diff --git a/modules/services/server/gitea.nix b/modules/services/server/gitea.nix index 7b16d60..08664d1 100644 --- a/modules/services/server/gitea.nix +++ b/modules/services/server/gitea.nix @@ -7,21 +7,23 @@ { services.gitea = { enable = true; - #dump.enable = true; - rootUrl = "https://git.kabtop.de" + dump.enable = true; + rootUrl = "https://git2.kabtop.de" lfs.enable = true; httpAdress = "localhost"; dump.type = "tar.xz"; - domain = "git.kabtop.de"; + domain = "git2.kabtop.de"; database.type = "postgres"; database.user = "gitea"; - #database.password = "secret123"; database.name = "giteadb" + database.passwordFile = config.age.secrets."services/gitea/databasePassword".path; appName = "Kabtop Git"; +# mailerPasswordFile = config.age.secrets."services/gitea/mailerPassword".path; settings = { RUN_MODE = "prod"; server = { START_SSH_SERVER = true; + SSH_PORT = 2222; SSH_SERVER_CIPHERS = ""; SSH_SERVER_KEY_EXCHANGES = ""; SSH_SERVER_MACS = ""; @@ -33,10 +35,10 @@ PASSWORD_CHECK_PWN = true; PASSWORD_HASH_ALGO = "argon2"; }; - oauth2 = { - ENABLE = true; - #JWT_SECRET = "secret123"; - }; +# oauth2 = { +# ENABLE = true; +# #JWT_SECRET = "secret123"; +# }; repository = { MAX_CREATION_LIMIT = 100; }; @@ -44,29 +46,30 @@ SHOW_USER_EMAIL = false; DEFAULT_THEME = "arc-green"; }; - openid = { - ENABLE_OPENID_SIGNIN = true; - WHITELISTED_URIS = "https://auth.kabtop.de"; - }; - oauth2_client = { - ENABLE_AUTO_REGISTRATION = true; - }; - mailer = { - ENABLED = true; - SUBJECT_PREFIX = "Kabtop Gitea"; - HOST = "in-v3.mailjet.com:587"; - PROTOCOL = ""; - FROM = '"Kabtop Gitea" '; - USER = "secrest123"; - PASSWD = "secret123"; - MAILER_TYPE = "smtp"; - }; +# openid = { +# ENABLE_OPENID_SIGNIN = true; +# WHITELISTED_URIS = "https://auth.kabtop.de"; +# }; +# oauth2_client = { +# ENABLE_AUTO_REGISTRATION = true; +# }; time = { DEFAULT_UI_LOCATION = "Europe/Berlin" }; + other = { + SHOW_FOOTER_VERSION = false; + } session.COOKIE_SECURE = true; service.DISABLE_REGISTRATION = true; }; +# age.secrets."services/gitea/mailerPassword" = { +# file = ../../../secrets/services/gitea/mailerPassword.age; +# owner = "gitea"; +# }; + age.secrets."services/gitea/databasePassword" = { + file = ../../../secrets/services/gitea/databasePassword.age; + owner = "gitea"; + }; } diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 23f4e84..477a136 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -42,4 +42,7 @@ in "services/matrix/signal-registration.age".publicKeys = servers ++ users; "services/nextcloud/adminpassFile.age".publicKeys = servers ++ users; "services/nextcloud/dbpassFile.age".publicKeys = servers ++ users; + "services/gitea/databasePassword.age".publicKeys = servers ++ users; + "services/gitea/mailerPassword.age".publicKeys = servers ++ users; + "services/gitea/extraConfig.age".publicKeys = servers ++ users; } diff --git a/secrets/services/gitea/databasePassword.age b/secrets/services/gitea/databasePassword.age new file mode 100644 index 0000000..a82e8d6 --- /dev/null +++ b/secrets/services/gitea/databasePassword.age @@ -0,0 +1,23 @@ +age-encryption.org/v1 +-> ssh-ed25519 neExcQ dCh+HRLD8hV5vIZ5iZ0gnSyiSdJunN/MsDXdClqiznI +fi+QK8cL5l7RpJOWvgVAA0h98EueVfNCX5tMIXh0Pys +-> ssh-rsa VtjGpQ +ay+xZqKp9c6IfdhYJdB2Y4DsK+uHeUErU0KNSAtazF1i4Aic7VmXJCYQ65gqFpSZ +n09Xewru/ciOmtPN9E2I01LlG26qwczrIjk72jNqAaRPnfL6RuOUk+HTGuitobOT +idUFUKxJl5UPsXNpGFW3ETJ4eRcujPmUfqxVGFY/ssb7qI/9BTcuySOWL61Ytl7P +HDJdTdrNZJKrBJfuzRDMzBAj32Sni0T92Ng5bzQVNF8eCNOhhIy9a+SigwhMT1qp +tbZqURWIGw9n1HGwQ7raalkwr/CvdtINd7vY3pTKwK1pIwDwiflgQVJ7MTS4nVmL +eiAKbfZG11HGSwEmyG/zl5RZvA9pzWbYqFgkLf6M75KQlMxjiwli25Da5ahmrIy+ +J8BzJVXcAKUl8tRgRgg7rbWjRL05OcaKNU6XCotgd0g5HSRA6nHY8URoCmRHWguL +wxSAjBxMJ/NciFhlcwqKgixWGjn5J+8FzX2AYPTSnoSJRYwTo2WqpVmg7us2frDe +iB9t1r1mFyWqzl/3mlM0SmEKs/NI0O5IfxYsTjMjLDLlgjfkx3gq0CKc1oRSBLR+ +vzhv59EGMRAI1CZg9xteuO3tkUw5iVkPA35784ALdfoBeToO96lFttpfWEbbILP5 +iv9HzHNwDlEMgF880pMPnAGWPag8Yv9ANR6bio49k8w +-> piv-p256 grR75w Ay6xGroo9Wi6QLICfryEz8CWKO7guC7vmrt407bzUzcb +2ENrhkE4T1TrSCjDToeI/uS58MZnafI8glefwChpSiU +-> piv-p256 RQguQQ AuWNJAzo1Gj4bSfybbjXrqq6TT3gwAY6KV/XhDWTtnWS +H3qeNrIePWNjpbLpkMh9ScWOwkwyjWTR+OYAboQzZ34 +-> q]_G5R-grease +hQ+Pk+0q +--- u2RASGK+aYwMNV4UkGyBprChnbBjkUwEdJTnCFxxmN4 ++?f *{3}ˇɝ,'cc]"h?l \ No newline at end of file diff --git a/secrets/services/gitea/extraConfig.age b/secrets/services/gitea/extraConfig.age new file mode 100644 index 0000000..9a7935a --- /dev/null +++ b/secrets/services/gitea/extraConfig.age @@ -0,0 +1,24 @@ +age-encryption.org/v1 +-> ssh-ed25519 neExcQ ZCLiNDBNdcv6P73bROlcWwvpalGPkUBeoRokt0MYBRM +UU/zMvEr2HpP3E7rClTFNmZdA6r5umB6/t2FnKyoajI +-> ssh-rsa VtjGpQ +C3mwshkQwtNXd0+k6wK5grpZmeSt22jy0kNn9oHUmIA72cNvw+Xmmr8DC5035LcY +mUwMn0Kf3RRXfWUHUK58cfNIARwZ1+W8EoC53Su/6MqpVixx1Pu2cWpw+tI+Hkxs +fituCOok1o/l82eo4xCaINxgqebGiRZtUypdmjJ4zUSZ1IVhnBaK6/X+1vduc18e +Q9rh3GstWW9BA3wWNw4G2v4GKryApq/a2BgjC8p8JkJUjXHYJoZp8ZyEbuhZtUua +VP1fiyYwIe6Dx1CEJobEd07GImKaq9XTbV/BWpeA4tlX19mcYx/KUz655pr+kS0N +C5LkmXEeugsRWd5CcavNaDrTnIgT6GO19U9Y7oCCP1vQ9XbYmoeoqt+uqZmees1q +Yln+uXBNgnLOHJYUh1iXoi9TTHCT9IjiHLJiu1IJusWeL4Fs+VJKQIgSnlAJIikQ +cW2SW35M9hyPlepshnck1zfQS2IE78PwiLcFkHyoAnj0pLXXzS6m0y7Z2u9WBlB8 +/o5ZNm7UUpw6mx8SMy5LY8GeTt/9XMNBMOKOQls3XdftR6mr4FuMrAKv+NV+mXzY +/2THMr9NIQtIYQPYuBo/0cu2ocXQQfQ/KX983dr6/ZeqFsKZY4+bKKvR3yFztXor +Ckz1uyMvKgJAzt3HJnGb+MkfTMRNxPRfyhzK4Fu3Hcg +-> piv-p256 grR75w A6r9LwHeQ6DPZ1nercu+u9Ys01NHsV9ukvsc5J7PKcMB +HgJ+QAQ65N1WY0vuzfH62wxmHWDAiYL3MdkF4pTsrAI +-> piv-p256 RQguQQ A0CrKXt7n0lCnk9LZIw22cLtvmirE9DmSrO8xNvd4GCF +H7ZBM+SythzfJmG3emnx8dTJyKgmsL+/RUr7EZ16Di4 +-> K-3-grease "6pzDWC8 H\y `>^ +vIepOhKYnfQ6YMA+c6Kyf17UPpiNLy5p2MF6lFd9zB94OIwl0CQjEfquM8omrgXg +brtDuBD1 +--- 6cU45Olb2f2tmfRcu1vEuW5ueOfssEN2fmAS7hzgwo4 +Ho?mʛ4/G+h7Sa/IGs"aP,/OcZGGp/) qow@gR+Q>'/ҐF>ӹ\̧pʼn Y Uzj5^hQU`AxIï-KJܱ ?J n Fj83>it^!"Aۧ^zf&,%BSdOT_\V#"%D<}LԔ@ { JbASJԽ2S$ \ No newline at end of file diff --git a/secrets/services/gitea/mailerPassword.age b/secrets/services/gitea/mailerPassword.age new file mode 100644 index 0000000..bdeb0a8 --- /dev/null +++ b/secrets/services/gitea/mailerPassword.age @@ -0,0 +1,24 @@ +age-encryption.org/v1 +-> ssh-ed25519 neExcQ S4SkrY0LLBlXsKIyKbJG/0xsdOTMXPRQwWmciJdCGFU +OugL59NZJ6fccEJtXbWA7wYoaFflA/wUOzkOSeuoLaM +-> ssh-rsa VtjGpQ +L4dHVMy1Ep/ai3y0cbOjJYcCgFcbzecOdjPow6OASNqBPUOfpcge4hmpWKbITLB4 +9FNsBxF0g+Z/gYtyiRmdZpB+61Ns5qsp66V9UDpQouAWnWGOtJhMVju0klXJWQLm +W8nL9dWdS3vcFhdD10YO7ErQZAADRn5msN3m79wsFpS8ehq7PSoyGmysvimvOGid +d3H+NGfBJZOKuFtgPwx3OUel+QekGaCPJNgEMw5BB7BABvtOkSFsngbxSIzQDDgy +vFfcFWtvpLM/VNNZNkUBr+9esaCj6RJsn7wvktT69bjT12RoFrrMA1M3f/nwBPPW +7VEe9DWmYU0KYO/z8oyqW0pv1Jn7CywSkeMhzhZflXrHgSJz8f0sc7RvUDrPe8nU ++hZtja23mp8iFLsqT1IDzCtx2AVQ/IEpBhK/e2VAA9x1dD1u8oO63Lqafx5bJj4o +fVvqdfqS95Hoj6BYT4R+eaALjlQwo+ZbYkpMs48tMl3FMGB1yWFTf7lef//faRDd +O2qah2bc0B145eBQjSxu+qGV65h1uVVYbzyHztTDtD2VAH3vt3yhXxcrwIEbFmAD +RhdudA2i5N5R4WYvTSUlqu7W/1IReYLhJGPcAwUwviZMpsLAZXV0J4+kMfY2nlG7 +QIWAaOjNbCR9uUIzyRBiT8Z7evEhNJGfeoHfWI3YyxE +-> piv-p256 grR75w A4JUNXeQebYxnpxuy/S0nZFuVefAsKoy9AgSqAmIgf+C +E6W2cZda5/zXAQiVXpuBwyq1vVjkc6oLPRZcxoquhSQ +-> piv-p256 RQguQQ AtTS4VS0D7XBHhqO4nAilRuUoaL8wN/CKqvsJBDkS2eV +DNQ7jGW5JaLyTj7s0pcjqYgB8TmSzKAc7uzY6KY/3K0 +-> dUR*@Go-grease sO +kaM21qvzGtRDZOmKY3+RmLO7JNQ2qnbAy7Rhm2jrDwFMZapow7tHdoukwSPPtdqV +zbvcRqVh5eUp2GSpP9L5Md/Rb4zBrB3DQEQX+BDcBq2AoQLgznZu +--- 3gADr/DczM3F+Cvzio9AelnCMVuF9lKba8i82UlSmIs +!O~a}'i|AbVrq'N_0LfBEnW cMI:Ybb \ No newline at end of file