tuxcord/tuxcord.nix
8
2
Fork 1
Code Issues 13 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

treewide: refactor code

Browse Source
This commit is contained in:
Ryan
2026-05-03 18:08:13 -04:00
parent 89a0e5cf44
commit d0a81612e1
4 changed files with 45 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files
nixos/hosts/tuxcord-ca/default.nix
+1
View File
@@ -11,5 +11,6 @@
dns.enable = true; dns.enable = true;
networking.fqdn = "tuxcord.net"; networking.fqdn = "tuxcord.net";
time.timeZone = "Canada/Eastern"; time.timeZone = "Canada/Eastern";
} }
nixos/hosts/tuxcord-test/default.nix
+1
View File
@@ -1,5 +1,6 @@
{ {
acme.enable = false; acme.enable = false;
dns.enable = true; dns.enable = true;
networking.fqdn = "tuxcord.test"; networking.fqdn = "tuxcord.test";
} }
nixos/modules/dns.nix
+12 -17
View File
@@ -1,4 +1,9 @@
{ config, lib, ... }: {
config,
lib,
self,
...
}:
let let
cfg = config.dns; cfg = config.dns;
@@ -20,24 +25,17 @@ let
subdomain = name: "subdomain ${name}"; subdomain = name: "subdomain ${name}";
zoneDomain = zoneDomain =
if lib.strings.hasSuffix ".key.age" filename then if strings.hasSuffix ".key.age" filename then
lib.strings.removeSuffix ".key.age" filename strings.removeSuffix ".key.age" filename
else else
throw "${filename} is not a `.key.age` file"; throw "${filename} is not a `.key.age` file";
in in
{ {
inherit (config.age.secrets."dns/${filename}") path;
name = zoneDomain; name = zoneDomain;
path = config.age.secrets."dns/${filename}".path;
type = if zoneDomain == fqdn then zonesub else subdomain; type = if zoneDomain == fqdn then zonesub else subdomain;
} }
) agenixKeys; ) agenixKeys;
cfg = config.dns;
inherit (lib)
mkEnableOption
mkOption
mkIf
;
in in
{ {
options.dns = { options.dns = {
@@ -70,8 +68,7 @@ in
extraConfig = builtins.concatStringsSep "\n" (map (key: "include \"${key.path}\";") keys); extraConfig = builtins.concatStringsSep "\n" (map (key: "include \"${key.path}\";") keys);
zones = { zones."${fqdn}" = {
"${fqdn}" = {
# grant "tuxcord.net" zonesub ANY; # grant "tuxcord.net" zonesub ANY;
extraConfig = '' extraConfig = ''
update-policy { update-policy {
@@ -84,10 +81,6 @@ in
master = true; master = true;
}; };
}; };
};
networking.firewall.allowedTCPPorts = [ config.services.bind.listenOnPort ];
networking.firewall.allowedUDPPorts = [ config.services.bind.listenOnPort ];
environment.persistence."/persist" = { environment.persistence."/persist" = {
directories = [ directories = [
@@ -98,5 +91,7 @@ in
} }
]; ];
}; };
networking.firewall.allowedUDPPorts = [ config.services.bind.listenOnPort ];
}; };
} }
nixos/modules/gitea.nix
+20 -12
View File
@@ -1,4 +1,4 @@
{ config, lib, ... }: { config, ... }:
let let
inherit (config.networking) fqdn; inherit (config.networking) fqdn;
@@ -8,25 +8,33 @@ in
services.gitea = { services.gitea = {
enable = true; enable = true;
appName = "Tuxcord's Gitea"; appName = "TuxCord Gitea";
database.type = "mysql"; database.type = "mysql";
lfs.enable = true; lfs.enable = true;
settings.server.DOMAIN = fqdn; settings = {
settings.server.ROOT_URL = "${if isHTTPS then "https" else "http"}://${fqdn}/"; server = {
settings.server.HTTP_PORT = 3000; DOMAIN = fqdn;
ROOT_URL = "${if acmeEnabled then "https" else "http"}://${fqdn}/";
HTTP_PORT = 3000;
};
settings.service.DISABLE_REGISTRATION = true; service = {
settings.service.REQUIRE_SIGNIN_VIEW = false; DISABLE_REGISTRATION = true;
REQUIRE_SIGNIN_VIEW = false;
};
settings.repository.ENABLE_PUSH_CREATE_USER = true; repository = {
settings.repository.ENABLE_PUSH_CREATE_ORG = true; ENABLE_PUSH_CREATE_USER = true;
settings.repository.DEFAULT_BRANCH = "main"; ENABLE_PUSH_CREATE_ORG = true;
DEFAULT_BRANCH = "main";
};
# settings.ui.DEFAULT_THEME = "..."; # ui.DEFAULT_THEME = "...";
# TODO: once we have email setup this would be nice # TODO: once we have email setup this would be nice
settings.mailer.ENABLED = true; mailer.ENABLED = true;
};
}; };
} }