diff --git a/hosts/vps1/configuration.nix b/hosts/vps1/configuration.nix index 6eb7949..342effd 100644 --- a/hosts/vps1/configuration.nix +++ b/hosts/vps1/configuration.nix @@ -10,6 +10,7 @@ in imports = [ ./hardware-configuration.nix ./services/postgres.nix + ./services/git.nix ./akkotest.nix (fetchTarball { url = "https://github.com/cariandrum22/nixos-vscode-server/tarball/support-for-new-dir-structure-of-vscode-server"; sha256 = "1sp4h0nb7dh7mcm8vdflihv76yz8azf5zifkcbxhq7xz48c8k5pd"; }) diff --git a/hosts/vps1/secrets/forgejo.yaml b/hosts/vps1/secrets/forgejo.yaml new file mode 100644 index 0000000..46c49aa --- /dev/null +++ b/hosts/vps1/secrets/forgejo.yaml @@ -0,0 +1,43 @@ +forgejo: + db_password: ENC[AES256_GCM,data:yePN9plDlfuakemqtJAZGscY,iv:M9CB8/Abk93WcSwZYr8l99QWCJDHJ2+k4dikHM9k8tY=,tag:S7I/sJk5RCHqdELDjKKo1Q==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1acgqxvyczgsamz53z3v0gmahzfxlg9tscwnrgcxrfndgxhsvn3vs4ss5tk + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2MGZwSStZaldyRDFiMjZE + N2dESGg3UnBISytyaW02eW1vZUVKTitBcFZrCi80dk95Nm85emtCYW5ldjVkcnFN + Y2J5OEdxK3UwS1AwZHNDWWdFRVo5bTQKLS0tIGZJNEkrLy9peGFvclZWLzljNDFj + T0xhWDY1L21nTkd4UDYrSGNPWDVHaUEK6X5OhbR83GHuuEZmMbvPO7RUOZlSnBeL + VlivxvxhHoj/Tlbs8uD8LjinbiifhlGkJYHej+P8QVi06Bn9gI+5bw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1xrzl49tvnatuu55xu5av6xcxyhrakd7mkzl5kz30kqqaxvh2m3sqax8jeu + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJWTBiZlIrcWJwT1VvRUxP + b1NzR0dxemJSbDFSQ0w3bEVZSGFYd0UydFdJCjAwdVlVMzhnOEdLRDJBYnhXUWg1 + YlZwSC9mRENUdlJldVY3VC9wTGkwZU0KLS0tIHR5aGhwQkc5UHBGbXZ4dm5GaGtY + eXdROC8rY2pXd3RLVVRvcWNmeVh0UWcKM6OtW4fEl8zQGMINH6SL4WE8pCh9UDnB + lwJX5sTaBtCHGApRwQ+nERuV3W9Zzgo01oSqrwZqc5ErUQUwz5pmTA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-05-11T17:05:14Z" + mac: ENC[AES256_GCM,data:fGEmpM4+akBjB2lxcUFurZO0UmT6GnU+PHDSsEEDzr5sChV+yOtx11FRnWY01FzNrICJxlznsZg5BWzRkiEI+7CKcsgZW9rHBrNGqN/7baM5ecgKYqulKREyn7Mt2A7W3cmfjSiIJ3WpgcMfX4qUzRhQgiz39a6Nxpfn5lCxKKU=,iv:5GJ/NxNB0AYKEzfD9uTG63YERIBeuYp+JIRIsDsjSIM=,tag:KeK84LAkrkVXx0I8r0bxOw==,type:str] + pgp: + - created_at: "2024-05-11T17:05:09Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DrTkQq20WUVESAQdAKHSoYNvGr7VvN5oqIEe+pftJrUH8Skr1KyW5857NTHkw + 4LTsffNZuvXxMOZHZ66T2cc6GohBoogIm4dK/qKcxHYRY1Cx83R21byvd7eHHx8H + 1GYBCQIQz5EOIrnkLWeXuV+tMf+oOsSchRT7JlDgly82kQRAVTdEOjxwqBl2vTu+ + Joy7HtO/r/JFLMfdT9oojw8heWBhwswdXhJBkiFFKog7Qox+HVFjTEpJ1TWnIU1a + 4LejEhc1GPQ= + =X+XJ + -----END PGP MESSAGE----- + fp: D3067BE844D3FC49535A47B29396B8BA6FBB14DE + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/hosts/vps1/services/git.nix b/hosts/vps1/services/git.nix new file mode 100644 index 0000000..b419ac2 --- /dev/null +++ b/hosts/vps1/services/git.nix @@ -0,0 +1,58 @@ +# Big thanks to Pyrox for their config! https://git.pyrox.dev/pyrox/nix/src/branch/main/hosts/marvin/services/git.nix +{ lib, pkgs, config, ... }: +let + rootDomain = "lgmrszd.xyz"; + domain = "git.${rootDomain}"; + + cfg = config.services.forgejo; + srv = cfg.settings.server; + + stateDir = "/var/lib/forgejo"; + customDir = "${stateDir}/custom"; + confDir = "${customDir}/conf"; +in +{ + services.nginx.virtualHosts.${domain} = { + forceSSL = true; + useACMEHost = "${rootDomain}"; + extraConfig = '' + client_max_body_size 512M; + ''; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString srv.HTTP_PORT}"; + recommendedProxySettings = true; + }; + }; + + services.forgejo = { + enable = true; + inherit stateDir; + inherit customDir; + database = { + type = "postgres"; + createDatabase = true; + passwordFile = config.sops.secrets."forgejo/db_password".path; + }; + settings = { + server = { + DOMAIN = domain; + ROOT_URL = "https://${srv.DOMAIN}/"; + HTTP_PORT = 3000; + }; + service.DISABLE_REGISTRATION = true; + actions = { + ENABLED = false; + }; + mailer = { + ENABLED = false; + }; + }; + }; + + sops.secrets."forgejo/db_password" = { + sopsFile = ../secrets/forgejo.yaml; + format = "yaml"; + owner = "forgejo"; + group = "forgejo"; + }; +} \ No newline at end of file