qenya/nixfiles
1
0
Fork 0
Code Issues 4 Pull requests Activity Actions

forgejo: convert to nixos module

Browse source
This commit is contained in:
Katherina Walshe-Grey 2024-07-24 17:29:26 +01:00
parent f36cd49121
commit 049e3ff091
5 changed files with 83 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

1
hive.nix
View file

@ -25,6 +25,7 @@ in {
(import "${sources.agenix}/modules/age.nix") (import "${sources.agenix}/modules/age.nix")
./pinning.nix ./pinning.nix
./common ./common
./services
]; ];
}; };

19
hosts/yevaud/configuration.nix
View file

@ -4,12 +4,27 @@
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./home.nix ./home.nix
./forgejo.nix
]; ];
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
qenya.services.forgejo = {
enable = true;
domain = "git.qenya.tel";
stateDir = "/data/forgejo";
};
services.nginx = {
enable = true;
virtualHosts = {
"git.katherina.rocks" = {
forceSSL = true;
enableACME = true;
locations."/".return = "301 https://git.qenya.tel$request_uri";
};
};
};
system.stateVersion = "23.11"; system.stateVersion = "23.11";
} }

49
hosts/yevaud/forgejo.nix
View file

@ -1,49 +0,0 @@
{ config, lib, pkgs, ... }:
{
# TODO: email out
# TODO: interface customisation
services = {
nginx = {
enable = true;
virtualHosts = {
"git.qenya.tel" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://[::1]:3000/";
};
"git.katherina.rocks" = {
forceSSL = true;
enableACME = true;
locations."/".return = "301 https://git.qenya.tel$request_uri";
};
};
};
forgejo = {
enable = true;
stateDir = "/data/forgejo";
settings = {
DEFAULT.APP_NAME = "git.qenya.tel";
cache = {
ADAPTER = "twoqueue";
HOST = ''{"size": 100, "recent_ratio": 0.25, "ghost_ratio": 0.5}'';
};
database = {
DB_TYPE = "sqlite3";
SQLITE_JOURNAL_MODE = "WAL";
};
security.LOGIN_REMEMBER_DAYS = 365;
server = {
DOMAIN = "git.qenya.tel";
HTTP_PORT = 3000;
ROOT_URL = "https://git.qenya.tel/";
};
service.DISABLE_REGISTRATION = true;
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
}

5
services/default.nix Normal file
View file

@ -0,0 +1,5 @@
{
imports = [
./forgejo.nix
];
}

60
services/forgejo.nix Normal file
View file

@ -0,0 +1,60 @@
{ config, lib, pkgs, ... }:
let
cfg = config.qenya.services.forgejo;
inherit (lib) mkIf mkEnableOption mkOption types;
in
{
options.qenya.services.forgejo = {
enable = mkEnableOption "Forgejo";
domain = mkOption {
type = types.str;
};
stateDir = mkOption {
type = types.str;
};
};
config = mkIf cfg.enable {
# TODO: email out
# TODO: interface customisation
services = {
nginx = {
enable = true;
virtualHosts = {
${cfg.domain} = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://[::1]:3000/";
};
};
};
forgejo = {
enable = true;
stateDir = cfg.stateDir;
settings = {
DEFAULT.APP_NAME = cfg.domain;
cache = {
ADAPTER = "twoqueue";
HOST = ''{"size": 100, "recent_ratio": 0.25, "ghost_ratio": 0.5}'';
};
database = {
DB_TYPE = "sqlite3";
SQLITE_JOURNAL_MODE = "WAL";
};
security.LOGIN_REMEMBER_DAYS = 365;
server = {
DOMAIN = cfg.domain;
HTTP_PORT = 3000;
ROOT_URL = "https://${cfg.domain}/";
};
service.DISABLE_REGISTRATION = true;
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
};
}