From e591a7a60cd08b7427a82cd17a2d85dc3747aaf0 Mon Sep 17 00:00:00 2001 From: Stefan Kempinger Date: Sun, 2 Nov 2025 20:31:54 +0100 Subject: [PATCH] updates; add forgejo --- configuration.nix | 38 +++++++++++++++++++------- flake.lock | 12 ++++----- services.nix | 68 ++++++++++++++++++++++++++++++++++++++++++----- 3 files changed, 96 insertions(+), 22 deletions(-) diff --git a/configuration.nix b/configuration.nix index 5cd98b7..ede027f 100644 --- a/configuration.nix +++ b/configuration.nix @@ -2,7 +2,13 @@ # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). -{ config, lib, pkgs, specialArgs, ... }: +{ + config, + lib, + pkgs, + specialArgs, + ... +}: { imports = [ @@ -18,7 +24,10 @@ # Bootloader and kernel boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - boot.kernelParams = [ "vga=791" "nomodeset" ]; + boot.kernelParams = [ + "vga=791" + "nomodeset" + ]; boot.kernel.sysctl = { "net.ipv4.ip_forward" = 1; # "net.bridge.bridge-nf-call-iptables" = 1; @@ -36,14 +45,22 @@ # Networking networking.hostName = "nixos-server"; networking.useDHCP = false; - networking.interfaces.eth0.ipv4.addresses = [{ - address = "192.168.69.69"; - prefixLength = 24; - }]; + networking.interfaces.eth0.ipv4.addresses = [ + { + address = "192.168.69.69"; + prefixLength = 24; + } + ]; networking.defaultGateway = "192.168.69.1"; networking.nameservers = [ "1.1.1.1" ]; networking.firewall.enable = true; - networking.firewall.allowedTCPPorts = [ 22 80 443 9000 ]; + networking.firewall.allowedTCPPorts = [ + 22 + 80 + 443 + 3000 + 9000 + ]; # Users users.users.root = { @@ -86,7 +103,10 @@ ]; # Nix settings - nix.settings.experimental-features = [ "nix-command" "flakes" ]; + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; nix.gc = { automatic = true; dates = "weekly"; @@ -112,8 +132,6 @@ # # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . - system.configurationRevision = lib.mkIf (specialArgs.inputs.self ? rev) specialArgs.inputs.self.rev; system.stateVersion = "25.05"; # Did you read the comment? } - diff --git a/flake.lock b/flake.lock index da34cdc..8cf7a3e 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1752950548, - "narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=", + "lastModified": 1761907660, + "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c87b95e25065c028d31a94f06a62927d18763fdf", + "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", "type": "github" }, "original": { @@ -75,11 +75,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1750353031, - "narHash": "sha256-Bx7DOPLhkr8Z60U9Qw4l0OidzHoqLDKQH5rDV5ef59A=", + "lastModified": 1753541826, + "narHash": "sha256-foGgZu8+bCNIGeuDqQ84jNbmKZpd+JvnrL2WlyU4tuU=", "owner": "nix-community", "repo": "nixos-vscode-server", - "rev": "4ec4859b12129c0436b0a471ed1ea6dd8a317993", + "rev": "6d5f074e4811d143d44169ba4af09b20ddb6937d", "type": "github" }, "original": { diff --git a/services.nix b/services.nix index 2149f16..aac05c7 100644 --- a/services.nix +++ b/services.nix @@ -1,10 +1,20 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.services.forgejo; + srv = cfg.settings.server; +in { security.acme = { acceptTerms = true; - defaults.email = "mail@kempinger.xyz"; # Replace with your email + defaults.email = "mail@kempinger.xyz"; + certs."kempinger.at".domain = "*.kempinger.at"; }; services.resolved.enable = true; @@ -17,18 +27,64 @@ virtualHosts."192.168.69.69" = { default = true; root = "/srv/website/public_html"; - locations."/" = { index = "index.html"; }; + locations."/" = { + index = "index.html"; + }; }; - # Optional: Add a domain-based virtual host virtualHosts."kempinger.at" = { root = "/srv/website/public_html"; - locations."/" = { index = "index.html"; }; + locations."/" = { + index = "index.html"; + }; forceSSL = true; enableACME = true; }; + virtualHosts.${cfg.settings.server.DOMAIN} = { + forceSSL = true; + enableACME = true; + extraConfig = '' + client_max_body_size 512M; + ''; + locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}"; + }; + }; + services.forgejo = { + enable = true; + database.type = "postgres"; + # Enable support for Git Large File Storage + lfs.enable = true; + settings = { + server = { + DOMAIN = "git.kempinger.at"; + # You need to specify this to remove the port from URLs in the web UI. + ROOT_URL = "https://${srv.DOMAIN}/"; + HTTP_PORT = 3000; + }; + # You can temporarily allow registration to create an admin user. + service.DISABLE_REGISTRATION = true; + # Add support for actions, based on act: https://github.com/nektos/act + actions = { + ENABLED = true; + DEFAULT_ACTIONS_URL = "github"; + }; + # Sending emails is completely optional + # You can send a test email from the web UI at: + # Profile Picture > Site Administration > Configuration > Mailer Configuration + # mailer = { + # ENABLED = true; + # SMTP_ADDR = "mail.kempinger.at"; + # FROM = "noreply@${srv.DOMAIN}"; + # USER = "noreply@${srv.DOMAIN}"; + # }; + }; }; - services.vscode-server.enable = true; + # systemd.services.forgejo.preStart = + # '' + # ${lib.getExe cfg.package} admin user create --admin --email "root@localhost" --username crazychaoz --password temp123 || true + # ''; + + #services.vscode-server.enable = true; # Virtualisation virtualisation.docker = {