refactor: move forgejo to new server module structure

2024-05-08 14:49:54 -04:00 · 2024-05-08 14:49:54 -04:00 · 3fd4e28a2e
commit 3fd4e28a2e
parent 646d15f8ee
7 changed files with 226 additions and 95 deletions
--- a/flake.nix
+++ b/flake.nix
@ -55,6 +55,12 @@
    ...
  } @ inputs: let
    forAllSystems = nixpkgs.lib.genAttrs utils.lib.defaultSystems;
+
+    defaultModules = [
+      self.overlaysModule
+      home-manager.nixosModules.home-manager
+      ./modules
+    ];
  in {
    # Your custom packages
    # Accessible through 'nix build', 'nix shell', etc
@ -69,94 +75,95 @@
    nixosConfigurations = {
      loft = nixpkgs.lib.nixosSystem {
        system = utils.lib.system.x86_64-linux;
-        modules = [
-          self.overlaysModule
-          home-manager.nixosModules.home-manager
-          ./modules/common.nix
-          ./modules/containers.nix
+        modules =
+          defaultModules
+          ++ [
+            ./modules/common.nix
+            ./modules/containers.nix

-          ./machines/loft/configuration.nix
-        ];
+            ./machines/loft/configuration.nix
+          ];
        specialArgs = {inherit inputs;};
      };

      kitchen = nixpkgs.lib.nixosSystem {
        system = utils.lib.system.x86_64-linux;
-        modules = [
-          self.overlaysModule
-          home-manager.nixosModules.home-manager
-          ./modules/common.nix
-          ./modules/containers.nix
-          {
-            home-manager.useGlobalPkgs = true;
-            home-manager.useUserPackages = true;
-            home-manager.users.michael = import ./user/environments/nixos/home.nix;
-          }
+        modules =
+          defaultModules
+          ++ [
+            ./modules/common.nix
+            ./modules/containers.nix
+            {
+              home-manager.useGlobalPkgs = true;
+              home-manager.useUserPackages = true;
+              home-manager.users.michael = import ./user/environments/nixos/home.nix;
+            }

-          ./machines/kitchen/configuration.nix
-        ];
+            ./machines/kitchen/configuration.nix
+          ];
        specialArgs = {inherit inputs;};
      };

      thinkcentre = nixpkgs.lib.nixosSystem {
        system = utils.lib.system.x86_64-linux;
-        modules = [
-          self.overlaysModule
-          home-manager.nixosModules.home-manager
-          ./modules/common.nix
-          ./modules/hyprland.nix
-          ./modules/containers.nix
-          {
-            home-manager.useGlobalPkgs = true;
-            home-manager.useUserPackages = true;
-            home-manager.users.michael = import ./user/environments/nixos/home.nix;
-          }
+        modules =
+          defaultModules
+          ++ [
+            ./modules/common.nix
+            ./modules/hyprland.nix
+            ./modules/containers.nix
+            {
+              home-manager.useGlobalPkgs = true;
+              home-manager.useUserPackages = true;
+              home-manager.users.michael = import ./user/environments/nixos/home.nix;
+            }

-          ./machines/thinkcentre/configuration.nix
-          agenix.nixosModules.default
-          {
-            environment.systemPackages = [
-              agenix.packages.x86_64-linux.default
-            ];
-          }
-        ];
+            ./machines/thinkcentre/configuration.nix
+            agenix.nixosModules.default
+            {
+              environment.systemPackages = [
+                agenix.packages.x86_64-linux.default
+              ];
+            }
+          ];
        specialArgs = {inherit inputs;};
      };

      oracle = nixpkgs.lib.nixosSystem {
        system = utils.lib.system.x86_64-linux;
-        modules = [
-          home-manager.nixosModules.home-manager
-          ./modules/nix.nix
-          {
-            home-manager.useGlobalPkgs = true;
-            home-manager.useUserPackages = true;
-            home-manager.users.michael = import ./user/environments/nixos-server/home.nix;
-          }
-          agenix.nixosModules.default
-          {
-            environment.systemPackages = [
-              agenix.packages.x86_64-linux.default
-            ];
-          }
+        modules =
+          defaultModules
+          ++ [
+            ./modules/nix.nix
+            {
+              home-manager.useGlobalPkgs = true;
+              home-manager.useUserPackages = true;
+              home-manager.users.michael = import ./user/environments/nixos-server/home.nix;
+            }
+            agenix.nixosModules.default
+            {
+              environment.systemPackages = [
+                agenix.packages.x86_64-linux.default
+              ];
+            }

-          ./machines/oracle/configuration.nix
-        ];
+            ./machines/oracle/configuration.nix
+          ];
        specialArgs = {inherit inputs;};
      };

      # WSL environment
      work = inputs.nixpkgs.lib.nixosSystem {
        system = utils.lib.system.x86_64-linux;
-        modules = [
-          self.overlaysModule
-          home-manager.nixosModules.home-manager
-          vscode-server.nixosModules.default
-          ./modules/containers.nix
-          ./modules/nix.nix
+        modules =
+          defaultModules
+          ++ [
+            vscode-server.nixosModules.default
+            ./modules/containers.nix
+            ./modules/nix.nix

-          ./machines/work/configuration.nix
-        ];
+            ./machines/work/configuration.nix
+          ];
        specialArgs = {inherit inputs;};
      };
    };
@ -165,18 +172,18 @@
      mac = darwin.lib.darwinSystem {
        system = "aarch64-darwin";
        specialArgs = {inherit inputs;};
-        modules = [
-          self.overlaysModule
-          home-manager.darwinModules.home-manager
-          {
-            home-manager.useGlobalPkgs = true;
-            home-manager.useUserPackages = true;
-            home-manager.users.michael = import ./user/environments/mac/home.nix;
-          }
+        modules =
+          defaultModules
+          ++ [
+            {
+              home-manager.useGlobalPkgs = true;
+              home-manager.useUserPackages = true;
+              home-manager.users.michael = import ./user/environments/mac/home.nix;
+            }

-          ./modules/yabai.nix
-          ./machines/mac/configuration.nix
-        ];
+            ./modules/yabai.nix
+            ./machines/mac/configuration.nix
+          ];
      };
    };

--- a/machines/oracle/configuration.nix
+++ b/machines/oracle/configuration.nix
@ -103,6 +103,9 @@
  };
  networking.firewall.allowedTCPPorts = [80 443];

+  my.server.proxyIP = "10.0.0.2";
+  my.services.forgejo.proxy = true;
+
  services.uptime-kuma = {
    enable = true;
    settings = {
--- a/machines/thinkcentre/configuration.nix
+++ b/machines/thinkcentre/configuration.nix
@ -13,7 +13,7 @@
  networking.firewall = {
    enable = true;
    interfaces."wg0" = {
-      allowedTCPPorts = [7654 3030 3000];
+      allowedTCPPorts = [7654 3030];
    };
  };

@ -103,29 +103,39 @@
    };
  };

-  services.forgejo = {
-    enable = true;
-    settings.server = {
-      DOMAIN = "git.s.michaelt.xyz";
-      ROOT_URL = "https://git.s.michaelt.xyz";
-      DISABLE_SSH = true;
-      HTTP_PORT = 3000;
-    };
-    settings.session = {
-      COOKIE_SECURE = true;
-    };
-    settings.service = {
-      DISABLE_REGISTRATION = true;
-    };
-    settings.openid = {
-      ENABLE_OPENID_SIGNIN = true;
-      ENABLE_OPENID_SIGNUP = true;
-    };
-    settings.oauth2_client = {
-      ENABLE_AUTO_REGISTRATION = true;
-    };
+  my.server = {
+    domain = "s.michaelt.xyz";
+    firewallInterface = "wg0";
  };

+  my.services.forgejo = {
+    enable = true;
+    port = 3000;
+  };
+
+  # services.forgejo = {
+  #   enable = true;
+  #   settings.server = {
+  #     DOMAIN = "git.s.michaelt.xyz";
+  #     ROOT_URL = "https://git.s.michaelt.xyz";
+  #     DISABLE_SSH = true;
+  #     HTTP_PORT = 3000;
+  #   };
+  #   settings.session = {
+  #     COOKIE_SECURE = true;
+  #   };
+  #   settings.service = {
+  #     DISABLE_REGISTRATION = true;
+  #   };
+  #   settings.openid = {
+  #     ENABLE_OPENID_SIGNIN = true;
+  #     ENABLE_OPENID_SIGNUP = true;
+  #   };
+  #   settings.oauth2_client = {
+  #     ENABLE_AUTO_REGISTRATION = true;
+  #   };
+  # };
+
  swapDevices = [
    {
      device = "/swapfile";
--- a/modules/default.nix
+++ b/modules/default.nix
@ -0,0 +1,6 @@
+{
+  imports = [
+    ./server
+    ./services
+  ];
+}
--- a/modules/server/default.nix
+++ b/modules/server/default.nix
@ -0,0 +1,28 @@
+{lib, ...}:
+with lib; {
+  options.my.server = {
+    name = mkOption {
+      type = types.str;
+      default = "Server";
+      example = "Venus";
+      description = "User-facing name of the server.";
+    };
+    domain = mkOption {
+      type = types.str;
+      example = "example.com";
+      description = "Full domain name of the server.";
+    };
+    proxyIP = mkOption {
+      type = types.str;
+      default = "127.0.0.1";
+      example = "127.0.0.1";
+      description = "IP address of server hosting services behind reverse proxy.";
+    };
+    firewallInterface = mkOption {
+      type = types.str;
+      default = "eth0";
+      example = "wg0";
+      description = "Network interface to expose services on.";
+    };
+  };
+}
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@ -0,0 +1,5 @@
+{
+  imports = [
+    ./forgejo
+  ];
+}
--- a/modules/services/forgejo/default.nix
+++ b/modules/services/forgejo/default.nix
@ -0,0 +1,72 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.my.services.forgejo;
+  inherit (config.my.server) domain proxyIP firewallInterface;
+  url = "https://git.${domain}";
+in {
+  options.my.services.forgejo = {
+    enable = mkEnableOption "Forgejo";
+    proxy = mkEnableOption "Forgejo reverse proxy entry";
+    subdomain = mkOption {
+      type = types.str;
+      default = "git";
+      example = "git";
+      description = "Subdomain to use for the service.";
+    };
+    port = mkOption {
+      type = types.port;
+      default = 3000;
+      example = 8080;
+      description = "HTTP port for the Forgejo service.";
+    };
+  };
+
+  config = mkMerge [
+    (mkIf cfg.enable {
+      services.forgejo = {
+        enable = true;
+        settings.server = {
+          DOMAIN = "git.${domain}";
+          ROOT_URL = url;
+          DISABLE_SSH = true;
+          HTTP_PORT = cfg.port;
+        };
+        settings.session = {
+          COOKIE_SECURE = true;
+        };
+        settings.service = {
+          DISABLE_REGISTRATION = true;
+        };
+        settings.openid = {
+          ENABLE_OPENID_SIGNIN = true;
+          ENABLE_OPENID_SIGNUP = true;
+        };
+        settings.oauth2_client = {
+          ENABLE_AUTO_REGISTRATION = true;
+        };
+      };
+
+      networking.firewall.interfaces."${firewallInterface}".allowedTCPPorts = [cfg.port];
+
+      # services.homepage-dashboard.services = [
+      #   {
+      #     Git = {
+      #       Forgejo = {
+      #         href = url;
+      #         description = "Beyond coding. We forge.";
+      #       };
+      #     };
+      #   }
+      # ];
+    })
+    (mkIf cfg.proxy {
+      services.caddy.virtualHosts."${url}".extraConfig = ''
+        reverse_proxy http://${proxyIP}:${cfg.port}
+      '';
+    })
+  ];
+}