root/the_prg_server_configuration_old
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add Anubis service configuration and middleware for protection.

Browse source
This commit is contained in:
Root User 2026-02-13 19:54:05 +01:00
parent 4d361588fa
commit a1ed41e31a
Signed by: root
GPG key ID: 087F0A95E5766D72
2 changed files with 86 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

28
nix-system-configs/modules/system/forgejo.nix
View file

@ -28,7 +28,7 @@
# Package local Jost OTF files from the repository into the Nix store so
# they can be installed into the Forgejo custom assets directory.
jostFonts = pkgs.runCommand "jost-fonts" { src = ../styling/forgejo/Jost/OpenType; } ''
jostFonts = pkgs.runCommand "jost-fonts" {src = ../styling/forgejo/Jost/OpenType;} ''
mkdir -p $out/fonts
cp -a $src/*.otf $out/fonts/
'';
@ -175,24 +175,24 @@ in {
# Fallback: one-shot systemd service to copy custom assets on activation (works even if tmpfiles isn't applied or for live testing)
systemd.services."forgejo-custom-files" = {
description = "Install Forgejo custom templates and assets into customDir";
after = [ "network.target" ];
after = ["network.target"];
serviceConfig = {
Type = "oneshot";
# Use bash -c to run a compact copy/install script that ensures dirs exist and files are owned by forgejo
# cp -a ${toString ../styling/forgejo/home.tmpl} ${config.services.forgejo.customDir}/templates/home.tmpl; \
ExecStart = ''${pkgs.bash}/bin/bash -c "set -eu; \
install -d -m0755 -o forgejo -g forgejo ${config.services.forgejo.customDir}/public/assets/fonts; \
install -d -m0755 -o forgejo -g forgejo ${config.services.forgejo.customDir}/public/assets/css; \
install -d -m0755 -o forgejo -g forgejo ${config.services.forgejo.customDir}/templates/custom; \
cp -a ${mapleFonts}/fonts/MapleMonoNerd.ttf ${config.services.forgejo.customDir}/public/assets/fonts/MapleMonoNerd.ttf; \
cp -a ${toString ../styling/forgejo/header.tmpl} ${config.services.forgejo.customDir}/templates/custom/header.tmpl; \
cp -a ${toString ../styling/forgejo/theme-custom.css} ${config.services.forgejo.customDir}/public/assets/css/theme-custom.css; \
cp -a ${jostFonts}/fonts/* ${config.services.forgejo.customDir}/public/assets/fonts/ || true; \
cp -a ${toString ../styling/PRG_logo.svg} ${config.services.forgejo.customDir}/public/assets/img/logo.svg || true; \
cp -a ${toString ../styling/PRG_logo.png} ${config.services.forgejo.customDir}/public/assets/img/logo.png || true; \
chown -R forgejo:forgejo ${config.services.forgejo.customDir}"'';
ExecStart = '' ${pkgs.bash}/bin/bash -c "set -eu; \
install -d -m0755 -o forgejo -g forgejo ${config.services.forgejo.customDir}/public/assets/fonts; \
install -d -m0755 -o forgejo -g forgejo ${config.services.forgejo.customDir}/public/assets/css; \
install -d -m0755 -o forgejo -g forgejo ${config.services.forgejo.customDir}/templates/custom; \
cp -a ${mapleFonts}/fonts/MapleMonoNerd.ttf ${config.services.forgejo.customDir}/public/assets/fonts/MapleMonoNerd.ttf; \
cp -a ${toString ../styling/forgejo/header.tmpl} ${config.services.forgejo.customDir}/templates/custom/header.tmpl; \
cp -a ${toString ../styling/forgejo/theme-custom.css} ${config.services.forgejo.customDir}/public/assets/css/theme-custom.css; \
cp -a ${jostFonts}/fonts/* ${config.services.forgejo.customDir}/public/assets/fonts/ || true; \
cp -a ${toString ../styling/PRG_logo.svg} ${config.services.forgejo.customDir}/public/assets/img/logo.svg || true; \
cp -a ${toString ../styling/PRG_logo.png} ${config.services.forgejo.customDir}/public/assets/img/logo.png || true; \
chown -R forgejo:forgejo ${config.services.forgejo.customDir}"'';
};
wantedBy = [ "multi-user.target" ];
wantedBy = ["multi-user.target"];
};
# Open ports in the firewall.