Configure transmission and gitea

hosts/voyager/services/gitea.nix

@@ -0,0 +1,49 @@
+{ config, pkgs, ... }:
+let
+  cfg = config.services.gitea;
+in {
+    services.gitea = {
+      enable = true;
+      package = pkgs.unstable.gitea;
+      appName = "felixalbs Gitea";
+      database = {
+        type = "postgres";
+        #passwordFile = "/var/gitea/passwdfile";
+      };
+      domain = "git.feal.no";
+      rootUrl = "https://git.feal.no";
+      httpPort = 3004;
+
+
+      settings = {
+        server.LANDING_PAGE=''"/felixalb"'';
+        service.DISABLE_REGISTRATION = true;
+        session.COOKIE_SECURE = true;
+
+        packages.ENABLED = false;
+
+        oauth2_client = {
+          ENABLE_AUTO_REGISTRATION = true;
+          OPENID_CONNECT_SCOPES = "email profile openid";
+          UPDATE_AVATAR = true;
+          ACCOUNT_LINKING = "auto";
+          USERNAME = "email";
+        };
+
+        log.LEVEL = "Info";
+
+        database.LOG_SQL = false;
+
+        ui = {
+          THEMES="gitea,arc-green,nord";
+          DEFAULT_THEME="nord";
+        };
+      };
+
+      # TODO:
+      # - dump (automatic backups)
+      # - configure mailer
+    };
+
+    networking.firewall.allowedTCPPorts = [ cfg.httpPort ];
+}

hosts/voyager/services/postgres.nix

@@ -4,10 +4,14 @@
     enable = true;
     /* enableTCPIP = true; # Expose on the network */
     authentication = pkgs.lib.mkOverride 10 ''
+     local gitea all ident map=gitea-users
      local all all trust
      host all all 127.0.0.1/32 trust
      host all all ::1/128 trust
     '';
+    identMap = ''
+      gitea-users gitea gitea
+    '';
   };
 
   services.postgresqlBackup = {

hosts/voyager/services/transmission.nix

@@ -0,0 +1,74 @@
+{ config, pkgs, lib, ... }:
+let
+  host = "127.0.1.2";
+  port = "5003";
+  uid = 778;
+  gid = 778;
+in {
+  sops.secrets."transmission/vpncreds" = {
+    owner = "transmission";
+    group = "transmission";
+  };
+
+  users.users.transmission = {
+    inherit uid;
+    group = "transmission";
+    isSystemUser = true;
+    useDefaultShell = true;
+    description = "Transmission torrent service";
+  };
+
+  users.groups.transmission = {
+    inherit gid;
+  };
+
+  # Transmission+PIA: Torrent client, Integrated VPN, Web interface
+  virtualisation.oci-containers.containers.transmission = {
+    image = "haugene/transmission-openvpn";
+    ports = [ "${host}:${port}:9091" ];
+    volumes = [
+      "/var/lib/transmission/config:/config"
+      "/tank/media/transmission:/data"
+    ];
+    environment = {
+      OPENVPN_PROVIDER = "PIA";
+      OPENVPN_CONFIG = "norway,sweden,de_frankfurt";
+      LOCAL_NETWORK = "192.168.10.0/24";
+      PUID = toString uid;
+      PGID = toString gid;
+    };
+    environmentFiles = [
+      # OPENVPN_USERNAME and password is set here
+      # and optionally TRANSMISSION_RPC_USERNAME and password
+      config.sops.secrets."transmission/vpncreds".path
+    ];
+    extraOptions = [
+      "--cap-add=net_admin,net_raw,mknod"
+      "--device=/dev/net/tun"
+    ];
+  };
+  services.nginx.virtualHosts."transmission.home.feal.no" = {
+    locations."/" = {
+      proxyPass = "http://${host}:${port}";
+    };
+  };
+
+  fileSystems = {
+    "/tank/media/transmission/jellyfin" = {
+      device = "/tank/media/jellyfin";
+      options = [ "bind" ];
+    };
+    "/tank/media/transmission/music" = {
+      device = "/tank/media/music";
+      options = [ "bind" ];
+    };
+    "/tank/media/transmission/inbox" = {
+      device = "/tank/inbox";
+      options = [ "bind" ];
+    };
+    "/tank/media/transmission/other" = {
+      device = "/tank/media/other";
+      options = [ "bind" ];
+    };
+  };
+}