feat: reenable forgejo
This commit is contained in:
parent
e493705ecd
commit
66aa57dec1
8 changed files with 137 additions and 4 deletions
|
@ -13,8 +13,9 @@ in {
|
|||
|
||||
"services/freshrss/admin-credentials.age".publicKeys = default;
|
||||
|
||||
"services/gitea/password-database.age".publicKeys = default;
|
||||
"services/gitea/runner-token.age".publicKeys = default;
|
||||
"services/forgejo/password-database.age".publicKeys = default;
|
||||
"services/forgejo/minio-secretkey.age".publicKeys = default;
|
||||
"services/forgejo/runner-token.age".publicKeys = default;
|
||||
|
||||
"services/gitlab/dbFile.age".publicKeys = default;
|
||||
"services/gitlab/jwsFile.age".publicKeys = default;
|
||||
|
|
BIN
config/secrets/services/forgejo/minio-secretkey.age
Normal file
BIN
config/secrets/services/forgejo/minio-secretkey.age
Normal file
Binary file not shown.
7
config/secrets/services/forgejo/runner-token.age
Normal file
7
config/secrets/services/forgejo/runner-token.age
Normal file
|
@ -0,0 +1,7 @@
|
|||
age-encryption.org/v1
|
||||
-> piv-p256 ML6NcA Axyxw6yFxClxeHvsS5nS0w9/YD5MkbK1AAgqbAlz85qd
|
||||
GHjgR0ctkcVdPWHzS8xyFxyNHxuOacgixFe6E1r1lKU
|
||||
-> ssh-ed25519 zj2A2A +O2Xjj34aQ5jTARybR9cpq3Ro9IPL+mFGsxVp0pl9QI
|
||||
NNqM6218WachtLLzMSVpuw2Kyhc9Dw+2kEw6g7paBFU
|
||||
--- 2O+aeC+Zzm33AltLmctxn4flFnYMYHpJkiG+1dGJUGU
|
||||
W<EFBFBD>g¥&<L v[<1C>îm¬Vá¼óÅáDGZîîIó©}H¥ÛfÚ/8ew¼åæf „3D<33>kψʷUÕhJFSfbå°ÎNÃÖ˜7 ³u\
|
Binary file not shown.
|
@ -3,6 +3,7 @@
|
|||
./attic.nix
|
||||
./atuin.nix
|
||||
./containers.nix
|
||||
./forgejo.nix
|
||||
./freshrss.nix
|
||||
./minio.nix
|
||||
./monitoring.nix
|
||||
|
|
124
config/services/forgejo.nix
Normal file
124
config/services/forgejo.nix
Normal file
|
@ -0,0 +1,124 @@
|
|||
{
|
||||
config,
|
||||
inputs,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
modules = ["services/misc/forgejo.nix" "services/continuous-integration/gitea-actions-runner.nix"];
|
||||
pkgsUnstable = inputs.nixpkgs-unstable.legacyPackages.${pkgs.stdenv.system};
|
||||
in {
|
||||
# swap out stable for unstable modules
|
||||
disabledModules = modules;
|
||||
imports =
|
||||
builtins.map (v: "${inputs.nixpkgs-unstable}/nixos/modules/${v}")
|
||||
modules;
|
||||
|
||||
age.secrets = {
|
||||
"services/forgejo/minio-secretkey".owner = config.services.forgejo.user;
|
||||
"services/forgejo/password-database".owner = config.services.forgejo.user;
|
||||
};
|
||||
|
||||
# forgejo ssh
|
||||
networking.firewall.allowedTCPPorts = [22];
|
||||
|
||||
# indexer
|
||||
services.elasticsearch.enable = true;
|
||||
|
||||
services.forgejo = {
|
||||
enable = true;
|
||||
|
||||
package = pkgsUnstable.forgejo;
|
||||
|
||||
database = {
|
||||
type = "postgres";
|
||||
passwordFile = config.age.secrets."services/forgejo/password-database".path;
|
||||
};
|
||||
|
||||
lfs.enable = true;
|
||||
|
||||
secrets = {
|
||||
storage = {
|
||||
MINIO_SECRET_ACCESS_KEY = config.age.secrets."services/forgejo/minio-secretkey".path;
|
||||
};
|
||||
};
|
||||
|
||||
settings = {
|
||||
DEFAULT.APP_NAME = "winston's forgejo";
|
||||
|
||||
indexer = with config.services.elasticsearch; let
|
||||
indexer = "elasticsearch";
|
||||
conn = "http://${listenAddress}:${toString port}";
|
||||
in {
|
||||
REPO_INDEXER_ENABLED = true;
|
||||
REPO_INDEXER_CONN_STR = conn;
|
||||
REPO_INDEXER_TYPE = indexer;
|
||||
ISSUE_INDEXER_CONN_STR = conn;
|
||||
ISSUE_INDEXER_TYPE = indexer;
|
||||
};
|
||||
|
||||
repository.ENABLE_PUSH_CREATE_USER = true;
|
||||
|
||||
server = rec {
|
||||
DOMAIN = "code.winston.sh";
|
||||
HTTP_ADDR = "127.0.0.1";
|
||||
HTTP_PORT = 12492;
|
||||
ROOT_URL = "https://${DOMAIN}/";
|
||||
OFFLINE_MODE = false;
|
||||
};
|
||||
|
||||
session = {
|
||||
COOKIE_NAME = "forgejo-session";
|
||||
COOKIE_SECURE = true;
|
||||
SAME_SITE = "strict";
|
||||
};
|
||||
|
||||
storage = {
|
||||
STORAGE_TYPE = "minio";
|
||||
|
||||
SERVE_DIRECT = true;
|
||||
MINIO_ENDPOINT = "s3.winston.sh";
|
||||
|
||||
MINIO_ACCESS_KEY_ID = "forgejo";
|
||||
|
||||
MINIO_BUCKET = "forgejo";
|
||||
MINIO_LOCATION = "eu-central-1";
|
||||
MINIO_USE_SSL = true;
|
||||
};
|
||||
|
||||
"ui.meta".AUTHOR = "nekowinston's Forgejo - Beyond coding. We forge.";
|
||||
|
||||
other = {
|
||||
SHOW_FOOTER_VERSION = false;
|
||||
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
|
||||
SHOW_FOOTER_POWERED_BY = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
virtualisation.podman.enable = true;
|
||||
services.gitea-actions-runner = {
|
||||
package = pkgsUnstable.forgejo-runner;
|
||||
instances.main = {
|
||||
enable = true;
|
||||
name = "main";
|
||||
url = config.services.forgejo.settings.server.ROOT_URL;
|
||||
tokenFile = config.age.secrets."services/forgejo/runner-token".path;
|
||||
labels = ["ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest"];
|
||||
settings.container = {
|
||||
network = "host";
|
||||
options = "--add-host=forgejo.winston.sh:host-gateway";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts.${config.services.forgejo.settings.server.DOMAIN} = {
|
||||
forceSSL = true;
|
||||
enableACME = false;
|
||||
useACMEHost = "winston.sh";
|
||||
|
||||
locations."/" = with config.services.forgejo.settings.server; {
|
||||
extraConfig = "client_max_body_size 512M;";
|
||||
proxyPass = "http://${HTTP_ADDR}:${toString HTTP_PORT}";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -274,8 +274,8 @@
|
|||
"steam-fetcher": "steam-fetcher"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1725985161,
|
||||
"narHash": "sha256-3E+tLNNlRyTlViudgYv8PvJOZdr3tsZrZ459eGff8sg=",
|
||||
"lastModified": 1726069190,
|
||||
"narHash": "sha256-UYnjgHSIjxdbRBxpVwvQ5IX5TVfRmgVZsGvwvRHeuPc=",
|
||||
"path": "/home/winston/satisfactory-flake",
|
||||
"type": "path"
|
||||
},
|
||||
|
|
Loading…
Reference in a new issue