From d472424a4ea063db0655bf507c2e45937c6cfb60 Mon Sep 17 00:00:00 2001 From: Anthony Rodriguez Date: Wed, 23 Oct 2024 13:22:36 +0200 Subject: [PATCH] system/services: add forgejo --- flake.lock | 124 ++++++++++++++++++++++++++++++------ flake.nix | 2 + hosts/anastacia/default.nix | 5 +- nodes/default.nix | 14 ++++ system/services/forgejo.nix | 55 ++++++++++++++++ 5 files changed, 180 insertions(+), 20 deletions(-) create mode 100644 nodes/default.nix create mode 100644 system/services/forgejo.nix diff --git a/flake.lock b/flake.lock index 55329f8..57ebe2b 100644 --- a/flake.lock +++ b/flake.lock @@ -60,6 +60,26 @@ "type": "github" } }, + "deploy-rs": { + "inputs": { + "flake-compat": "flake-compat_2", + "nixpkgs": "nixpkgs_3", + "utils": "utils" + }, + "locked": { + "lastModified": 1727447169, + "narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76", + "type": "github" + }, + "original": { + "owner": "serokell", + "repo": "deploy-rs", + "type": "github" + } + }, "firefox-addons": { "inputs": { "flake-utils": "flake-utils", @@ -115,6 +135,22 @@ "type": "github" } }, + "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" @@ -207,7 +243,7 @@ }, "flake-utils_2": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { "lastModified": 1710146030, @@ -225,7 +261,7 @@ }, "flake-utils_3": { "inputs": { - "systems": "systems_3" + "systems": "systems_4" }, "locked": { "lastModified": 1710146030, @@ -243,7 +279,7 @@ }, "flake-utils_4": { "inputs": { - "systems": "systems_6" + "systems": "systems_7" }, "locked": { "lastModified": 1710146030, @@ -338,7 +374,7 @@ "lanzaboote": { "inputs": { "crane": "crane", - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat_3", "flake-parts": "flake-parts_2", "flake-utils": "flake-utils_2", "nixpkgs": [ @@ -447,7 +483,7 @@ "flake-parts": "flake-parts_3", "niri-stable": "niri-stable", "niri-unstable": "niri-unstable", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "nixpkgs-stable": "nixpkgs-stable_2", "xwayland-satellite-stable": "xwayland-satellite-stable", "xwayland-satellite-unstable": "xwayland-satellite-unstable" @@ -636,16 +672,16 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1729256560, - "narHash": "sha256-/uilDXvCIEs3C9l73JTACm4quuHUsIHcns1c+cHUJwA=", + "lastModified": 1702272962, + "narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4c2fcb090b1f3e5b47eaa7bd33913b574a11e0a0", + "rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -667,6 +703,22 @@ } }, "nixpkgs_5": { + "locked": { + "lastModified": 1729256560, + "narHash": "sha256-/uilDXvCIEs3C9l73JTACm4quuHUsIHcns1c+cHUJwA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "4c2fcb090b1f3e5b47eaa7bd33913b574a11e0a0", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { "locked": { "lastModified": 1726871744, "narHash": "sha256-V5LpfdHyQkUF7RfOaDPrZDP+oqz88lTJrMT1+stXNwo=", @@ -682,7 +734,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1656753965, "narHash": "sha256-BCrB3l0qpJokOnIVc3g2lHiGhnjUi0MoXiw6t1o8H1E=", @@ -698,7 +750,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1726871744, "narHash": "sha256-V5LpfdHyQkUF7RfOaDPrZDP+oqz88lTJrMT1+stXNwo=", @@ -736,7 +788,7 @@ "flake-utils": "flake-utils_3", "mnw": "mnw", "nil": "nil", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "nmd": "nmd", "plugin-alpha-nvim": "plugin-alpha-nvim", "plugin-bufdelete-nvim": "plugin-bufdelete-nvim", @@ -840,7 +892,7 @@ "plugin-vim-vsnip": "plugin-vim-vsnip", "plugin-which-key": "plugin-which-key", "rnix-lsp": "rnix-lsp", - "systems": "systems_4" + "systems": "systems_5" }, "locked": { "lastModified": 1728378979, @@ -2526,8 +2578,8 @@ "rnix-lsp": { "inputs": { "naersk": "naersk", - "nixpkgs": "nixpkgs_6", - "utils": "utils" + "nixpkgs": "nixpkgs_7", + "utils": "utils_2" }, "locked": { "lastModified": 1669555118, @@ -2547,16 +2599,17 @@ "inputs": { "ags": "ags", "basix": "basix", + "deploy-rs": "deploy-rs", "firefox-addons": "firefox-addons", "home-manager": "home-manager", "lanzaboote": "lanzaboote", "niri": "niri", "nix-index-db": "nix-index-db", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "nvf": "nvf", "plasma-manager": "plasma-manager", - "systems": "systems_5", + "systems": "systems_6", "treefmt-nix": "treefmt-nix", "wezterm": "wezterm" } @@ -2695,6 +2748,21 @@ } }, "systems_5": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_6": { "locked": { "lastModified": 1689347949, "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", @@ -2709,7 +2777,7 @@ "type": "github" } }, - "systems_6": { + "systems_7": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -2726,7 +2794,7 @@ }, "treefmt-nix": { "inputs": { - "nixpkgs": "nixpkgs_7" + "nixpkgs": "nixpkgs_8" }, "locked": { "lastModified": 1729242555, @@ -2743,6 +2811,24 @@ } }, "utils": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_2": { "locked": { "lastModified": 1656928814, "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", diff --git a/flake.nix b/flake.nix index 4a92ffc..7b73681 100644 --- a/flake.nix +++ b/flake.nix @@ -22,6 +22,7 @@ formatter = eachSystem (pkgs: treefmtEval.${pkgs.system}.config.build.wrapper); nixosModules = import ./modules; nixosConfigurations = import ./hosts {inherit self inputs;}; + deploy.nodes = import ./nodes {inherit self inputs;}; }; inputs = { # nix related @@ -44,6 +45,7 @@ # other ags.url = "github:Aylur/ags"; basix.url = "github:notashelf/basix"; + deploy-rs.url = "github:serokell/deploy-rs"; firefox-addons = { url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/hosts/anastacia/default.nix b/hosts/anastacia/default.nix index 1b56dd7..1a42255 100644 --- a/hosts/anastacia/default.nix +++ b/hosts/anastacia/default.nix @@ -1,7 +1,10 @@ -{...}: { +{self, ...}: let + mod = "${self}/system"; +in { imports = [ ./hardware-configuration.nix ./networking.nix # generated at runtime by nixos-infect + "${mod}/services/forgejo.nix" ]; boot.tmp.cleanOnBoot = true; diff --git a/nodes/default.nix b/nodes/default.nix new file mode 100644 index 0000000..8ed1e95 --- /dev/null +++ b/nodes/default.nix @@ -0,0 +1,14 @@ +{ + self, + inputs, + ... +}: { + anastacia = { + hostname = "2a01:4f8:1c1c:8495::1"; + profiles.system = { + sshUser = "root"; + user = "root"; + path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.anastacia; + }; + }; +} diff --git a/system/services/forgejo.nix b/system/services/forgejo.nix new file mode 100644 index 0000000..25756ec --- /dev/null +++ b/system/services/forgejo.nix @@ -0,0 +1,55 @@ +{ + config, + lib, + pkgs, + ... +}: let + srv = config.services.forgejo.settings.server; +in { + services = { + forgejo = { + enable = true; + package = pkgs.forgejo; + lfs.enable = true; + database.type = "postgres"; + dump = { + enable = true; + type = "tar.xz"; + }; + settings = { + server = { + DOMAIN = "git.nezia.dev"; + HTTP_PORT = 1849; + ROOT_URL = "https://${srv.DOMAIN}/"; + HTTP_ADDR = "::1"; + }; + service = { + DISABLE_REGISTRATION = true; + }; + federation = { + ENABLED = true; + }; + }; + }; + + caddy = { + enable = true; + virtualHosts."git.nezia.dev".extraConfig = '' + reverse_proxy * [::1]:${toString srv.HTTP_PORT} + ''; + }; + }; + + networking.firewall = { + enable = true; + allowedTCPPorts = [80 443]; + + # If you're using nftables (default in newer NixOS) + extraForwardRules = '' + ip6 saddr { ::/0 } accept + ''; + }; + + # Ensure IPv6 is enabled + networking.enableIPv6 = true; +}