mirror of
https://git.lgmrszd.xyz/Lgmrszd/nix-cfg.git
synced 2024-11-22 03:07:56 +01:00
vps1: add forgejo
This commit is contained in:
parent
1cc4297491
commit
bcd4bd5a14
3 changed files with 102 additions and 0 deletions
|
|
@ -10,6 +10,7 @@ in
|
||||||
imports = [
|
imports = [
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
./services/postgres.nix
|
./services/postgres.nix
|
||||||
|
./services/git.nix
|
||||||
./akkotest.nix
|
./akkotest.nix
|
||||||
|
|
||||||
(fetchTarball { url = "https://github.com/cariandrum22/nixos-vscode-server/tarball/support-for-new-dir-structure-of-vscode-server"; sha256 = "1sp4h0nb7dh7mcm8vdflihv76yz8azf5zifkcbxhq7xz48c8k5pd"; })
|
(fetchTarball { url = "https://github.com/cariandrum22/nixos-vscode-server/tarball/support-for-new-dir-structure-of-vscode-server"; sha256 = "1sp4h0nb7dh7mcm8vdflihv76yz8azf5zifkcbxhq7xz48c8k5pd"; })
|
||||||
|
|
|
||||||
43
hosts/vps1/secrets/forgejo.yaml
Normal file
43
hosts/vps1/secrets/forgejo.yaml
Normal file
|
|
@ -0,0 +1,43 @@
|
||||||
|
forgejo:
|
||||||
|
db_password: ENC[AES256_GCM,data:yePN9plDlfuakemqtJAZGscY,iv:M9CB8/Abk93WcSwZYr8l99QWCJDHJ2+k4dikHM9k8tY=,tag:S7I/sJk5RCHqdELDjKKo1Q==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1acgqxvyczgsamz53z3v0gmahzfxlg9tscwnrgcxrfndgxhsvn3vs4ss5tk
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2MGZwSStZaldyRDFiMjZE
|
||||||
|
N2dESGg3UnBISytyaW02eW1vZUVKTitBcFZrCi80dk95Nm85emtCYW5ldjVkcnFN
|
||||||
|
Y2J5OEdxK3UwS1AwZHNDWWdFRVo5bTQKLS0tIGZJNEkrLy9peGFvclZWLzljNDFj
|
||||||
|
T0xhWDY1L21nTkd4UDYrSGNPWDVHaUEK6X5OhbR83GHuuEZmMbvPO7RUOZlSnBeL
|
||||||
|
VlivxvxhHoj/Tlbs8uD8LjinbiifhlGkJYHej+P8QVi06Bn9gI+5bw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1xrzl49tvnatuu55xu5av6xcxyhrakd7mkzl5kz30kqqaxvh2m3sqax8jeu
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJWTBiZlIrcWJwT1VvRUxP
|
||||||
|
b1NzR0dxemJSbDFSQ0w3bEVZSGFYd0UydFdJCjAwdVlVMzhnOEdLRDJBYnhXUWg1
|
||||||
|
YlZwSC9mRENUdlJldVY3VC9wTGkwZU0KLS0tIHR5aGhwQkc5UHBGbXZ4dm5GaGtY
|
||||||
|
eXdROC8rY2pXd3RLVVRvcWNmeVh0UWcKM6OtW4fEl8zQGMINH6SL4WE8pCh9UDnB
|
||||||
|
lwJX5sTaBtCHGApRwQ+nERuV3W9Zzgo01oSqrwZqc5ErUQUwz5pmTA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-05-11T17:05:14Z"
|
||||||
|
mac: ENC[AES256_GCM,data:fGEmpM4+akBjB2lxcUFurZO0UmT6GnU+PHDSsEEDzr5sChV+yOtx11FRnWY01FzNrICJxlznsZg5BWzRkiEI+7CKcsgZW9rHBrNGqN/7baM5ecgKYqulKREyn7Mt2A7W3cmfjSiIJ3WpgcMfX4qUzRhQgiz39a6Nxpfn5lCxKKU=,iv:5GJ/NxNB0AYKEzfD9uTG63YERIBeuYp+JIRIsDsjSIM=,tag:KeK84LAkrkVXx0I8r0bxOw==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2024-05-11T17:05:09Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hF4DrTkQq20WUVESAQdAKHSoYNvGr7VvN5oqIEe+pftJrUH8Skr1KyW5857NTHkw
|
||||||
|
4LTsffNZuvXxMOZHZ66T2cc6GohBoogIm4dK/qKcxHYRY1Cx83R21byvd7eHHx8H
|
||||||
|
1GYBCQIQz5EOIrnkLWeXuV+tMf+oOsSchRT7JlDgly82kQRAVTdEOjxwqBl2vTu+
|
||||||
|
Joy7HtO/r/JFLMfdT9oojw8heWBhwswdXhJBkiFFKog7Qox+HVFjTEpJ1TWnIU1a
|
||||||
|
4LejEhc1GPQ=
|
||||||
|
=X+XJ
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: D3067BE844D3FC49535A47B29396B8BA6FBB14DE
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
||||||
58
hosts/vps1/services/git.nix
Normal file
58
hosts/vps1/services/git.nix
Normal file
|
|
@ -0,0 +1,58 @@
|
||||||
|
# Big thanks to Pyrox for their config! https://git.pyrox.dev/pyrox/nix/src/branch/main/hosts/marvin/services/git.nix
|
||||||
|
{ lib, pkgs, config, ... }:
|
||||||
|
let
|
||||||
|
rootDomain = "lgmrszd.xyz";
|
||||||
|
domain = "git.${rootDomain}";
|
||||||
|
|
||||||
|
cfg = config.services.forgejo;
|
||||||
|
srv = cfg.settings.server;
|
||||||
|
|
||||||
|
stateDir = "/var/lib/forgejo";
|
||||||
|
customDir = "${stateDir}/custom";
|
||||||
|
confDir = "${customDir}/conf";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
services.nginx.virtualHosts.${domain} = {
|
||||||
|
forceSSL = true;
|
||||||
|
useACMEHost = "${rootDomain}";
|
||||||
|
extraConfig = ''
|
||||||
|
client_max_body_size 512M;
|
||||||
|
'';
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://127.0.0.1:${toString srv.HTTP_PORT}";
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.forgejo = {
|
||||||
|
enable = true;
|
||||||
|
inherit stateDir;
|
||||||
|
inherit customDir;
|
||||||
|
database = {
|
||||||
|
type = "postgres";
|
||||||
|
createDatabase = true;
|
||||||
|
passwordFile = config.sops.secrets."forgejo/db_password".path;
|
||||||
|
};
|
||||||
|
settings = {
|
||||||
|
server = {
|
||||||
|
DOMAIN = domain;
|
||||||
|
ROOT_URL = "https://${srv.DOMAIN}/";
|
||||||
|
HTTP_PORT = 3000;
|
||||||
|
};
|
||||||
|
service.DISABLE_REGISTRATION = true;
|
||||||
|
actions = {
|
||||||
|
ENABLED = false;
|
||||||
|
};
|
||||||
|
mailer = {
|
||||||
|
ENABLED = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
sops.secrets."forgejo/db_password" = {
|
||||||
|
sopsFile = ../secrets/forgejo.yaml;
|
||||||
|
format = "yaml";
|
||||||
|
owner = "forgejo";
|
||||||
|
group = "forgejo";
|
||||||
|
};
|
||||||
|
}
|
||||||
Loading…
Reference in a new issue