SelfPrivacy/selfprivacy-nixos-config
1
0
Fork 0
mirror of https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git synced 2025-02-18 07:14:36 +00:00
Code Issues Projects Releases Wiki Activity

feat: add more service options and change Gitea to Forgejo

Browse source
This commit is contained in:
Inex Code 2024-06-30 21:47:08 +04:00
parent 8ce34bdd8d
commit 2b2551e5ba
3 changed files with 61 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
sp-modules/bitwarden/module.nix
View file

@ -18,6 +18,18 @@ in
default = "password"; default = "password";
type = lib.types.strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]"; type = lib.types.strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
}; };
signupsAllowed = lib.mkOption {
default = true;
type = lib.types.bool;
};
sendsAllowed = lib.mkOption {
default = true;
type = lib.types.bool;
};
emergencyAccessAllowed = lib.mkOption {
default = true;
type = lib.types.bool;
};
}; };
config = lib.mkIf config.selfprivacy.modules.bitwarden.enable { config = lib.mkIf config.selfprivacy.modules.bitwarden.enable {
@ -53,9 +65,11 @@ in
backupDir = backup-dir; backupDir = backup-dir;
environmentFile = "${bitwarden-env}"; environmentFile = "${bitwarden-env}";
config = { config = {
domain = "https://${cfg.subdomain}.${sp.domain}/"; DOMAIN = "https://${cfg.subdomain}.${sp.domain}/";
signupsAllowed = true; SIGNUPS_ALLOWED = cfg.signupsAllowed;
rocketPort = 8222; ROCKET_PORT = 8222;
SENDS_ALLOWED = cfg.sendsAllowed;
EMERGENCY_ACCESS_ALLOWED = cfg.emergencyAccessAllowed;
}; };
}; };
systemd.services.bitwarden-secrets = { systemd.services.bitwarden-secrets = {

42
sp-modules/gitea/module.nix
View file

@ -1,4 +1,4 @@
{ config, lib, ... }: { config, lib, pkgs, ... }:
let let
sp = config.selfprivacy; sp = config.selfprivacy;
stateDir = stateDir =
@ -20,6 +20,29 @@ in
default = "git"; default = "git";
type = lib.types.strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]"; type = lib.types.strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
}; };
appName = lib.mkOption {
default = "SelfPrivacy git Service";
type = lib.types.str;
};
enableLfs = lib.mkOption {
default = true;
type = lib.types.bool;
};
forcePrivate = lib.mkOption {
default = false;
type = lib.types.bool;
description = "Force all new repositories to be private";
};
disableRegistration = lib.mkOption {
default = false;
type = lib.types.bool;
description = "Disable registration of new users";
};
requireSigninView = lib.mkOption {
default = false;
type = lib.types.bool;
description = "Require signin to view any page";
};
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
@ -31,11 +54,8 @@ in
}; };
services.gitea = { services.gitea = {
enable = true; enable = true;
package = pkgs.forgejo;
inherit stateDir; inherit stateDir;
# log = {
# rootPath = "/var/lib/gitea/log";
# level = "Warn";
# };
user = "gitea"; user = "gitea";
database = { database = {
type = "sqlite3"; type = "sqlite3";
@ -50,13 +70,15 @@ in
# clonePort = 22; # clonePort = 22;
# }; # };
lfs = { lfs = {
enable = true; enable = cfg.enableLfs;
contentDir = "${stateDir}/lfs"; contentDir = "${stateDir}/lfs";
}; };
appName = "SelfPrivacy git Service";
repositoryRoot = "${stateDir}/repositories"; repositoryRoot = "${stateDir}/repositories";
# cookieSecure = true; # cookieSecure = true;
settings = { settings = {
DEFAULT = {
APP_NAME = "${cfg.appName}";
};
server = { server = {
DOMAIN = "${cfg.subdomain}.${sp.domain}"; DOMAIN = "${cfg.subdomain}.${sp.domain}";
ROOT_URL = "https://${cfg.subdomain}.${sp.domain}/"; ROOT_URL = "https://${cfg.subdomain}.${sp.domain}/";
@ -77,7 +99,7 @@ in
ENABLE_KANBAN_BOARD = true; ENABLE_KANBAN_BOARD = true;
}; };
repository = { repository = {
FORCE_PRIVATE = false; FORCE_PRIVATE = cfg.forcePrivate;
}; };
session = { session = {
COOKIE_SECURE = true; COOKIE_SECURE = true;
@ -86,6 +108,10 @@ in
ROOT_PATH = "${stateDir}/log"; ROOT_PATH = "${stateDir}/log";
LEVEL = "Warn"; LEVEL = "Warn";
}; };
service = {
DISABLE_REGISTRATION = cfg.disableRegistration;
REQUIRE_SIGNIN_VIEW = cfg.requireSigninView;
};
}; };
}; };
services.nginx.virtualHosts."${cfg.subdomain}.${sp.domain}" = { services.nginx.virtualHosts."${cfg.subdomain}.${sp.domain}" = {

10
sp-modules/jitsi-meet/module.nix
View file

@ -13,6 +13,10 @@ in
default = "meet"; default = "meet";
type = lib.types.strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]"; type = lib.types.strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
}; };
appName = lib.mkOption {
default = "Jitsi Meet";
type = lib.types.str;
};
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
@ -23,6 +27,12 @@ in
interfaceConfig = { interfaceConfig = {
SHOW_JITSI_WATERMARK = false; SHOW_JITSI_WATERMARK = false;
SHOW_WATERMARK_FOR_GUESTS = false; SHOW_WATERMARK_FOR_GUESTS = false;
APP_NAME = cfg.appName;
};
config = {
prejoinConfig = {
enabled = true;
};
}; };
}; };
services.nginx.virtualHosts."${cfg.subdomain}.${domain}" = { services.nginx.virtualHosts."${cfg.subdomain}.${domain}" = {