From 1ee44a712429e2e74d2ebff22b4a30a8ce20f92d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Wed, 5 Feb 2025 16:28:31 +0100 Subject: [PATCH] services/forgejo: move from hosts/kazuki --- hosts/kazuki/default.nix | 1 - hosts/kazuki/forgejo.nix | 62 ------------------------------------ services/default.nix | 1 + services/forgejo.nix | 69 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 70 insertions(+), 63 deletions(-) delete mode 100644 hosts/kazuki/forgejo.nix create mode 100644 services/forgejo.nix diff --git a/hosts/kazuki/default.nix b/hosts/kazuki/default.nix index df92f1c..8464cb5 100644 --- a/hosts/kazuki/default.nix +++ b/hosts/kazuki/default.nix @@ -15,7 +15,6 @@ ./storage.nix ./ntfy.nix ./zitadel.nix - ./forgejo.nix ./prometheus.nix ]; diff --git a/hosts/kazuki/forgejo.nix b/hosts/kazuki/forgejo.nix deleted file mode 100644 index 9f200e2..0000000 --- a/hosts/kazuki/forgejo.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ config, ... }: -{ - age.secrets.rab-lol-cf = { - file = ../../secrets/rab-lol-cf.age; - owner = config.services.nginx.user; - }; - - services.forgejo = { - enable = true; - settings = { - server = { - DOMAIN = "git.rab.lol"; - ROOT_URL = "https://git.rab.lol/"; - }; - oauth2_client = { - REGISTER_EMAIL_CONFIRM = false; - ENABLE_AUTO_REGISTRATION = true; - ACCOUNT_LINKING = "auto"; - UPDATE_AVATAR = true; - }; - service = { - DISABLE_REGISTRATION = false; - ALLOW_ONLY_INTERNAL_REGISTRATION = false; - ALLOW_ONLY_EXTERNAL_REGISTRATION = true; - }; - federation.ENABLED = true; - }; - repositoryRoot = "/storage-box/forgejo/repos"; - lfs = { - enable = true; - contentDir = "/storage-box/forgejo/lfs"; - }; - }; - - services.nginx = { - enable = true; - recommendedProxySettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - virtualHosts."git.rab.lol" = { - forceSSL = true; - enableACME = true; - acmeRoot = null; - locations."/" = { - proxyPass = "http://127.0.0.1:3000"; - extraConfig = '' - proxy_set_header Connection $http_connection; - proxy_set_header Upgrade $http_upgrade; - ''; - }; - }; - }; - - users.users.nginx.extraGroups = [ "acme" ]; - security.acme.acceptTerms = true; - security.acme.certs."git.rab.lol" = { - dnsProvider = "cloudflare"; - credentialsFile = config.age.secrets.rab-lol-cf.path; - email = "nikodem@rabulinski.com"; - }; -} diff --git a/services/default.nix b/services/default.nix index 1837462..dfee582 100644 --- a/services/default.nix +++ b/services/default.nix @@ -2,5 +2,6 @@ imports = [ ./attic.nix ./forgejo-runner.nix + ./forgejo.nix ]; } diff --git a/services/forgejo.nix b/services/forgejo.nix new file mode 100644 index 0000000..2f69a55 --- /dev/null +++ b/services/forgejo.nix @@ -0,0 +1,69 @@ +{ + services.forgejo = { + host = "kazuki"; + ports = [ 3000 ]; + config = + { config, ... }: + { + age.secrets.rab-lol-cf = { + file = ../secrets/rab-lol-cf.age; + owner = config.services.nginx.user; + }; + + services.forgejo = { + enable = true; + settings = { + server = { + DOMAIN = "git.rab.lol"; + ROOT_URL = "https://git.rab.lol/"; + }; + oauth2_client = { + REGISTER_EMAIL_CONFIRM = false; + ENABLE_AUTO_REGISTRATION = true; + ACCOUNT_LINKING = "auto"; + UPDATE_AVATAR = true; + }; + service = { + DISABLE_REGISTRATION = false; + ALLOW_ONLY_INTERNAL_REGISTRATION = false; + ALLOW_ONLY_EXTERNAL_REGISTRATION = true; + }; + federation.ENABLED = true; + }; + repositoryRoot = "/storage-box/forgejo/repos"; + lfs = { + enable = true; + contentDir = "/storage-box/forgejo/lfs"; + }; + }; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedTlsSettings = true; + virtualHosts."git.rab.lol" = { + forceSSL = true; + enableACME = true; + acmeRoot = null; + locations."/" = { + proxyPass = "http://127.0.0.1:3000"; + extraConfig = '' + proxy_set_header Connection $http_connection; + proxy_set_header Upgrade $http_upgrade; + ''; + }; + }; + }; + + users.users.nginx.extraGroups = [ "acme" ]; + security.acme.acceptTerms = true; + security.acme.certs."git.rab.lol" = { + dnsProvider = "cloudflare"; + credentialsFile = config.age.secrets.rab-lol-cf.path; + email = "nikodem@rabulinski.com"; + }; + }; + }; +}