backup gitea

modules/services/default.nix

@@ -10,6 +10,7 @@
     ./ente.nix
     ./fileshelter.nix
     ./games
+    ./gitea.nix
     ./github-runner.nix
     ./gitolite.nix
     ./kavita.nix

modules/services/gitea.nix

@@ -0,0 +1,41 @@
+{
+  config,
+  pkgs,
+  lib,
+  inputs,
+  ...
+}:
+let
+  cfg = config.custom.services.gitea;
+in
+{
+  options.custom.services.gitea = {
+    enable = lib.mkEnableOption "Enables gitea";
+    fqdn = lib.mkOption {
+      type = lib.types.str;
+      default = "git.kopatz.dev";
+      description = "FQDN under which gitea is available";
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    # Initial setup requires
+    services.gitea = {
+      enable = true;
+      stateDir = "/1tbssd/gitea";
+      settings = {
+        server.HTTP_PORT = 3001;
+        service.DISABLE_REGISTRATION = true;
+        server.DOMAIN = cfg.fqdn;
+        server.ROOT_URL = "https://${cfg.fqdn}";
+        #server.DISABLE_SSH = true;
+      };
+    };
+    services.nginx.virtualHosts."${cfg.fqdn}" = {
+      forceSSL = true;
+      enableACME = true;
+      quic = true;
+      http3 = true;
+      locations."/".proxyPass = "http://localhost:3001";
+    };
+  };
+}

modules/services/plausible.nix

@@ -21,6 +21,38 @@ in
       file = ../../secrets/plausible-keybase.age;
     };
 
+    services.clickhouse = {
+      enable = true;
+      extraUsersConfig = ''
+        <clickhouse>
+          <profiles>
+              <default>
+                  <log_queries>0</log_queries>
+                  <log_query_threads>0</log_query_threads>
+              </default>
+          </profiles>
+        </clickhouse>
+      '';
+      extraServerConfig = ''
+        <clickhouse>
+            <logger>
+                <level>warning</level>
+                <console>true</console>
+            </logger>
+            <query_thread_log remove="remove"/>
+            <query_log remove="remove"/>
+            <text_log remove="remove"/>
+            <trace_log remove="remove"/>
+            <metric_log remove="remove"/>
+            <asynchronous_metric_log remove="remove"/>
+
+            <!-- Update: Required for newer versions of Clickhouse -->
+            <session_log remove="remove"/>
+            <part_log remove="remove"/>
+        </clickhouse>
+      '';
+    };
+
     services.plausible = {
       enable = true;
       # removed, create on initial setup now

systems/adam-site/configuration.nix

@@ -19,6 +19,8 @@
     443
   ];
   networking = {
+    hostname = "adam-site";
+    nameservers = [ "1.1.1.1" "1.0.0.1" ];
     defaultGateway6 = {
       address = "fe80::1";
       interface = "enp1s0";

systems/amd-server-vm/configuration.nix

@@ -59,6 +59,7 @@
         let
           kavita = "/data/kavita";
           gitolite = "/var/lib/gitolite";
+          gitea = "/1tbssd/gitea";
           mail = [
             "/data/vmail"
             "/var/lib/opendkim"
@@ -87,6 +88,7 @@
             "/home"
             kavita
             gitolite
+            gitea
           ]
           ++ syncthingFull
           ++ mail;
@@ -105,6 +107,7 @@
     services = {
       acme.enable = true;
       gitolite.enable = true;
+      gitea.enable = true;
       github-runner.enable = true;
       caldav.enable = true;
       kop-monitor.enable = true;
@@ -156,6 +159,17 @@
     };
   };
 
+  services.openssh.extraConfig = ''
+    # Internal network: allow everyone
+    Match Address 192.168.2.0/24,192.168.0.0/24
+        AllowUsers *
+
+    # Everything else (internet): only git user
+    Match Address *,!192.168.2.0/24,!192.168.0.0/24
+        PermitRootLogin no
+        AllowUsers gitea
+  '';
+
   virtualisation.vmware.guest.enable = true;
   services.xserver.videoDrivers = [ "vmware" ];
   environment.systemPackages = with pkgs; [

systems/pc/configuration.nix

@@ -120,6 +120,7 @@
     };
   };
 
+  services.trilium-server.enable = false; # maybe consider in the future
   services.nohang.enable = true;
 
   services.logind.settings.Login = {