From 458125b697e5a7245e5766650dfbc2f09dc4f679 Mon Sep 17 00:00:00 2001
From: Dmitry Voronin <hi@voronind.com>
Date: Wed, 3 Jul 2024 01:59:28 +0300
Subject: [PATCH] Home : Add temporary fsight services.

---
 container/Fsight.nix            | 199 ++++++++++++++++++++++++++++++++
 container/Git.nix               |   1 +
 container/Proxy.nix             |   1 +
 container/proxy/host/Fsight.nix |  50 ++++++++
 container/proxy/host/Git.nix    |  14 ---
 host/home/Container.nix         |   1 +
 6 files changed, 252 insertions(+), 14 deletions(-)
 create mode 100644 container/Fsight.nix
 create mode 100644 container/proxy/host/Fsight.nix

diff --git a/container/Fsight.nix b/container/Fsight.nix
new file mode 100644
index 0000000..d604cc1
--- /dev/null
+++ b/container/Fsight.nix
@@ -0,0 +1,199 @@
+{ container, pkgs, config, lib, util, ... }: with lib; let
+	cfg = config.container.module.fsight;
+	hostConfig = config;
+in {
+	options = {
+		container.module.fsight = {
+			enable = mkEnableOption "Fsight temporary servers.";
+			address = mkOption {
+				default = "10.1.0.29";
+				type    = types.str;
+			};
+			# port = mkOption {
+			# 	default = 3000;
+			# 	type    = types.int;
+			# };
+			# domain = mkOption {
+			# 	default = "git.${config.container.domain}";
+			# 	type    = types.str;
+			# };
+			storage = mkOption {
+				default = "${config.container.storage}/fsight";
+				type    = types.str;
+			};
+		};
+	};
+
+	config = mkIf cfg.enable {
+		systemd.tmpfiles.rules = container.mkContainerDir cfg [
+			"git"
+			"cloud"
+			"postgres"
+		];
+
+		containers.fsight = container.mkContainer cfg {
+			bindMounts = {
+				"/var/lib/gitea" = {
+					hostPath   = "${cfg.storage}/git";
+					isReadOnly = false;
+				};
+				"/var/lib/postgresql" = {
+					hostPath   = "${cfg.storage}/postgres";
+					isReadOnly = false;
+				};
+				"/var/lib/nextcloud" = {
+					hostPath   = "${cfg.storage}/cloud";
+					isReadOnly = false;
+				};
+			};
+
+			config = { config, ... }: container.mkContainerConfig cfg {
+				environment.systemPackages = with pkgs; [ gitea postgresql ];
+
+				services.gitea = let
+					domain = "fmp-git.${hostConfig.container.domain}";
+				in {
+					enable = true;
+					stateDir = "/var/lib/gitea";
+
+					database = {
+						type = "postgres";
+						# host = postgre.address;
+						# port = postgre.port;
+						user = "gitea";
+						name = "gitea";
+						createDatabase = true;
+					};
+
+					settings = let
+						gcArgs    = "--aggressive --no-cruft --prune=now";
+						gcTimeout = 600;
+					in {
+						"service".DISABLE_REGISTRATION = true;
+						"log".LEVEL = "Error";
+						"server" = {
+							DISABLE_SSH = true;
+							DOMAIN      = domain;
+							HTTP_ADDR   = cfg.address;
+							ROOT_URL    = "https://${domain}";
+						};
+						"ui" = {
+							AMBIGUOUS_UNICODE_DETECTION = false;
+						};
+						"service.explore" = {
+							REQUIRE_SIGNIN_VIEW = true;
+						};
+						"repository" = {
+							DEFAULT_PRIVATE = "private";
+							DEFAULT_PUSH_CREATE_PRIVATE = true;
+						};
+						"repository.pull-request".DEFAULT_MERGE_STYLE = "rebase";
+						"repository.issue".MAX_PINNED = 99999;
+						"cron" = {
+							ENABLED      = true;
+							RUN_AT_START = true;
+						};
+						"repo-archive".ENABLED = false;
+						"cron.update_mirrors".SCHEDULE = "@midnight";
+						"cron.cleanup_actions".ENABLED = true;
+						"cron.git_gc_repos" = {
+							ENABLED  = true;
+							SCHEDULE = "@midnight";
+							TIMEOUT  = gcTimeout;
+							ARGS     = gcArgs;
+						};
+						"git" = {
+							GC_ARGS = gcArgs;
+						};
+						"git.timeout".GC = gcTimeout;
+					};
+				};
+
+				services.nextcloud = let
+					domain = "fmp-cloud.${hostConfig.container.domain}";
+				in {
+					enable = true;
+					# package = pkgs.nextcloud29;
+					hostName = domain;
+					# phpOptions = {
+					# 	memory_limit = lib.mkForce "20G";
+					# };
+					config = {
+						adminuser     = "root";
+						adminpassFile = "${pkgs.writeText "NextcloudPassword" "root"}";
+
+						# dbhost     = postgres.address;
+						dbname     = "nextcloud";
+						dbpassFile = "${pkgs.writeText "NextcloudDbPassword" "nextcloud"}";
+						dbtype     = "pgsql";
+						dbuser     = "nextcloud";
+					};
+					extraApps = {
+						inherit (config.services.nextcloud.package.packages.apps) deck notes onlyoffice;
+					};
+					extraAppsEnable = true;
+					settings = {
+						trusted_domains = [ domain ];
+						trusted_proxies = [ hostConfig.container.module.proxy.address ];
+						allow_local_remote_servers = true;
+					};
+				};
+
+				services.postgresql = let
+					authentication = util.trimTabs ''
+						local all all trust
+						host all all 0.0.0.0/0 trust
+					'';
+
+					ensureDatabases = [
+						"root"
+						"gitea"
+						"nextcloud"
+					];
+
+					ensureUsers = [
+						{
+							name = "root";
+							ensureClauses = {
+								superuser  = true;
+								createrole = true;
+								createdb   = true;
+							};
+							ensureDBOwnership = true;
+						} {
+							name = "gitea";
+							ensureClauses = {
+								createrole = true;
+								createdb   = true;
+							};
+							ensureDBOwnership = true;
+						} {
+							name = "nextcloud";
+							ensureClauses = {
+								createrole = true;
+								createdb   = true;
+							};
+							ensureDBOwnership = true;
+						}
+					];
+				in {
+					inherit authentication ensureDatabases ensureUsers;
+
+					enable      = true;
+					package     = pkgs.postgresql_16;
+					dataDir     = "/var/lib/postgresql/data/16";
+					enableTCPIP = true;
+
+					# NOTE: Debug mode.
+					# settings = {
+					# 	log_connections    = true;
+					# 	log_destination    = lib.mkForce "syslog";
+					# 	log_disconnections = true;
+					# 	log_statement      = "all";
+					# 	logging_collector  = true;
+					# };
+				};
+			};
+		};
+	};
+}
diff --git a/container/Git.nix b/container/Git.nix
index 3c9658a..2815caf 100644
--- a/container/Git.nix
+++ b/container/Git.nix
@@ -50,6 +50,7 @@ in {
 						host = postgre.address;
 						port = postgre.port;
 						user = "gitea";
+						name = "gitea";
 						createDatabase = false;
 					};
 
diff --git a/container/Proxy.nix b/container/Proxy.nix
index 13d6293..19fa520 100644
--- a/container/Proxy.nix
+++ b/container/Proxy.nix
@@ -71,6 +71,7 @@ in {
 					enable = true;
 					recommendedOptimisation  = true;
 					recommendedProxySettings = true;
+					clientMaxBodySize = "1024m";
 					appendConfig = util.trimTabs ''
 						worker_processes 4;
 					'';
diff --git a/container/proxy/host/Fsight.nix b/container/proxy/host/Fsight.nix
new file mode 100644
index 0000000..5524835
--- /dev/null
+++ b/container/proxy/host/Fsight.nix
@@ -0,0 +1,50 @@
+{ util, config, container, ... }: let
+	domain  = config.container.domain;
+	address = "10.1.0.29";
+in {
+	"fmp-cloud.${domain}" = container.mkServer {
+		extraConfig = util.trimTabs ''
+			listen 443 ssl;
+			set $fmpnextcloud ${address}:80;
+
+			location ~ ^/(settings/admin|settings/users|settings/apps|api) {
+				allow ${config.container.localAccess};
+				allow ${config.container.module.vpn.address};
+				deny all;
+				proxy_pass http://$fmpnextcloud$request_uri;
+			}
+
+			location / {
+				proxy_pass http://$fmpnextcloud$request_uri;
+			}
+
+			ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
+			ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
+			include /etc/letsencrypt/conf/options-ssl-nginx.conf;
+			ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
+		'';
+	};
+
+	"fmp-git.${domain}" = container.mkServer {
+		extraConfig = util.trimTabs ''
+			listen 443 ssl;
+			set $fmpgitea ${address}:3000;
+
+			location ~ ^/(admin|api) {
+				allow ${config.container.localAccess};
+				allow ${config.container.module.vpn.address};
+				deny all;
+				proxy_pass http://$fmpgitea$request_uri;
+			}
+
+			location / {
+				proxy_pass http://$fmpgitea$request_uri;
+			}
+
+			ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
+			ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
+			include /etc/letsencrypt/conf/options-ssl-nginx.conf;
+			ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
+		'';
+	};
+}
diff --git a/container/proxy/host/Git.nix b/container/proxy/host/Git.nix
index d94b084..272445c 100644
--- a/container/proxy/host/Git.nix
+++ b/container/proxy/host/Git.nix
@@ -14,20 +14,6 @@ in {
 				proxy_pass http://''$${name}$request_uri;
 			}
 
-			location /markdown {
-				allow ${config.container.localAccess};
-				allow ${config.container.module.vpn.address};
-				deny all;
-
-				proxy_set_header Content-Type "application/json";
-				proxy_set_header Authorization "Basic dm9yb25pbmQ6QUxwWHZoRlRNYmpIazY3OVBkZDhCTjZNS0hyWjZ4aGU=";
-
-				proxy_pass_header Content-Type;
-				proxy_pass_header Authorization;
-
-				proxy_pass http://''$${name}/api/v1/markdown/raw;
-			}
-
 			location / {
 				# allow ${config.container.localAccess};
 				# allow ${config.container.module.status.address};
diff --git a/host/home/Container.nix b/host/home/Container.nix
index 4b3c2c0..1f96cd5 100644
--- a/host/home/Container.nix
+++ b/host/home/Container.nix
@@ -8,6 +8,7 @@
 			ddns.enable     = true;
 			dns.enable      = true;
 			download.enable = true;
+			fsight.enable   = true;
 			git.enable      = true;
 			# ISSUE: hdd.enable      = true;
 			home.enable     = true;