feat: add forgejo to raptus

2024-08-24 03:49:50 +02:00 · 2024-08-24 03:49:50 +02:00 · f395b6a287
commit f395b6a287
parent 3fe2305fa7
3 changed files with 89 additions and 11 deletions
--- a/hosts/raptus/configuration.nix
+++ b/hosts/raptus/configuration.nix
@ -16,6 +16,7 @@ in
    ./disk-config.nix
    ./container-root.nix
    ./rustypaste
+    ./forgejo
    ./obsidian-livesync
    ../../modules/nix
  ];
@ -41,6 +42,7 @@ in
      22
      443
      5984 # couchdb
+      3000 # forgejo
    ];
  };

@ -69,18 +71,27 @@ in
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    clientMaxBodySize = "50M";
-    virtualHosts."rusty.ccnlc.eu" = {
+    virtualHosts =
+      let
+        mkVHost = name: port: {
+          inherit name;
+          value = {
            enableACME = true;
            forceSSL = true;
-
            locations."/" = {
-        proxyPass = "http://127.0.0.1:8000";
+              proxyPass = "http://127.0.0.1:${toString port}";
              extraConfig = ''
                proxy_ssl_server_name on;
                proxy_pass_header Authorization;'';
            };
          };
        };
+      in
+      builtins.listToAttrs [
+        (mkVHost "rusty.ccnlc.eu" 8000)
+        (mkVHost "git.ccnlc.eu" 3000)
+      ];
+  };

  services.openssh.enable = true;

--- a/hosts/raptus/forgejo/app.ini
+++ b/hosts/raptus/forgejo/app.ini
@ -0,0 +1,2 @@
+[migrations]
+ALLOWED_DOMAINS=github.com,*.github.com.
--- a/hosts/raptus/forgejo/default.nix
+++ b/hosts/raptus/forgejo/default.nix
@ -0,0 +1,65 @@
+{ lib, pkgs, ... }:
+{
+  # Containers
+  virtualisation.oci-containers.containers."forgejo" = {
+    image = "codeberg.org/forgejo/forgejo:7";
+    environment = {
+      "USER_GID" = "1000";
+      "USER_UID" = "1000";
+    };
+    volumes = [
+      #"/etc/localtime:/etc/localtime:ro"
+      #"/etc/timezone:/etc/timezone:ro"
+      "test_forgejo:/data:rw"
+      "${./app.ini}:/data/gitea/app.ini:ro"
+    ];
+    ports = [
+      "3000:3000/tcp"
+      "222:22/tcp"
+    ];
+    log-driver = "journald";
+    extraOptions = [
+      "--network-alias=server"
+      "--network=test_forgejo"
+    ];
+  };
+  systemd.services."podman-forgejo" = {
+    serviceConfig = {
+      Restart = lib.mkOverride 500 "always";
+    };
+    after = [ "podman-network-test_forgejo.service" ];
+    requires = [ "podman-network-test_forgejo.service" ];
+    partOf = [ "podman-compose-test-root.target" ];
+    wantedBy = [ "podman-compose-test-root.target" ];
+  };
+
+  # Networks
+  systemd.services."podman-network-test_forgejo" = {
+    path = [ pkgs.podman ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+      ExecStop = "podman network rm -f test_forgejo";
+    };
+    script = ''
+      podman network inspect test_forgejo || podman network create test_forgejo
+    '';
+    partOf = [ "podman-compose-test-root.target" ];
+    wantedBy = [ "podman-compose-test-root.target" ];
+  };
+
+  # Volumes
+  systemd.services."podman-volume-test_forgejo" = {
+    path = [ pkgs.podman ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+    };
+    script = ''
+      podman volume inspect test_forgejo || podman volume create test_forgejo
+    '';
+    partOf = [ "podman-compose-test-root.target" ];
+    wantedBy = [ "podman-compose-test-root.target" ];
+  };
+
+}