Git/Nixconfigs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add forgejo

Browse source
This commit is contained in:
Maxiem Geldhof 2025-10-31 17:23:17 +01:00
parent 5b151e7327
commit 8e42f81a19
3 changed files with 102 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

36
modules/servermodules/forgejo/forgejo.nix Normal file
View file

@ -0,0 +1,36 @@
{
lib,
pkgs,
config,
...
}:
let
cfg = config.services.forgejo;
srv = cfg.settings.server;
in
{
services.forgejo = {
enable = true;
database.type = "postgres";
# Enable support for Git Large File Storage
lfs.enable = true;
settings = {
server = {
DOMAIN = "git.maxiemgeldhof.com";
# You need to specify this to remove the port from URLs in the web UI.
ROOT_URL = "https://${srv.DOMAIN}/";
HTTP_PORT = 3028;
};
# You can temporarily allow registration to create an admin user.
service.DISABLE_REGISTRATION = true;
# Add support for actions, based on act: https://github.com/nektos/act
actions = {
ENABLED = false;
};
metrics = {
ENABLED = true;
};
};
};
}

91
modules/servermodules/nginx.nix
View file

@ -1,39 +1,37 @@
rootdomain: rootdomain: {
{
systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/logs/nginx" ]; systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/logs/nginx" ];
services.nginx.enable = true; services.nginx.enable = true;
services.nginx.commonHttpConfig = '' services.nginx.commonHttpConfig = ''
log_format myformat '$remote_addr - $remote_user [$time_local] ' log_format myformat '$remote_addr - $remote_user [$time_local] '
'$host "$request" $status $body_bytes_sent ' '$host "$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"'; '"$http_referer" "$http_user_agent"';
''; '';
services.nginx.virtualHosts."default" = { services.nginx.virtualHosts."default" = {
enableACME = false; enableACME = false;
rejectSSL = true; rejectSSL = true;
default = true; default = true;
locations."/" = { locations."/" = {
return = 404; return = 404;
}; };
extraConfig = '' extraConfig = ''
access_log /logs/nginx/nginx-access.log myformat; access_log /logs/nginx/nginx-access.log myformat;
''; '';
}; };
services.nginx.virtualHosts."grafana.${rootdomain}" = { services.nginx.virtualHosts."grafana.${rootdomain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:3000"; proxyPass = "http://127.0.0.1:3000";
proxyWebsockets = true; proxyWebsockets = true;
recommendedProxySettings = true; recommendedProxySettings = true;
}; };
extraConfig = '' extraConfig = ''
access_log /logs/nginx/nginx-access.log myformat; access_log /logs/nginx/nginx-access.log myformat;
''; '';
}; };
services.nginx.virtualHosts."jellyfin.${rootdomain}" = { services.nginx.virtualHosts."jellyfin.${rootdomain}" = {
@ -50,11 +48,11 @@ rootdomain:
proxyPass = "http://127.0.0.1:8096/metrics"; proxyPass = "http://127.0.0.1:8096/metrics";
recommendedProxySettings = true; recommendedProxySettings = true;
extraConfig = '' extraConfig = ''
allow 127.0.0.1; allow 127.0.0.1;
allow 192.168.0.0/16; allow 192.168.0.0/16;
allow 10.0.0.0/8; allow 10.0.0.0/8;
allow 172.16.0.0/12; allow 172.16.0.0/12;
deny all; deny all;
''; '';
}; };
@ -68,9 +66,34 @@ rootdomain:
defaults.email = "admin@${rootdomain}"; defaults.email = "admin@${rootdomain}";
}; };
services.nginx.virtualHosts."git.${rootdomain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3028";
recommendedProxySettings = true;
};
locations."/metrics" = {
proxyPass = "http://127.0.0.1:3028/metrics";
recommendedProxySettings = true;
extraConfig = ''
allow 127.0.0.1;
allow 192.168.0.0/16;
allow 10.0.0.0/8;
allow 172.16.0.0/12;
deny all;
'';
};
extraConfig = ''
access_log /logs/nginx/nginx-access.log myformat;
'';
};
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
# Type Path Mode User Group Age Argument # Type Path Mode User Group Age Argument
"d /logs/nginx 0755 nginx nginx - -" "d /logs/nginx 0755 nginx nginx - -"
]; ];
} }

11
systems/selene/system.nix
View file

@ -1,5 +1,11 @@
{ agenix, jellyfin-exporter, nixpkgs, self, ... }: {
let agenix,
jellyfin-exporter,
nixpkgs,
self,
...
}:
let
system = "aarch64-linux"; system = "aarch64-linux";
in in
nixpkgs.lib.nixosSystem { nixpkgs.lib.nixosSystem {
@ -19,6 +25,7 @@ nixpkgs.lib.nixosSystem {
../../modules/servermodules/jellyfin/jellyfin.nix ../../modules/servermodules/jellyfin/jellyfin.nix
(import ../../modules/servermodules/wireguard/wireguard-server.nix).serverModule (import ../../modules/servermodules/wireguard/wireguard-server.nix).serverModule
./volumes.nix ./volumes.nix
../../modules/servermodules/forgejo/forgejo.nix
agenix.nixosModules.default agenix.nixosModules.default
]; ];
} }