diff options
| author | tdback <tyler@tdback.net> | 2024-12-21 15:32:13 -0500 |
|---|---|---|
| committer | tdback <tyler@tdback.net> | 2024-12-21 15:32:13 -0500 |
| commit | 0a5754541bb01e96021ca7ee74f1256a8ee68bc4 (patch) | |
| tree | 2d0b8089e98239963a1e240cff676b1515fc8431 /modules/retired/forgejo/default.nix | |
initial commit to self-hosted git
Diffstat (limited to 'modules/retired/forgejo/default.nix')
| -rw-r--r-- | modules/retired/forgejo/default.nix | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/modules/retired/forgejo/default.nix b/modules/retired/forgejo/default.nix new file mode 100644 index 0000000..9db55b2 --- /dev/null +++ b/modules/retired/forgejo/default.nix @@ -0,0 +1,65 @@ +{ inputs, config, lib, pkgs, ... }: +let + domain = "git.tdback.net"; + port = 3000; +in +{ + services.forgejo = { + enable = true; + package = pkgs.unstable.forgejo; + stateDir = "/tank/forgejo"; + database.type = "postgres"; + lfs.enable = true; + settings = { + server = { + DOMAIN = domain; + ROOT_URL = "https://${domain}/"; + HTTP_PORT = port; + }; + service.DISABLE_REGISTRATION = true; + actions = { + ENABLED = true; + DEFAULT_ACTIONS_URL = "https://${domain}"; + }; + }; + }; + + age.secrets.forgejoAdminPass = { + file = "${inputs.self}/secrets/forgejoAdminPass.age"; + mode = "770"; + owner = "forgejo"; + group = "forgejo"; + }; + + systemd.services.forgejo.preStart = + let + adminCmd = "${lib.getExe config.services.forgejo.package} admin user"; + password = config.age.secrets.forgejoAdminPass.path; + user = "tdback"; + email = "tyler@tdback.net"; + in '' + ${adminCmd} create --admin --email ${email} --username ${user} --password "$(tr -d '\n' < ${password})" || true + ''; + + services.openssh.settings.AllowUsers = [ "forgejo" ]; + + services.caddy.virtualHosts.${domain}.extraConfig = '' + encode zstd gzip + reverse_proxy http://localhost:${builtins.toString port} + ''; + + age.secrets.forgejoRunnerToken.file = "${inputs.self}/secrets/forgejoRunnerToken.age"; + services.gitea-actions-runner = { + package = pkgs.unstable.forgejo-runner; + instances.default = { + enable = true; + name = "monolith"; + url = "https://${domain}"; + tokenFile = config.age.secrets.forgejoRunnerToken.path; + labels = [ + "ubuntu-latest:docker://node:20-bookworm" + "ubuntu-22.04:docker://node:20-bookworm" + ]; + }; + }; +} |