Add forgejo

2025-10-31 17:23:17 +01:00 · 2025-10-31 17:23:17 +01:00 · 8e42f81a19
commit 8e42f81a19
parent 5b151e7327
3 changed files with 102 additions and 36 deletions
--- a/modules/servermodules/nginx.nix
+++ b/modules/servermodules/nginx.nix
@ -1,39 +1,37 @@
-rootdomain:
-{
+rootdomain: {
  systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/logs/nginx" ];
  services.nginx.enable = true;
  services.nginx.commonHttpConfig = ''
-      log_format myformat '$remote_addr - $remote_user [$time_local] '
-                      '$host "$request" $status $body_bytes_sent '
-                      '"$http_referer" "$http_user_agent"';
-      '';
+    log_format myformat '$remote_addr - $remote_user [$time_local] '
+                    '$host "$request" $status $body_bytes_sent '
+                    '"$http_referer" "$http_user_agent"';
+  '';

  services.nginx.virtualHosts."default" = {
-      enableACME = false;
-      rejectSSL = true;
-      default = true;
+    enableACME = false;
+    rejectSSL = true;
+    default = true;

-      locations."/" = {
-        return = 404;
-      };
-      extraConfig = ''
-        access_log /logs/nginx/nginx-access.log myformat;
-      '';
+    locations."/" = {
+      return = 404;
+    };
+    extraConfig = ''
+      access_log /logs/nginx/nginx-access.log myformat;
+    '';
  };

-
  services.nginx.virtualHosts."grafana.${rootdomain}" = {
-      enableACME = true;
-      forceSSL = true;
+    enableACME = true;
+    forceSSL = true;

-      locations."/" = {
-        proxyPass = "http://127.0.0.1:3000";
-        proxyWebsockets = true;
-        recommendedProxySettings = true;
-      };
-      extraConfig = ''
-        access_log /logs/nginx/nginx-access.log myformat;
-      '';
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:3000";
+      proxyWebsockets = true;
+      recommendedProxySettings = true;
+    };
+    extraConfig = ''
+      access_log /logs/nginx/nginx-access.log myformat;
+    '';
  };

  services.nginx.virtualHosts."jellyfin.${rootdomain}" = {
@ -50,11 +48,11 @@ rootdomain:
      proxyPass = "http://127.0.0.1:8096/metrics";
      recommendedProxySettings = true;
      extraConfig = ''
-      allow 127.0.0.1;
-      allow 192.168.0.0/16;
-      allow 10.0.0.0/8;
-      allow 172.16.0.0/12;
-      deny all;
+        allow 127.0.0.1;
+        allow 192.168.0.0/16;
+        allow 10.0.0.0/8;
+        allow 172.16.0.0/12;
+        deny all;
      '';
    };

@ -68,9 +66,34 @@ rootdomain:
    defaults.email = "admin@${rootdomain}";
  };

+  services.nginx.virtualHosts."git.${rootdomain}" = {
+    enableACME = true;
+    forceSSL = true;
+
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:3028";
+      recommendedProxySettings = true;
+    };
+
+    locations."/metrics" = {
+      proxyPass = "http://127.0.0.1:3028/metrics";
+      recommendedProxySettings = true;
+      extraConfig = ''
+        allow 127.0.0.1;
+        allow 192.168.0.0/16;
+        allow 10.0.0.0/8;
+        allow 172.16.0.0/12;
+        deny all;
+      '';
+    };
+
+    extraConfig = ''
+      access_log /logs/nginx/nginx-access.log myformat;
+    '';
+  };
+
  systemd.tmpfiles.rules = [
-  # Type  Path           Mode    User   Group  Age  Argument
-  "d /logs/nginx        0755    nginx  nginx  -    -"
+    # Type  Path           Mode    User   Group  Age  Argument
+    "d /logs/nginx        0755    nginx  nginx  -    -"
  ];
 }
-