Refactor the Nix config management.

2026-02-06 21:31:22 +01:00 · 2026-02-06 21:31:22 +01:00 · aca053b4e1
commit aca053b4e1
parent 55fe63bcdb
23 changed files with 954 additions and 1764 deletions
--- a/nix-system-configs/modules/system/forgejo.nix
+++ b/nix-system-configs/modules/system/forgejo.nix
@ -0,0 +1,86 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  home-manager = builtins.fetchTarball "https://github.com/nix-community/home-manager/archive/release-25.11.tar.gz";
+  cfg = config.services.forgejo;
+  srv = cfg.settings.server;
+in {
+  local.hostname = "forgejoprg";
+  local.username = "forgejoprg";
+  local.userDescription = "Forgejo Admin";
+  local.address = "10.1.1.4";
+
+  # Enable Fedgejo service
+  services.nginx = {
+    enable = true;
+    virtualHosts."git.prg.local" = {
+      # Remove forceSSL and enableACME for local network
+      # forceSSL = true;
+      # enableACME = true;
+      extraConfig = ''
+        client_max_body_size 512M;
+      '';
+      locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
+    };
+  };
+
+  # Enable PostgreSQL for Forgejo
+  services.postgresql.enable = true;
+
+  # Forgejo configuration
+  services.forgejo = {
+    enable = true;
+    database = {
+      type = "postgres";
+      host = "10.1.1.251"; # IP of your database server
+      name = "forgejo";
+      user = "forgejo";
+      passwordFile = "/home/forgejoprg/password.txt"; # Store password in a separate file for security
+    };
+    lfs.enable = true;
+
+    settings = {
+      server = {
+        DOMAIN = "git.prg-radio.org";
+        ROOT_URL = "https://git.prg-radio.org/";
+        HTTP_PORT = 3000;
+        # SSH integration
+        SSH_PORT = lib.head config.services.openssh.ports;
+      };
+
+      # Temporarily allow registration to create admin user
+      service.DISABLE_REGISTRATION = false;
+
+      # Enable Actions support
+      actions = {
+        ENABLED = true;
+        DEFAULT_ACTIONS_URL = "github";
+      };
+
+      # Optional: Email configuration
+      # mailer = {
+      #   ENABLED = false;
+      # };
+    };
+  };
+
+  # Open ports in the firewall.
+  networking.firewall.allowedTCPPorts = [3000];
+
+  imports = [
+    # ./secrets/secrets.nix  # Add this locally after running add-secrets.zsh
+    # Optionally import local secrets if present (won't fail if missing)
+    (lib.optional (builtins.pathExists ./secrets/secrets.nix) ./secrets/secrets.nix)
+    ./modules/desktop-manager/sway_greetd_homemanager.nix
+    ./modules/local/hostname_username.nix
+    ./modules/local/networking_local.nix
+    ./modules/toolsets/remote_building.nix
+    ./modules/bootloader/seabios.nix
+    ./modules/lix-default.nix
+  ];
+
+  system.stateVersion = "25.11";
+}