server: add forgejo and postgresql

2026-01-06 14:16:51 +01:00 · 2026-01-06 14:16:51 +01:00 · 6014ad7d7a
commit 6014ad7d7a
parent 27d347d3c8
8 changed files with 158 additions and 3 deletions
--- a/hosts/thegeneralist-central/acme/default.nix
+++ b/hosts/thegeneralist-central/acme/default.nix
@ -17,6 +17,9 @@ in {
        extraDomainNames = [ "*.${domain}" ];
        group = "acme";
      };
+      "git.${domain}" = {
+        group = "acme";
+      };
      "internal.${domain}" = {
        group = "acme";
      };
--- a/hosts/thegeneralist-central/configuration.nix
+++ b/hosts/thegeneralist-central/configuration.nix
@ -5,7 +5,7 @@
 { config, pkgs, inputs, ... }:

 {
-  imports = [ ./hardware-configuration.nix ./site.nix ./cache ./archive ];
+  imports = [ ./hardware-configuration.nix ./site.nix ./cache ./archive ./forgejo ];

  age.secrets.password.file = ./password.age;
  users.users = {
--- a/hosts/thegeneralist-central/forgejo/default.nix
+++ b/hosts/thegeneralist-central/forgejo/default.nix
@ -0,0 +1,94 @@
+let
+  forgejo_root_dir = "/var/lib/forgejo";
+  domain = "git.thegeneralist01.com";
+
+  forgejo_folder = folder_name: "${forgejo_root_dir}/${folder_name}";
+in
+{
+  imports = [ ../../../modules/postgresql.nix ];
+
+  services.forgejo = {
+    enable = true;
+    stateDir = forgejo_folder "state";
+
+    lfs.enable = true;
+
+    settings =
+      let
+        title = "thegeneralist01's forgejo";
+        desc = "the attic of thegeneralist01's random repositories";
+      in
+      {
+        default.APP_NAME = title;
+        "ui.meta" = {
+          AUTHOR = title;
+          DESCRIPTION = desc;
+        };
+
+        attachment.ALLOWED_TYPES = "*/*";
+        cache.ENABLED = true;
+
+        "cron.archive_cleanup" =
+          let
+            interval = "4h";
+          in
+          {
+            SCHEDULE = "@every ${interval}";
+            OLDER_THAN = interval;
+          };
+
+        packages.ENABLED = true;
+        mailer = {
+          ENABLED = false;
+
+          # PROTOCOL = "smtps";
+          # SMTP_ADDR = self.disk.mailserver.fqdn;
+          # USER = "git@${domain}";
+        };
+
+        other = {
+          SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
+          SHOW_FOOTER_VERSION = false;
+        };
+
+        repository = {
+          DEFAULT_BRANCH = "master";
+          DEFAULT_MERGE_STYLE = "rebase-merge";
+          DEFAULT_REPO_UNITS = "repo.code, repo.issues, repo.pulls";
+
+          DEFAULT_PUSH_CREATE_PRIVATE = false;
+          ENABLE_PUSH_CREATE_ORG = true;
+          ENABLE_PUSH_CREATE_USER = true;
+
+          DISABLE_STARS = true;
+        };
+
+        "repository.upload" = {
+          FILE_MAX_SIZE = 100;
+          MAX_FILES = 10;
+        };
+
+        server = {
+          ROOT_URL = "https://${domain}/";
+          DOMAIN = domain;
+          LANDING_PAGE = "/explore";
+
+          HTTP_ADDR = "127.0.0.1";
+          HTTP_PORT = 3000;
+
+          SSH_LISTEN_HOST = "0.0.0.0";
+          SSH_PORT = 2222;
+          SSH_LISTEN_PORT = 2222;
+        };
+
+        service.DISABLE_REGISTRATION = true;
+
+        session = {
+          COOKIE_SECURE = true;
+          SAME_SITE = "strict";
+        };
+      };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 2222 ];
+}
--- a/hosts/thegeneralist-central/site.nix
+++ b/hosts/thegeneralist-central/site.nix
@ -98,6 +98,7 @@ in
          "thegeneralist01.com" = "http://localhost:80";
          "www.thegeneralist01.com" = "http://localhost:80";
          "cache.thegeneralist01.com" = "http://localhost:80";
+          "git.thegeneralist01.com" = "http://localhost:3000";
        };
        default = "http_status:404";