michael/nix-dots
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

refactor: move forgejo to new server module structure

Browse Source
This commit is contained in:
Michael Thomas 2024-05-08 14:49:54 -04:00
parent 646d15f8ee
commit 3fd4e28a2e
7 changed files with 226 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

153
flake.nix
View File

@ -55,6 +55,12 @@
... ...
} @ inputs: let } @ inputs: let
forAllSystems = nixpkgs.lib.genAttrs utils.lib.defaultSystems; forAllSystems = nixpkgs.lib.genAttrs utils.lib.defaultSystems;
defaultModules = [
self.overlaysModule
home-manager.nixosModules.home-manager
./modules
];
in { in {
# Your custom packages # Your custom packages
# Accessible through 'nix build', 'nix shell', etc # Accessible through 'nix build', 'nix shell', etc
@ -69,94 +75,95 @@
nixosConfigurations = { nixosConfigurations = {
loft = nixpkgs.lib.nixosSystem { loft = nixpkgs.lib.nixosSystem {
system = utils.lib.system.x86_64-linux; system = utils.lib.system.x86_64-linux;
modules = [ modules =
self.overlaysModule defaultModules
home-manager.nixosModules.home-manager ++ [
./modules/common.nix ./modules/common.nix
./modules/containers.nix ./modules/containers.nix
./machines/loft/configuration.nix ./machines/loft/configuration.nix
]; ];
specialArgs = {inherit inputs;}; specialArgs = {inherit inputs;};
}; };
kitchen = nixpkgs.lib.nixosSystem { kitchen = nixpkgs.lib.nixosSystem {
system = utils.lib.system.x86_64-linux; system = utils.lib.system.x86_64-linux;
modules = [ modules =
self.overlaysModule defaultModules
home-manager.nixosModules.home-manager ++ [
./modules/common.nix ./modules/common.nix
./modules/containers.nix ./modules/containers.nix
{ {
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.users.michael = import ./user/environments/nixos/home.nix; home-manager.users.michael = import ./user/environments/nixos/home.nix;
} }
./machines/kitchen/configuration.nix ./machines/kitchen/configuration.nix
]; ];
specialArgs = {inherit inputs;}; specialArgs = {inherit inputs;};
}; };
thinkcentre = nixpkgs.lib.nixosSystem { thinkcentre = nixpkgs.lib.nixosSystem {
system = utils.lib.system.x86_64-linux; system = utils.lib.system.x86_64-linux;
modules = [ modules =
self.overlaysModule defaultModules
home-manager.nixosModules.home-manager ++ [
./modules/common.nix ./modules/common.nix
./modules/hyprland.nix ./modules/hyprland.nix
./modules/containers.nix ./modules/containers.nix
{ {
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.users.michael = import ./user/environments/nixos/home.nix; home-manager.users.michael = import ./user/environments/nixos/home.nix;
} }
./machines/thinkcentre/configuration.nix ./machines/thinkcentre/configuration.nix
agenix.nixosModules.default agenix.nixosModules.default
{ {
environment.systemPackages = [ environment.systemPackages = [
agenix.packages.x86_64-linux.default agenix.packages.x86_64-linux.default
]; ];
} }
]; ];
specialArgs = {inherit inputs;}; specialArgs = {inherit inputs;};
}; };
oracle = nixpkgs.lib.nixosSystem { oracle = nixpkgs.lib.nixosSystem {
system = utils.lib.system.x86_64-linux; system = utils.lib.system.x86_64-linux;
modules = [ modules =
home-manager.nixosModules.home-manager defaultModules
./modules/nix.nix ++ [
{ ./modules/nix.nix
home-manager.useGlobalPkgs = true; {
home-manager.useUserPackages = true; home-manager.useGlobalPkgs = true;
home-manager.users.michael = import ./user/environments/nixos-server/home.nix; home-manager.useUserPackages = true;
} home-manager.users.michael = import ./user/environments/nixos-server/home.nix;
agenix.nixosModules.default }
{ agenix.nixosModules.default
environment.systemPackages = [ {
agenix.packages.x86_64-linux.default environment.systemPackages = [
]; agenix.packages.x86_64-linux.default
} ];
}
./machines/oracle/configuration.nix ./machines/oracle/configuration.nix
]; ];
specialArgs = {inherit inputs;}; specialArgs = {inherit inputs;};
}; };
# WSL environment # WSL environment
work = inputs.nixpkgs.lib.nixosSystem { work = inputs.nixpkgs.lib.nixosSystem {
system = utils.lib.system.x86_64-linux; system = utils.lib.system.x86_64-linux;
modules = [ modules =
self.overlaysModule defaultModules
home-manager.nixosModules.home-manager ++ [
vscode-server.nixosModules.default vscode-server.nixosModules.default
./modules/containers.nix ./modules/containers.nix
./modules/nix.nix ./modules/nix.nix
./machines/work/configuration.nix ./machines/work/configuration.nix
]; ];
specialArgs = {inherit inputs;}; specialArgs = {inherit inputs;};
}; };
}; };
@ -165,18 +172,18 @@
mac = darwin.lib.darwinSystem { mac = darwin.lib.darwinSystem {
system = "aarch64-darwin"; system = "aarch64-darwin";
specialArgs = {inherit inputs;}; specialArgs = {inherit inputs;};
modules = [ modules =
self.overlaysModule defaultModules
home-manager.darwinModules.home-manager ++ [
{ {
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.users.michael = import ./user/environments/mac/home.nix; home-manager.users.michael = import ./user/environments/mac/home.nix;
} }
./modules/yabai.nix ./modules/yabai.nix
./machines/mac/configuration.nix ./machines/mac/configuration.nix
]; ];
}; };
}; };

3
machines/oracle/configuration.nix
View File

@ -103,6 +103,9 @@
}; };
networking.firewall.allowedTCPPorts = [80 443]; networking.firewall.allowedTCPPorts = [80 443];
my.server.proxyIP = "10.0.0.2";
my.services.forgejo.proxy = true;
services.uptime-kuma = { services.uptime-kuma = {
enable = true; enable = true;
settings = { settings = {

54
machines/thinkcentre/configuration.nix
View File

@ -13,7 +13,7 @@
networking.firewall = { networking.firewall = {
enable = true; enable = true;
interfaces."wg0" = { interfaces."wg0" = {
allowedTCPPorts = [7654 3030 3000]; allowedTCPPorts = [7654 3030];
}; };
}; };
@ -103,29 +103,39 @@
}; };
}; };
services.forgejo = { my.server = {
enable = true; domain = "s.michaelt.xyz";
settings.server = { firewallInterface = "wg0";
DOMAIN = "git.s.michaelt.xyz";
ROOT_URL = "https://git.s.michaelt.xyz";
DISABLE_SSH = true;
HTTP_PORT = 3000;
};
settings.session = {
COOKIE_SECURE = true;
};
settings.service = {
DISABLE_REGISTRATION = true;
};
settings.openid = {
ENABLE_OPENID_SIGNIN = true;
ENABLE_OPENID_SIGNUP = true;
};
settings.oauth2_client = {
ENABLE_AUTO_REGISTRATION = true;
};
}; };
my.services.forgejo = {
enable = true;
port = 3000;
};
# services.forgejo = {
# enable = true;
# settings.server = {
# DOMAIN = "git.s.michaelt.xyz";
# ROOT_URL = "https://git.s.michaelt.xyz";
# DISABLE_SSH = true;
# HTTP_PORT = 3000;
# };
# settings.session = {
# COOKIE_SECURE = true;
# };
# settings.service = {
# DISABLE_REGISTRATION = true;
# };
# settings.openid = {
# ENABLE_OPENID_SIGNIN = true;
# ENABLE_OPENID_SIGNUP = true;
# };
# settings.oauth2_client = {
# ENABLE_AUTO_REGISTRATION = true;
# };
# };
swapDevices = [ swapDevices = [
{ {
device = "/swapfile"; device = "/swapfile";

6
modules/default.nix Normal file
View File

@ -0,0 +1,6 @@
{
imports = [
./server
./services
];
}

28
modules/server/default.nix Normal file
View File

@ -0,0 +1,28 @@
{lib, ...}:
with lib; {
options.my.server = {
name = mkOption {
type = types.str;
default = "Server";
example = "Venus";
description = "User-facing name of the server.";
};
domain = mkOption {
type = types.str;
example = "example.com";
description = "Full domain name of the server.";
};
proxyIP = mkOption {
type = types.str;
default = "127.0.0.1";
example = "127.0.0.1";
description = "IP address of server hosting services behind reverse proxy.";
};
firewallInterface = mkOption {
type = types.str;
default = "eth0";
example = "wg0";
description = "Network interface to expose services on.";
};
};
}

5
modules/services/default.nix Normal file
View File

@ -0,0 +1,5 @@
{
imports = [
./forgejo
];
}

72
modules/services/forgejo/default.nix Normal file
View File

@ -0,0 +1,72 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.my.services.forgejo;
inherit (config.my.server) domain proxyIP firewallInterface;
url = "https://git.${domain}";
in {
options.my.services.forgejo = {
enable = mkEnableOption "Forgejo";
proxy = mkEnableOption "Forgejo reverse proxy entry";
subdomain = mkOption {
type = types.str;
default = "git";
example = "git";
description = "Subdomain to use for the service.";
};
port = mkOption {
type = types.port;
default = 3000;
example = 8080;
description = "HTTP port for the Forgejo service.";
};
};
config = mkMerge [
(mkIf cfg.enable {
services.forgejo = {
enable = true;
settings.server = {
DOMAIN = "git.${domain}";
ROOT_URL = url;
DISABLE_SSH = true;
HTTP_PORT = cfg.port;
};
settings.session = {
COOKIE_SECURE = true;
};
settings.service = {
DISABLE_REGISTRATION = true;
};
settings.openid = {
ENABLE_OPENID_SIGNIN = true;
ENABLE_OPENID_SIGNUP = true;
};
settings.oauth2_client = {
ENABLE_AUTO_REGISTRATION = true;
};
};
networking.firewall.interfaces."${firewallInterface}".allowedTCPPorts = [cfg.port];
# services.homepage-dashboard.services = [
# {
# Git = {
# Forgejo = {
# href = url;
# description = "Beyond coding. We forge.";
# };
# };
# }
# ];
})
(mkIf cfg.proxy {
services.caddy.virtualHosts."${url}".extraConfig = ''
reverse_proxy http://${proxyIP}:${cfg.port}
'';
})
];
}