From c84ee9b291508cbb4be92d23a0e393d7d91aeab5 Mon Sep 17 00:00:00 2001
From: janabhumi <dmitriy@ideascup.me>
Date: Tue, 18 Oct 2022 00:42:23 +0300
Subject: [PATCH] machines/magenta: restructure services

---
 .gitattributes                                |   2 +-
 flake.nix                                     |   5 +
 machines/magenta/default.nix                  | 120 +---------------
 machines/magenta/mail-accounts.nix            | Bin 867 -> 0 bytes
 machines/magenta/services/gitea.nix           | 135 ++++++++++++++++++
 .../magenta/services/mailserver-accounts.nix  | Bin 0 -> 873 bytes
 machines/magenta/services/mailserver.nix      |  18 +++
 users/jan/default.nix                         |  18 +--
 8 files changed, 168 insertions(+), 130 deletions(-)
 delete mode 100644 machines/magenta/mail-accounts.nix
 create mode 100644 machines/magenta/services/gitea.nix
 create mode 100644 machines/magenta/services/mailserver-accounts.nix
 create mode 100644 machines/magenta/services/mailserver.nix

diff --git a/.gitattributes b/.gitattributes
index f3daf0d..b79f44d 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -3,4 +3,4 @@
 secrets.config.nix filter=git-crypt diff=git-crypt
 **/*.age filter=git-crypt diff=git-crypt
 
-machines/magenta/mail-accounts.nix filter=git-crypt diff=git-crypt
+machines/magenta/services/mailserver-accounts.nix filter=git-crypt diff=git-crypt
diff --git a/flake.nix b/flake.nix
index bd229f9..6ce9a14 100644
--- a/flake.nix
+++ b/flake.nix
@@ -128,6 +128,11 @@
                     };
                     config.deployment = { inherit targetHost; };
                   })
+                  # base home manager settings
+                  ({ ... }: {
+                    home-manager.useGlobalPkgs = true;
+                    home-manager.useUserPackages = true;
+                  })
                 ];
             })
           (import ./machines inputs);
diff --git a/machines/magenta/default.nix b/machines/magenta/default.nix
index cd3f674..4b484f4 100644
--- a/machines/magenta/default.nix
+++ b/machines/magenta/default.nix
@@ -7,10 +7,11 @@ in
   imports = [
     ./hardware-configuration.nix
     ./networking.nix # generated at runtime by nixos-infect
-    ./mail-accounts.nix
     ../modules/common.nix
     ../modules/nix.nix
     ../modules/nginx.nix
+    ./services/mailserver.nix
+    ./services/gitea.nix
   ];
 
   boot.cleanTmpDir = true;
@@ -24,121 +25,4 @@ in
     acceptTerms = true;
     defaults.email = "dmitriy@pleshevski.ru";
   };
-
-  # See: https://nixos-mailserver.readthedocs.io/en/latest/options.html
-  mailserver = {
-    enable = true;
-    fqdn = "mail.pleshevski.ru";
-    domains = [ "pleshevski.ru" ];
-
-    # Use Let's Encrypt certificates. Note that this needs to set up a stripped
-    # down nginx and opens port 80.
-    certificateScheme = 3;
-
-    hierarchySeparator = "/";
-  };
-
-  services.postgresql = {
-    enable = true;
-    package = pkgs.postgresql_14;
-  };
-
-  programs.gnupg.agent.enable = true;
-
-  services.gitea = {
-    enable = true;
-    httpPort = 9901;
-    domain = "nix-git.pleshevski.ru";
-    rootUrl = "https://nix-git.pleshevski.ru";
-    appName = "Pleshevskiy Git Repositories";
-    mailerPasswordFile = config.age.secrets.gitea-mailserver-passfile.path;
-    database = {
-      type = "postgres";
-      host = "/run/postgresql";
-      port = config.services.postgresql.port;
-    };
-    lfs.enable = true;
-    settings = {
-      log.LEVEL = "Error";
-      metrics.ENABLED = true;
-      database.CHARSET = "utf8";
-      server.DISABLE_ROUTER_LOG = true;
-      service = {
-        ALLOW_ONLY_EXTERNAL_REGISTRATION = false;
-        DEFAULT_KEEP_EMAIL_PRIVATE = false;
-        DEFAULT_ALLOW_CREATE_ORGANIZATION = true;
-        DEFAULT_ENABLE_TIMETRACKING = true;
-        DEFAULT_ENABLE_DEPENDENCIES = false;
-        DISABLE_REGISTRATION = true;
-        ENABLE_NOTIFY_MAIL = false;
-        ENABLE_CAPTCHA = false;
-        ENABLE_TIMETRACKING = false;
-        REQUIRE_SIGNIN_VIEW = false;
-        REGISTER_EMAIL_CONFIRM = false;
-        NO_REPLY_ADDRESS = "noreply.pleshevski.ru";
-      };
-      repository = {
-        DISABLE_MIGRATIONS = false;
-        DISABLE_HTTP_GIT = false;
-        DISABLE_STARS = true;
-        DEFAULT_BRANCH = "main";
-        DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH = true;
-      };
-      "repository.signing" = {
-        SIGNING_KEY = "default";
-        DEFAULT_TRUST_MODEL = "collaboratorcommiter";
-        MERGES = "pubkey,basesigned,commitssigned";
-      };
-      "repository.local" = {
-        LOCAL_COPY_PATH = "${config.services.gitea.stateDir}/tmp/local-repo";
-      };
-      "repository.upload" = {
-        TEMP_PATH = "${config.services.gitea.stateDir}/uploads";
-        ALLOWED_TYPES = "image/*";
-      };
-      "repository.pull-request" = {
-        WORK_IN_PROGRESS_PREFIXES = "Draft:,[Draft]:,WIP:,[WIP]:";
-      };
-      indexer = {
-        ISSUE_INDEXER_PATH = "${config.services.gitea.stateDir}/indexers/issues.bleve";
-      };
-      sessions = {
-        PROVIDER = "file";
-        PROVIDER_CONFIG = "${config.services.gitea.stateDir}/sessions";
-      };
-      picture = {
-        AVATAR_UPLOAD_PATH = "${config.services.gitea.stateDir}/avatars";
-        REPOSITORY_AVATAR_UPLOAD_PATH = "${config.services.gitea.stateDir}/repo-avatars";
-        DISABLE_GRAVATAR = false;
-        ENABLE_FEDERATED_AVATAR = true;
-      };
-      attachment = {
-        PATH = "${config.services.gitea.stateDir}/attachments";
-      };
-      mailer = {
-        ENABLED = true;
-        MAILER_TYPE = "smtp";
-        FROM = "\"${config.services.gitea.appName}\" <no-reply@pleshevski.ru>";
-        USER = "dmitriy@pleshevski.ru";
-        HOST = "mail.pleshevski.ru:465";
-      };
-      openid = {
-        ENABLE_OPENID_SIGNIN = true;
-        ENABLE_OPENID_SIGNUP = false;
-      };
-    };
-  };
-
-
-  services.nginx.virtualHosts."nix-git.pleshevski.ru" = {
-    enableACME = true;
-    forceSSL = true;
-    locations."/".proxyPass = "http://localhost:${toString config.services.gitea.httpPort}/";
-  };
-
-  age.secrets.gitea-mailserver-passfile = {
-    file = ../../secrets/mailserver-users-jan-passfile.age;
-    owner = config.services.gitea.user;
-    group = "gitea";
-  };
 }
diff --git a/machines/magenta/mail-accounts.nix b/machines/magenta/mail-accounts.nix
deleted file mode 100644
index 27d2a695a969aa8c0b620134a72106a849b680f0..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 867
zcmV-p1DyN-M@dveQdv+`0PiHEWso&$aGn!K8y_0B^<k(wxB(_BaAUJ}QNVM?GV@CJ
z<4JP{`@yCZVRC58w|+VS{wH)SIJ%s%VNNNfZM*BmKX}*OWn3`Q4I{BeFw-&xN_Nbo
zztZt+11^U4toxGE#<4&W@rb4go0$E?X2#?HzxJ9n%cS~gx^riMo4pFMA&x01w53^R
zExED3jfl*~b}Ux0|MIQ5alsdrg;)pt(q3h^rjg#`n?^0aBv62_{54a8;N9KxGWJf;
z*BU(cj;5BZ2Wj*iNa?<Q5<*=v7)bT01^`fp?RN+e_mv}6h{{xun=hX!POzqJO*J-e
zEAN|TSOTkW@Z8Xm8(<xcxUEC`>IjFNWOsow-%2O%X3Jbw20Qn%e|91^Ty*6gM>elM
zz}n+aQAxyH&=~mRNWFR?L)bl20MnZ|I+hp&;!~g|^-(H*+V-2{LZrM~`{`hK>W3mr
zLYsVNj__*5{nL4w@sw^CXqY2nGW~C{tdqIU1-)ZcR5H{Y(=B{w{?xZ{k(3Gcx&2q<
zMD{Zt86|B!!0o@QHC$mex}M5uTaS9$+@Gf&gs<Z(<+ozK8n`w9@MAV?(!N%od_8T-
zW=9Qi;cK-uXI9~UcdPqfk430a4W>)+KPMyPTFhsP$HHj)T9bF5M9sSzws|;t{3ZZp
zi_E`>TTb2)=vHzmt4a_F^e8f*Al0#u{qe9{rUNzB;LyC7m|_*@pa{UXBv(y6h>Wg`
zq0=kf3AP{h1^3-f#rts7qe+^$vepp-XK2I#;qL*uN%NM&SW~88HKc0Zy%<|t3wcwL
zD=(g0cGZORva1Xi$HX0H!>tDwc;VHlj#bCO$sqyhAVck9_GQ{c!PWHTEEIwlV)JtQ
z+tXMgZ1-kDf67Q9O=NTGv1Q<@hrLSwD2L!i{YMe~lFF#3#>&oh8d$?$1CF=()!to~
z^Qm3I0;CP7`cRk6=5z*TKlI;wcT+p5lgQQOuo^SP<1S(h5Do$k<f3JQPX2&@hLhl}
zs8(T7eb8=qXmWG#WIkuPTqmLmgHbGa0%o2EIAV^BnVD|%s$#t*72W|*=T;`@Nu2{F
tL~h!EG9B%O3qx>J--vl=0ecqpMI^z}nVXiA#DgkR1ipAm4=?^Hz#=wGv&8@a

diff --git a/machines/magenta/services/gitea.nix b/machines/magenta/services/gitea.nix
new file mode 100644
index 0000000..27deb90
--- /dev/null
+++ b/machines/magenta/services/gitea.nix
@@ -0,0 +1,135 @@
+{ config, pkgs, lib, ... }:
+
+let hostname = "nix-git.pleshevski.ru"; in
+{
+  services.postgresql.package = pkgs.postgresql_14;
+
+  programs.git = {
+    enable = true;
+    config = {
+      user = {
+        email = "gitea@noreply.pleshevski.ru";
+        name = "Gitea";
+        signingKey = "7B1C00B534537C0E";
+      };
+      gpg.program = "/run/current-system/sw/bin/gpg";
+      commit.gpgSign = true;
+      tag.gpgSign = true;
+      core = {
+        quotePath = false;
+        commitGraph = true;
+      };
+      receive = {
+        advertisePushOptions = true;
+        procReceiveRefs = "refs/for";
+      };
+      gc.writeCommitGraph = true;
+    };
+  };
+
+  programs.gnupg.agent.enable = true;
+
+  services.gitea = {
+    enable = true;
+    httpPort = 9901;
+    domain = hostname;
+    rootUrl = "https://${hostname}";
+    appName = "Pleshevskiy Git Repositories";
+    mailerPasswordFile = config.age.secrets.gitea-mailserver-passfile.path;
+    database = {
+      type = "postgres";
+      host = "/run/postgresql";
+      port = config.services.postgresql.port;
+    };
+    lfs.enable = true;
+    settings = {
+      log = {
+        LEVEL = "Debug";
+        ENABLE_SSH_LOG = true;
+      };
+      database = {
+        CHARSET = "utf8";
+        LOG_SQL = false;
+      };
+      server.DISABLE_ROUTER_LOG = true;
+      service = {
+        ALLOW_ONLY_EXTERNAL_REGISTRATION = false;
+        DEFAULT_KEEP_EMAIL_PRIVATE = false;
+        DEFAULT_ALLOW_CREATE_ORGANIZATION = true;
+        DEFAULT_ENABLE_TIMETRACKING = true;
+        DEFAULT_ENABLE_DEPENDENCIES = false;
+        DISABLE_REGISTRATION = true;
+        ENABLE_NOTIFY_MAIL = false;
+        ENABLE_CAPTCHA = false;
+        ENABLE_TIMETRACKING = false;
+        REQUIRE_SIGNIN_VIEW = false;
+        REGISTER_EMAIL_CONFIRM = false;
+        NO_REPLY_ADDRESS = "noreply.pleshevski.ru";
+      };
+      repository = {
+        DISABLE_MIGRATIONS = false;
+        DISABLE_HTTP_GIT = false;
+        DISABLE_STARS = true;
+        DEFAULT_BRANCH = "main";
+        DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH = true;
+      };
+      "repository.signing" = {
+        #SIGNING_EMAIL = "gitea@noreply.pleshevski.ru";
+        #SIGNING_NAME = "Gitea";
+        #SIGNING_KEY = "E1DDBF5A1406BB987779A85F55B75599806CD426";
+        SIGNING_KEY = "default";
+        DEFAULT_TRUST_MODEL = "collaboratorcommiter";
+        MERGES = "pubkey,basesigned,commitssigned";
+      };
+      "repository.local" = {
+        LOCAL_COPY_PATH = "${config.services.gitea.stateDir}/tmp/local-repo";
+      };
+      "repository.upload" = {
+        TEMP_PATH = "${config.services.gitea.stateDir}/uploads";
+        ALLOWED_TYPES = "image/*";
+      };
+      "repository.pull-request" = {
+        WORK_IN_PROGRESS_PREFIXES = "Draft:,[Draft]:,WIP:,[WIP]:";
+      };
+      indexer = {
+        ISSUE_INDEXER_PATH = "${config.services.gitea.stateDir}/indexers/issues.bleve";
+      };
+      sessions = {
+        PROVIDER = "file";
+        PROVIDER_CONFIG = "${config.services.gitea.stateDir}/sessions";
+      };
+      picture = {
+        AVATAR_UPLOAD_PATH = "${config.services.gitea.stateDir}/avatars";
+        REPOSITORY_AVATAR_UPLOAD_PATH = "${config.services.gitea.stateDir}/repo-avatars";
+        DISABLE_GRAVATAR = false;
+        ENABLE_FEDERATED_AVATAR = true;
+      };
+      attachment = {
+        PATH = "${config.services.gitea.stateDir}/attachments";
+      };
+      mailer = {
+        ENABLED = true;
+        MAILER_TYPE = "smtp";
+        FROM = "\"${config.services.gitea.appName}\" <no-reply@pleshevski.ru>";
+        USER = "dmitriy@pleshevski.ru";
+        HOST = "mail.pleshevski.ru:465";
+      };
+      openid = {
+        ENABLE_OPENID_SIGNIN = true;
+        ENABLE_OPENID_SIGNUP = false;
+      };
+    };
+  };
+
+  services.nginx.virtualHosts.${hostname} = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/".proxyPass = "http://localhost:${toString config.services.gitea.httpPort}/";
+  };
+
+  age.secrets.gitea-mailserver-passfile = {
+    file = ../../../secrets/mailserver-users-jan-passfile.age;
+    owner = config.services.gitea.user;
+    group = "gitea";
+  };
+}
diff --git a/machines/magenta/services/mailserver-accounts.nix b/machines/magenta/services/mailserver-accounts.nix
new file mode 100644
index 0000000000000000000000000000000000000000..f6190fc147b61c3c48c54ff98bcd9d11647b9f35
GIT binary patch
literal 873
zcmV-v1D5;%M@dveQdv+`09}<r4e}t3&&9BH-uU!9f$@xGJ#g8VgRPuVrw3>j3xQp5
zPn@h;<J*hBh%*tp>klkFV*)@3y=uC?ZGdC<RP$sh&eSg(6+6dPX!7}nQT5v?l29e7
zHzFnKx|e;S8Y~&1`}2BpBUy#sHh2l+Of){3nqIDY?&L~FfMPr)5IEAy#h*AF$^k_h
zZM5fA36QQ7%mHy}TJNM&o+{;y#v-mM4h|j!<Um1!+jg(Y&Yl*rhM{8V@Y<w189?ST
z<1u)@La71E1)Y48TUj)Hgh<JKI{~59`8Fh+@Hj`GF;vg3dxt8>x7|==@8iTd&99xu
z7;hCCSca?(p}CY9o;qUut`&5n6{f7-e<}@e(GK5N^1jrNCgVvIgN#!^Ekn102(*-R
zLBKw__=?-pmxaEX<rEXva)2wO$p>=%bm2zo>z=otFS@6YyPeM2pj)F!q+h0_^`rGJ
zGNNB7$x&)Nz<xK@BUFrr08*n$=b`Fu?x(y$$q_+S%GcnLlZUm58*|EzsVJF{E97*H
z&}bN{3p=c1^3bzRdA%iD-2g=xUHYdf+z-#_<(b!s7r50C9y&_1X7ar*Ep<Os0>I~;
z=V`2UGs^ok=Sy4=0B$q9IY8$V7q&4+RJlWJDX=b~Y4?(S<>2lM?t$}k13zxM_(_~D
z0@8IGpikKDPoKd~!2VL=e~I%ig%Y%=kHjqe$OOSVd#9t>pS6UEZ0iiA>$QVEQxEI*
zD0~b)g!B(puIxI~*JS<91bgHRkz+<cmO9dhZ{$V7L003gz&qD+O5rE8cuO{srqruG
z1dObkd`}pYlZ`03hGi?RU`zI3<h<uyhPBNtmw5yxTZ`-w=O$gr8M9X=iF`&0pb61s
zTbaKqHO)GUH`&{(EYwwF+d2`4PLc>l!;-JgWE}4%f2X3xul(C1w<~yK_I&urC^Xr~
zN@`+6%j=PO`GA1bSy%Nos?7f_w~eHNQsKtGdxmv_j-)%Y#N43Nj+F7VH`Z3n>s8@@
zv|&n|``OzcZouue;f}JW43!WZw3gMQf9_zEPbK<VUC8)i%P>k#e9UWTBu9{6nXRRH
z8vPQmZ3gttFpAD;rI%%sb^7RDnD;4<(*l?*U<Q+sFyB}R>2-*Q<O(sCb2FjDL)5w%

literal 0
HcmV?d00001

diff --git a/machines/magenta/services/mailserver.nix b/machines/magenta/services/mailserver.nix
new file mode 100644
index 0000000..dcde596
--- /dev/null
+++ b/machines/magenta/services/mailserver.nix
@@ -0,0 +1,18 @@
+{ ... }:
+
+{
+  imports = [ ./mailserver-accounts.nix ];
+
+  # See: https://nixos-mailserver.readthedocs.io/en/latest/options.html
+  mailserver = {
+    enable = true;
+    fqdn = "mail.pleshevski.ru";
+    domains = [ "pleshevski.ru" ];
+
+    # Use Let's Encrypt certificates. Note that this needs to set up a stripped
+    # down nginx and opens port 80.
+    certificateScheme = 3;
+
+    hierarchySeparator = "/";
+  };
+}
diff --git a/users/jan/default.nix b/users/jan/default.nix
index 1b53bf1..0a82b48 100644
--- a/users/jan/default.nix
+++ b/users/jan/default.nix
@@ -21,18 +21,14 @@
     passwordFile = config.age.secrets.users-jan-passfile.path;
   };
 
-  home-manager = {
-    useGlobalPkgs = true;
-    useUserPackages = true;
-    users.jan = { lib, ... }: {
-      imports = [
-        inputs.wired.homeManagerModules.default
-        ./home.nix
-        extraHomeModule
-      ];
+  home-manager.users.jan = { lib, ... }: {
+    imports = [
+      inputs.wired.homeManagerModules.default
+      ./home.nix
+      extraHomeModule
+    ];
 
-      home.stateVersion = config.system.stateVersion;
-    };
+    home.stateVersion = config.system.stateVersion;
   };
 
   nix.settings.trusted-users = lib.mkAfter [ "jan" ];