From 0d81433c2d9ba7c66406009f3e335836f0ba2198 Mon Sep 17 00:00:00 2001 From: Magic_RB Date: Sat, 13 Feb 2021 13:35:25 +0100 Subject: [PATCH] Docker gitea changes --- docker/gitea/config.nix | 7 + docker/gitea/module.nix | 337 ++++++++++++++++++++++++++++++++++++++++ docker/gitea/result | 1 + docker/gitea/run.nix | 16 ++ 4 files changed, 361 insertions(+) create mode 100644 docker/gitea/config.nix create mode 100644 docker/gitea/module.nix create mode 120000 docker/gitea/result create mode 100644 docker/gitea/run.nix diff --git a/docker/gitea/config.nix b/docker/gitea/config.nix new file mode 100644 index 0000000..3ba21ea --- /dev/null +++ b/docker/gitea/config.nix @@ -0,0 +1,7 @@ +{ pkgs, lib, config, ... }: +{ + security.oauth2JwtSecret = "STUFF"; + security.internalToken = "STUFF"; + security.secretKey = "STUFF"; + lfs.lfsJwtSecret = "STUFF"; +} diff --git a/docker/gitea/module.nix b/docker/gitea/module.nix new file mode 100644 index 0000000..eed03e2 --- /dev/null +++ b/docker/gitea/module.nix @@ -0,0 +1,337 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config; + + useMysql = cfg.database.type == "mysql"; + usePostgresql = cfg.database.type == "postgres"; + useSqlite = cfg.database.type == "sqlite3"; + + format = pkgs.formats.ini { mkKeyValue = generators.mkKeyValueDefault {} "="; }; +in + + +{ + options = { + run = mkOption { + type = types.package; + description = "Run gitea derivation."; + }; + + stateDir = mkOption { + default = "/gitea"; + type = types.str; + description = "gitea data directory."; + }; + + uid = mkOption { + default = 5000; + type = types.int; + description = "gitea user id."; + }; + + gid = mkOption { + default = 5000; + type = types.int; + description = "gitea group id."; + }; + + logLevel = mkOption { + default = "Info"; + type = types.enum [ "Info" "Debug" "Error" ]; + description = "Log level for gitea logging."; + }; + + security = { + secretKey = mkOption { + type = types.str; + description = "gitea secret key."; + }; + + internalToken = mkOption { + type = types.str; + description = "gitea internal token."; + }; + + installLock = mkOption { + type = types.bool; + description = "gitea install lock."; + default = false; # TODO figure out what this actually does + }; + + oauth2JwtSecret = mkOption { + type = types.str; + description = "OAuth2 JWT secret."; + }; + }; + + database = { + type = mkOption { + type = types.enum [ "sqlite3" "mysql" "postgres" ]; + example = "mysql"; + default = "sqlite3"; + description = "Database engine to use."; + }; + + path = mkOption { + type = types.str; + default = "/data/gitea/gitea.db"; + description = "Database file path, if sqlite3 is in use"; + }; + + host = mkOption { + type = types.str; + default = "127.0.0.1"; + description = "Database host address"; + }; + + port = mkOption { + type = types.int; + default = (if !usePostgresql then 3306 else pg.port); + description = "Databa se host port."; + }; + + name = mkOption { + type = types.str; + default = "gitea"; + description = "Database user."; + }; + + password = mkOption { + type = types.str; + default = ""; + description = "Database password."; + }; + + createDatabase = mkOption { + type = types.bool; + default = true; + description = "Whether to create a database automatically."; + }; + }; + + ssh = { + enable = mkOption { + type = types.bool; + default = true; + description = "Enable external SSH feature."; + }; + + clonePort = mkOption { + type = types.int; + default = 22; + example = 2222; + description = '' + SSH port displayed in clone URL. + The option is required to configure a service when the external visible port + differs from the local listening port i.e. if port forwarding is used. + ''; + }; + }; + + lfs = { + enable = mkOption { + type = types.bool; + default = false; + description = "Enable git-lfs support."; + }; + + contentDir = mkOption { + type = types.str; + default = "${cfg.stateDir}/lfs"; + description = "Where to store LFS files."; + }; + + lfsJwtSecret = mkOption { + type = types.str; + description = "LFS JWT Secret"; + }; + }; + + appName = mkOption { + type = types.str; + default = "gitea: Gitea Service"; + description = "Application name."; + }; + + runMode = mkOption { + type = types.enum [ "dev" "prod" "test" ]; + description = "run mode."; + default = "prod"; + }; + + repositoryRoot = mkOption { + type = types.str; + default = # "${cfg.stateDir}/repositories" + ""; + description = "Path to the git repositories."; + }; + + domain = mkOption { + type = types.str; + default = "localhost"; + description = "Domain name of your server."; + }; + + rootUrl = mkOption { + type = types.str; + default = "http://localhost:3000/"; + description = "Full public URL of gitea server."; + }; + + httpAddress = mkOption { + type = types.str; + default = "0.0.0.0"; + description = "HTTP listen address."; + }; + + httpPort = mkOption { + type = types.int; + default = 3000; + description = "HTTP listen port."; + }; + + cookieSecure = mkOption { + type = types.bool; + default = false; + description = '' + Marks session cookies as "secure" as a hint for browsers to only send + them via HTTPS. This option is recommend, if gitea is being served over HTTPS. + ''; + }; + + staticRootPath = mkOption { + type = types.str; + default = "\${pkgs.gitea.data}"; + example = "/var/lib/gitea/data"; + description = "Upper level of template and static files path."; + }; + + disableRegistration = mkEnableOption "the registration lock" // { + description = '' + By default any user can create an account on this gitea instance. + This can be disabled by using this option. + Note: please keep in mind that this should be added after the initial + deploy unless services.gitea.useWizard + is true as the first registered user will be the administrator if + no install wizard is used. + ''; + }; + + settings = mkOption { + type = with types; attrsOf (attrsOf (oneOf [ bool int str ])); + default = {}; + description = '' + Gitea configuration. Refer to + for details on supported values. + ''; + example = literalExample '' + { + "cron.sync_external_users" = { + RUN_AT_START = true; + SCHEDULE = "@every 24h"; + UPDATE_EXISTING = true; + }; + mailer = { + ENABLED = true; + MAILER_TYPE = "sendmail"; + FROM = "do-not-reply@example.org"; + SENDMAIL_PATH = "''${pkgs.system-sendmail}/bin/sendmail"; + }; + other = { + SHOW_FOOTER_VERSION = false; + }; + } + ''; + }; + }; + + config = { + settings = { + database = mkMerge [ + { + DB_TYPE = cfg.database.type; + } + (mkIf (useMysql || usePostgresql) { + HOST = cfg.database.host + ":" + toString cfg.database.port; + NAME = cfg.database.name; + USER = cfg.database.user; + PASSWD = cfg.database.password; + }) + (mkIf useSqlite { + PATH = cfg.database.path; + }) + (mkIf usePostgresql { + SSL_MODE = "disable"; + }) + ]; + + repository = { + ROOT = cfg.repositoryRoot; + }; + + server = mkMerge [ + { + DOMAIN = cfg.domain; + # STATIC_ROOT_PATH = cfg.staticRootPath; + LFS_JWT_SECRET = cfg.lfs.lfsJwtSecret; + + HTTP_ADDR = cfg.httpAddress; + HTTP_PORT = cfg.httpPort; + } + (mkIf cfg.ssh.enable { + DISABLE_SSH = false; + SSH_PORT = cfg.ssh.clonePort; + }) + (mkIf (!cfg.ssh.enable) { + DISABLE_SSH = true; + }) + (mkIf cfg.lfs.enable { + LFS_START_SERVER = true; + LFS_CONTENT_PATH = cfg.lfs.contentDir; + }) + ]; + + session = { + COOKIE_NAME = "session"; + COOKIE_SECURE = cfg.cookieSecure; + }; + + security = with cfg.security; { + SECRET_KEY = secretKey; + INTERNAL_TOKEN = internalToken; + INSTALL_LOCK = installLock; + }; + + log = { + ROUTER = "console"; + ROUTER_LOG_LEVEL = cfg.logLevel; + }; + + service = { + DISABLE_REGISTRATION = cfg.disableRegistration; + }; + + oauth2 = { + JWT_SECRET = cfg.security.oauth2JwtSecret; + }; + }; + + run = + let + appIni = pkgs.writeText "app.ini" '' + APP_NAME=${cfg.appName} + RUN_USER=gitea + RUN_MODE=${cfg.runMode} + + ${generators.toINI {} cfg.settings} + ''; + in pkgs.writeShellScriptBin "run" '' + export GITEA_WORK_FIR=${cfg.stateDir} + exec /bin/gitea -c ${appIni} + ''; + + }; +} diff --git a/docker/gitea/result b/docker/gitea/result new file mode 120000 index 0000000..e519934 --- /dev/null +++ b/docker/gitea/result @@ -0,0 +1 @@ +/nix/store/6cg3m50cm7jz6k308vab9p8pqxz27pfn-gitea.sh \ No newline at end of file diff --git a/docker/gitea/run.nix b/docker/gitea/run.nix new file mode 100644 index 0000000..f36fc1e --- /dev/null +++ b/docker/gitea/run.nix @@ -0,0 +1,16 @@ +let + nixpkgs = import { system = "x86_64-linux"; }; + eval = nixpkgs.lib.evalModules { + modules = + [ (import /module.nix) ] ++ + (if (builtins.pathExists /config.nix) then [ (import /config.nix) ] else []); + + args = { + pkgs = nixpkgs; + lib = nixpkgs.lib; + }; + }; +in +eval.config.run + +# export NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt