fix: basicly everything wrong

hosts/bernie/services.nix

@@ -3,7 +3,7 @@ _: {
     vscode-server.enable = false;
     miniflux.enable = false;
     matrix.enable = true;
-    gitea.enable = true;
+    forgejo.enable = true;
     vaultwarden.enable = true;
     isabelroses-web.enable = true;
     nginx.enable = true;
@@ -22,6 +22,7 @@ _: {
       mysql.enable = false;
       mongodb.enable = false;
       postgresql.enable = true;
+      redis.enable = true;
     };
   };
 }

modules/common/core/system/virtualization/default.nix

@@ -62,26 +62,25 @@ in {
 
       waydroid.enable = cfg.waydroid.enable;
       lxd.enable = mkDefault config.virtualisation.waydroid.enable;
-
-      systemd.user = mkIf cfg.distrobox.enable {
-        timers."distrobox-update" = {
-          enable = true;
-          wantedBy = ["timers.target"];
-          timerConfig = {
-            OnBootSec = "1h";
-            OnUnitActiveSec = "1d";
-            Unit = "distrobox-update.service";
-          };
+    };
+    systemd.user = mkIf cfg.distrobox.enable {
+      timers."distrobox-update" = {
+        enable = true;
+        wantedBy = ["timers.target"];
+        timerConfig = {
+          OnBootSec = "1h";
+          OnUnitActiveSec = "1d";
+          Unit = "distrobox-update.service";
         };
+      };
 
-        services."distrobox-update" = {
-          enable = true;
-          script = ''
-            ${pkgs.distrobox}/bin/distrobox upgrade --all
-          '';
-          serviceConfig = {
-            Type = "oneshot";
-          };
+      services."distrobox-update" = {
+        enable = true;
+        script = ''
+          ${pkgs.distrobox}/bin/distrobox upgrade --all
+        '';
+        serviceConfig = {
+          Type = "oneshot";
         };
       };
     };

modules/common/secrets/default.nix

@@ -40,10 +40,10 @@ in {
         group = "grafana";
       };
 
-      mailserver-gitea = {};
-      mailserver-gitea-nohash = mkIf services.gitea.enable {
-        owner = "git";
-        group = "git";
+      mailserver-git = {};
+      mailserver-git-nohash = mkIf services.forgejo.enable {
+        owner = "forgejo";
+        group = "forgejo";
       };
 
       isabelroses-web-env = {};

modules/common/secrets/secrets.yaml

@@ -1,7 +1,7 @@
 cloudflared-hydra: ENC[AES256_GCM,data:XXOt3t4FgbmSvtBrwPZRo/8xSg2BxUUYs2zAjQ2GuXVNiGEOP3YlJrHipKyS1HddNrTiiff4JkZ44XdknSFY/9HuS3Go3nzW8a9meuT9QYIM8uhu4qZxJp2m/PZirVo4sdB+0X+mkJ2hKaYQv7Y2YbclKbVUIpHR5J6jO0p5FY3ElbIJk9wmzzWfXWhgirWQiOTmqvoj+rSoZwpYePtwoRt/,iv:E7tfKiECbLoXo7z0Y/Cc/BI9jBGzECHWDSbFMKEICbw=,tag:2ptEB9HZQqyDnYnhDA/5Lw==,type:str]
 mailserver-isabel: ENC[AES256_GCM,data:uNP6R523G13QJECxiOvB+VYlQxaoa0s/KHZNqju2vKk8hmwVO15q2bju3ReSLXEdlJgnztHQlYawmGUJlQ==,iv:l0NJJbuGdrZlcj13q3E6hiyZ5CQnzniVEH8wcE/Bm2s=,tag:MoYXL64pBvLH3GbjpNAY0g==,type:str]
-mailserver-gitea: ENC[AES256_GCM,data:5M4GqydqoS+8F0JsSFeR8kK/Uu0xu0zaG3fOFgqooD4kRHDt362sMsKddQSGmpCKK09zQkxMGZHUcLF4nA==,iv:bZA7kdtDEBBAeESyQ7t/F/JgfIpQJeCwFDxVXzkI978=,tag:EIAyL4d/uhBpFu8TbdtRsA==,type:str]
-mailserver-gitea-nohash: ENC[AES256_GCM,data:wI6gb1kYXcF3qhtadVqPRDcOr7BkOLpElXPkBSEvAAU=,iv:JvYq2eL22tOY7i//zg5svF1oC9EnbrBTYNILEyHCl2Q=,tag:eMWpwEPRiAgW/oxrNnBH8g==,type:str]
+mailserver-git: ENC[AES256_GCM,data:R1nebSE2gruLeVfWWo8yVWVd61csHcFX5YU5ny1HhjF+QtRTCzeuQM3cuA+KpF5F0L0tbUfxu7TtwdHU6w==,iv:5l4mybyPNb417mehMN8QDg7J4bcWM8H8NKE7wOLnzDM=,tag:uEpdZB6F6ZyN6vr41Ibu1g==,type:str]
+mailserver-git-nohash: ENC[AES256_GCM,data:HhdVz51pDNqL3PjT0vGxO20yAGsjyRe6IbazksLp3Yo=,iv:k7ST3caDuG80b5Y4fZq1LPj7nYCyd49am3oXPo0amng=,tag:WilB485p59lJEAmvcHePnA==,type:str]
 mailserver-grafana: ENC[AES256_GCM,data:8jLMabqJ7TkIOJGzYyBkkt+iyc7nXQOGXP+N7TyfRuEKaU0YP+zoAzSv4jM31wQyjl5/QrMvSwE13AS1Vw==,iv:cjkGDdJvT7DrZSB7htgVLp+TsHyFqX0eeFRjB5lbfPI=,tag:7j0tw/39/Z3tUGci2IKTPw==,type:str]
 mailserver-grafana-nohash: ENC[AES256_GCM,data:SAHerwdB0jFI5PNX5Ot9liqVPl0WQn/ZL1xerzODMjLi,iv:/2L/f9rx8pHRiK/4a7fzPBt6yMIU1yZaz7BO1jiBUq8=,tag:nhCWGLnCwKW/vyOD6dZHbA==,type:str]
 mailserver-vaultwarden: ENC[AES256_GCM,data:/rvxrhm3TZza3dFuz2aFp06W7iDG/whjxreg3+kJuAufIYNS46Hl6pLoZDbKelXFkn+1Ugvykef9DBEL3Q==,iv:ny/H1R7cHKmp3r+4YtFbZbC+1MACn3KVX5ROd80iYKM=,tag:4h7FrCFTRRD7sePfOAzhqw==,type:str]
@@ -43,8 +43,8 @@ sops:
             cDRpZkkxZWhiVmN1Y1FSRm5seVpmbnMKl7CHdNdXOr67tCjYp+jhUSYImndyvhQP
             heUpcdBCJADlE9oG6lDr4ngwdHFqVrN757uMqZWEbT80hzZUXVRArw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-10-16T15:03:31Z"
-    mac: ENC[AES256_GCM,data:v7B3JvGqdDk9F8mjNB0arsiHQ0Cgs4EURnpbYI/RBn0Jd7V2CCEV9EbA1mtrEuqn41nM+OwPfm2jCHGxFfRbNFwQfdR5/8aV1l8ZZ+CsC3li05tw2tjLnsqlfV0gzZ4RcFoSvp/kTDF+85JUPSnuaIeuSxGU/Rm4NTxaMNj/2cg=,iv:hZf/1nINSr7dha3k1+/KB0cSoHuHpaRf10q986WS4ko=,tag:V072vA3/PI7F+D2rbC91Sw==,type:str]
+    lastmodified: "2023-10-19T01:24:14Z"
+    mac: ENC[AES256_GCM,data:y6PlB4CDfz7h8TNjakGsBw1F+8oyibgKpqJl0ob6lVJ6SG6RAYlza+wc5V5LWuVLGxMi0hgbGAtMqR8LjUV75ljudxL+EXBID/QYflTonCV0rJKXJpbIAWM/rUPTyT//MkNXfRV2wdz3CbSVIoaHp71E4GDRKhgyVosIU1JTuEg=,iv:ZYd3LTrQix0DNy0pz+c+Yq7+KB/UiUBRMvy3O/XWqsg=,tag:BuzPtYTXVvi54U4OxCuF1w==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.8.0
+    version: 3.8.1

modules/common/types/server/services/databases/default.nix

@@ -3,5 +3,6 @@ _: {
     ./mongodb
     ./postgresql
     ./mysql
+    ./redis
   ];
 }

modules/common/types/server/services/databases/postgresql/default.nix

@@ -29,7 +29,7 @@ in {
 
       ensureDatabases = [
         "miniflux"
-        "gitea"
+        "forgejo"
         "grafana"
         "vaultwarden"
       ];
@@ -43,8 +43,8 @@ in {
           ensurePermissions."ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
         }
         {
-          name = "gitea";
-          ensurePermissions."DATABASE gitea" = "ALL PRIVILEGES";
+          name = "forgejo";
+          ensurePermissions."DATABASE forgejo" = "ALL PRIVILEGES";
         }
         {
           name = "grafana";

modules/common/types/server/services/databases/redis/default.nix

@@ -5,19 +5,19 @@
 }: let
   inherit (lib) mkIf;
 
-  cfg = config.modules.services.database.redis;
+  cfg = config.modules.services;
 in {
-  config = mkIf cfg.enable {
+  config = mkIf cfg.database.redis.enable {
     services.redis = {
       vmOverCommit = true;
       servers = {
-        gitea = mkIf cfg.gitea.enable {
+        forgejo = mkIf cfg.forgejo.enable {
           enable = true;
-          user = "gitea";
+          user = "forgejo";
           port = 6371;
           databases = 16;
           logLevel = "debug";
-          requirePass = "gitea";
+          requirePass = "forgejo";
         };
 
         searxng = mkIf cfg.searxng.enable {

modules/common/types/server/services/default.nix

@@ -4,7 +4,7 @@ _: {
     ./containers
     ./cyberchef
     ./databases
-    ./gitea
+    ./forgejo
     ./jellyfin
     ./mailserver
     ./matrix

modules/common/types/server/services/gitea/default.nix → modules/common/types/server/services/forgejo/default.nix

@@ -5,9 +5,9 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.services.gitea;
+  cfg = config.modules.services.forgejo;
   inherit (config.networking) domain;
-  gitea_domain = "git.${domain}";
+  forgejo_domain = "git.${domain}";
 
   # stole this from https://git.winston.sh/winston/deployment-flake/src/branch/main/config/services/gitea.nix who stole it from https://github.com/getchoo
   theme = pkgs.fetchzip {
@@ -18,20 +18,20 @@ with lib; let
 in {
   config = mkIf cfg.enable {
     networking.firewall.allowedTCPPorts = [
-      config.services.gitea.settings.server.HTTP_PORT
+      config.services.forgejo.settings.server.HTTP_PORT
       config.services.forgejo.settings.server.SSH_PORT
     ];
 
-    modules.system.services.database = {
+    modules.services.database = {
       redis.enable = true;
       postgresql.enable = true;
     };
 
     systemd.services = {
-      gitea = {
+      forgejo = {
         after = ["sops-nix.service"];
         preStart = let
-          inherit (config.services.gitea) stateDir;
+          inherit (config.services.forgejo) stateDir;
         in
           lib.mkAfter ''
             rm -rf ${stateDir}/custom/public
@@ -42,31 +42,32 @@ in {
     };
 
     services = {
-      gitea = {
+      forgejo = {
         enable = true;
         package = pkgs.forgejo;
-        appName = "iztea";
-        stateDir = "/srv/storage/gitea/data";
+        stateDir = "/srv/storage/forgejo/data";
+        lfs.enable = true;
 
-        mailerPasswordFile = config.sops.secrets.mailserver-gitea-nohash.path;
+        mailerPasswordFile = config.sops.secrets.mailserver-git-nohash.path;
 
         settings = {
           server = {
-            ROOT_URL = "https://${gitea_domain}";
+            ROOT_URL = "https://${forgejo_domain}";
             HTTP_PORT = 7000;
-            DOMAIN = "${gitea_domain}";
+            DOMAIN = "${forgejo_domain}";
 
-            START_SSH_SERVER = false;
             BUILTIN_SSH_SERVER_USER = "git";
-            SSH_PORT = 30;
             DISABLE_ROUTER_LOG = true;
-            SSH_CREATE_AUTHORIZED_KEYS_FILE = true;
             LANDING_PAGE = "/explore/repos";
+
+            START_SSH_SERVER = true;
+            SSH_CREATE_AUTHORIZED_KEYS_FILE = true;
+            SSH_PORT = 2222;
+            SSH_LISTEN_PORT = 2222;
           };
 
           default.APP_NAME = "iztea";
           attachment.ALLOWED_TYPES = "*/*";
-          service.DISABLE_REGISTRATION = true;
 
           ui = {
             DEFAULT_THEME = "catppuccin-mocha-sapphire";
@@ -86,17 +87,18 @@ in {
           database = {
             DB_TYPE = lib.mkForce "postgres";
             HOST = "/run/postgresql";
-            NAME = "gitea";
-            USER = "gitea";
-            PASSWD = "gitea";
+            NAME = "forgejo";
+            USER = "forgejo";
+            PASSWD = "forgejo";
           };
 
           cache = {
             ENABLED = true;
             ADAPTER = "redis";
-            HOST = "redis://:gitea@localhost:6371";
+            HOST = "redis://:forgejo@localhost:6371";
           };
 
+          service.DISABLE_REGISTRATION = true;
           migrations.ALLOWED_DOMAINS = "github.com, *.github.com, gitlab.com, *.gitlab.com";
           packages.ENABLED = false;
           repository.PREFERRED_LICENSES = "MIT,GPL-3.0,GPL-2.0,LGPL-3.0,LGPL-2.1";

modules/common/types/server/services/mailserver/default.nix

@@ -121,7 +121,7 @@ in {
 
         "git@${domain}" = {
           aliases = ["git" "git@${domain}"];
-          hashedPasswordFile = config.sops.secrets.mailserver-gitea.path;
+          hashedPasswordFile = config.sops.secrets.mailserver-git.path;
         };
 
         "vaultwarden@${domain}" = {

modules/common/types/server/services/monitoring/grafana/default.nix

@@ -13,72 +13,59 @@ in {
   config = mkIf cfg.enable {
     networking.firewall.allowedTCPPorts = [port];
 
-    services = {
-      postgresql = {
-        enable = true;
-        ensureDatabases = ["grafana"];
-        ensureUsers = [
-          {
-            name = "grafana";
-            ensurePermissions."DATABASE grafana" = "ALL PRIVILEGES";
-          }
-        ];
-      };
-
-      grafana = {
-        enable = true;
-        settings = {
-          analytics = {
-            reporting_enabled = false;
-            check_for_updates = false;
-          };
+    services.grafana = {
+      enable = true;
+      settings = {
+        analytics = {
+          reporting_enabled = false;
+          check_for_updates = false;
+        };
 
-          server = {
-            http_port = port;
-            http_addr = "0.0.0.0";
-            domain = "graph.${domain}";
-            enforce_domain = true;
-          };
+        server = {
+          http_port = port;
+          http_addr = "0.0.0.0";
+          domain = "graph.${domain}";
+          enforce_domain = true;
+        };
 
-          "auth.anonymous".enabled = true;
-          "auth.basic".enabled = false;
+        "auth.anonymous".enabled = false;
+        "auth.basic".enabled = false;
 
-          users = {
-            allow_signup = false;
-          };
+        users = {
+          allow_signup = false;
+        };
 
-          database = {
-            type = "postgres";
-            host = "/run/postgresql";
-            name = "grafana";
-            user = "grafana";
-            ssl_mode = "disable";
-          };
+        database = {
+          type = "postgres";
+          host = "/run/postgresql";
+          name = "grafana";
+          user = "grafana";
+          ssl_mode = "disable";
+        };
 
-          smtp = let
-            mailer = "grafana@${domain}";
-          in {
-            enabled = true;
+        smtp = let
+          mailer = "grafana@${domain}";
+        in {
+          enabled = true;
 
-            user = mailer;
-            password = "$__file{" + config.sops.secrets.mailserver-grafana-nohash.path + "}";
+          user = mailer;
+          password = "$__file{" + config.sops.secrets.mailserver-grafana-nohash.path + "}";
 
-            host = "mail.${domain}:465";
-            from_address = mailer;
-            startTLS_policy = "MandatoryStartTLS";
-          };
+          host = "mail.${domain}:465";
+          from_address = mailer;
+          startTLS_policy = "MandatoryStartTLS";
         };
-        provision = {
-          datasources.settings = {
-            datasources = [
-              {
-                name = "Prometheus";
-                type = "prometheus";
-                url = "http://localhost:9090";
-                orgId = 1;
-              }
-            ];
-          };
+      };
+      provision = {
+        datasources.settings = {
+          datasources = [
+            {
+              name = "Prometheus";
+              type = "prometheus";
+              url = "http://localhost:9090";
+              orgId = 1;
+            }
+          ];
         };
       };
     };