Add gitea-translator server and module

2026-03-13 16:09:12 +01:00
parent 8cd2eafaa5
commit c80628a1a9
2 changed files with 185 additions and 0 deletions
--- a/machines/modules/malobeo/gitea_translator.nix
+++ b/machines/modules/malobeo/gitea_translator.nix
@@ -0,0 +1,78 @@
+{ config, self, lib, inputs, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.malobeo.gitea-translator;
+in
+{
+  options = {
+    services.malobeo.gitea-translator = {
+      enable = mkOption {
+        default = false;
+        type = types.bool;
+        description = lib.mdDoc "Start a webserver for hydra to use the gitea pull request api.";
+      };
+
+      baseurl = mkOption {
+        type = types.str;
+        default = "git.dynamicdiscord.de";
+        description = lib.mdDoc "Base URL of the Gitea instance.";
+      };
+
+      owner = mkOption {
+        type = types.str;
+        default = "malobeo";
+        description = lib.mdDoc "Repository owner on the Gitea instance.";
+      };
+
+      repo = mkOption {
+        type = types.str;
+        default = "infrastructure";
+        description = lib.mdDoc "Repository name on the Gitea instance.";
+      };
+
+      host = mkOption {
+        type = types.str;
+        default = "127.0.0.1";
+        description = lib.mdDoc "Address the server binds to.";
+      };
+
+      port = mkOption {
+        type = types.port;
+        default = 27364;
+        description = lib.mdDoc "Port the server listens on.";
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    systemd.services.gitea-translator = {
+      description = "Gitea Pull Request Translator for Hydra";
+      after = [ "network-online.target" ];
+      wants = [ "network-online.target" ];
+      wantedBy = [ "multi-user.target" ];
+
+      serviceConfig = {
+        ExecStart = ''
+          ${pkgs.python3}/bin/python3 ${inputs.self + /scripts/gitea_hydra_server.py} \
+            --baseurl ${cfg.baseurl} \
+            --owner ${cfg.owner} \
+            --repo ${cfg.repo} \
+            --host ${cfg.host} \
+            --port ${toString cfg.port}
+        '';
+        Restart = "on-failure";
+        RestartSec = 5;
+
+        # Hardening because why not 
+        DynamicUser = true;
+        NoNewPrivileges = true;
+        ProtectSystem = "strict";
+        ProtectHome = true;
+        PrivateTmp = true;
+        PrivateDevices = true;
+      };
+    };
+  };
+}