fix: gitea: now works

2026-05-29 21:27:53 +00:00
parent 7d254cd8c4
commit e38c0c499f
3 changed files with 14 additions and 95 deletions
--- a/nixos/module/generic/matrix-cluster-users.nix
+++ b/nixos/module/generic/matrix-cluster-users.nix
@@ -14,6 +14,7 @@
    "lvgkcfjl"
    "MrAlex0O"
    "Антоша"
+    "snuff"
  ];

  adminNames = [ "yukkop" ];
--- a/nixos/system/bfs.poland.xray/bfs.poland.xray.nix
+++ b/nixos/system/bfs.poland.xray/bfs.poland.xray.nix
@@ -57,6 +57,15 @@ in {
    jitsi.preferredDomain = jitsiHost;
  };

+  hectic.services.media-browser = {
+    enable = true;
+    port = 3001;
+    s3Bucket = "matrix-hectic-lab";
+    s3Endpoint = "https://hel1.your-objectstorage.com";
+    s3Region = "hel1";
+    s3CredentialsFile = config.sops.secrets."matrix/object-storage/credentials".path;
+  };
+
  hectic.services.jitsi = {
    enable = true;
    hostName = jitsiHost;
--- a/nixos/system/hectic-lab/hectic-lab.nix
+++ b/nixos/system/hectic-lab/hectic-lab.nix
@@ -25,7 +25,6 @@ in {
    self.nixosModules.hectic
    self.nixosModules.matrix-cluster
    inputs.sops-nix.nixosModules.sops
-    self.nixosModules.matrix-cluster-users

    self.nixosModules."shadowsocks-rust" # NOTE(nrv): impl
    self.nixosModules."shadowsocks"      # NOTE(nrv): usage/instance
@@ -60,42 +59,6 @@ in {
    services.matrix = {
      enable = false;
    };
-
-    generic.matrix-cluster = {
-      enable        = true;
-      overrideEnableSynapse = false;
-      role          = "standby";
-      inherit matrixDomain;
-      signingKeyFile = config.sops.secrets."matrix/signing-key".path;
-      secretsFile    = config.sops.secrets."matrix/secrets".path;
-      turnSecretFile = config.sops.secrets."matrix/turn-secret".path;
-      publicIp       = "128.140.75.58";
-      objectStorage.s3 = {
-        bucket = "matrix-hectic-lab";
-        regionName = "hel1";
-        endpointUrl = "https://hel1.your-objectstorage.com";
-        credentialsFile = config.sops.secrets."matrix/object-storage/credentials".path;
-      };
-      replication = {
-        peerHost = "91.198.166.181";
-        passwordFile = config.sops.secrets."matrix/postgres-replication-password".path;
-        allowedSourceIPs = [ "91.198.166.181/32" ];
-      };
-      acme = {
-        enable = false;
-        porkbunApiKeyFile       = config.sops.secrets."matrix/porkbun-api-key".path;
-        porkbunSecretApiKeyFile = config.sops.secrets."matrix/porkbun-secret-api-key".path;
-      };
-    };
-
-    services.media-browser = {
-      enable = true;
-      port = 3001;
-      s3Bucket = "matrix-hectic-lab";
-      s3Endpoint = "https://hel1.your-objectstorage.com";
-      s3Region = "hel1";
-      s3CredentialsFile = config.sops.secrets."matrix/object-storage/credentials".path;
-    };
  };

  # NOTE(yukkop): disk was provisioned by Hetzner rescue image, disko was never
@@ -167,48 +130,6 @@ in {
  sops.secrets."init-postgresql" = {
    key = "init-postgresql";
  };
-  sops.secrets."matrix/secrets" = {
-    key = "matrix/secrets";
-    owner = "matrix-synapse";
-    sopsFile = "${flake}/sus/matrix-cluster.yaml";
-  };
-  sops.secrets."matrix/turn-secret" = {
-    key   = "matrix/turn-secret";
-    owner = "root";
-    group = "root";
-    mode  = "0400";
-    sopsFile = "${flake}/sus/matrix-cluster.yaml";
-  };
-  sops.secrets."matrix/object-storage/credentials" = {
-    key = "matrix/object-storage/credentials";
-    owner = "matrix-synapse";
-    mode = "0400";
-    sopsFile = "${flake}/sus/matrix-cluster.yaml";
-  };
-
-  # Shared cluster secrets (PL standby also reads from this file).
-  sops.secrets."matrix/signing-key" = {
-    key = "matrix/signing-key";
-    owner = "matrix-synapse";
-    mode = "0400";
-    sopsFile = "${flake}/sus/matrix-cluster.yaml";
-  };
-  sops.secrets."matrix/postgres-replication-password" = {
-    key = "matrix/postgres-replication-password";
-    owner = "postgres";
-    mode = "0400";
-    sopsFile = "${flake}/sus/matrix-cluster.yaml";
-  };
-  sops.secrets."matrix/porkbun-api-key" = {
-    key = "matrix/porkbun-api-key";
-    mode = "0400";
-    sopsFile = "${flake}/sus/matrix-cluster.yaml";
-  };
-  sops.secrets."matrix/porkbun-secret-api-key" = {
-    key = "matrix/porkbun-secret-api-key";
-    mode = "0400";
-    sopsFile = "${flake}/sus/matrix-cluster.yaml";
-  };

  services.mailserver = {
    enable = true;
@@ -319,7 +240,8 @@ in {
        '';
      };
    };
-    virtualHosts."gitea.${domain}" = sslOpts // {
+    virtualHosts."gitea.${domain}" = {
+      enableACME = true;
      forceSSL = true;
      locations."/" = {
        extraConfig = ''
@@ -333,32 +255,19 @@ in {
  services = {
    gitea = {
      enable = true;
+      settings.service.DISABLE_REGISTRATION = false;
      settings.server = {
        HTTP_PORT = 11011;
        SSH_PORT = 11012;
      };
      database = {
-        createDatabase = false;
+        createDatabase = true;
        type = "postgres";
        socket = "/run/postgresql";
        user = "gitea";
        name = "gitea";
      };
    };
-
-    postgresql = {
-      enable = true;
-      ensureDatabases = [ "gitea" ];
-      ensureUsers = [
-        {
-          name = "gitea";
-          ensureDBOwnership = true;
-        }
-      ];
-      authentication = ''
-          local gitea gitea peer
-      '';
-    };
  };

  # === WireGuard (disabled) ===