feat: reenable forgejo
This commit is contained in:
parent
e493705ecd
commit
66aa57dec1
8 changed files with 137 additions and 4 deletions
|
@ -13,8 +13,9 @@ in {
|
||||||
|
|
||||||
"services/freshrss/admin-credentials.age".publicKeys = default;
|
"services/freshrss/admin-credentials.age".publicKeys = default;
|
||||||
|
|
||||||
"services/gitea/password-database.age".publicKeys = default;
|
"services/forgejo/password-database.age".publicKeys = default;
|
||||||
"services/gitea/runner-token.age".publicKeys = default;
|
"services/forgejo/minio-secretkey.age".publicKeys = default;
|
||||||
|
"services/forgejo/runner-token.age".publicKeys = default;
|
||||||
|
|
||||||
"services/gitlab/dbFile.age".publicKeys = default;
|
"services/gitlab/dbFile.age".publicKeys = default;
|
||||||
"services/gitlab/jwsFile.age".publicKeys = default;
|
"services/gitlab/jwsFile.age".publicKeys = default;
|
||||||
|
|
BIN
config/secrets/services/forgejo/minio-secretkey.age
Normal file
BIN
config/secrets/services/forgejo/minio-secretkey.age
Normal file
Binary file not shown.
7
config/secrets/services/forgejo/runner-token.age
Normal file
7
config/secrets/services/forgejo/runner-token.age
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> piv-p256 ML6NcA Axyxw6yFxClxeHvsS5nS0w9/YD5MkbK1AAgqbAlz85qd
|
||||||
|
GHjgR0ctkcVdPWHzS8xyFxyNHxuOacgixFe6E1r1lKU
|
||||||
|
-> ssh-ed25519 zj2A2A +O2Xjj34aQ5jTARybR9cpq3Ro9IPL+mFGsxVp0pl9QI
|
||||||
|
NNqM6218WachtLLzMSVpuw2Kyhc9Dw+2kEw6g7paBFU
|
||||||
|
--- 2O+aeC+Zzm33AltLmctxn4flFnYMYHpJkiG+1dGJUGU
|
||||||
|
W<EFBFBD>g¥&<L v[<1C>îm¬Vá¼óÅáDGZîîIó©}H¥ÛfÚ/8ew¼åæf „3D<33>kψʷUÕhJFSfbå°ÎNÃÖ˜7 ³u\
|
Binary file not shown.
|
@ -3,6 +3,7 @@
|
||||||
./attic.nix
|
./attic.nix
|
||||||
./atuin.nix
|
./atuin.nix
|
||||||
./containers.nix
|
./containers.nix
|
||||||
|
./forgejo.nix
|
||||||
./freshrss.nix
|
./freshrss.nix
|
||||||
./minio.nix
|
./minio.nix
|
||||||
./monitoring.nix
|
./monitoring.nix
|
||||||
|
|
124
config/services/forgejo.nix
Normal file
124
config/services/forgejo.nix
Normal file
|
@ -0,0 +1,124 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
inputs,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
modules = ["services/misc/forgejo.nix" "services/continuous-integration/gitea-actions-runner.nix"];
|
||||||
|
pkgsUnstable = inputs.nixpkgs-unstable.legacyPackages.${pkgs.stdenv.system};
|
||||||
|
in {
|
||||||
|
# swap out stable for unstable modules
|
||||||
|
disabledModules = modules;
|
||||||
|
imports =
|
||||||
|
builtins.map (v: "${inputs.nixpkgs-unstable}/nixos/modules/${v}")
|
||||||
|
modules;
|
||||||
|
|
||||||
|
age.secrets = {
|
||||||
|
"services/forgejo/minio-secretkey".owner = config.services.forgejo.user;
|
||||||
|
"services/forgejo/password-database".owner = config.services.forgejo.user;
|
||||||
|
};
|
||||||
|
|
||||||
|
# forgejo ssh
|
||||||
|
networking.firewall.allowedTCPPorts = [22];
|
||||||
|
|
||||||
|
# indexer
|
||||||
|
services.elasticsearch.enable = true;
|
||||||
|
|
||||||
|
services.forgejo = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
package = pkgsUnstable.forgejo;
|
||||||
|
|
||||||
|
database = {
|
||||||
|
type = "postgres";
|
||||||
|
passwordFile = config.age.secrets."services/forgejo/password-database".path;
|
||||||
|
};
|
||||||
|
|
||||||
|
lfs.enable = true;
|
||||||
|
|
||||||
|
secrets = {
|
||||||
|
storage = {
|
||||||
|
MINIO_SECRET_ACCESS_KEY = config.age.secrets."services/forgejo/minio-secretkey".path;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
settings = {
|
||||||
|
DEFAULT.APP_NAME = "winston's forgejo";
|
||||||
|
|
||||||
|
indexer = with config.services.elasticsearch; let
|
||||||
|
indexer = "elasticsearch";
|
||||||
|
conn = "http://${listenAddress}:${toString port}";
|
||||||
|
in {
|
||||||
|
REPO_INDEXER_ENABLED = true;
|
||||||
|
REPO_INDEXER_CONN_STR = conn;
|
||||||
|
REPO_INDEXER_TYPE = indexer;
|
||||||
|
ISSUE_INDEXER_CONN_STR = conn;
|
||||||
|
ISSUE_INDEXER_TYPE = indexer;
|
||||||
|
};
|
||||||
|
|
||||||
|
repository.ENABLE_PUSH_CREATE_USER = true;
|
||||||
|
|
||||||
|
server = rec {
|
||||||
|
DOMAIN = "code.winston.sh";
|
||||||
|
HTTP_ADDR = "127.0.0.1";
|
||||||
|
HTTP_PORT = 12492;
|
||||||
|
ROOT_URL = "https://${DOMAIN}/";
|
||||||
|
OFFLINE_MODE = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
session = {
|
||||||
|
COOKIE_NAME = "forgejo-session";
|
||||||
|
COOKIE_SECURE = true;
|
||||||
|
SAME_SITE = "strict";
|
||||||
|
};
|
||||||
|
|
||||||
|
storage = {
|
||||||
|
STORAGE_TYPE = "minio";
|
||||||
|
|
||||||
|
SERVE_DIRECT = true;
|
||||||
|
MINIO_ENDPOINT = "s3.winston.sh";
|
||||||
|
|
||||||
|
MINIO_ACCESS_KEY_ID = "forgejo";
|
||||||
|
|
||||||
|
MINIO_BUCKET = "forgejo";
|
||||||
|
MINIO_LOCATION = "eu-central-1";
|
||||||
|
MINIO_USE_SSL = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
"ui.meta".AUTHOR = "nekowinston's Forgejo - Beyond coding. We forge.";
|
||||||
|
|
||||||
|
other = {
|
||||||
|
SHOW_FOOTER_VERSION = false;
|
||||||
|
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
|
||||||
|
SHOW_FOOTER_POWERED_BY = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
virtualisation.podman.enable = true;
|
||||||
|
services.gitea-actions-runner = {
|
||||||
|
package = pkgsUnstable.forgejo-runner;
|
||||||
|
instances.main = {
|
||||||
|
enable = true;
|
||||||
|
name = "main";
|
||||||
|
url = config.services.forgejo.settings.server.ROOT_URL;
|
||||||
|
tokenFile = config.age.secrets."services/forgejo/runner-token".path;
|
||||||
|
labels = ["ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest"];
|
||||||
|
settings.container = {
|
||||||
|
network = "host";
|
||||||
|
options = "--add-host=forgejo.winston.sh:host-gateway";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts.${config.services.forgejo.settings.server.DOMAIN} = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = false;
|
||||||
|
useACMEHost = "winston.sh";
|
||||||
|
|
||||||
|
locations."/" = with config.services.forgejo.settings.server; {
|
||||||
|
extraConfig = "client_max_body_size 512M;";
|
||||||
|
proxyPass = "http://${HTTP_ADDR}:${toString HTTP_PORT}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -274,8 +274,8 @@
|
||||||
"steam-fetcher": "steam-fetcher"
|
"steam-fetcher": "steam-fetcher"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1725985161,
|
"lastModified": 1726069190,
|
||||||
"narHash": "sha256-3E+tLNNlRyTlViudgYv8PvJOZdr3tsZrZ459eGff8sg=",
|
"narHash": "sha256-UYnjgHSIjxdbRBxpVwvQ5IX5TVfRmgVZsGvwvRHeuPc=",
|
||||||
"path": "/home/winston/satisfactory-flake",
|
"path": "/home/winston/satisfactory-flake",
|
||||||
"type": "path"
|
"type": "path"
|
||||||
},
|
},
|
||||||
|
|
Loading…
Reference in a new issue