gitea running with data from imbert

Migration.md

@@ -0,0 +1,14 @@
+## Migration from imbert to zentralwerk
+
+[based on](https://docs.gitea.io/en-us/backup-and-restore/)
+
+@imbert:
+```shell
+sudo -u git  gitea dump -c /etc/gitea/app.ini
+```
+
+@gitea.hq.c3d2.de (lxc 315 @server6):
+- copied `gitea-dump-*.zip` from imbert to `/tmp/`
+```shell
+/etc/nixos/migrate.sh
+```

configuration.nix

@@ -0,0 +1,18 @@
+{ config, pkgs, ... }:
+
+{
+  boot.isContainer = true;
+  nix.useSandbox = false;
+
+  imports = [
+     ./modules/nix.nix
+     ./modules/gitea.nix
+
+     ./modules/admin.nix
+     ./modules/ssh.nix
+   ];
+ 
+  system.stateVersion = "21.11";
+  networking.hostName = "gitea";
+  time.timeZone = "Europe/Berlin";
+}

flake.lock

@@ -0,0 +1,27 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1630761588,
+        "narHash": "sha256-7GXckvZy7DGh2KIyfdArqwnyeSc5Owy1fumEDQyd8eY=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "a51aa6523bd8ee985bc70987909eff235900197a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,17 @@
+{
+  description = "gitea.c3d2.de, migrated from inbert to zentralwerk by j03";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+  };
+
+  outputs = { self, nixpkgs }:
+  {
+    nixosConfigurations = {
+      gitea = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [ ./configuration.nix ];
+      };
+    };
+  };
+}

migrate.sh

@@ -0,0 +1,17 @@
+#/usr/bin/env bash -e
+
+DUMP=gitea-dump-1630784448
+USER=gitea
+DATABASE=gitea
+
+cd /tmp/
+unzip ${DUMP}.zip
+
+systemctl stop gitea
+
+mv gitea-repositories/* /var/lib/gitea/repositories/
+chown -R gitea:gitea /var/lib/gitea
+
+psql -U $USER -d $DATABASE < gitea-db.sql
+
+systemctl start gitea

modules/admin.nix

@@ -0,0 +1,9 @@
+{ config, pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    vim tmux git htop
+  ];
+
+  environment.variables = { EDITOR = "vim"; };
+}

modules/gitea.nix

@@ -0,0 +1,34 @@
+{ config, pkgs, ... }:
+
+{
+  services.gitea = rec {
+    enable = true;
+    domain = "gitea.c3d2.de";
+    rootUrl = "https://${domain}/";
+    ssh.clonePort = 2222;
+
+    database = {
+      type = "postgres";
+      host = "127.0.0.1";
+      name = "gitea";
+      user = "gitea";
+      passwordFile = "/etc/giteaPassword";
+    };
+    repositoryRoot = "/var/lib/gitea/repositories";
+
+    #disableRegistration = true;
+
+    lfs.enable = true;
+
+    dump = {
+      ## Is a nice feature once we have a dedicated backup storage.
+      ## For now it is disabled, since it delays `nixos-rebuild switch`.
+      enable = false;
+      backupDir = "/var/lib/gitea/dump";
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 3000 2222 ];
+
+  environment.systemPackages = with pkgs; [ postgresql unzip ];  ## used to restore database dumps
+}

modules/nix.nix

@@ -0,0 +1,17 @@
+{ config, pkgs, nixpkgs, ... }:
+
+{
+  boot.cleanTmpDir = true;
+
+  nix.package = pkgs.nixUnstable;
+  nix.extraOptions = "experimental-features = nix-command flakes";
+
+  nix.daemonIONiceLevel = 7;
+  nix.daemonNiceLevel = 19;
+
+  nix.autoOptimiseStore = true;
+  nix.gc = {
+    automatic = true;
+    dates = "weekly";
+  };
+}

modules/ssh.nix

@@ -0,0 +1,16 @@
+{ config, pkgs, ... }:
+
+{
+  ## only used to receive gitea-dump from inbert via scp
+
+  services.openssh = {
+    enable = true;
+    permitRootLogin = "prohibit-password";
+  };
+
+  users.users.root = {
+    openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDW+YfsFtRz1h/0ubcKU+LyGfxH505yUkbWa5VtRFNWF2fjTAYGj6o5M4dt+fv1h370HXvvOBtt8sIlWQgMsD10+9mvjdXWhTcpnYPx4yWuyEERE1/1BhItrog6XJKAedbCDpQQ+POoewouiHWVAUfFByPj5RXuE8zKUeIEkGev/QKrKTLnTcS8zFs/yrokf1qYYR571B3U8IPDjpV/Y1GieG3MSNaefIMCwAAup1gPkUA0XZ4A1L7NdEiUEHlceKVu9eYiWUM+wDRunBXnLHubeGyP8KmBA7PNKgml3WWRNTZjqNQk4u9Bl+Qea5eCkD8KI257EqgXYXy0QBWNyF8X j03@l302"
+    ];
+  };
+}