cschmatzler/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(gitea): convert profile to configurable module

Browse Source 
- Move gitea.nix from profiles/ to modules/ with mkOption-based config
- Make litestream/restic buckets and secret paths configurable
- Rename secrets to consistent michael-gitea-* naming
- Configure gitea module in hosts/michael/default.nix
This commit is contained in:
Christoph Schmatzler
2026-01-04 19:50:23 +00:00
parent 79f62258e2
commit 0c6c138da5
6 changed files with 216 additions and 154 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
hosts/michael/default.nix
View File

@@ -2,6 +2,7 @@
modulesPath,
hostname,
inputs,
config,
user,
...
}: {
@@ -11,16 +12,29 @@
./disk-config.nix
./hardware-configuration.nix
./secrets.nix
../../modules/gitea.nix
../../profiles/core.nix
../../profiles/openssh.nix
../../profiles/fail2ban.nix
../../profiles/gitea.nix
../../profiles/nixos.nix
../../profiles/tailscale.nix
inputs.disko.nixosModules.disko
inputs.sops-nix.nixosModules.sops
];
my.gitea = {
enable = true;
litestream = {
bucket = "michael-gitea-litestream";
secretFile = config.sops.secrets.michael-gitea-litestream.path;
};
restic = {
bucket = "michael-gitea-repositories";
passwordFile = config.sops.secrets.michael-gitea-restic-password.path;
environmentFile = config.sops.secrets.michael-gitea-restic-env.path;
};
};
home-manager.users.${user} = {
imports = [
inputs.nixvim.homeModules.nixvim

18
hosts/michael/secrets.nix
View File

@@ -1,18 +1,20 @@
{...}: {
sops.secrets.gitea-litestream = {
sops.secrets.michael-gitea-litestream = {
sopsFile = ../../secrets/michael-gitea-litestream;
format = "binary";
};
sops.secrets.restic-gitea-password = {
sopsFile = ../../secrets/michael-restic-gitea-password;
format = "binary";
owner = "gitea";
group = "gitea";
};
sops.secrets.restic-gitea-env = {
sopsFile = ../../secrets/michael-restic-gitea-env;
sops.secrets.michael-gitea-restic-password = {
sopsFile = ../../secrets/michael-gitea-restic-password;
format = "binary";
owner = "gitea";
group = "gitea";
};
sops.secrets.michael-gitea-restic-env = {
sopsFile = ../../secrets/michael-gitea-restic-env;
format = "binary";
owner = "gitea";
group = "gitea";