services/forgejo: init

2025-01-03 23:51:59 +08:00 · 2025-01-03 23:51:59 +08:00 · fa8a202fff
parent 370324be1c
commit fa8a202fff
4 changed files with 68 additions and 0 deletions
--- a/nixos/hosts/suwako-vie0/default.nix
+++ b/nixos/hosts/suwako-vie0/default.nix
@ -9,6 +9,7 @@
    suites.server
    ++ (with profiles; [
      services.caddy
+      services.forgejo
      services.keycloak
      services.matrix.heisenbridge
      services.matrix.mautrix-telegram
--- a/nixos/modules/networking/ports.nix
+++ b/nixos/modules/networking/ports.nix
@ -36,6 +36,7 @@ in
      prometheus-blackbox-exporter = 4071;
      prometheus-ping-exporter = 4072;
      vaultwarden = 4080;
+      forgejo = 4090;

      # public ports
      enthalpy-wireguard-reimu-aston = 13101;
--- a/nixos/profiles/services/forgejo/default.nix
+++ b/nixos/profiles/services/forgejo/default.nix
@ -0,0 +1,65 @@
+{ config, ... }:
+{
+  services.forgejo = {
+    enable = true;
+    lfs.enable = true;
+    user = "git";
+    group = "git";
+    database = {
+      type = "postgres";
+      user = "git";
+      name = "git";
+    };
+    dump.enable = false;
+    settings = {
+      DEFAULT = {
+        APP_NAME = "rebmit's forge";
+      };
+      server = {
+        DOMAIN = "git.rebmit.moe";
+        HTTP_ADDR = "127.0.0.1";
+        HTTP_PORT = config.networking.ports.forgejo;
+        ROOT_URL = "https://git.rebmit.moe";
+        SSH_PORT = config.networking.ports.ssh;
+      };
+      service = {
+        DISABLE_REGISTRATION = true;
+      };
+      session = {
+        COOKIE_SECURE = true;
+      };
+      oauth2_client = {
+        ENABLE_AUTO_REGISTRATION = true;
+        USERNAME = "userid";
+      };
+    };
+  };
+
+  users.users.git = {
+    home = config.services.forgejo.stateDir;
+    useDefaultShell = true;
+    group = "git";
+    isSystemUser = true;
+  };
+
+  users.groups.git = { };
+
+  services.caddy.virtualHosts."git.rebmit.moe" = {
+    extraConfig = with config.services.forgejo.settings.server; ''
+      reverse_proxy ${HTTP_ADDR}:${toString HTTP_PORT}
+    '';
+  };
+
+  preservation.preserveAt."/persist".directories = [
+    {
+      directory = config.services.forgejo.stateDir;
+      mode = "-";
+      user = "-";
+      group = "-";
+    }
+  ];
+
+  services.restic.backups.b2.paths = [
+    "/persist${config.services.forgejo.stateDir}"
+  ];
+}
--- a/zones/rebmit.moe.nix
+++ b/zones/rebmit.moe.nix
@ -45,6 +45,7 @@ dns.lib.toString "rebmit.moe" {
  TXT = [ (with spf; soft [ "mx" ]) ];
  subdomains = {
    chat.CNAME = [ "suwako-vie0.rebmit.link." ];
+    git.CNAME = [ "suwako-vie0.rebmit.link." ];
    id.CNAME = [ "suwako-vie0.rebmit.link." ];
    prom.CNAME = [ "fallback.workers.moe." ];
    push.CNAME = [ "suwako-vie1.rebmit.link." ];