From f395b6a28702d572f1157f18ff612a6d0c98bf81 Mon Sep 17 00:00:00 2001 From: Nydragon Date: Sat, 24 Aug 2024 03:49:50 +0200 Subject: [PATCH] feat: add forgejo to raptus --- hosts/raptus/configuration.nix | 33 ++++++++++------ hosts/raptus/forgejo/app.ini | 2 + hosts/raptus/forgejo/default.nix | 65 ++++++++++++++++++++++++++++++++ 3 files changed, 89 insertions(+), 11 deletions(-) create mode 100644 hosts/raptus/forgejo/app.ini create mode 100644 hosts/raptus/forgejo/default.nix diff --git a/hosts/raptus/configuration.nix b/hosts/raptus/configuration.nix index 0c3bbde..595f466 100644 --- a/hosts/raptus/configuration.nix +++ b/hosts/raptus/configuration.nix @@ -16,6 +16,7 @@ in ./disk-config.nix ./container-root.nix ./rustypaste + ./forgejo ./obsidian-livesync ../../modules/nix ]; @@ -41,6 +42,7 @@ in 22 443 5984 # couchdb + 3000 # forgejo ]; }; @@ -69,17 +71,26 @@ in recommendedProxySettings = true; recommendedTlsSettings = true; clientMaxBodySize = "50M"; - virtualHosts."rusty.ccnlc.eu" = { - enableACME = true; - forceSSL = true; - - locations."/" = { - proxyPass = "http://127.0.0.1:8000"; - extraConfig = '' - proxy_ssl_server_name on; - proxy_pass_header Authorization;''; - }; - }; + virtualHosts = + let + mkVHost = name: port: { + inherit name; + value = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString port}"; + extraConfig = '' + proxy_ssl_server_name on; + proxy_pass_header Authorization;''; + }; + }; + }; + in + builtins.listToAttrs [ + (mkVHost "rusty.ccnlc.eu" 8000) + (mkVHost "git.ccnlc.eu" 3000) + ]; }; services.openssh.enable = true; diff --git a/hosts/raptus/forgejo/app.ini b/hosts/raptus/forgejo/app.ini new file mode 100644 index 0000000..31df07e --- /dev/null +++ b/hosts/raptus/forgejo/app.ini @@ -0,0 +1,2 @@ +[migrations] +ALLOWED_DOMAINS=github.com,*.github.com. diff --git a/hosts/raptus/forgejo/default.nix b/hosts/raptus/forgejo/default.nix new file mode 100644 index 0000000..504f765 --- /dev/null +++ b/hosts/raptus/forgejo/default.nix @@ -0,0 +1,65 @@ +{ lib, pkgs, ... }: +{ + # Containers + virtualisation.oci-containers.containers."forgejo" = { + image = "codeberg.org/forgejo/forgejo:7"; + environment = { + "USER_GID" = "1000"; + "USER_UID" = "1000"; + }; + volumes = [ + #"/etc/localtime:/etc/localtime:ro" + #"/etc/timezone:/etc/timezone:ro" + "test_forgejo:/data:rw" + "${./app.ini}:/data/gitea/app.ini:ro" + ]; + ports = [ + "3000:3000/tcp" + "222:22/tcp" + ]; + log-driver = "journald"; + extraOptions = [ + "--network-alias=server" + "--network=test_forgejo" + ]; + }; + systemd.services."podman-forgejo" = { + serviceConfig = { + Restart = lib.mkOverride 500 "always"; + }; + after = [ "podman-network-test_forgejo.service" ]; + requires = [ "podman-network-test_forgejo.service" ]; + partOf = [ "podman-compose-test-root.target" ]; + wantedBy = [ "podman-compose-test-root.target" ]; + }; + + # Networks + systemd.services."podman-network-test_forgejo" = { + path = [ pkgs.podman ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStop = "podman network rm -f test_forgejo"; + }; + script = '' + podman network inspect test_forgejo || podman network create test_forgejo + ''; + partOf = [ "podman-compose-test-root.target" ]; + wantedBy = [ "podman-compose-test-root.target" ]; + }; + + # Volumes + systemd.services."podman-volume-test_forgejo" = { + path = [ pkgs.podman ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + podman volume inspect test_forgejo || podman volume create test_forgejo + ''; + partOf = [ "podman-compose-test-root.target" ]; + wantedBy = [ "podman-compose-test-root.target" ]; + }; + +}