litestream

2025-12-17 16:05:04 +00:00
parent 1550dac942
commit 8fb947095e
4 changed files with 76 additions and 1 deletions
--- a/profiles/gitea.nix
+++ b/profiles/gitea.nix
@@ -1,4 +1,4 @@
-{...}: {
+{pkgs, ...}: {
 	networking.firewall.allowedTCPPorts = [80 443];

 	services.gitea = {
@@ -25,6 +25,49 @@
 		};
 	};

+	users.users.litestream.extraGroups = ["gitea"];
+
+	systemd.services.gitea.serviceConfig.ExecStartPost =
+		"+"
+		+ pkgs.writeShellScript "grant-gitea-permissions" ''
+			timeout=10
+
+			while [ ! -f /var/lib/gitea/data/gitea.db ];
+			do
+				if [ "$timeout" == 0 ]; then
+					echo "ERROR: Timeout while waiting for /var/lib/gitea/data/gitea.db."
+					exit 1
+				fi
+
+				sleep 1
+
+				((timeout--))
+			done
+
+			find /var/lib/gitea -type d -exec chmod -v 775 {} \;
+			find /var/lib/gitea -type f -exec chmod -v 660 {} \;
+		'';
+
+	services.litestream = {
+		enable = true;
+		environmentFile = "/run/secrets/litestream";
+		settings = {
+			dbs = [
+				{
+					path = "/var/lib/gitea/data/gitea.db";
+					replicas = [
+						{
+							type = "s3";
+							bucket = "gitea-litestream";
+							path = "gitea";
+							endpoint = "s3.eu-central-003.backblazeb2.com";
+						}
+					];
+				}
+			];
+		};
+	};
+
 	services.caddy = {
 		enable = true;
 		virtualHosts."git.schmatzler.com".extraConfig = ''