feat: initial commit

2025-04-05 13:31:32 +01:00 · 2025-04-05 13:31:32 +01:00 · 486bfc17d1
commit 486bfc17d1
11 changed files with 551 additions and 0 deletions
--- a/config/lxd.nix
+++ b/config/lxd.nix
@ -0,0 +1 @@
+{...}: {}
--- a/config/nixos.nix
+++ b/config/nixos.nix
@ -0,0 +1,79 @@
+{ modulesPath, pkgs, config, ... }:
+
+{
+  imports = [
+    # Include the default lxd configuration.
+    "${modulesPath}/virtualisation/proxmox-lxc.nix"
+    # Include the container-specific autogenerated configuration.
+    ./lxd.nix
+    ./services/opengist.nix
+  ];
+
+  networking = {
+    dhcpcd.enable = false;
+    useDHCP = false;
+    useHostResolvConf = false;
+    firewall.enable = false;
+  };
+
+  environment.systemPackages = with pkgs; [
+    git
+    curl
+    vim
+  ];
+
+  services.opengist = {
+    enable = true;
+    config = ./opengist.yml;
+  };
+
+  services.atticd = {
+    enable = true;
+
+    # Replace with absolute path to your environment file
+    environmentFile = config.age.secrets."atticd.env".path;
+
+    settings = {
+      listen = "0.0.0.0:8080";
+
+      jwt = { };
+
+      # Data chunking
+      #
+      # Warning: If you change any of the values here, it will be
+      # difficult to reuse existing chunks for newly-uploaded NARs
+      # since the cutpoints will be different. As a result, the
+      # deduplication ratio will suffer for a while after the change.
+      chunking = {
+        # The minimum NAR size to trigger chunking
+        #
+        # If 0, chunking is disabled entirely for newly-uploaded NARs.
+        # If 1, all NARs are chunked.
+        nar-size-threshold = 64 * 1024; # 64 KiB
+
+        # The preferred minimum size of a chunk, in bytes
+        min-size = 16 * 1024; # 16 KiB
+
+        # The preferred average size of a chunk, in bytes
+        avg-size = 64 * 1024; # 64 KiB
+
+        # The preferred maximum size of a chunk, in bytes
+        max-size = 256 * 1024; # 256 KiB
+      };
+    };
+  };
+
+  systemd.network = {
+    enable = true;
+    networks."50-eth0" = {
+      matchConfig.Name = "eth0";
+      networkConfig = {
+        DHCP = "ipv4";
+        IPv6AcceptRA = true;
+      };
+      linkConfig.RequiredForOnline = "routable";
+    };
+  };
+
+  system.stateVersion = "24.11"; # Did you read the comment?
+}
--- a/config/opengist.yml
+++ b/config/opengist.yml
@ -0,0 +1,118 @@
+# Learn more about Opengist configuration here:
+# https://github.com/thomiceli/opengist/blob/master/docs/configuration/configure.md
+# https://github.com/thomiceli/opengist/blob/master/docs/configuration/cheat-sheet.md
+
+# Set the log level to one of the following: debug, info, warn, error, fatal. Default: warn
+log-level: info
+
+# Set the log output to one or more of the following: `stdout`, `file`. Default: stdout,file
+log-output: stdout,file
+
+# Public URL to access to Opengist
+external-url:
+
+# Directory where Opengist will store its data. Default: ~/.opengist/
+opengist-home: /opt/opengist/data
+
+# Secret key used for session store & encrypt MFA data on database. Default: <randomized 32 bytes>
+secret-key:
+
+# URI of the database. Default: opengist.db (SQLite) is placed in opengist-home
+# SQLite:        file:/path/to/database
+# PostgreSQL:    postgres://user:password@host:port/database
+# MySQL/MariaDB: mysql://user:password@host:port/database
+db-uri: opengist.db
+
+# Enable or disable the code search index (either `true` or `false`). Default: true
+index.enabled: true
+
+# Name of the directory where the code search index is stored. Default: opengist.index
+index.dirname: opengist.index
+
+# Default branch name used by Opengist when initializing Git repositories.
+# If not set, uses the Git default branch name. See https://git-scm.com/book/en/v2/Getting-Started-First-Time-Git-Setup#_new_default_branch
+git.default-branch:
+
+# Set the journal mode for SQLite. Default: WAL
+# See https://www.sqlite.org/pragma.html#pragma_journal_mode
+# For SQLite databases only.
+sqlite.journal-mode: WAL
+
+# HTTP server configuration
+# Host to bind to. Default: 0.0.0.0
+http.host: 0.0.0.0
+
+# Port to bind to. Default: 6157
+http.port: 6157
+
+# Enable or disable git operations (clone, pull, push) via HTTP (either `true` or `false`). Default: true
+http.git-enabled: true
+
+# SSH built-in server configuration
+# Note: it is not using the SSH daemon from your machine (yet)
+
+# Enable or disable SSH built-in server
+# for git operations (clone, pull, push) via SSH (either `true` or `false`). Default: true
+ssh.git-enabled: false
+
+# Host to bind to. Default: 0.0.0.0
+ssh.host: 0.0.0.0
+
+# Port to bind to. Default: 2222
+# Note: it cannot be the same port as the SSH daemon if it's currently running
+# If you want to use the port 22 for the built-in SSH server,
+# you can either change the port of the SSH daemon or stop it
+ssh.port: 2222
+
+# Public domain for the Git SSH connection, if it has to be different from the HTTP one.
+# If not set, uses the URL from the request
+ssh.external-domain:
+
+# Path or alias to ssh-keygen executable. Default: ssh-keygen
+ssh.keygen-executable: ssh-keygen
+
+# OAuth2 configuration
+# The callback/redirect URL must be http://opengist.url/oauth/<github|gitlab|gitea|openid-connect>/callback
+
+# To create a new OAuth2 application using GitHub : https://github.com/settings/applications/new
+github.client-key:
+github.secret:
+
+# To create a new OAuth2 application using Gitlab : https://gitlab.com/-/user_settings/applications
+gitlab.client-key:
+gitlab.secret:
+# URL of the Gitlab instance. Default: https://gitlab.com/
+gitlab.url: https://gitlab.com/
+# The name of the GitLab instance. It is displayed in the OAuth login button. Default: GitLab
+gitlab.name: GitLab
+
+# To create a new OAuth2 application using Gitea : https://gitea.domain/user/settings/applications
+gitea.client-key:
+gitea.secret:
+# URL of the Gitea instance. Default: https://gitea.com/
+gitea.url: https://gitea.com/
+# The name of the Gitea instance. It is displayed in the OAuth login button. Default: Gitea
+gitea.name: Gitea
+
+# To create a new OAuth2 application using OpenID Connect:
+oidc.client-key:
+oidc.secret:
+# Discovery endpoint of the OpenID provider. Generally something like http://auth.example.com/.well-known/openid-configuration
+oidc.discovery-url:
+
+# Instance name
+# Set your own custom name to be displayed instead of 'Opengist'
+custom.name:
+
+# Custom assets
+# Add your own custom assets, that are files relatives to $opengist-home/custom/
+custom.logo:
+custom.favicon:
+
+# Static pages in footer (like legal notices, privacy policy, etc.)
+# The path can be a URL or a relative path to a file in the $opengist-home/custom/ directory
+custom.static-links:
+#  - name: Gitea
+#    path: https://gitea.com
+#  - name: Legal notices
+#    path: legal.html
--- a/config/services/opengist.nix
+++ b/config/services/opengist.nix
@ -0,0 +1,43 @@
+{ config, lib, pkgs, ... }:
+
+with lib;  # use the functions from lib, such as mkIf
+
+let
+  cfg = config.services.opengist;
+  src = builtins.fetchTarball { 
+    url = "https://github.com/thomiceli/opengist/releases/download/v1.9.1/opengist1.9.1-linux-amd64.tar.gz"; 
+    sha256 = "sha256:0cayri7yz792964mq3h52dryjs7rjn3xhw5papi589c8d9a0afw4";
+  };  
+in {
+  options = {
+    services.opengist = { 
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to enable OpenGist.
+        '';
+      };
+
+      config = mkOption {
+        type = types.path;
+        description = ''
+          The config path to use.
+        '';
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    systemd.services.opengist = {
+      path = [
+        pkgs.git
+        pkgs.openssh
+      ];
+      name = "opengist.service";
+      enable = true;
+      script = "${src}/opengist --config ${cfg.config}";
+      description = "OpenGist";
+    };
+  };
+}