diff --git a/infra/web.nix b/infra/web.nix index 2513a6a..bf529d6 100644 --- a/infra/web.nix +++ b/infra/web.nix @@ -51,6 +51,20 @@ records = [ { value = infra.machines.verbena.ipv6; } ]; }; + git_rpqt_fr_a = { + zone = config.resource.hcloud_zone.rpqt_fr "name"; + name = "git"; + type = "A"; + records = [ { value = infra.machines.verbena.ipv4; } ]; + }; + + git_rpqt_fr_aaaa = { + zone = config.resource.hcloud_zone.rpqt_fr "name"; + name = "git"; + type = "AAAA"; + records = [ { value = infra.machines.verbena.ipv6; } ]; + }; + buildbot_turifer_dev_a = { zone = config.resource.hcloud_zone.turifer_dev "name"; name = "buildbot"; diff --git a/machines/genepi/glance-config.nix b/machines/genepi/glance-config.nix index b8d2c17..2945049 100644 --- a/machines/genepi/glance-config.nix +++ b/machines/genepi/glance-config.nix @@ -65,6 +65,11 @@ url = "https://git.turifer.dev"; icon = "sh:gitea"; } + { + title = "Forgejo"; + url = "https://git.rpqt.fr"; + icon = "sh:forgejo"; + } { title = "Pinchflat"; url = "https://pinchflat.${tld}"; diff --git a/machines/verbena/configuration.nix b/machines/verbena/configuration.nix index 990a3bd..f68c616 100644 --- a/machines/verbena/configuration.nix +++ b/machines/verbena/configuration.nix @@ -4,6 +4,7 @@ self.nixosModules.nix-defaults self.nixosModules.nextcloud self.nixosModules.gitea + self.nixosModules.forgejo self.nixosModules.vaultwarden self.inputs.srvos.nixosModules.server diff --git a/modules/forgejo.nix b/modules/forgejo.nix new file mode 100644 index 0000000..4359240 --- /dev/null +++ b/modules/forgejo.nix @@ -0,0 +1,75 @@ +{ config, lib, ... }: +let + cfg = config.services.forgejo; +in +{ + services.forgejo = { + enable = true; + lfs.enable = true; + + settings = { + # storage = { + # }; + + server = { + ROOT_URL = "https://${cfg.settings.server.DOMAIN}"; + DOMAIN = "git.rpqt.fr"; + HTTP_PORT = 3001; + }; + + session.PROVIDER = "db"; + session.COOKIE_SECURE = true; + + service.DISABLE_REGISTRATION = true; + + # Create a repository by pushing to it + repository.ENABLE_PUSH_CREATE_USER = true; + }; + }; + + systemd.services.forgejo.environment = { + FORGEJO__storage__STORAGE_TYPE = "minio"; + FORGEJO__storage__MINIO_ENDPOINT = "localhost:3900"; + FORGEJO__storage__MINIO_BUCKET = "forgejo"; + FORGEJO__storage__MINIO_LOCATION = "garage"; + FORGEJO__storage__MINIO_USE_SSL = "false"; + }; + + systemd.services.forgejo.serviceConfig = { + LoadCredential = [ + "minio_access_key_id:${config.clan.core.vars.generators.forgejo-s3-storage.files.access-key-id.path}" + "minio_secret_access_key:${config.clan.core.vars.generators.forgejo-s3-storage.files.access-key-secret.path}" + ]; + Environment = [ + "FORGEJO__storage__MINIO_ACCESS_KEY_ID__FILE=%d/minio_access_key_id" + "FORGEJO__storage__MINIO_SECRET_ACCESS_KEY__FILE=%d/minio_secret_access_key" + ]; + }; + + clan.core.vars.generators.forgejo-s3-storage = { + prompts.access-key-id = { + description = "s3 access key id"; + type = "line"; + persist = true; + }; + prompts.access-key-secret = { + description = "s3 access key secret"; + type = "hidden"; + persist = true; + }; + }; + + clan.core.state.forgejo.folders = [ config.services.forgejo.stateDir ]; + + services.nginx.virtualHosts."git.rpqt.fr" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:${builtins.toString (cfg.settings.server.HTTP_PORT)}"; + }; + }; + + security.acme.certs."git.rpqt.fr" = { + email = "admin@rpqt.fr"; + }; +}