diff --git a/hive.nix b/hive.nix index 33432d7..a4114a7 100644 --- a/hive.nix +++ b/hive.nix @@ -25,6 +25,7 @@ in { (import "${sources.agenix}/modules/age.nix") ./pinning.nix ./common + ./services ]; }; diff --git a/hosts/yevaud/configuration.nix b/hosts/yevaud/configuration.nix index 289bff2..7abce5a 100644 --- a/hosts/yevaud/configuration.nix +++ b/hosts/yevaud/configuration.nix @@ -4,12 +4,27 @@ imports = [ ./hardware-configuration.nix ./home.nix - ./forgejo.nix ]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + qenya.services.forgejo = { + enable = true; + domain = "git.qenya.tel"; + stateDir = "/data/forgejo"; + }; + + services.nginx = { + enable = true; + virtualHosts = { + "git.katherina.rocks" = { + forceSSL = true; + enableACME = true; + locations."/".return = "301 https://git.qenya.tel$request_uri"; + }; + }; + }; + system.stateVersion = "23.11"; } - diff --git a/hosts/yevaud/forgejo.nix b/hosts/yevaud/forgejo.nix deleted file mode 100644 index 7c8f1ba..0000000 --- a/hosts/yevaud/forgejo.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - # TODO: email out - # TODO: interface customisation - - services = { - nginx = { - enable = true; - virtualHosts = { - "git.qenya.tel" = { - forceSSL = true; - enableACME = true; - locations."/".proxyPass = "http://[::1]:3000/"; - }; - "git.katherina.rocks" = { - forceSSL = true; - enableACME = true; - locations."/".return = "301 https://git.qenya.tel$request_uri"; - }; - }; - }; - - forgejo = { - enable = true; - stateDir = "/data/forgejo"; - settings = { - DEFAULT.APP_NAME = "git.qenya.tel"; - cache = { - ADAPTER = "twoqueue"; - HOST = ''{"size": 100, "recent_ratio": 0.25, "ghost_ratio": 0.5}''; - }; - database = { - DB_TYPE = "sqlite3"; - SQLITE_JOURNAL_MODE = "WAL"; - }; - security.LOGIN_REMEMBER_DAYS = 365; - server = { - DOMAIN = "git.qenya.tel"; - HTTP_PORT = 3000; - ROOT_URL = "https://git.qenya.tel/"; - }; - service.DISABLE_REGISTRATION = true; - }; - }; - }; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; -} diff --git a/services/default.nix b/services/default.nix new file mode 100644 index 0000000..beecd73 --- /dev/null +++ b/services/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./forgejo.nix + ]; +} \ No newline at end of file diff --git a/services/forgejo.nix b/services/forgejo.nix new file mode 100644 index 0000000..8cca791 --- /dev/null +++ b/services/forgejo.nix @@ -0,0 +1,60 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.qenya.services.forgejo; + inherit (lib) mkIf mkEnableOption mkOption types; +in +{ + options.qenya.services.forgejo = { + enable = mkEnableOption "Forgejo"; + domain = mkOption { + type = types.str; + }; + stateDir = mkOption { + type = types.str; + }; + }; + + config = mkIf cfg.enable { + # TODO: email out + # TODO: interface customisation + + services = { + nginx = { + enable = true; + virtualHosts = { + ${cfg.domain} = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://[::1]:3000/"; + }; + }; + }; + + forgejo = { + enable = true; + stateDir = cfg.stateDir; + settings = { + DEFAULT.APP_NAME = cfg.domain; + cache = { + ADAPTER = "twoqueue"; + HOST = ''{"size": 100, "recent_ratio": 0.25, "ghost_ratio": 0.5}''; + }; + database = { + DB_TYPE = "sqlite3"; + SQLITE_JOURNAL_MODE = "WAL"; + }; + security.LOGIN_REMEMBER_DAYS = 365; + server = { + DOMAIN = cfg.domain; + HTTP_PORT = 3000; + ROOT_URL = "https://${cfg.domain}/"; + }; + service.DISABLE_REGISTRATION = true; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + }; +}