thegeneralist01/config
1
Fork 0
mirror of https://github.com/thegeneralist01/config.git synced 2026-03-07 10:59:55 +01:00
Code Issues Activity

server: add forgejo and postgresql

Browse source
This commit is contained in:
TheGeneralist 2026-01-06 14:16:51 +01:00
parent 27d347d3c8
commit 6014ad7d7a
Signed by: thegeneralist01
SSH key fingerprint: SHA256:pp9qddbCNmVNoSjevdvQvM5z0DHN7LTa8qBMbcMq/R4
8 changed files with 158 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

3
hosts/thegeneralist-central/acme/default.nix
View file

@ -17,6 +17,9 @@ in {
extraDomainNames = [ "*.${domain}" ]; extraDomainNames = [ "*.${domain}" ];
group = "acme"; group = "acme";
}; };
"git.${domain}" = {
group = "acme";
};
"internal.${domain}" = { "internal.${domain}" = {
group = "acme"; group = "acme";
}; };

2
hosts/thegeneralist-central/configuration.nix
View file

@ -5,7 +5,7 @@
{ config, pkgs, inputs, ... }: { config, pkgs, inputs, ... }:
{ {
imports = [ ./hardware-configuration.nix ./site.nix ./cache ./archive ]; imports = [ ./hardware-configuration.nix ./site.nix ./cache ./archive ./forgejo ];
age.secrets.password.file = ./password.age; age.secrets.password.file = ./password.age;
users.users = { users.users = {

94
hosts/thegeneralist-central/forgejo/default.nix Normal file
View file

@ -0,0 +1,94 @@
let
forgejo_root_dir = "/var/lib/forgejo";
domain = "git.thegeneralist01.com";
forgejo_folder = folder_name: "${forgejo_root_dir}/${folder_name}";
in
{
imports = [ ../../../modules/postgresql.nix ];
services.forgejo = {
enable = true;
stateDir = forgejo_folder "state";
lfs.enable = true;
settings =
let
title = "thegeneralist01's forgejo";
desc = "the attic of thegeneralist01's random repositories";
in
{
default.APP_NAME = title;
"ui.meta" = {
AUTHOR = title;
DESCRIPTION = desc;
};
attachment.ALLOWED_TYPES = "*/*";
cache.ENABLED = true;
"cron.archive_cleanup" =
let
interval = "4h";
in
{
SCHEDULE = "@every ${interval}";
OLDER_THAN = interval;
};
packages.ENABLED = true;
mailer = {
ENABLED = false;
# PROTOCOL = "smtps";
# SMTP_ADDR = self.disk.mailserver.fqdn;
# USER = "git@${domain}";
};
other = {
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
SHOW_FOOTER_VERSION = false;
};
repository = {
DEFAULT_BRANCH = "master";
DEFAULT_MERGE_STYLE = "rebase-merge";
DEFAULT_REPO_UNITS = "repo.code, repo.issues, repo.pulls";
DEFAULT_PUSH_CREATE_PRIVATE = false;
ENABLE_PUSH_CREATE_ORG = true;
ENABLE_PUSH_CREATE_USER = true;
DISABLE_STARS = true;
};
"repository.upload" = {
FILE_MAX_SIZE = 100;
MAX_FILES = 10;
};
server = {
ROOT_URL = "https://${domain}/";
DOMAIN = domain;
LANDING_PAGE = "/explore";
HTTP_ADDR = "127.0.0.1";
HTTP_PORT = 3000;
SSH_LISTEN_HOST = "0.0.0.0";
SSH_PORT = 2222;
SSH_LISTEN_PORT = 2222;
};
service.DISABLE_REGISTRATION = true;
session = {
COOKIE_SECURE = true;
SAME_SITE = "strict";
};
};
};
networking.firewall.allowedTCPPorts = [ 2222 ];
}

1
hosts/thegeneralist-central/site.nix
View file

@ -98,6 +98,7 @@ in
"thegeneralist01.com" = "http://localhost:80"; "thegeneralist01.com" = "http://localhost:80";
"www.thegeneralist01.com" = "http://localhost:80"; "www.thegeneralist01.com" = "http://localhost:80";
"cache.thegeneralist01.com" = "http://localhost:80"; "cache.thegeneralist01.com" = "http://localhost:80";
"git.thegeneralist01.com" = "http://localhost:3000";
}; };
default = "http_status:404"; default = "http_status:404";

3
lib/default.nix
View file

@ -1,5 +1,6 @@
inputs: self: super: inputs: self: super:
let let
system = import ./system.nix inputs self super; system = import ./system.nix inputs self super;
option = import ./option.nix inputs self super;
in in
system system // option

12
lib/option.nix Normal file
View file

@ -0,0 +1,12 @@
_: _: super: let
inherit (super) mkOption;
in {
mkConst = value: mkOption {
default = value;
readOnly = true;
};
mkValue = default: mkOption {
inherit default;
};
}

2
modules/common/nix.nix
View file

@ -25,7 +25,7 @@ in {
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
]; ];
trusted-users = [ "thegeneralist" "central" "root" "@build" "@wheel" "@admin" "jellyfin" ]; trusted-users = [ "thegeneralist" "central" "root" "@build" "@wheel" "@admin" "jellyfin" "git" ];
builders-use-substitutes = true; builders-use-substitutes = true;
}; };

44
modules/postgresql.nix Normal file
View file

@ -0,0 +1,44 @@
# stolen from https://github.com/RGBCube/ncc/blob/94c349aa767f04f40ff4165c70c15ed3c3996f82/modules/postgresql.nix
{ config, lib, pkgs, ... }: let
inherit (lib) flip mkForce mkOverride mkValue;
in {
config.environment.systemPackages = [
config.services.postgresql.package
];
options.services.postgresql.ensure = mkValue [];
config.services.postgresql = {
enable = true;
package = pkgs.postgresql_17;
enableJIT = true;
enableTCPIP = true;
settings.listen_addresses = mkForce "::";
authentication = mkOverride 10 /* ini */ ''
# DATABASE USER AUTHENTICATION
local all all peer
# DATABASE USER ADDRESS AUTHENTICATION
host all all ::/0 md5
'';
ensure = [ "postgres" "root" ];
initdbArgs = [ "--locale=C" "--encoding=UTF8" ];
ensureDatabases = config.services.postgresql.ensure;
ensureUsers = flip map config.services.postgresql.ensure (name: {
inherit name;
ensureDBOwnership = true;
ensureClauses = {
login = true;
superuser = name == "postgres" || name == "root";
};
});
};
}