[gitea] init

doc/src/SUMMARY.md

@@ -13,4 +13,5 @@
         - [TODO](./todo.md)
     - [How-to]()
         - [Updates](./anleitung/updates.md)
-        - [Rollbacks](./anleitung/rollback.md)
+        - [Rollbacks](./anleitung/rollback.md)
+        - [MicroVM](./anleitung/microvm.md)

doc/src/anleitung/microvm.md

@@ -0,0 +1,39 @@
+### Declaring a MicroVM
+
+The hosts nixosSystems modules should be declared using the ```makeMicroVM``` helper function.
+Use durruti as orientation:
+``` nix
+    modules = makeMicroVM "durruti" "10.0.0.5" [
+      ./durruti/configuration.nix
+    ];
+```
+
+"durruti" is the hostname.  
+"10.0.0.5" is the IP assigned to its tap interface.  
+
+### Testing MicroVMs locally
+MicroVMs can be built and run easily on your local host.
+For durruti this is done by:
+``` bash
+sudo nix run .\#nixosConfigurations.durruti.config.microvm.declaredRunner
+```
+
+It seems to be necessary to run this as root so that the according tap interface can be created.
+To be able to ping the VM or give Internet Access to the VM your host needs to be setup as described below.
+
+### Host Setup
+To provide network access to the VMs a bridge interface needs to be created on your host.
+For that:
+- Add the infrastructure flake as input to your hosts flake  
+- Add ```inputs.malobeo.nixosModules.malobeo``` to your hosts imports
+- enable the host bridge: ```services.malobeo.microvm.enableHostBridge = true;```
+
+If you want to provide Internet access to the VM it is necessary to create a nat.
+This could be done like this:
+``` nix
+networking.nat = {
+  enable = true;
+  internalInterfaces = [ "microvm" ];
+  externalInterface = "eth0"; #change to your interface name
+};
+```

machines/configuration.nix

@@ -94,4 +94,12 @@ in
       ./lucia/hardware_configuration.nix
     ];
   };
+
+  gitea = nixosSystem {
+    system = "x86_64-linux";
+    specialArgs.inputs = inputs;
+    modules = makeMicroVM "gitea" "10.0.0.6" [
+      ./gitea/configuration.nix
+    ];
+  };
 }

machines/gitea/configuration.nix

@@ -0,0 +1,37 @@
+{ config, lib, pkgs, inputs, ... }:
+
+with lib;
+
+{
+  #sops.defaultSopsFile = ./secrets.yaml;
+
+  networking = {
+    hostName = mkDefault "gitea";
+    useDHCP = false;
+    nameservers = [ "1.1.1.1" ];
+  };
+
+  imports = [
+    ../modules/malobeo_user.nix
+    ../modules/sshd.nix
+    ../modules/minimal_tools.nix
+    ../modules/autoupdate.nix
+  ];
+
+  services.gitea = {
+    enable = true;
+    appName = "malobeo git instance";
+
+    settings.server = {
+      DOMAIN = "git.malobeo.org";
+      HTTP_PORT = 3001;
+      SSH_PORT = 22;
+      ROOT_URL = "https://git.malobeo.org/";
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 3001 ];
+
+  system.stateVersion = "22.11"; # Did you read the comment?
+}
+

outputs.nix

@@ -41,7 +41,7 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
     apps = {
       docs = {
         type = "app";
-        program = builtins.toString (pkgs.writeScript "docs" ''
+        program = builtins.toString (pkgs.writeShellScript "docs" ''
           ${pkgs.mdbook}/bin/mdbook serve --open ./doc
         '');
       };