gitea: enable notification mails

gitea: add subject prefix to mail
gitea: move state back to /var/lib
2026-01-11 18:08:25 +01:00 · 2024-07-04 20:41:46 +02:00 · 2024-07-04 20:36:44 +02:00 · 2024-07-04 20:31:51 +02:00 · 2024-07-04 20:30:55 +02:00 · 2024-07-04 20:29:50 +02:00
12 changed files with 156 additions and 46 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -107,15 +107,16 @@
        ]
      },
      "locked": {
-        "lastModified": 1710311999,
+        "lastModified": 1717234745,
-        "narHash": "sha256-s0pT1NyrMgeolUojXXcnXQDymN7m80GTF7itCv0ZH20=",
+        "narHash": "sha256-MFyKRdw4WQD6V3vRGbP6MYbtJhZp712zwzjW6YiOBYM=",
        "owner": "dali99",
        "repo": "nixos-matrix-modules",
-        "rev": "6c9b67974b839740e2a738958512c7a704481157",
+        "rev": "d7dc42c9bbb155c5e4aa2f0985d0df75ce978456",
        "type": "github"
      },
      "original": {
        "owner": "dali99",
        "ref": "v0.6.0",
        "repo": "nixos-matrix-modules",
        "type": "github"
      }
@@ -142,16 +143,16 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1715410392,
+        "lastModified": 1719520878,
-        "narHash": "sha256-ltp1jQps9tym0uWNl/lTniHSQngCtNIyzlymu+ZSyts=",
+        "narHash": "sha256-5BXzNOl2RVHcfS/oxaZDKOi7gVuTyWPibQG0DHd5sSc=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "9f8bf7503bd85d5208575f4bd81c8b1fc999a468",
+        "rev": "a44bedbb48c367f0476e6a3a27bf28f6330faf23",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
-        "ref": "nixos-23.11-small",
+        "ref": "nixos-24.05-small",
        "type": "indirect"
      }
    },
@@ -213,11 +214,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1716150352,
+        "lastModified": 1718404592,
-        "narHash": "sha256-c13lzYbLmbrcbEdPTYZYtlX2Qsz1W+2sLsIMGShPgwo=",
+        "narHash": "sha256-Ud8pD0mxmbfvwBXKy2q3Yp8r1EofaTcodZtI3fbnfDY=",
        "ref": "refs/heads/master",
-        "rev": "2cab4df4b119e08a1f90ea1c944652cd78b4d478",
+        "rev": "6e4a79ed3ddae8dfc80eb8af1789985d07bcf297",
-        "revCount": 459,
+        "revCount": 463,
        "type": "git",
        "url": "https://git.pvv.ntnu.no/Projects/nettsiden.git"
      },
--- a/flake.nix
+++ b/flake.nix
@@ -2,7 +2,7 @@
  description = "PVV System flake";
  inputs = {
-    nixpkgs.url = "nixpkgs/nixos-23.11-small";
+    nixpkgs.url = "nixpkgs/nixos-24.05-small";
    nixpkgs-unstable.url = "nixpkgs/nixos-unstable-small";
    sops-nix.url = "github:Mic92/sops-nix";
@@ -17,7 +17,7 @@
    pvv-calendar-bot.url = "git+https://git.pvv.ntnu.no/Projects/calendar-bot.git";
    pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs";
-    matrix-next.url = "github:dali99/nixos-matrix-modules";
+    matrix-next.url = "github:dali99/nixos-matrix-modules/v0.6.0";
    matrix-next.inputs.nixpkgs.follows = "nixpkgs";
    nix-gitea-themes.url = "git+https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git";
--- a/hosts/bekkalokk/configuration.nix
+++ b/hosts/bekkalokk/configuration.nix
@@ -6,13 +6,14 @@
    ../../base.nix
    ../../misc/metrics-exporters.nix
    ./services/website
    ./services/nginx.nix
    ./services/gitea/default.nix
    ./services/kerberos
    ./services/webmail
    ./services/mediawiki
    ./services/idp-simplesamlphp
    ./services/kerberos
    ./services/mediawiki
    ./services/nginx.nix
    ./services/vaultwarden.nix
    ./services/webmail
    ./services/website
  ];
  sops.defaultSopsFile = ../../secrets/bekkalokk/bekkalokk.yaml;
--- a/hosts/bekkalokk/services/gitea/default.nix
+++ b/hosts/bekkalokk/services/gitea/default.nix
@@ -1,4 +1,4 @@
-{ config, values, pkgs, ... }:
+{ config, values, pkgs, lib, ... }:
 let
  cfg = config.services.gitea;
  domain = "git.pvv.ntnu.no";
@@ -22,19 +22,19 @@ in {
  services.gitea = {
    enable = true;
    stateDir = "/data/gitea";
    appName = "PVV Git";
    database = {
      type = "postgres";
      host = "postgres.pvv.ntnu.no";
-      port = config.services.postgresql.port;
+      port = config.services.postgresql.settings.port;
      passwordFile = config.sops.secrets."gitea/database".path;
      createDatabase = false;
    };
    mailerPasswordFile = config.sops.secrets."gitea/email-password".path;
    # https://docs.gitea.com/administration/config-cheat-sheet
    settings = {
      server = {
        DOMAIN   = domain;
@@ -42,6 +42,7 @@ in {
        PROTOCOL = "http+unix";
        SSH_PORT = sshPort;
        START_SSH_SERVER = true;
        START_LFS_SERVER = true;
      };
      mailer = {
        ENABLED = true;
@@ -50,11 +51,45 @@ in {
        SMTP_ADDR = "smtp.pvv.ntnu.no";
        SMTP_PORT = 587;
        USER = "gitea@pvv.ntnu.no";
        SUBJECT_PREFIX = "[pvv-git]";
      };
      indexer.REPO_INDEXER_ENABLED = true;
-      service.DISABLE_REGISTRATION = true;
+      service = {
        DISABLE_REGISTRATION = true;
        ENABLE_NOTIFY_MAIL = true;
      };
      session.COOKIE_SECURE = true;
      database.LOG_SQL = false;
      repository = {
        PREFERRED_LICENSES = lib.concatStringsSep "," [
          "AGPL-3.0-only"
          "AGPL-3.0-or-later"
          "Apache-2.0"
          "BSD-3-Clause"
          "CC-BY-4.0"
          "CC-BY-NC-4.0"
          "CC-BY-NC-ND-4.0"
          "CC-BY-NC-SA-4.0"
          "CC-BY-ND-4.0"
          "CC-BY-SA-4.0"
          "CC0-1.0"
          "GPL-2.0-only"
          "GPL-3.0-only"
          "GPL-3.0-or-later"
          "LGPL-3.0-linking-exception"
          "LGPL-3.0-only"
          "LGPL-3.0-or-later"
          "MIT"
          "MPL-2.0"
          "Unlicense"
        ];
        DEFAULT_REPO_UNITS = lib.concatStringsSep "," [
          "repo.code"
          "repo.issues"
          "repo.pulls"
          "repo.releases"
        ];
      };
      picture = {
        DISABLE_GRAVATAR = true;
        ENABLE_FEDERATED_AVATAR = false;
@@ -99,9 +134,9 @@ in {
      logo-svg = ../../../../assets/logo_blue_regular.svg;
      logo-png = ../../../../assets/logo_blue_regular.png;
    in ''
-      install -Dm444 ${logo-svg} ${cfg.customDir}/public/img/logo.svg
+      install -Dm444 ${logo-svg} ${cfg.customDir}/public/assets/img/logo.svg
-      install -Dm444 ${logo-png} ${cfg.customDir}/public/img/logo.png
+      install -Dm444 ${logo-png} ${cfg.customDir}/public/assets/img/logo.png
-      install -Dm444 ${./loading.apng} ${cfg.customDir}/public/img/loading.png
+      install -Dm444 ${./loading.apng} ${cfg.customDir}/public/assets/img/loading.png
    '';
  };
 }
--- a/hosts/bekkalokk/services/kerberos/default.nix
+++ b/hosts/bekkalokk/services/kerberos/default.nix
@@ -1,18 +1,5 @@
 { config, pkgs, lib, ... }:
 {
  #######################
  # TODO: remove these once nixos 24.05 gets released
  #######################
  imports = [
    ./krb5.nix
    ./pam.nix
  ];
  disabledModules = [
    "config/krb5/default.nix"
    "security/pam.nix"
  ];
  #######################
  security.krb5 = {
    enable = true;
    settings = {
--- a/hosts/bekkalokk/services/mediawiki/default.nix
+++ b/hosts/bekkalokk/services/mediawiki/default.nix
@@ -86,7 +86,8 @@ in {
    };
    extensions = {
-      inherit (pkgs.mediawiki-extensions) DeleteBatch UserMerge PluggableAuth SimpleSAMLphp VisualEditor;
+      #inherit (pkgs.mediawiki-extensions) DeleteBatch UserMerge PluggableAuth SimpleSAMLphp VisualEditor;
      inherit (pkgs.mediawiki-extensions) UserMerge PluggableAuth SimpleSAMLphp VisualEditor;
    };
    extraConfig = ''
--- a/hosts/bekkalokk/services/vaultwarden.nix
+++ b/hosts/bekkalokk/services/vaultwarden.nix
@@ -0,0 +1,68 @@
 { config, pkgs, lib, ... }:
 let
  cfg = config.services.vaultwarden;
  domain = "pw.pvv.ntnu.no";
  address = "127.0.1.2";
  port = 3011;
  wsPort = 3012;
 in {
  sops.secrets."vaultwarden/environ" = {
    owner = "vaultwarden";
    group = "vaultwarden";
  };
  services.vaultwarden = {
    enable = true;
    dbBackend = "postgresql";
    environmentFile = config.sops.secrets."vaultwarden/environ".path;
    config = {
      domain = "https://${domain}";
      rocketAddress = address;
      rocketPort = port;
      websocketEnabled = true;
      websocketAddress = address;
      websocketPort = wsPort;
      signupsAllowed = true;
      signupsVerify = true;
      signupsDomainsWhitelist = "pvv.ntnu.no";
      smtpFrom = "vaultwarden@pvv.ntnu.no";
      smtpFromName = "VaultWarden PVV";
      smtpHost = "smtp.pvv.ntnu.no";
      smtpUsername = "vaultwarden";
      smtpSecurity = "force_tls";
      smtpAuthMechanism = "Login";
      # Configured in environ:
      # databaseUrl = "postgresql://vaultwarden@/vaultwarden";
      # smtpPassword = hemli
    };
  };
  services.nginx.virtualHosts."${domain}" = {
    forceSSL = true;
    enableACME = true;
    kTLS = true;
    extraConfig = ''
      client_max_body_size 128M;
    '';
    locations."/" = {
      proxyPass = "http://${address}:${toString port}";
      proxyWebsockets = true;
    };
    locations."/notifications/hub" = {
      proxyPass = "http://${address}:${toString wsPort}";
      proxyWebsockets = true;
    };
    locations."/notifications/hub/negotiate" = {
      proxyPass = "http://${address}:${toString port}";
      proxyWebsockets = true;
    };
  };
 }
--- a/hosts/buskerud/configuration.nix
+++ b/hosts/buskerud/configuration.nix
@@ -4,6 +4,8 @@
    ./hardware-configuration.nix
    ../../base.nix
    ../../misc/metrics-exporters.nix
    ./services/libvirt.nix
  ];
  # buskerud does not support efi?
--- a/hosts/buskerud/services/libvirt.nix
+++ b/hosts/buskerud/services/libvirt.nix
@@ -0,0 +1,10 @@
 { config, pkgs, lib, ... }:
 {
  virtualisation.libvirtd.enable = true;
  programs.dconf.enable = true;
  boot.kernelModules = [ "kvm-intel" ];
  # On a gui-enabled machine, connect with:
  # $ virt-manager --connect "qemu+ssh://buskerud/system?socket=/var/run/libvirt/libvirt-sock"
 }
--- a/hosts/ildkule/services/monitoring/loki.nix
+++ b/hosts/ildkule/services/monitoring/loki.nix
@@ -50,7 +50,6 @@ in {
        boltdb_shipper = {
          active_index_directory = "/var/lib/loki/boltdb-shipper-index";
          cache_location = "/var/lib/loki/boltdb-shipper-cache";
          shared_store = "filesystem";
          cache_ttl = "24h";
        };
        filesystem = {
@@ -59,14 +58,13 @@ in {
      };
      limits_config = {
-        enforce_metric_name = false;
+	allow_structured_metadata = false;
        reject_old_samples = true;
        reject_old_samples_max_age = "72h";
      };
      compactor = {
        working_directory = "/var/lib/loki/compactor";
        shared_store = "filesystem";
      };
      # ruler = {
--- a/secrets/bekkalokk/bekkalokk.yaml
+++ b/secrets/bekkalokk/bekkalokk.yaml
@@ -28,6 +28,8 @@ nettsiden:
        postgres_password: ENC[AES256_GCM,data:SvbrdHF4vQ94DgoEfy67QS5oziAsMT8H,iv:LOHBqMecA6mgV3NMfmfTh3zDGiDve+t3+uaO53dIxt4=,tag:9ffz84ozIqytNdGB1COMhA==,type:str]
        cookie_salt: ENC[AES256_GCM,data:VmODSLOP1YDBrpHdk/49qx9BS+aveEYDQ1D24d4zCi06kZsCENCr+vdPAnTeM1pw98RTr3yZAEQTh4s90b6v8Q==,iv:vRClu6neyYPFdtD63kjnvK2iNOIHMbh+9qEGph7CI60=,tag:66fgppVxY0egs4+9XfDBPA==,type:str]
        admin_password: ENC[AES256_GCM,data:SADr/zN3F0tW339kSK1nD9Pb38rw7hz8,iv:s5jgl1djXd5JKwx1WG/w2Q4STMMpjJP91qxOwAoNcL0=,tag:N8bKnO9N0ei06HDkSGt6XQ==,type:str]
 vaultwarden:
    environ: ENC[AES256_GCM,data:CST5I8x8qAkrTy/wbMLL6aFSPDPIU7aWsD1L1MnIATRmk7fcUhfTSFds7quJmIpb2znsIT/WxNI/V/7UW+9ZdPKI64hfPR8MtvrJcbOhU5Fe2IiytFymFbhcOgWAXjbGzs7knQmpfMxSl98sU71oLkRuFdkousdnh4VQFZhUCYM=,iv:Is6xQ7DGdcAQgrrXCS9NbJk67O2uR82rbKOXBTzZHWw=,tag:XVEjCEM5t8qJl6jL89zrkw==,type:str]
 sops:
    kms: []
    gcp_kms: []
@@ -61,8 +63,8 @@ sops:
            akVjeTNTeGorZjJQOVlMeCtPRUVYL3MK+VMvGxrbzGz4Q3sdaDDWjal+OiK+JYKX
            GHiMXVHQJZu/RrlxMjHKN6V3iaqxZpuvLAEJ2Lzy5EOHPtuiiRyeHQ==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-05-12T00:24:29Z"
+    lastmodified: "2024-05-26T02:07:41Z"
-    mac: ENC[AES256_GCM,data:/fh5yc09YTLT62oWVsz2CwW/mhEUI7uRh5fDRgLNeeBc/4bvM3z83xmy9veehmQhhCWjju2/CtYhaihm3bUPN4hu3wVzviIxvrS9lTcBUG+F/AH4SnF5Z1CGWb94Gqi/6OhQRIpA6azjISyv8lTAQ4TCqcOC4fz/c9KjqQ/CiGY=,iv:HjzzMRFz3+kZ4iDLn9kI80BwMDALkRX5gyOHARZSgDA=,tag:1ez7NiIavshfp4CTZNkW/Q==,type:str]
+    mac: ENC[AES256_GCM,data:CRaJefV1zcJc6eyzyjTLgd0+Wv46VT8o4iz2YAGU+c2b/Cr97Tj290LoEO6UXTI3uFwVfzii2yZ2l+4FK3nVVriD4Cx1O/9qWcnLa5gfK30U0zof6AsJx8qtGu1t6oiPlGUCF7sT0BW9Wp8cPumrY6cZp9QbhmIDV0o0aJNUNN4=,iv:8OSYV1eG6kYlJD4ovZZhcD1GaYnmy7vHPa/+7egM1nE=,tag:OPI13rpDh2l1ViFj8TBFWg==,type:str]
    pgp:
        - created_at: "2023-05-21T00:28:40Z"
          enc: |
@@ -86,3 +88,4 @@ sops:
          fp: F7D37890228A907440E1FD4846B9228E814A2AAC
    unencrypted_suffix: _unencrypted
    version: 3.8.1
--- a/users/felixalb.nix
+++ b/users/felixalb.nix
@@ -1,8 +1,12 @@
-{ pkgs, ... }:
+{ pkgs, lib, config, ... }:
 {
  users.users.felixalb = {
    isNormalUser = true;
-    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+    extraGroups = [
      "wheel"
    ] ++ lib.optionals ( config.users.groups ? "libvirtd" ) [
      "libvirtd"
    ];
    shell = pkgs.zsh;
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDKzPICGew7uN0cmvRmbwkwTCodTBUgEhkoftQnZuO4Q felixalbrigtsen@gmail.com"
Author	SHA1	Message	Date
h7x4	0301691b1c	gitea: enable notification mails	2024-07-04 20:41:46 +02:00
h7x4	946555e408	gitea: add subject prefix to mail	2024-07-04 20:36:44 +02:00
h7x4	e02062417a	gitea: move state back to /var/lib	2024-07-04 20:31:51 +02:00
h7x4	b2806d78af	gitea: enable lfs	2024-07-04 20:30:55 +02:00
h7x4	de2c7ea6f1	gitea: install custom images to correct dir	2024-07-04 20:29:50 +02:00
Felix Albrigtsen	106081c967	Merge pull request 'all: Update to nixos-24.05' (!43 ) from 24.05-for-real into main Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/43	2024-06-30 01:55:41 +02:00
Felix Albrigtsen	ca2deed668	WIP: all: Update to nixos-24.05	2024-06-30 01:55:25 +02:00
Oystein Kristoffer Tveit	bb2f7899db	Merge pull request 'bekkalokk/gitea: set default licenses and repo units' (!44 ) from gitea-set-misc-repo-settings into main Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/44	2024-06-29 23:16:17 +02:00
h7x4	c2b35a7ae4	bekkalokk/gitea: set default licenses and repo units	2024-06-29 23:14:41 +02:00
Felix Albrigtsen	c88c3f87e0	buskerud: add libvirtd	2024-06-22 17:36:30 +02:00
Felix Albrigtsen	c5bad75edc	bekkalokk/nettsiden: Update nettsiden to disable recurring events	2024-06-19 22:15:36 +02:00
Felix Albrigtsen	71479d5ca0	quickfix: bekkalokk/mediawiki: remove DeleteBatch	2024-05-27 11:02:35 +02:00
Felix Albrigtsen	cf01792269	bekkalokk/vaultarden: Add kTLS	2024-05-26 10:50:29 +02:00
Felix Albrigtsen	afae0da0b6	Merge pull request 'bekkalokk: add vaultwarden' (!40 ) from bekkalokk-vaultwarden into main Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/40	2024-05-26 04:21:28 +02:00
Felix Albrigtsen	35d745b156	bekkalokk: add vaultwarden	2024-05-26 04:19:17 +02:00