diff --git a/flake.lock b/flake.lock index cd0b2de..ce8318f 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1706830856, - "narHash": "sha256-a0NYyp+h9hlb7ddVz4LUn1vT/PLwqfrWYcHMvFB1xYg=", + "lastModified": 1709336216, + "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "b253292d9c0a5ead9bc98c4e9a26c6312e27d69f", + "rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1709204054, - "narHash": "sha256-U1idK0JHs1XOfSI1APYuXi4AEADf+B+ZU4Wifc0pBHk=", + "lastModified": 1709988192, + "narHash": "sha256-qxwIkl85P0I1/EyTT+NJwzbXdOv86vgZxcv4UKicjK8=", "owner": "nix-community", "repo": "home-manager", - "rev": "2f3367769a93b226c467551315e9e270c3f78b15", + "rev": "b0b0c3d94345050a7f86d1ebc6c56eea4389d030", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1709150264, - "narHash": "sha256-HofykKuisObPUfj0E9CJVfaMhawXkYx3G8UIFR/XQ38=", + "lastModified": 1709703039, + "narHash": "sha256-6hqgQ8OK6gsMu1VtcGKBxKQInRLHtzulDo9Z5jxHEFY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9099616b93301d5cf84274b184a3a5ec69e94e08", + "rev": "9df3e30ce24fd28c7b3e2de0d986769db5d6225d", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1709206595, - "narHash": "sha256-lBU/gE7DiJCNkJGPVUms0zA0hxzDVgENIXfebj1oeLc=", + "lastModified": 1710013455, + "narHash": "sha256-qzOpU4APTso6JLA+/F4zlO/yL8++n/CsUpmxbQAsy/4=", "owner": "nix-community", "repo": "NUR", - "rev": "fbe8df1c13fd8e63e35c2c4654104661eb1fbbed", + "rev": "cf1e9b0e085368cc489c765f285f1d07c2ec8d36", "type": "github" }, "original": { diff --git a/hosts/nixos/porthos/boot.nix b/hosts/nixos/porthos/boot.nix index fbc5db7..461e969 100644 --- a/hosts/nixos/porthos/boot.nix +++ b/hosts/nixos/porthos/boot.nix @@ -3,15 +3,14 @@ { boot = { - # Use the GRUB 2 boot loader. - loader.grub = { - enable = true; - # Define on which hard drive you want to install Grub. - device = "/dev/disk/by-id/ata-HGST_HUS724020ALA640_PN2181P6J58M1P"; + # Use the systemd-boot EFI boot loader. + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; }; initrd = { - availableKernelModules = [ "uhci_hcd" "ahci" "usbhid" ]; + availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "usbhid" "sd_mod" ]; kernelModules = [ "dm-snapshot" ]; }; diff --git a/hosts/nixos/porthos/default.nix b/hosts/nixos/porthos/default.nix index 2dea899..bd1bdb1 100644 --- a/hosts/nixos/porthos/default.nix +++ b/hosts/nixos/porthos/default.nix @@ -16,11 +16,5 @@ # Set your time zone. time.timeZone = "Europe/Paris"; - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "20.09"; # Did you read the comment? + system.stateVersion = "24.05"; # Did you read the comment? } diff --git a/hosts/nixos/porthos/hardware.nix b/hosts/nixos/porthos/hardware.nix index 5a6e0d7..2172c5c 100644 --- a/hosts/nixos/porthos/hardware.nix +++ b/hosts/nixos/porthos/hardware.nix @@ -1,5 +1,5 @@ # Hardware configuration -{ lib, modulesPath, ... }: +{ modulesPath, ... }: { imports = [ @@ -11,9 +11,18 @@ fsType = "ext4"; }; + fileSystems."/boot" = { + device = "/dev/disk/by-label/boot"; + fsType = "vfat"; + }; + swapDevices = [ { device = "/dev/disk/by-label/swap"; } ]; - powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; + my.hardware = { + firmware = { + cpuFlavor = "intel"; + }; + }; } diff --git a/hosts/nixos/porthos/install.sh b/hosts/nixos/porthos/install.sh index 8edc175..e6ba0aa 100644 --- a/hosts/nixos/porthos/install.sh +++ b/hosts/nixos/porthos/install.sh @@ -3,7 +3,7 @@ SWAP_SIZE=16GiB parted /dev/sda --script -- \ - mklabel msdos \ + mklabel gpt \ mkpart primary 512MiB -$SWAP_SIZE \ mkpart primary linux-swap -$SWAP_SIZE 100% \ mkpart ESP fat32 1MiB 512MiB \ @@ -11,14 +11,24 @@ parted /dev/sda --script -- \ parted /dev/sdb --script -- \ mklabel gpt \ - mkpart primary 0MiB 100% + mkpart primary 0% 100% +parted /dev/sdc --script -- \ + mklabel gpt \ + mkpart primary 0% 100% +parted /dev/sdd --script -- \ + mklabel gpt \ + mkpart primary 0% 100% mkfs.ext4 -L media1 /dev/sda1 mkfs.ext4 -L media2 /dev/sdb1 +mkfs.ext4 -L media3 /dev/sdc1 +mkfs.ext4 -L media4 /dev/sdd1 pvcreate /dev/sda1 pvcreate /dev/sdb1 -vgcreate lvm /dev/sda1 /dev/sdb1 +pvcreate /dev/sdc1 +pvcreate /dev/sdd1 +vgcreate lvm /dev/sda1 /dev/sdb1 /dev/sdc1 /dev/sdd1 lvcreate -l 100%FREE -n media lvm mkfs.ext4 -L nixos /dev/mapper/lvm-media @@ -27,17 +37,17 @@ mkfs.fat -F 32 -n boot /dev/sda3 mount /dev/disk/by-label/nixos /mnt swapon /dev/sda2 +mkdir -p /mnt/boot +mount /dev/disk/by-label/boot /mnt/boot apt install sudo useradd -m -G sudo setupuser -# shellcheck disable=2117 -su setupuser cat << EOF # Run the following commands as setup user -curl -L https://nixos.org/nix/install | sh -. $HOME/.nix-profile/etc/profile.d/nix.sh -nix-channel --add https://nixos.org/channels/nixos-20.09 nixpkgs +curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install +. /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh +nix profile install nixpkgs#nixos-install-tools sudo "$(which nixos-generate-config)" --root /mnt # Change uuids to labels @@ -54,3 +64,6 @@ git crypt unlock nixos-install --root /mnt --flake '.#' EOF + +# shellcheck disable=2117 +su setupuser diff --git a/hosts/nixos/porthos/networking.nix b/hosts/nixos/porthos/networking.nix index 1e2c9cd..717652b 100644 --- a/hosts/nixos/porthos/networking.nix +++ b/hosts/nixos/porthos/networking.nix @@ -6,30 +6,17 @@ hostName = "porthos"; # Define your hostname. domain = "belanyi.fr"; # Define your domain. - - # The global useDHCP flag is deprecated, therefore explicitly set to false here. - # Per-interface useDHCP will be mandatory in the future, so this generated config - # replicates the default behaviour. - useDHCP = false; - + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + useDHCP = true; interfaces = { - bond0.useDHCP = true; - bonding_masters.useDHCP = true; - dummy0.useDHCP = true; - erspan0.useDHCP = true; - eth0.useDHCP = true; - eth1.useDHCP = true; - gre0.useDHCP = true; - gretap0.useDHCP = true; - ifb0.useDHCP = true; - ifb1.useDHCP = true; - ip6tnl0.useDHCP = true; - sit0.useDHCP = true; - teql0.useDHCP = true; - tunl0.useDHCP = true; + eno1.useDHCP = true; + eno2.useDHCP = true; }; }; # Which interface is used to connect to the internet - my.hardware.networking.externalInterface = "eth0"; + my.hardware.networking.externalInterface = "eno1"; } diff --git a/hosts/nixos/porthos/secrets/forgejo/mail-password.age b/hosts/nixos/porthos/secrets/forgejo/mail-password.age new file mode 100644 index 0000000..67ef695 --- /dev/null +++ b/hosts/nixos/porthos/secrets/forgejo/mail-password.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 cKojmg Lhgx43wR8PtAMf5v1eJxKlUBSAoOLdOOn/QaQrwF8zA +jfUCpgNzkHCNTWCqtErDaLMmg1Oy+s9zUra1JLCi+J4 +-> ssh-ed25519 jPowng kSeQ/SmMrzd8ByVu3YHWeZyKmqFZvQSBnDunkB8e6wc +WRmnfrV5xcRXA9t0ZXx6YvbRl0sX4PTrw63VVKX4Ei4 +--- a+LLM1gP9g1AbUapbeeKaS4cEcRBmPo3MHU2DSWTAds +,F6⬘ ix̏e| + +Ϝ,{ v!z$P;TKW + qG \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix index 3545e3a..bea380c 100644 --- a/hosts/nixos/porthos/secrets/secrets.nix +++ b/hosts/nixos/porthos/secrets/secrets.nix @@ -21,6 +21,11 @@ in "drone/secret.age".publicKeys = all; "drone/ssh/private-key.age".publicKeys = all; + "forgejo/mail-password.age" = { + owner = "git"; + publicKeys = all; + }; + "gitea/mail-password.age" = { owner = "git"; publicKeys = all; diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index c872160..a67ae3b 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -36,14 +36,14 @@ in flood = { enable = true; }; - # Gitea forge - gitea = { + # Forgejo forge + forgejo = { enable = true; mail = { enable = true; host = "smtp.migadu.com"; - user = lib.my.mkMailAddress "gitea" "belanyi.fr"; - passwordFile = secrets."gitea/mail-password".path; + user = lib.my.mkMailAddress "forgejo" "belanyi.fr"; + passwordFile = secrets."forgejo/mail-password".path; }; }; # Meta-indexers diff --git a/modules/home/ssh/default.nix b/modules/home/ssh/default.nix index 674cf6a..748b195 100644 --- a/modules/home/ssh/default.nix +++ b/modules/home/ssh/default.nix @@ -49,7 +49,7 @@ in }; porthos = { - hostname = "91.121.177.163"; + hostname = "37.187.146.15"; identityFile = "~/.ssh/shared_rsa"; user = "ambroisie"; }; diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index 871bf40..07711cc 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -105,7 +105,7 @@ in nixpkgs-fmt # Shell - shellcheck + nodePackages.bash-language-server shfmt ]; }; diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua index 794a765..628eab9 100644 --- a/modules/home/vim/plugin/settings/lspconfig.lua +++ b/modules/home/vim/plugin/settings/lspconfig.lua @@ -29,16 +29,17 @@ if utils.is_executable("clangd") then }) end --- Nix -if utils.is_executable("nil") then - lspconfig.nil_ls.setup({ +-- Haskell +if utils.is_executable("haskell-language-server-wrapper") then + lspconfig.hls.setup({ capabilities = capabilities, on_attach = lsp.on_attach, }) end -if utils.is_executable("rnix-lsp") then - lspconfig.rnix.setup({ +-- Nix +if utils.is_executable("nil") then + lspconfig.nil_ls.setup({ capabilities = capabilities, on_attach = lsp.on_attach, }) @@ -52,6 +53,13 @@ if utils.is_executable("pyright") then }) end +if utils.is_executable("ruff-lsp") then + lspconfig.ruff_lsp.setup({ + capabilities = capabilities, + on_attach = lsp.on_attach, + }) +end + -- Rust if utils.is_executable("rust-analyzer") then lspconfig.rust_analyzer.setup({ @@ -59,3 +67,12 @@ if utils.is_executable("rust-analyzer") then on_attach = lsp.on_attach, }) end + +-- Shell +if utils.is_executable("bash-language-server") then + lspconfig.bashls.setup({ + filetypes = { "bash", "sh", "zsh" }, + capabilities = capabilities, + on_attach = lsp.on_attach, + }) +end diff --git a/modules/home/vim/plugin/settings/null-ls.lua b/modules/home/vim/plugin/settings/null-ls.lua index 0eaa55c..c372751 100644 --- a/modules/home/vim/plugin/settings/null-ls.lua +++ b/modules/home/vim/plugin/settings/null-ls.lua @@ -28,14 +28,6 @@ null_ls.register({ }), }) --- Haskell -null_ls.register({ - null_ls.builtins.formatting.brittany.with({ - -- Only used if available - condition = utils.is_executable_condition("brittany"), - }), -}) - -- Nix null_ls.register({ null_ls.builtins.formatting.nixpkgs_fmt.with({ @@ -50,16 +42,6 @@ null_ls.register({ -- Python null_ls.register({ - null_ls.builtins.diagnostics.flake8.with({ - -- Only used if available, but prefer pflake8 if available - condition = function() - return utils.is_executable("flake8") and not utils.is_executable("pflake8") - end, - }), - null_ls.builtins.diagnostics.pyproject_flake8.with({ - -- Only used if available - condition = utils.is_executable_condition("pflake8"), - }), null_ls.builtins.diagnostics.mypy.with({ -- Only used if available condition = utils.is_executable_condition("mypy"), @@ -81,22 +63,6 @@ null_ls.register({ -- Shell (non-POSIX) null_ls.register({ - null_ls.builtins.code_actions.shellcheck.with({ - -- Restrict to bash and zsh - filetypes = { "bash", "zsh" }, - -- Only used if available - condition = utils.is_executable_condition("shellcheck"), - }), - null_ls.builtins.diagnostics.shellcheck.with({ - -- Show error code in message - diagnostics_format = "[#{c}] #{m}", - -- Require explicit empty string test, use bash dialect - extra_args = { "-s", "bash", "-o", "avoid-nullary-conditions" }, - -- Restrict to bash and zsh - filetypes = { "bash", "zsh" }, - -- Only used if available - condition = utils.is_executable_condition("shellcheck"), - }), null_ls.builtins.formatting.shfmt.with({ -- Indent with 4 spaces, simplify the code, indent switch cases, -- add space after redirection, use bash dialect @@ -110,22 +76,6 @@ null_ls.register({ -- Shell (POSIX) null_ls.register({ - null_ls.builtins.code_actions.shellcheck.with({ - -- Restrict to POSIX sh - filetypes = { "sh" }, - -- Only used if available - condition = utils.is_executable_condition("shellcheck"), - }), - null_ls.builtins.diagnostics.shellcheck.with({ - -- Show error code in message - diagnostics_format = "[#{c}] #{m}", - -- Require explicit empty string test - extra_args = { "-o", "avoid-nullary-conditions" }, - -- Restrict to POSIX sh - filetypes = { "sh" }, - -- Only used if available - condition = utils.is_executable_condition("shellcheck"), - }), null_ls.builtins.formatting.shfmt.with({ -- Indent with 4 spaces, simplify the code, indent switch cases, -- add space after redirection, use POSIX diff --git a/modules/home/xdg/default.nix b/modules/home/xdg/default.nix index aac5058..b7ba32b 100644 --- a/modules/home/xdg/default.nix +++ b/modules/home/xdg/default.nix @@ -55,5 +55,6 @@ in REDISCLI_HISTFILE = "${dataHome}/redis/rediscli_history"; REPO_CONFIG_DIR = "${configHome}/repo"; XCOMPOSECACHE = "${dataHome}/X11/xcompose"; + _JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${configHome}/java"; }; } diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index 90dd3e1..3b32d06 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -10,6 +10,7 @@ ./drone ./fail2ban ./flood + ./forgejo ./gitea ./grocy ./indexers diff --git a/modules/nixos/services/forgejo/default.nix b/modules/nixos/services/forgejo/default.nix new file mode 100644 index 0000000..0f3dfc5 --- /dev/null +++ b/modules/nixos/services/forgejo/default.nix @@ -0,0 +1,162 @@ +# A low-ressource, full-featured git forge. +{ config, lib, ... }: +let + cfg = config.my.services.forgejo; +in +{ + options.my.services.forgejo = with lib; { + enable = mkEnableOption "Forgejo"; + port = mkOption { + type = types.port; + default = 3042; + example = 8080; + description = "Internal port"; + }; + mail = { + enable = mkEnableOption { + description = "mailer configuration"; + }; + host = mkOption { + type = types.str; + example = "smtp.example.com"; + description = "Host for the mail account"; + }; + port = mkOption { + type = types.port; + default = 465; + example = 587; + description = "Port for the mail account"; + }; + user = mkOption { + type = types.str; + example = "forgejo@example.com"; + description = "User for the mail account"; + }; + passwordFile = mkOption { + type = types.str; + example = "/run/secrets/forgejo-mail-password.txt"; + description = "Password for the mail account"; + }; + protocol = mkOption { + type = types.str; + default = "smtps"; + example = "smtp"; + description = "Protocol for connection"; + }; + }; + }; + + config = lib.mkIf cfg.enable { + assertions = [ + { + assertion = cfg.enable -> !config.my.services.gitea.enable; + message = '' + `config.my.services.forgejo` is incompatible with + `config.my.services.gitea`. + ''; + } + ]; + + services.forgejo = + let + inherit (config.networking) domain; + forgejoDomain = "git.${domain}"; + in + { + enable = true; + + user = "git"; + group = "git"; + + lfs.enable = true; + + useWizard = false; + + database = { + type = "postgres"; # Automatic setup + user = "git"; # User needs to be the same as forgejo user + name = "git"; # Name must be the same as user for `ensureDBOwnership` + }; + + # NixOS module uses `forgejo dump` to backup repositories and the database, + # but it produces a single .zip file that's not very backup friendly. + # I configure my backup system manually below. + dump.enable = false; + + mailerPasswordFile = lib.mkIf cfg.mail.enable cfg.mail.passwordFile; + + settings = { + DEFAULT = { + APP_NAME = "Ambroisie's forge"; + }; + + server = { + HTTP_PORT = cfg.port; + DOMAIN = forgejoDomain; + ROOT_URL = "https://${forgejoDomain}"; + }; + + mailer = lib.mkIf cfg.mail.enable { + ENABLED = true; + SMTP_ADDR = cfg.mail.host; + SMTP_PORT = cfg.mail.port; + FROM = "Forgejo <${cfg.mail.user}>"; + USER = cfg.mail.user; + PROTOCOL = cfg.mail.protocol; + }; + + service = { + DISABLE_REGISTRATION = true; + }; + + session = { + # only send cookies via HTTPS + COOKIE_SECURE = true; + }; + }; + }; + + users.users.git = { + description = "Forgejo Service"; + home = config.services.forgejo.stateDir; + useDefaultShell = true; + group = "git"; + isSystemUser = true; + }; + users.groups.git = { }; + + my.services.nginx.virtualHosts = { + # Proxy to Forgejo + git = { + inherit (cfg) port; + }; + # Redirect `forgejo.` to actual forge subdomain + forgejo = { + redirect = config.services.forgejo.settings.server.ROOT_URL; + }; + }; + + my.services.backup = { + paths = [ + config.services.forgejo.lfs.contentDir + config.services.forgejo.repositoryRoot + ]; + }; + + services.fail2ban.jails = { + forgejo = '' + enabled = true + filter = forgejo + action = iptables-allports + ''; + }; + + environment.etc = { + "fail2ban/filter.d/forgejo.conf".text = '' + [Definition] + failregex = ^.*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from $ + journalmatch = _SYSTEMD_UNIT=forgejo.service + ''; + }; + }; +} diff --git a/modules/nixos/services/lohr/default.nix b/modules/nixos/services/lohr/default.nix index dd4eea8..21aadba 100644 --- a/modules/nixos/services/lohr/default.nix +++ b/modules/nixos/services/lohr/default.nix @@ -59,21 +59,6 @@ in "LOHR_HOME=${lohrHome}" "LOHR_CONFIG=" ]; - ExecStartPre = lib.mkIf (cfg.sshKeyFile != null) ''+${ - pkgs.writeScript "copy-ssh-key" '' - #!${pkgs.bash}/bin/bash - # Ensure the key is not there - mkdir -p '${lohrHome}/.ssh' - rm -f '${lohrHome}/.ssh/id_ed25519' - - # Move the key into place - cp ${cfg.sshKeyFile} '${lohrHome}/.ssh/id_ed25519' - - # Fix permissions - chown -R lohr:lohr '${lohrHome}/.ssh' - chmod -R 0700 '${lohrHome}/.ssh' - '' - }''; ExecStart = let configFile = settingsFormat.generate "lohr-config.yaml" cfg.setting; @@ -103,5 +88,24 @@ in inherit (cfg) port; }; }; + + # SSH key provisioning + systemd.tmpfiles.settings."10-lohr" = lib.mkIf (cfg.sshKeyFile != null) { + "${lohrHome}/.ssh" = { + d = { + user = "lohr"; + group = "lohr"; + mode = "0700"; + }; + }; + "${lohrHome}/.ssh/id_ed25519" = { + "f+" = { + user = "lohr"; + group = "lohr"; + mode = "0700"; + argument = cfg.sshKeyFile; + }; + }; + }; }; } diff --git a/modules/nixos/services/vikunja/default.nix b/modules/nixos/services/vikunja/default.nix index 9767d00..6e7700f 100644 --- a/modules/nixos/services/vikunja/default.nix +++ b/modules/nixos/services/vikunja/default.nix @@ -30,8 +30,6 @@ in frontendScheme = "https"; frontendHostname = vikunjaDomain; - setupNginx = false; - database = { type = "postgres"; user = "vikunja"; @@ -61,28 +59,11 @@ in # This is a weird setup my.services.nginx.virtualHosts = { ${subdomain} = { - # Serve the root for the web-ui - root = config.services.vikunja.package-frontend; - - extraConfig = { - locations = { - "/" = { - tryFiles = "try_files $uri $uri/ /"; - }; - - # Serve the API through a UNIX socket - "~* ^/(api|dav|\\.well-known)/" = { - proxyPass = "http://unix:${socketPath}"; - extraConfig = '' - client_max_body_size 20M; - ''; - }; - }; - }; + socket = socketPath; }; }; - systemd.services.vikunja-api = { + systemd.services.vikunja = { serviceConfig = { # Use a system user to simplify using the CLI DynamicUser = lib.mkForce false; diff --git a/modules/nixos/services/wireguard/default.nix b/modules/nixos/services/wireguard/default.nix index 26e54e0..a76e424 100644 --- a/modules/nixos/services/wireguard/default.nix +++ b/modules/nixos/services/wireguard/default.nix @@ -13,7 +13,7 @@ let porthos = { clientNum = 1; publicKey = "PLdgsizztddri0LYtjuNHr5r2E8D+yI+gM8cm5WDfHQ="; - externalIp = "91.121.177.163"; + externalIp = "37.187.146.15"; }; # "Clients" diff --git a/modules/nixos/services/woodpecker/default.nix b/modules/nixos/services/woodpecker/default.nix index 34ffca6..012eaae 100644 --- a/modules/nixos/services/woodpecker/default.nix +++ b/modules/nixos/services/woodpecker/default.nix @@ -8,6 +8,12 @@ options.my.services.woodpecker = with lib; { enable = mkEnableOption "Woodpecker CI"; + forge = mkOption { + type = types.enum [ "gitea" "forgejo" ]; + default = "forgejo"; + example = "gitea"; + description = "Which Forge to connect to"; + }; runners = mkOption { type = with types; listOf (enum [ "exec" "docker" ]); default = [ ]; diff --git a/modules/nixos/services/woodpecker/server/default.nix b/modules/nixos/services/woodpecker/server/default.nix index f02a5c5..adf533e 100644 --- a/modules/nixos/services/woodpecker/server/default.nix +++ b/modules/nixos/services/woodpecker/server/default.nix @@ -17,7 +17,7 @@ in WOODPECKER_GRPC_ADDR = ":${toString cfg.rpcPort}"; WOODPECKER_GITEA = "true"; - WOODPECKER_GITEA_URL = config.services.gitea.settings.server.ROOT_URL; + WOODPECKER_GITEA_URL = config.services.${cfg.forge}.settings.server.ROOT_URL; WOODPECKER_LOG_LEVEL = "debug"; };