Git/Nixconfigs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add forgejo

Browse source
This commit is contained in:
Maxiem Geldhof 2025-10-31 17:23:17 +01:00
parent 5b151e7327
commit 8e42f81a19
3 changed files with 102 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

36
modules/servermodules/forgejo/forgejo.nix Normal file
View file

@ -0,0 +1,36 @@
{
lib,
pkgs,
config,
...
}:
let
cfg = config.services.forgejo;
srv = cfg.settings.server;
in
{
services.forgejo = {
enable = true;
database.type = "postgres";
# Enable support for Git Large File Storage
lfs.enable = true;
settings = {
server = {
DOMAIN = "git.maxiemgeldhof.com";
# You need to specify this to remove the port from URLs in the web UI.
ROOT_URL = "https://${srv.DOMAIN}/";
HTTP_PORT = 3028;
};
# You can temporarily allow registration to create an admin user.
service.DISABLE_REGISTRATION = true;
# Add support for actions, based on act: https://github.com/nektos/act
actions = {
ENABLED = false;
};
metrics = {
ENABLED = true;
};
};
};
}

91
modules/servermodules/nginx.nix
View file

@ -1,39 +1,37 @@
rootdomain:
{
rootdomain: {
systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/logs/nginx" ];
services.nginx.enable = true;
services.nginx.commonHttpConfig = ''
log_format myformat '$remote_addr - $remote_user [$time_local] '
'$host "$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
'';
log_format myformat '$remote_addr - $remote_user [$time_local] '
'$host "$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
'';
services.nginx.virtualHosts."default" = {
enableACME = false;
rejectSSL = true;
default = true;
enableACME = false;
rejectSSL = true;
default = true;
locations."/" = {
return = 404;
};
extraConfig = ''
access_log /logs/nginx/nginx-access.log myformat;
'';
locations."/" = {
return = 404;
};
extraConfig = ''
access_log /logs/nginx/nginx-access.log myformat;
'';
};
services.nginx.virtualHosts."grafana.${rootdomain}" = {
enableACME = true;
forceSSL = true;
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
proxyWebsockets = true;
recommendedProxySettings = true;
};
extraConfig = ''
access_log /logs/nginx/nginx-access.log myformat;
'';
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
proxyWebsockets = true;
recommendedProxySettings = true;
};
extraConfig = ''
access_log /logs/nginx/nginx-access.log myformat;
'';
};
services.nginx.virtualHosts."jellyfin.${rootdomain}" = {
@ -50,11 +48,11 @@ rootdomain:
proxyPass = "http://127.0.0.1:8096/metrics";
recommendedProxySettings = true;
extraConfig = ''
allow 127.0.0.1;
allow 192.168.0.0/16;
allow 10.0.0.0/8;
allow 172.16.0.0/12;
deny all;
allow 127.0.0.1;
allow 192.168.0.0/16;
allow 10.0.0.0/8;
allow 172.16.0.0/12;
deny all;
'';
};
@ -68,9 +66,34 @@ rootdomain:
defaults.email = "admin@${rootdomain}";
};
services.nginx.virtualHosts."git.${rootdomain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3028";
recommendedProxySettings = true;
};
locations."/metrics" = {
proxyPass = "http://127.0.0.1:3028/metrics";
recommendedProxySettings = true;
extraConfig = ''
allow 127.0.0.1;
allow 192.168.0.0/16;
allow 10.0.0.0/8;
allow 172.16.0.0/12;
deny all;
'';
};
extraConfig = ''
access_log /logs/nginx/nginx-access.log myformat;
'';
};
systemd.tmpfiles.rules = [
# Type Path Mode User Group Age Argument
"d /logs/nginx 0755 nginx nginx - -"
# Type Path Mode User Group Age Argument
"d /logs/nginx 0755 nginx nginx - -"
];
}