From 0d5886e5393b46450b1fe877d3289ce235ff10a5 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 5 Sep 2021 00:25:29 +0200 Subject: [PATCH] gitea running with data from imbert --- Migration.md | 14 ++++++++++++++ configuration.nix | 18 ++++++++++++++++++ flake.lock | 27 +++++++++++++++++++++++++++ flake.nix | 17 +++++++++++++++++ migrate.sh | 17 +++++++++++++++++ modules/admin.nix | 9 +++++++++ modules/gitea.nix | 34 ++++++++++++++++++++++++++++++++++ modules/nix.nix | 17 +++++++++++++++++ modules/ssh.nix | 16 ++++++++++++++++ 9 files changed, 169 insertions(+) create mode 100644 Migration.md create mode 100644 configuration.nix create mode 100644 flake.lock create mode 100644 flake.nix create mode 100755 migrate.sh create mode 100644 modules/admin.nix create mode 100644 modules/gitea.nix create mode 100644 modules/nix.nix create mode 100644 modules/ssh.nix diff --git a/Migration.md b/Migration.md new file mode 100644 index 0000000..26afdfd --- /dev/null +++ b/Migration.md @@ -0,0 +1,14 @@ +## Migration from imbert to zentralwerk + +[based on](https://docs.gitea.io/en-us/backup-and-restore/) + +@imbert: +```shell +sudo -u git gitea dump -c /etc/gitea/app.ini +``` + +@gitea.hq.c3d2.de (lxc 315 @server6): +- copied `gitea-dump-*.zip` from imbert to `/tmp/` +```shell +/etc/nixos/migrate.sh +``` diff --git a/configuration.nix b/configuration.nix new file mode 100644 index 0000000..3dba3a0 --- /dev/null +++ b/configuration.nix @@ -0,0 +1,18 @@ +{ config, pkgs, ... }: + +{ + boot.isContainer = true; + nix.useSandbox = false; + + imports = [ + ./modules/nix.nix + ./modules/gitea.nix + + ./modules/admin.nix + ./modules/ssh.nix + ]; + + system.stateVersion = "21.11"; + networking.hostName = "gitea"; + time.timeZone = "Europe/Berlin"; +} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..1e4ecaf --- /dev/null +++ b/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1630761588, + "narHash": "sha256-7GXckvZy7DGh2KIyfdArqwnyeSc5Owy1fumEDQyd8eY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a51aa6523bd8ee985bc70987909eff235900197a", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..1f0e3cb --- /dev/null +++ b/flake.nix @@ -0,0 +1,17 @@ +{ + description = "gitea.c3d2.de, migrated from inbert to zentralwerk by j03"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + }; + + outputs = { self, nixpkgs }: + { + nixosConfigurations = { + gitea = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ ./configuration.nix ]; + }; + }; + }; +} diff --git a/migrate.sh b/migrate.sh new file mode 100755 index 0000000..547f6b0 --- /dev/null +++ b/migrate.sh @@ -0,0 +1,17 @@ +#/usr/bin/env bash -e + +DUMP=gitea-dump-1630784448 +USER=gitea +DATABASE=gitea + +cd /tmp/ +unzip ${DUMP}.zip + +systemctl stop gitea + +mv gitea-repositories/* /var/lib/gitea/repositories/ +chown -R gitea:gitea /var/lib/gitea + +psql -U $USER -d $DATABASE < gitea-db.sql + +systemctl start gitea diff --git a/modules/admin.nix b/modules/admin.nix new file mode 100644 index 0000000..591b06c --- /dev/null +++ b/modules/admin.nix @@ -0,0 +1,9 @@ +{ config, pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + vim tmux git htop + ]; + + environment.variables = { EDITOR = "vim"; }; +} diff --git a/modules/gitea.nix b/modules/gitea.nix new file mode 100644 index 0000000..7ea507a --- /dev/null +++ b/modules/gitea.nix @@ -0,0 +1,34 @@ +{ config, pkgs, ... }: + +{ + services.gitea = rec { + enable = true; + domain = "gitea.c3d2.de"; + rootUrl = "https://${domain}/"; + ssh.clonePort = 2222; + + database = { + type = "postgres"; + host = "127.0.0.1"; + name = "gitea"; + user = "gitea"; + passwordFile = "/etc/giteaPassword"; + }; + repositoryRoot = "/var/lib/gitea/repositories"; + + #disableRegistration = true; + + lfs.enable = true; + + dump = { + ## Is a nice feature once we have a dedicated backup storage. + ## For now it is disabled, since it delays `nixos-rebuild switch`. + enable = false; + backupDir = "/var/lib/gitea/dump"; + }; + }; + + networking.firewall.allowedTCPPorts = [ 3000 2222 ]; + + environment.systemPackages = with pkgs; [ postgresql unzip ]; ## used to restore database dumps +} diff --git a/modules/nix.nix b/modules/nix.nix new file mode 100644 index 0000000..3c16a1d --- /dev/null +++ b/modules/nix.nix @@ -0,0 +1,17 @@ +{ config, pkgs, nixpkgs, ... }: + +{ + boot.cleanTmpDir = true; + + nix.package = pkgs.nixUnstable; + nix.extraOptions = "experimental-features = nix-command flakes"; + + nix.daemonIONiceLevel = 7; + nix.daemonNiceLevel = 19; + + nix.autoOptimiseStore = true; + nix.gc = { + automatic = true; + dates = "weekly"; + }; +} diff --git a/modules/ssh.nix b/modules/ssh.nix new file mode 100644 index 0000000..afaa009 --- /dev/null +++ b/modules/ssh.nix @@ -0,0 +1,16 @@ +{ config, pkgs, ... }: + +{ + ## only used to receive gitea-dump from inbert via scp + + services.openssh = { + enable = true; + permitRootLogin = "prohibit-password"; + }; + + users.users.root = { + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDW+YfsFtRz1h/0ubcKU+LyGfxH505yUkbWa5VtRFNWF2fjTAYGj6o5M4dt+fv1h370HXvvOBtt8sIlWQgMsD10+9mvjdXWhTcpnYPx4yWuyEERE1/1BhItrog6XJKAedbCDpQQ+POoewouiHWVAUfFByPj5RXuE8zKUeIEkGev/QKrKTLnTcS8zFs/yrokf1qYYR571B3U8IPDjpV/Y1GieG3MSNaefIMCwAAup1gPkUA0XZ4A1L7NdEiUEHlceKVu9eYiWUM+wDRunBXnLHubeGyP8KmBA7PNKgml3WWRNTZjqNQk4u9Bl+Qea5eCkD8KI257EqgXYXy0QBWNyF8X j03@l302" + ]; + }; +}