[gitea] Moves database password into an sops secret

2025-03-18 15:38:49 -07:00
parent 18cb388ebb
commit 8bd3088bcf
16 changed files with 193 additions and 75 deletions
--- a/system/hosts/mcp/containers.nix
+++ b/system/hosts/mcp/containers.nix
@@ -3,6 +3,7 @@
 {
  # Additional configuration
  imports = [
+    ./containers/gitea.nix
    ./containers/grafana.nix
    ./containers/jobhunt.nix
    ./containers/nextcloud.nix
@@ -60,14 +61,10 @@
  virtualisation.oci-containers.backend = "podman";
  virtualisation.oci-containers.containers =
    let
-      havenisms = "havenisms.com";
-      blazestar = "blazestar.net";
-      hostRule = host: domain: "Host(`${host}.${domain}`)";
-      hostRuleHavenisms = host: hostRule host havenisms;
-      localNet = "192.168.0.0/16";
-      localNetRule = "ClientIP(`${localNet}`)";
-      localHostRule = host: domain: "${localNetRule} && ${hostRule host domain}";
-      localHostRuleHavenisms = host: localHostRule host havenisms;
+      inherit (import ./containers/lib.nix config)
+        hostRuleHavenisms
+        localHostRuleHavenisms
+        havenisms;
    in
    {
      traefik = {
@@ -373,39 +370,5 @@
          "/tank/config/valkey:/usr/local/etc/valkey"
        ];
      };
-      gitea = {
-        image = "gitea/gitea:latest-rootless";
-        autoStart = true;
-        dependsOn = [
-          "db"
-        ];
-        extraOptions = [
-          "-l=traefik.enable=true"
-          "-l=traefik.http.routers.gitea.rule=${hostRule "git" blazestar}"
-          "-l=traefik.http.services.gitea.loadbalancer.server.port=3000"
-          "-l=homepage.group=Apps"
-          "-l=homepage.name=Gitea"
-          "-l=homepage.icon=gitea.png"
-          "-l=homepage.href=https://git.${blazestar}"
-          "-l=homepage.description=Git Server"
-        ];
-        ports = [
-          "2222:2222"
-        ];
-        volumes = [
-          "/tank/git:/var/lib/gitea"
-          "/tank/config/gitea:/etc/gitea"
-        ];
-        user = toString config.users.users.gitea.uid;
-        environment = {
-          USER_UID = toString config.users.users.gitea.uid;
-          USER_GID = toString config.users.groups.git.gid;
-          GITEA__database__DB_TYPE = "postgres";
-          GITEA__database__HOST = "db";
-          GITEA__database__NAME = "gitea";
-          GITEA__database__USER = "gitea";
-          GITEA__database__PASSWD = "gitea123";
-        };
-      };
    };
 }