From 395e13acd261f8b57af3607fe49c113344b4ed6f Mon Sep 17 00:00:00 2001 From: John Lancaster <32917998+jsl12@users.noreply.github.com> Date: Tue, 31 Mar 2026 20:17:52 -0500 Subject: [PATCH] started forgejo config --- modules/features/forgejo.nix | 62 +++++++++++++++++++++++++++++++ modules/hosts/john-pc/default.nix | 2 +- modules/hosts/soteria/soteria.nix | 3 ++ modules/nix-tools/user.nix | 13 +++---- 4 files changed, 71 insertions(+), 9 deletions(-) create mode 100644 modules/features/forgejo.nix diff --git a/modules/features/forgejo.nix b/modules/features/forgejo.nix new file mode 100644 index 0000000..e3073e3 --- /dev/null +++ b/modules/features/forgejo.nix @@ -0,0 +1,62 @@ +{ self, inputs, ... }: { + flake.modules.nixos.forgejo = {config, pkgs, lib, ... }: + let + cfg = config.forgejo; + in + { + options.forgejo = { + enable = lib.mkEnableOption "Enable Forgejo backed with PostgreSQL"; + + port = lib.mkOption { + type = lib.types.port; + default = 3000; + description = "TCP port for the Forgejo web interface."; + }; + + openFirewall = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Open the Forgejo web interface port in the firewall."; + }; + + https = lib.mkEnableOption "Open the Forgejo web interface port in the firewall."; + }; + + config = lib.mkIf cfg.enable { + networking.firewall.allowedTCPPorts = lib.optionals cfg.openFirewall [ cfg.port ]; + + services.forgejo = { + enable = true; + lfs.enable = true; + settings.server = lib.mkMerge [ + { + HTTP_PORT = cfg.port; + DISABLE_SSH = true; + } + (lib.mkIf cfg.https { + ROOT_URL = "https://forgejo.john-stream.com"; + PROTOCOL = "https"; + COOKIE_SECURE = true; + }) + ]; + + database = { + type = "postgres"; + port = config.services.postgresql.settings.port; + # createDatabase = false; + }; + # dump = { + # enable = true; + # interval = "12h"; + # }; + }; + + services.postgresql = { + enable = true; + settings = { + + }; + }; + }; + }; +} \ No newline at end of file diff --git a/modules/hosts/john-pc/default.nix b/modules/hosts/john-pc/default.nix index ada44ed..3630499 100644 --- a/modules/hosts/john-pc/default.nix +++ b/modules/hosts/john-pc/default.nix @@ -3,7 +3,7 @@ let username = "john"; hostname = "john-pc-ubuntu"; - testHost = "soteria"; + testHost = "soteria"; # which host to test build testTarget = "fded:fb16:653e:25da:be24:11ff:fea0:753f"; # test-nix # testTarget = "fded:fb16:653e:25da:be24:11ff:fe89:1cc3"; # soteria diff --git a/modules/hosts/soteria/soteria.nix b/modules/hosts/soteria/soteria.nix index 3e0894b..9c192cd 100644 --- a/modules/hosts/soteria/soteria.nix +++ b/modules/hosts/soteria/soteria.nix @@ -14,6 +14,7 @@ in nixos.docker nixos.mtls nixos.janus-ca + nixos.forgejo # nixos.restic-server # nixos.restic-envoy ({ pkgs, ... }: { @@ -64,6 +65,8 @@ in environment.systemPackages = [ inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.janus-ca ]; + + forgejo.enable = true; }) ]; }; diff --git a/modules/nix-tools/user.nix b/modules/nix-tools/user.nix index cdd97d2..9bda13d 100644 --- a/modules/nix-tools/user.nix +++ b/modules/nix-tools/user.nix @@ -18,15 +18,12 @@ isNormalUser = true; home = "/home/${username}"; shell = lib.mkIf config.programs.zsh.enable pkgs.zsh; - extraGroups = [ - "input" - "networkmanager" - ] ++ lib.optionals isAdmin [ - "docker" - "wheel" - ]; + extraGroups = [ "input" "networkmanager" ] + ++ lib.optional isAdmin "wheel" + ++ lib.optional config.virtualisation.docker.enable "docker" + ++ lib.optional (isAdmin && config.services.forgejo.enable) config.services.forgejo.group + ++ lib.optional (isAdmin && config.services.postgresql.enable) config.services.postgresql.group; }; - security.sudo-rs.enable = lib.mkIf isAdmin true;