Compare commits
2 commits
153762ca5b
...
9a53ca1cea
| Author | SHA1 | Date | |
|---|---|---|---|
9a53ca1cea
|
|||
|
509304de03
|
5 changed files with 51 additions and 14 deletions
|
|
@ -31,6 +31,9 @@
|
|||
"miniflux/oauth2_secret" = {
|
||||
owner = "root";
|
||||
};
|
||||
"forgejo/env" = {
|
||||
owner = "forgejo";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -5,6 +5,9 @@
|
|||
forgejo-access = {
|
||||
members = [ "xin" ];
|
||||
};
|
||||
forgejo-admin = {
|
||||
members = [ "xin" ];
|
||||
};
|
||||
gts-users = {
|
||||
members = [ "xin" ];
|
||||
};
|
||||
|
|
@ -35,6 +38,9 @@
|
|||
miniflux-users = {
|
||||
members = [ "xin" ];
|
||||
};
|
||||
idm_people_self_mail_write = {
|
||||
members = [ ];
|
||||
};
|
||||
};
|
||||
persons = {
|
||||
xin = {
|
||||
|
|
@ -61,6 +67,15 @@
|
|||
scopeMaps = {
|
||||
forgejo-access = [ "openid" "email" "profile" "groups" ];
|
||||
};
|
||||
claimMaps = {
|
||||
forgejo_role = {
|
||||
joinType = "array";
|
||||
valuesByGroup = {
|
||||
forgejo-access = [ "Access" ];
|
||||
forgejo-admin = [ "Admin" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
gts = {
|
||||
displayName = "GoToSocial";
|
||||
|
|
|
|||
|
|
@ -1,9 +1,11 @@
|
|||
storage_box_mount: ENC[AES256_GCM,data:9lOAL3tkfB0pN4/cuM4SX0xoMrW0UUEzTN8spw3MQ3BWrfsRc3Stsce3puXz1sRf,iv:7Q9wzpBgQ3tqcfy0n/c6Ya84Kg60nhR/e2H0pVntWsY=,tag:9a0xvNBGQpCvhxgmV3hrww==,type:str]
|
||||
gts_env: ENC[AES256_GCM,data:CKFKHXCJvTD0HFkVrBWhabcl/cloCT03qcZIc5JymiIAu+o6wef6gsQlkKP81vxC9S3XMYtLgXQ03D7Jetkfg+7nafF1+ogN,iv:/axRqZIatwYL++/KmBIievPPyKRkHGmVpgRe2Eet+fg=,tag:gwxyuePOYiD1vlSyq3yjXA==,type:str]
|
||||
gts_env: ENC[AES256_GCM,data:StggMdJPevrDbrVDrBDETdQYnSOaTESkgSqpGKrSHXhS21nyCE5ya7/X4l0GVTXoGCyfWG7vK+PDW22mJxpYcj2CBaVUYDu/,iv:2fqWDaWAWxTXdG7w5HU6jBcappFEByNtYs0Jd6PaYnA=,tag:KGhrMemao6g4FkEAZmmacg==,type:str]
|
||||
hedgedoc_env: ENC[AES256_GCM,data:zwAA+zKSJT0tZyYArCaa1lfL0y8DNHDp/thS11DrVxNvjmk38o0ydsKArfZKzFYye+qNBzz1B4sPCdW4cFgQUNgbM+n9AvoMB8CssdmQ+sALKmozA5aEV23q+khZSGlHocP6WA==,iv:SgZruOS1nanK64Ex1dvgoD1HzbGbNa4DFSBuVoaNgEc=,tag:R+I8m1AloDCXs5PdpEpS0w==,type:str]
|
||||
grafana_oauth_secret: ENC[AES256_GCM,data:2dSgxeWXNtlvbrgW9whCVuM6tfzd4lVhynwQTSPbBJndhI8scpJle7LjI1+b14FS9boBsuYO+ym4Pf1I8/jJtKkj6X6I0BmXFBC/SfpCpo+ZGrxacg==,iv:N8iTPqMagKP3hWc7n0bjgYKvaFaw11ITvDn9lUkkAPY=,tag:Cz59fA2Zq3jVvhfxaFuGAA==,type:str]
|
||||
grafana_oauth_secret: ENC[AES256_GCM,data:43+EBnN912eK/08MdJokWPxi2Lxn/D4hSHPhNmHOk9awWQ7ut/el0vaAa+Epqnui3le2p4VuotQT6XlIuDLrixIomrc6Qw5HERAEdZmbrGvDlrrNhw==,iv:Pfn8rL0LtG3hym9EdSZRjaPLMlWlut/nt2FEtRWnULo=,tag:moDWqF3aBbnO4aG0Cysfcw==,type:str]
|
||||
miniflux:
|
||||
oauth2_secret: ENC[AES256_GCM,data:Q0JeT5VHGEDATXB9jf5+eU1Hoi9FsJrw6IK2T0bodvVgki+1oF+sWld5NGpoiXm/bQ==,iv:e8+84Zk5eXNIyIPhTG8jFhO+DCRorPFG0lDDNT4OxCs=,tag:IxlyFBcFaSy7Nz0aQCH3bw==,type:str]
|
||||
oauth2_secret: ENC[AES256_GCM,data:jcZR9E9jXNKfkAoGgBI19qQeaz26R6qiAWjP4XrftHSCQV974tjJl+fiU8Xgi0bViA==,iv:/aY0bL/oAAHBhohy3FHB/UEDYryw7A7JOKvEbLtDHJg=,tag:Fn/6NurNkRphXySR+y9S9Q==,type:str]
|
||||
forgejo:
|
||||
env: ENC[AES256_GCM,data:TMeguXfanISeyvsay9SBqm3SSGKpp5nCkqhHblf0QHNzHWGQKwpORmWfOtVfgOh9qdDqq8wYBpXznmbvixjV,iv:IR/rMoAIvZCw9FURmau4+g8c3pvI9BRs7v1NJ5ia4jI=,tag:kjwf6RN5HN8I2sUhDcr4UQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
|
@ -28,8 +30,8 @@ sops:
|
|||
dnFBa0lDWWZtS1BHdzBoVzNTaGNkSEEKi/W1n7RT8NpTp00SBMwxsUJAPDhumJ/i
|
||||
V2VnaSNwouD3SswTcoBzqQpBP9XrqzjIYGke90ZODFQbMY9WDQ+O0g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-08-05T08:53:56Z"
|
||||
mac: ENC[AES256_GCM,data:DtAL9k/t4pGV2UqCrb1R/1nT3gjJ8wced5yQOF5oneoncg/uuyX7IDZ0iZz0eGirj9Zadh9UQWNwxMzoiNu6pD1v04MkxT0NVDJ32vt5X+YDQJ60vRJjn9+zKvLk8Esx9sFsuBxjVXXmbtev7+djU+LbpPLfaobdheO2XlJXtdU=,iv:y2KI5ylgvuQ7ktYAr6XPEX3qyxnSP7BWC79mdsr4hgk=,tag:cvXvXeKvRwvttgQfmZRi2w==,type:str]
|
||||
lastmodified: "2024-08-21T05:54:31Z"
|
||||
mac: ENC[AES256_GCM,data:oNBabsDRuHjMBXynr8ytCLmv5NPyA0mRUcPJfFZjjAb9ZbGP+pquwJT3S0l2yo4Nsd0YQP8X1pGS3PEv9v+N538bxmMJJCERR7iZ5U5G4h0AvKi+UkjkveDdhPWBXhC1O+Up7reT/LLzOiZ1WUHCYRQfcb9R1RL3G2NpeYuOShk=,iv:FLmtKyZjZuGDnMjOgJdoIU9EXLQSZavs8f4q2C+Sxbk=,tag:sGoJNppCTYxZ2u2l0eMHgg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.0
|
||||
|
|
|
|||
|
|
@ -142,6 +142,8 @@ in
|
|||
|
||||
services.forgejo = {
|
||||
enable = true;
|
||||
# Use cutting edge instead of lts
|
||||
package = pkgs.forgejo;
|
||||
repositoryRoot = "/mnt/storage/forgejo/repositories";
|
||||
lfs = {
|
||||
enable = true;
|
||||
|
|
@ -151,11 +153,10 @@ in
|
|||
service.DISABLE_REGISTRATION = true;
|
||||
server = {
|
||||
ROOT_URL = "https://git.xinyang.life/";
|
||||
START_SSH_SERVER = true;
|
||||
BUILTIN_SSH_SERVER_USER = "git";
|
||||
SSH_USER = "git";
|
||||
START_SSH_SERVER = false;
|
||||
SSH_USER = config.services.forgejo.user;
|
||||
SSH_DOMAIN = "ssh.xinyang.life";
|
||||
SSH_PORT = 2222;
|
||||
SSH_PORT = 22;
|
||||
LFS_MAX_FILE_SIZE = 10737418240;
|
||||
LANDING_PAGE = "/explore/repos";
|
||||
};
|
||||
|
|
@ -166,13 +167,14 @@ in
|
|||
ENABLE_BASIC_AUTHENTICATION = false;
|
||||
};
|
||||
oauth2 = {
|
||||
ENABLE = false; # Disable forgejo as oauth2 provider
|
||||
ENABLED = false; # Disable forgejo as oauth2 provider
|
||||
};
|
||||
oauth2_client = {
|
||||
ACCOUNT_LINKING = "auto";
|
||||
USERNAME = "email";
|
||||
ENABLE_AUTO_REGISTRATION = true;
|
||||
UPDATE_AVATAR = true;
|
||||
OPENID_CONNECT_SCOPES = "openid profile email";
|
||||
UPDATE_AVATAR = false;
|
||||
OPENID_CONNECT_SCOPES = "openid profile email groups";
|
||||
};
|
||||
other = {
|
||||
SHOW_FOOTER_VERSION = false;
|
||||
|
|
@ -180,6 +182,22 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
systemd.services.forgejo = {
|
||||
serviceConfig = {
|
||||
EnvironmentFile = config.sops.secrets."forgejo/env".path;
|
||||
ExecStartPost = ''
|
||||
${lib.getExe config.services.forgejo.package} admin auth update-oauth \
|
||||
--id 1 \
|
||||
--name kanidm \
|
||||
--provider openidConnect \
|
||||
--key forgejo \
|
||||
--secret $CLIENT_SECRET \
|
||||
--icon-url https://auth.xinyang.life/pkg/img/favicon.png \
|
||||
--group-claim-name forgejo_role --admin-group Admin
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
services.grafana = {
|
||||
enable = true;
|
||||
settings = {
|
||||
|
|
|
|||
|
|
@ -43,8 +43,7 @@ in
|
|||
];
|
||||
|
||||
extra-substituters = mkIf cfg.enableMirrors [
|
||||
"https://mirrors.bfsu.edu.cn/nix-channels/store?priority=100"
|
||||
"https://mirrors.ustc.edu.cn/nix-channels/store?priority=100"
|
||||
"https://mirrors.cernet.edu.cn/nix-channels/store?priority=20"
|
||||
];
|
||||
|
||||
trusted-public-keys = [
|
||||
|
|
|
|||
Loading…
Reference in a new issue