users.groups.keys.name];
+      };
+      environment = {
+        GITEA_WORK_DIR = config.services.gitea.stateDir;
+        GITEA = "${pkgs.gitea}/bin/gitea";
+      };
+    };
+  };
+}