diff --git a/dragonwell/default.nix b/dragonwell/default.nix index 71582f32bd75937489e57554a560a6b7f541d4ad..37808569685697d5da8320201b5a626887196dfe 100644 --- a/dragonwell/default.nix +++ b/dragonwell/default.nix @@ -8,7 +8,6 @@ ./beszel.nix ./caddy.nix ./forge-lines.nix ./foundry.nix - ./git-bug.nix ./git-pr.nix ./mealie.nix ./miniserve.nix diff --git a/dragonwell/git-bug.nix b/dragonwell/git-bug.nix deleted file mode 100644 index c7bfe2ae4a07f506a4365622912a742f7b52a215..0000000000000000000000000000000000000000 --- a/dragonwell/git-bug.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ - services = { - git-bug.bugs = { - enable = false; - repoDir = "/var/lib/ugit/repos/bugs.git"; - authorUser = "jolheiser"; - authorEmail = "bugs@jolheiser.com"; - authorAvatar = "https://www.libravatar.org/avatar/cc498b605dee7b6fb9e6422332691bb4"; - host = "localhost"; - port = 2847; - }; - tailproxy.bugs = { - enable = false; - hostname = "bugs"; - port = 2847; - authKey = ""; # One-time key - }; - }; -} diff --git a/flake.nix b/flake.nix index 5ba42f793b694fa11144034a0e9e909932ed0adc..942d80cc13fc5528317a4a77eb922b0f9bab1c1b 100644 --- a/flake.nix +++ b/flake.nix @@ -75,7 +75,6 @@ inputs.tailproxy.nixosModules.default inputs.foundry.nixosModules.foundryvtt inputs.forge-lines.nixosModules.default ./modules/miniserve - ./modules/git-bug ./dragonwell beszelAgent ]; diff --git a/modules/git-bug/default.nix b/modules/git-bug/default.nix deleted file mode 100644 index 5a488a34c73b3ee54857e9ef247f1979ad36a0ee..0000000000000000000000000000000000000000 --- a/modules/git-bug/default.nix +++ /dev/null @@ -1,186 +0,0 @@ -{ - pkgs, - config, - lib, - ... -}: -let - cfg = config.services.git-bug; - pkg = pkgs.git-bug; - instanceOptions = - { name, config, ... }: - let - inherit (lib) mkEnableOption mkOption types; - in - { - enable = mkEnableOption "Enable git-bug web UI"; - - package = mkOption { - type = types.package; - description = "git-bug package to use"; - default = pkg; - }; - - repoDir = mkOption { - type = types.str; - description = "git repo for bugs"; - }; - - authorUser = mkOption { - type = types.str; - description = "git-bug user to use"; - default = "git-bug"; - }; - - authorEmail = mkOption { - type = types.str; - description = "git-bug user email to use"; - default = "bugs@example.com"; - }; - - authorAvatar = mkOption { - type = types.str; - description = "git-bug user avatar to use"; - default = ""; - }; - - host = mkOption { - type = types.str; - description = "Network address or hostname to listen to"; - default = "127.0.0.1"; - }; - - port = mkOption { - type = types.port; - description = "Port to listen to (default to random available port)"; - default = 0; - }; - - readOnly = mkOption { - type = types.bool; - description = "Whether to run the web UI in read-only mode"; - default = false; - }; - - logErrors = mkOption { - type = types.bool; - description = "Whether to log errors"; - default = false; - }; - - query = mkOption { - type = types.str; - description = "The query to open in the web UI bug list"; - default = ""; - }; - - user = mkOption { - type = types.str; - description = "user account under which git-bug runs"; - default = "git-bug-${name}"; - }; - - group = mkOption { - type = types.str; - description = "Group account under which git-bug runs"; - default = "git-bug-${name}"; - }; - }; -in -{ - options.services.git-bug = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule instanceOptions); - description = "Attribute set of git-bug instances"; - default = { }; - }; - config = lib.mkIf (cfg != { }) { - users.users = lib.mapAttrs' ( - name: instanceCfg: - lib.nameValuePair instanceCfg.user { - home = instanceCfg.repoDir; - group = instanceCfg.group; - isSystemUser = true; - isNormalUser = false; - description = "user for git-bug ${name} service"; - } - ) (lib.filterAttrs (name: instanceCfg: instanceCfg.enable) cfg); - - users.groups = lib.mapAttrs' (name: instanceCfg: lib.nameValuePair instanceCfg.group { }) ( - lib.filterAttrs (name: instanceCfg: instanceCfg.enable) cfg - ); - - systemd.services = lib.foldl' ( - acc: name: - let - instanceCfg = cfg.${name}; - in - lib.recursiveUpdate acc ( - lib.optionalAttrs instanceCfg.enable { - "git-bug-${name}" = { - enable = true; - description = "git-bug instance ${name}"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - path = [ instanceCfg.package ]; - serviceConfig = { - User = instanceCfg.user; - Group = instanceCfg.group; - Restart = "always"; - RestartSec = "15"; - WorkingDirectory = instanceCfg.repoDir; - ReadWritePaths = [ instanceCfg.repoDir ]; - CapabilityBoundingSet = ""; - NoNewPrivileges = true; - ProtectSystem = "strict"; - ProtectHome = true; - PrivateTmp = true; - PrivateDevices = true; - PrivateUsers = true; - ProtectHostname = true; - ProtectClock = true; - ProtectKernelTunables = true; - ProtectKernelModules = true; - ProtectKernelLogs = true; - ProtectControlGroups = true; - RestrictAddressFamilies = [ - "AF_UNIX" - "AF_INET" - "AF_INET6" - ]; - RestrictNamespaces = true; - LockPersonality = true; - MemoryDenyWriteExecute = true; - RestrictRealtime = true; - RestrictSUIDSGID = true; - RemoveIPC = true; - PrivateMounts = true; - SystemCallArchitectures = "native"; - ExecStart = - let - args = [ - "--host=${instanceCfg.host}" - "--no-open" - "--port=${builtins.toString instanceCfg.port}" - (lib.optionalString instanceCfg.readOnly "--read-only") - (lib.optionalString instanceCfg.logErrors "--log-errors") - "--query=${instanceCfg.query}" - ]; - in - "${lib.getExe instanceCfg.package} ${builtins.concatStringsSep " " args}"; - ExecStartPre = pkgs.writeShellScript "git-bug-${name}-author" '' - human_id=$(git-bug user --format json | jq -r '.[] | select(.name == "${instanceCfg.authorUser}") | .human_id' 2>/dev/null || echo "") - if [ -n "$human_id" ] && [ "$human_id" != "null" ]; then - git-bug user adopt "$human_id" - else - git-bug user new --name "${instanceCfg.authorUser}" --email "${instanceCfg.authorUser}" ${ - lib.optionalString (instanceCfg != "") "--avatar \"${instanceCfg.authorAvatar}\"" - } - fi - ''; - }; - }; - } - ) - ); - }; -}