From 683b6bc332f2c55d53ba3441075acbfa5e5c134c Mon Sep 17 00:00:00 2001
From: magic_rb <magic_rb@redalder.org>
Date: Thu, 18 Jan 2024 21:10:13 +0100
Subject: [PATCH] Re-enable Gitea/Forgejo

Signed-off-by: magic_rb <magic_rb@redalder.org>
---
 nixng/containers/gitea/default.nix    | 134 ++++++--------------------
 terranix/containers/gitea/default.nix |   8 +-
 terranix/containers/gitea/job.hcl     |   4 +-
 terranix/default.nix                  |   8 +-
 4 files changed, 40 insertions(+), 114 deletions(-)

diff --git a/nixng/containers/gitea/default.nix b/nixng/containers/gitea/default.nix
index a47e1f9..21e7158 100644
--- a/nixng/containers/gitea/default.nix
+++ b/nixng/containers/gitea/default.nix
@@ -15,30 +15,53 @@ in {
       (inputs)
       nixpkgs
       ;
-    config = {pkgs, ...}: {
+    config = {
+      pkgs,
+      config,
+      options,
+      ...
+    }: {
       dumb-init = {
         enable = true;
         type.services = {};
       };
 
-      services.mysql = {
+      services.postgresql = {
         enable = true;
-
-        package = pkgs.mariadb_105;
+        package = pkgs.postgresql_16;
 
         ensureDatabases = singleton "gitea";
         ensureUsers = singleton {
           name = "gitea";
+          ensureDBOwnership = true;
           ensurePermissions = {
-            "gitea.*" = "ALL PRIVILEGES";
+            "DATABASE \"gitea\"" = "ALL PRIVILEGES";
           };
         };
       };
 
+      imports = [
+        (import "${inputs.nixng}/modules/services/gitea/sane.nix" {
+            rootConfig = config;
+            rootOptions = options;
+            inherit pkgs lib;
+          } {
+            user = "gitea";
+            database = {
+              type = "postgres";
+              # host = "127.0.0.1";
+              # port = 5432;
+              socket = "/run/postgresql";
+              name = "gitea";
+              user = "gitea";
+            };
+          })
+      ];
+
       init.services.gitea.shutdownOnExit = false;
       services.gitea = {
         enable = true;
-        package = pkgs.gitea;
+        package = pkgs.forgejo;
 
         secrets = {
           secretKeyFile = "/secrets/secret_key";
@@ -48,104 +71,7 @@ in {
         };
 
         settings = {
-          appName = "Red Alder Gitea";
-          runMode = "prod";
-          runUser = "gitea";
-
-          DEFAULT = {
-            WORK_PATH = "/data/gitea";
-          };
-
-          repository = {
-            ROOT = "/data/gitea/git/repositories";
-          };
-
-          "repository.local" = {
-            LOCAL_COPY_PATH = "/data/gitea/tmp/local-repo";
-          };
-
-          "repository.upload" = {
-            TEMP_PATH = "/data/gitea/gitea/uploads";
-          };
-
-          server = {
-            APP_DATA_PATH = "/data/gitea";
-            SSH_DOMAIN = "localhost";
-            HTTP_PORT = 3000;
-            ROOT_URL = "https://gitea.redalder.org/";
-            STATIC_ROOT_PATH = "${pkgs.gitea.data}";
-            DISABLE_SSH = false;
-            SSH_PORT = 22;
-            SSH_LISTEN_PORT = 22;
-            LFS_START_SERVER = true;
-            LFS_CONTENT_PATH = "/data/gitea/git/lfs";
-            DOMAIN = "localhost";
-            LFS_JWT_SECRET = "#lfsJwtSecret#";
-            OFFLINE_MODE = false;
-          };
-
-          database = {
-            DB_TYPE = "mysql";
-            HOST = "/run/mysqld/mysqld.sock";
-            NAME = "gitea";
-            USER = "gitea";
-            SCHEMA = "";
-            SSL_MODE = "disable";
-            CHARSET = "utf8";
-          };
-
-          indexer = {
-            ISSUE_INDEXER_PATH = "/data/gitea/gitea/indexers/issues.bleve";
-            REPO_INDEXER_PATH = "/data/gitea/gitea/indexers/repos.bleve";
-          };
-          session = {
-            PROVIDER_CONFIG = "/data/gitea/gitea/sessions";
-            PROVIDER = "file";
-          };
-
-          picture = {
-            AVATAR_UPLOAD_PATH = "/data/gitea/gitea/avatars";
-            REPOSITORY_AVATAR_UPLOAD_PATH = "/data/gitea/gitea/repo-avatars";
-            DISABLE_GRAVATAR = false;
-            ENABLE_FEDERATED_AVATAR = true;
-          };
-
-          attachment = {
-            PATH = "/data/gitea/gitea/attachments";
-          };
-
-          security = {
-            INSTALL_LOCK = true;
-            SECRET_KEY = "#secretKey";
-            INTERNAL_TOKEN = "#internalToken#";
-          };
-
-          service = {
-            DISABLE_REGISTRATION = false;
-            REQUIRE_SIGNIN_VIEW = false;
-            REGISTER_EMAIL_CONFIRM = false;
-            ENABLE_NOTIFY_MAIL = false;
-            ALLOW_ONLY_EXTERNAL_REGISTRATION = false;
-            ENABLE_CAPTCHA = false;
-            DEFAULT_KEEP_EMAIL_PRIVATE = false;
-            DEFAULT_ALLOW_CREATE_ORGANIZATION = true;
-            DEFAULT_ENABLE_TIMETRACKING = true;
-            NO_REPLY_ADDRESS = "noreply.localhost";
-          };
-
-          oauth2.JWT_SECRET = "#jwtSecret#";
-
-          mailer.ENABLED = false;
-
-          openid = {
-            ENABLE_OPENID_SIGNIN = true;
-            ENABLE_OPENID_SIGNUP = true;
-          };
-
-          log = {
-            MODE = "console";
-            LEVEL = "Debug";
-          };
+          DEFAULT.APP_NAME = "RedAlder Forgejo";
         };
       };
     };
diff --git a/terranix/containers/gitea/default.nix b/terranix/containers/gitea/default.nix
index 1a81a75..83f0954 100644
--- a/terranix/containers/gitea/default.nix
+++ b/terranix/containers/gitea/default.nix
@@ -9,16 +9,16 @@ in
     volume_name   = "gitea-db";
     access_mode = "single-node-writer";
     server = "blowhole.hosts.in.redalder.org";
-    share = "/var/nfs/gitea-db";
-    mount_flags = [ "nfsvers=3" "nolock" "async" ];
+    share = "/mnt/kyle/infrastructure/gitea/database";
+    mount_flags = [ "hard" "vers=4.2" "rsize=16384" "wsize=16384" "async" ];
   };
 
   resource."nomad_volume"."gitea-data" = nfsVolume {
     volume_name   = "gitea-data";
     access_mode = "single-node-writer";
     server = "blowhole.hosts.in.redalder.org";
-    share = "/var/nfs/gitea-data";
-    mount_flags = [ "nfsvers=3" "nolock" "async" ];
+    share = "/mnt/kyle/infrastructure/gitea/data";
+    mount_flags = [ "hard" "vers=4.2" "rsize=16384" "wsize=16384" "async" ];
   };
 
   resource."vault_policy"."gitea-policy" = {
diff --git a/terranix/containers/gitea/job.hcl b/terranix/containers/gitea/job.hcl
index 801adc5..66c4e6e 100644
--- a/terranix/containers/gitea/job.hcl
+++ b/terranix/containers/gitea/job.hcl
@@ -68,13 +68,13 @@ job "gitea" {
 
       volume_mount {
         volume = "gitea-data"
-        destination = "/data/gitea"
+        destination = "/var/lib/gitea"
         read_only = false
       }
 
       volume_mount {
         volume = "gitea-db"
-        destination = "/var/lib/mysql"
+        destination = "/var/lib/postgresql"
         read_only = false
       }
 
diff --git a/terranix/default.nix b/terranix/default.nix
index 0a45a42..d6e5aa2 100644
--- a/terranix/default.nix
+++ b/terranix/default.nix
@@ -71,10 +71,10 @@ in
     source = ./containers/jellyfin;
   };
 
-  # module."gitea" = elib.terraformModule {
-  #   name = "gitea";
-  #   source = ./containers/gitea;
-  # };
+  module."gitea" = elib.terraformModule {
+    name = "gitea";
+    source = ./containers/gitea;
+  };
 
   module."home-assistant" = elib.terraformModule {
     name = "home-assistant";