feat: add forgejo to raptus

hosts/raptus/configuration.nix

@@ -16,6 +16,7 @@ in
     ./disk-config.nix
     ./container-root.nix
     ./rustypaste
+    ./forgejo
     ./obsidian-livesync
     ../../modules/nix
   ];
@@ -41,6 +42,7 @@ in
       22
       443
       5984 # couchdb
+      3000 # forgejo
     ];
   };
 
@@ -69,17 +71,26 @@ in
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
     clientMaxBodySize = "50M";
-    virtualHosts."rusty.ccnlc.eu" = {
+    virtualHosts =
-      enableACME = true;
+      let
-      forceSSL = true;
+        mkVHost = name: port: {
-
+          inherit name;
-      locations."/" = {
+          value = {
-        proxyPass = "http://127.0.0.1:8000";
+            enableACME = true;
-        extraConfig = ''
+            forceSSL = true;
-          proxy_ssl_server_name on;
+            locations."/" = {
-          proxy_pass_header Authorization;'';
+              proxyPass = "http://127.0.0.1:${toString port}";
-      };
+              extraConfig = ''
-    };
+                proxy_ssl_server_name on;
+                proxy_pass_header Authorization;'';
+            };
+          };
+        };
+      in
+      builtins.listToAttrs [
+        (mkVHost "rusty.ccnlc.eu" 8000)
+        (mkVHost "git.ccnlc.eu" 3000)
+      ];
   };
 
   services.openssh.enable = true;

hosts/raptus/forgejo/app.ini

@@ -0,0 +1,2 @@
+[migrations]
+ALLOWED_DOMAINS=github.com,*.github.com.

hosts/raptus/forgejo/default.nix

@@ -0,0 +1,65 @@
+{ lib, pkgs, ... }:
+{
+  # Containers
+  virtualisation.oci-containers.containers."forgejo" = {
+    image = "codeberg.org/forgejo/forgejo:7";
+    environment = {
+      "USER_GID" = "1000";
+      "USER_UID" = "1000";
+    };
+    volumes = [
+      #"/etc/localtime:/etc/localtime:ro"
+      #"/etc/timezone:/etc/timezone:ro"
+      "test_forgejo:/data:rw"
+      "${./app.ini}:/data/gitea/app.ini:ro"
+    ];
+    ports = [
+      "3000:3000/tcp"
+      "222:22/tcp"
+    ];
+    log-driver = "journald";
+    extraOptions = [
+      "--network-alias=server"
+      "--network=test_forgejo"
+    ];
+  };
+  systemd.services."podman-forgejo" = {
+    serviceConfig = {
+      Restart = lib.mkOverride 500 "always";
+    };
+    after = [ "podman-network-test_forgejo.service" ];
+    requires = [ "podman-network-test_forgejo.service" ];
+    partOf = [ "podman-compose-test-root.target" ];
+    wantedBy = [ "podman-compose-test-root.target" ];
+  };
+
+  # Networks
+  systemd.services."podman-network-test_forgejo" = {
+    path = [ pkgs.podman ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+      ExecStop = "podman network rm -f test_forgejo";
+    };
+    script = ''
+      podman network inspect test_forgejo || podman network create test_forgejo
+    '';
+    partOf = [ "podman-compose-test-root.target" ];
+    wantedBy = [ "podman-compose-test-root.target" ];
+  };
+
+  # Volumes
+  systemd.services."podman-volume-test_forgejo" = {
+    path = [ pkgs.podman ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+    };
+    script = ''
+      podman volume inspect test_forgejo || podman volume create test_forgejo
+    '';
+    partOf = [ "podman-compose-test-root.target" ];
+    wantedBy = [ "podman-compose-test-root.target" ];
+  };
+
+}