refactor: move forgejo to new server module structure

This commit is contained in:
Michael Thomas 2024-05-08 14:49:54 -04:00
parent 646d15f8ee
commit 3fd4e28a2e
7 changed files with 226 additions and 95 deletions

153
flake.nix
View File

@ -55,6 +55,12 @@
...
} @ inputs: let
forAllSystems = nixpkgs.lib.genAttrs utils.lib.defaultSystems;
defaultModules = [
self.overlaysModule
home-manager.nixosModules.home-manager
./modules
];
in {
# Your custom packages
# Accessible through 'nix build', 'nix shell', etc
@ -69,94 +75,95 @@
nixosConfigurations = {
loft = nixpkgs.lib.nixosSystem {
system = utils.lib.system.x86_64-linux;
modules = [
self.overlaysModule
home-manager.nixosModules.home-manager
./modules/common.nix
./modules/containers.nix
modules =
defaultModules
++ [
./modules/common.nix
./modules/containers.nix
./machines/loft/configuration.nix
];
./machines/loft/configuration.nix
];
specialArgs = {inherit inputs;};
};
kitchen = nixpkgs.lib.nixosSystem {
system = utils.lib.system.x86_64-linux;
modules = [
self.overlaysModule
home-manager.nixosModules.home-manager
./modules/common.nix
./modules/containers.nix
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.michael = import ./user/environments/nixos/home.nix;
}
modules =
defaultModules
++ [
./modules/common.nix
./modules/containers.nix
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.michael = import ./user/environments/nixos/home.nix;
}
./machines/kitchen/configuration.nix
];
./machines/kitchen/configuration.nix
];
specialArgs = {inherit inputs;};
};
thinkcentre = nixpkgs.lib.nixosSystem {
system = utils.lib.system.x86_64-linux;
modules = [
self.overlaysModule
home-manager.nixosModules.home-manager
./modules/common.nix
./modules/hyprland.nix
./modules/containers.nix
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.michael = import ./user/environments/nixos/home.nix;
}
modules =
defaultModules
++ [
./modules/common.nix
./modules/hyprland.nix
./modules/containers.nix
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.michael = import ./user/environments/nixos/home.nix;
}
./machines/thinkcentre/configuration.nix
agenix.nixosModules.default
{
environment.systemPackages = [
agenix.packages.x86_64-linux.default
];
}
];
./machines/thinkcentre/configuration.nix
agenix.nixosModules.default
{
environment.systemPackages = [
agenix.packages.x86_64-linux.default
];
}
];
specialArgs = {inherit inputs;};
};
oracle = nixpkgs.lib.nixosSystem {
system = utils.lib.system.x86_64-linux;
modules = [
home-manager.nixosModules.home-manager
./modules/nix.nix
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.michael = import ./user/environments/nixos-server/home.nix;
}
agenix.nixosModules.default
{
environment.systemPackages = [
agenix.packages.x86_64-linux.default
];
}
modules =
defaultModules
++ [
./modules/nix.nix
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.michael = import ./user/environments/nixos-server/home.nix;
}
agenix.nixosModules.default
{
environment.systemPackages = [
agenix.packages.x86_64-linux.default
];
}
./machines/oracle/configuration.nix
];
./machines/oracle/configuration.nix
];
specialArgs = {inherit inputs;};
};
# WSL environment
work = inputs.nixpkgs.lib.nixosSystem {
system = utils.lib.system.x86_64-linux;
modules = [
self.overlaysModule
home-manager.nixosModules.home-manager
vscode-server.nixosModules.default
./modules/containers.nix
./modules/nix.nix
modules =
defaultModules
++ [
vscode-server.nixosModules.default
./modules/containers.nix
./modules/nix.nix
./machines/work/configuration.nix
];
./machines/work/configuration.nix
];
specialArgs = {inherit inputs;};
};
};
@ -165,18 +172,18 @@
mac = darwin.lib.darwinSystem {
system = "aarch64-darwin";
specialArgs = {inherit inputs;};
modules = [
self.overlaysModule
home-manager.darwinModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.michael = import ./user/environments/mac/home.nix;
}
modules =
defaultModules
++ [
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.michael = import ./user/environments/mac/home.nix;
}
./modules/yabai.nix
./machines/mac/configuration.nix
];
./modules/yabai.nix
./machines/mac/configuration.nix
];
};
};

View File

@ -103,6 +103,9 @@
};
networking.firewall.allowedTCPPorts = [80 443];
my.server.proxyIP = "10.0.0.2";
my.services.forgejo.proxy = true;
services.uptime-kuma = {
enable = true;
settings = {

View File

@ -13,7 +13,7 @@
networking.firewall = {
enable = true;
interfaces."wg0" = {
allowedTCPPorts = [7654 3030 3000];
allowedTCPPorts = [7654 3030];
};
};
@ -103,29 +103,39 @@
};
};
services.forgejo = {
enable = true;
settings.server = {
DOMAIN = "git.s.michaelt.xyz";
ROOT_URL = "https://git.s.michaelt.xyz";
DISABLE_SSH = true;
HTTP_PORT = 3000;
};
settings.session = {
COOKIE_SECURE = true;
};
settings.service = {
DISABLE_REGISTRATION = true;
};
settings.openid = {
ENABLE_OPENID_SIGNIN = true;
ENABLE_OPENID_SIGNUP = true;
};
settings.oauth2_client = {
ENABLE_AUTO_REGISTRATION = true;
};
my.server = {
domain = "s.michaelt.xyz";
firewallInterface = "wg0";
};
my.services.forgejo = {
enable = true;
port = 3000;
};
# services.forgejo = {
# enable = true;
# settings.server = {
# DOMAIN = "git.s.michaelt.xyz";
# ROOT_URL = "https://git.s.michaelt.xyz";
# DISABLE_SSH = true;
# HTTP_PORT = 3000;
# };
# settings.session = {
# COOKIE_SECURE = true;
# };
# settings.service = {
# DISABLE_REGISTRATION = true;
# };
# settings.openid = {
# ENABLE_OPENID_SIGNIN = true;
# ENABLE_OPENID_SIGNUP = true;
# };
# settings.oauth2_client = {
# ENABLE_AUTO_REGISTRATION = true;
# };
# };
swapDevices = [
{
device = "/swapfile";

6
modules/default.nix Normal file
View File

@ -0,0 +1,6 @@
{
imports = [
./server
./services
];
}

View File

@ -0,0 +1,28 @@
{lib, ...}:
with lib; {
options.my.server = {
name = mkOption {
type = types.str;
default = "Server";
example = "Venus";
description = "User-facing name of the server.";
};
domain = mkOption {
type = types.str;
example = "example.com";
description = "Full domain name of the server.";
};
proxyIP = mkOption {
type = types.str;
default = "127.0.0.1";
example = "127.0.0.1";
description = "IP address of server hosting services behind reverse proxy.";
};
firewallInterface = mkOption {
type = types.str;
default = "eth0";
example = "wg0";
description = "Network interface to expose services on.";
};
};
}

View File

@ -0,0 +1,5 @@
{
imports = [
./forgejo
];
}

View File

@ -0,0 +1,72 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.my.services.forgejo;
inherit (config.my.server) domain proxyIP firewallInterface;
url = "https://git.${domain}";
in {
options.my.services.forgejo = {
enable = mkEnableOption "Forgejo";
proxy = mkEnableOption "Forgejo reverse proxy entry";
subdomain = mkOption {
type = types.str;
default = "git";
example = "git";
description = "Subdomain to use for the service.";
};
port = mkOption {
type = types.port;
default = 3000;
example = 8080;
description = "HTTP port for the Forgejo service.";
};
};
config = mkMerge [
(mkIf cfg.enable {
services.forgejo = {
enable = true;
settings.server = {
DOMAIN = "git.${domain}";
ROOT_URL = url;
DISABLE_SSH = true;
HTTP_PORT = cfg.port;
};
settings.session = {
COOKIE_SECURE = true;
};
settings.service = {
DISABLE_REGISTRATION = true;
};
settings.openid = {
ENABLE_OPENID_SIGNIN = true;
ENABLE_OPENID_SIGNUP = true;
};
settings.oauth2_client = {
ENABLE_AUTO_REGISTRATION = true;
};
};
networking.firewall.interfaces."${firewallInterface}".allowedTCPPorts = [cfg.port];
# services.homepage-dashboard.services = [
# {
# Git = {
# Forgejo = {
# href = url;
# description = "Beyond coding. We forge.";
# };
# };
# }
# ];
})
(mkIf cfg.proxy {
services.caddy.virtualHosts."${url}".extraConfig = ''
reverse_proxy http://${proxyIP}:${cfg.port}
'';
})
];
}