youthlic/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add forgejo and postgresql services and nixos-container for forgejo

Browse source
This commit is contained in:
ulic-youthlic 2025-01-28 17:14:27 +08:00
parent ae7d74249b
commit 2080f294d5
Signed by: youthlic
GPG key ID: 63E86C3C14A0D721
7 changed files with 299 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
nixos/configurations/Cape/default.nix
View file

@ -4,6 +4,7 @@
}:
{
imports = [
./forgejo.nix
./networking.nix
./stylix.nix
./hardware-configuration.nix

18
nixos/configurations/Cape/forgejo.nix Normal file
View file

@ -0,0 +1,18 @@
{ config, ... }:
{
youthlic.containers.forgejo = {
enable = true;
domain = "forgejo.youthlic.fun";
sshPort = 2222;
httpPort = 8480;
interface = "ens3";
};
networking.firewall.allowedTCPPorts = [ 2222 ];
services.caddy.virtualHosts = {
"forgejo.${config.youthlic.programs.caddy.baseDomain}" = {
extraConfig = ''
reverse_proxy 10.231.136.102:8480
'';
};
};
}

6
nixos/modules/containers/default.nix Normal file
View file

@ -0,0 +1,6 @@
{ ... }:
{
imports = [
./forgejo.nix
];
}

120
nixos/modules/containers/forgejo.nix Normal file
View file

@ -0,0 +1,120 @@
{ config, lib, ... }:
let
cfg = config.youthlic.containers.forgejo;
in
{
options = {
youthlic.containers.forgejo = {
enable = lib.mkEnableOption "forgejo container";
domain = lib.mkOption {
type = lib.types.nonEmptyStr;
example = "forgejo.example.com";
};
sshPort = lib.mkOption {
type = lib.types.port;
default = 2222;
};
httpPort = lib.mkOption {
type = lib.types.port;
default = 8480;
};
interface = lib.mkOption {
type = lib.types.nonEmptyStr;
example = "ens3";
};
};
};
config = lib.mkIf cfg.enable {
networking.nat = {
enable = true;
internalInterfaces = [ "ve-+" ];
externalInterface = cfg.interface;
enableIPv6 = true;
};
containers."forgejo" = {
ephemeral = true;
autoStart = true;
privateNetwork = true;
hostAddress = "10.231.136.1";
localAddress = "10.231.136.102";
bindMounts = {
"/var/lib/forgejo" = {
hostPath = "/mnt/containers/forgejo/state";
isReadOnly = false;
};
"/var/lib/postgresql" = {
hostPath = "/mnt/containers/forgejo/dataset";
isReadOnly = false;
};
};
forwardPorts = [
{
containerPort = cfg.sshPort;
hostPort = 2222;
protocol = "tcp";
}
{
containerPort = cfg.sshPort;
hostPort = 2222;
protocol = "udp";
}
];
config =
{ lib, ... }:
{
imports = [
./../forgejo.nix
./../postgresql.nix
];
systemd.tmpfiles.rules = [
"d /var/lib/forgejo 770 forgejo forgejo -"
"d /var/lib/postgresql 770 postgres postgres -"
];
youthlic.programs = {
forgejo = {
enable = true;
domain = cfg.domain;
sshPort = cfg.sshPort;
httpPort = cfg.httpPort;
database = {
user = "forgejo";
};
};
postgresql = {
enable = true;
database = "forgejo";
auth_method = "peer";
version = "17";
};
};
systemd.services.forgejo = {
wants = [ "postgresql.service" ];
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
wantedBy = [ "default.target" ];
};
networking = {
firewall = {
enable = true;
allowedTCPPorts = [
cfg.httpPort
cfg.sshPort
];
allowedUDPPorts = [
cfg.httpPort
cfg.sshPort
];
};
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
system.stateVersion = "24.11";
};
};
};
}

3
nixos/modules/default.nix
View file

@ -16,6 +16,9 @@
disko.nixosModules.disko
])
++ [
./containers
./postgresql.nix
./forgejo.nix
./deploy
./nix.nix
./home.nix

105
nixos/modules/forgejo.nix Normal file
View file

@ -0,0 +1,105 @@
{
pkgs,
config,
lib,
...
}:
let
cfg = config.youthlic.programs.forgejo;
in
{
options = {
youthlic.programs.forgejo = {
enable = lib.mkEnableOption "forgejo";
domain = lib.mkOption {
type = lib.types.nonEmptyStr;
example = "example.com";
description = ''
which domain does the server use
'';
};
sshPort = lib.mkOption {
type = lib.types.port;
default = 2222;
};
httpPort = lib.mkOption {
type = lib.types.port;
default = 8480;
};
database = {
user = lib.mkOption {
type = lib.types.nonEmptyStr;
example = "forgejo";
};
socket = lib.mkOption {
type = lib.types.nonEmptyStr;
default = "/run/postgresql";
};
};
};
};
config = lib.mkMerge [
(lib.mkIf cfg.enable {
services.forgejo = {
enable = true;
lfs = {
enable = true;
};
group = "postgres";
database = {
type = "postgres";
user = cfg.database.user;
socket = cfg.database.socket;
createDatabase = false;
};
settings = {
DEFAULT = {
RUN_MODE = "prod";
};
cron = {
ENABLE = true;
RUN_AT_START = true;
SCHEDULE = "@every 24h";
};
repository = {
DEFAULT_PRIVATE = "last";
DEFAULT_BRANCH = "master";
};
service = {
DISABLE_REGISTRATION = true;
};
mailer = {
ENABLED = true;
MAILER_TYPE = "sendmail";
FROM = "do-not-reply@${config.services.forgejo.settings.server.DOMAIN}";
SENDMAIL_PATH = "${pkgs.system-sendmail}/bin/sendmail";
};
other = {
SHOW_FOOTER_VERSION = false;
};
server = {
PROTOCOL = "http";
DOMAIN = "${cfg.domain}";
START_SSH_SERVER = true;
SSH_PORT = cfg.sshPort;
HTTP_PORT = cfg.httpPort;
};
};
};
})
(
let
caddy-cfg = config.youthlic.programs.caddy;
in
lib.mkIf (cfg.enable && caddy-cfg.enable) {
services.caddy.virtualHosts = {
"forgejo.${caddy-cfg.baseDomain}" = {
extraConfig = ''
reverse_proxy 127.0.0.1:${cfg.httpPort}
'';
};
};
}
)
];
}

46
nixos/modules/postgresql.nix Normal file
View file

@ -0,0 +1,46 @@
{
pkgs,
config,
lib,
...
}:
let
cfg = config.youthlic.programs.postgresql;
in
{
options = {
youthlic.programs.postgresql = {
enable = lib.mkEnableOption "postgresql";
database = lib.mkOption {
type = lib.types.nonEmptyStr;
example = "forgejo";
};
auth_method = lib.mkOption {
type = lib.types.nonEmptyStr;
example = "peer";
};
version = lib.mkOption {
type = lib.types.nonEmptyStr;
example = "17";
};
};
};
config = lib.mkIf cfg.enable {
# default socket: /var/lib/postgresql
services.postgresql = {
enable = true;
ensureDatabases = [ cfg.database ];
ensureUsers = [
{
name = "${cfg.database}";
ensureDBOwnership = true;
}
];
package = pkgs."postgresql_${cfg.version}";
authentication = ''
#type database DBuser auth-method
local sameuser all ${cfg.auth_method}
'';
};
};
}