add forgejo to arachnide server

2024-12-20 18:56:01 +01:00 · 2024-12-20 18:56:01 +01:00 · 81fda64f42
commit 81fda64f42
parent 535a536b57
3 changed files with 98 additions and 2 deletions
--- a/config/arachnide/configuration.nix
+++ b/config/arachnide/configuration.nix
@ -10,6 +10,7 @@
      /var/src/modules/reverse-proxy.nix
      /var/src/modules/nginx.nix
      /var/src/modules/nixin-web.nix
+      /var/src/modules/forgejo.nix
    ];

  # Bootloader.
@ -41,6 +42,24 @@
    http-port = 8081;
  };

+  nixin.forge = {
+    http-port = 8082;
+    domain = "forge.lab12.fr";
+    smtp-addr = "lab12.org";
+    smtp-user = "mr.robot@lab12.org";
+    smtp-from = "no-reply@lab12.org";
+    smtp-pwd-file = toString <secrets/smtp>;
+    #smtp-pwd = let 
+    #  pwd = builtins.readFile <secrets/smtp>;
+    #in lib.strings.trim pwd;
+    admin-email = "sysadmin@lab12.fr";
+    admin-user = "operator";
+    admin-pwd = let 
+      pwd = builtins.readFile <secrets/forgejo>;
+    in lib.strings.trim pwd;
+  };
+
+
  # Enable ip forwarding to route packets for the local network connected to enp3s0  
  boot.kernel.sysctl = {
    "net.ipv4.ip_forward" = 1;
--- a/modules/forgejo.nix
+++ b/modules/forgejo.nix
@ -0,0 +1,78 @@
+# Forgejo
+{ config, pkgs, lib, ... }:
+
+let
+  inherit (lib) mkOption mkDefault;
+in
+{
+  options = {
+    nixin.forge = {
+      http-port = mkOption { type = lib.types.int; };
+      domain = mkOption { type = lib.types.str; };
+      smtp-addr = mkOption { type = lib.types.str; };
+      smtp-user = mkOption { type = lib.types.str; };
+      smtp-from = mkOption { type = lib.types.str; };
+      #smtp-pwd = mkOption { type = lib.types.str; };
+      smtp-pwd-file = mkOption { type = lib.types.str; };
+      admin-email = mkOption { type = lib.types.str; };
+      admin-user = mkOption { type = lib.types.str; };
+      admin-pwd = mkOption { type = lib.types.str; };
+    };
+  };
+
+  config = {
+    services.forgejo = {
+      enable = true;
+      database.type = "postgres";
+      # Enable support for Git Large File Storage
+      lfs.enable = true;
+      settings = {
+        server = {
+          DOMAIN = "${config.nixin.forge.domain}";
+          # You need to specify this to remove the port from URLs in the web UI.
+          ROOT_URL = "https://${config.nixin.forge.domain}/";
+          HTTP_PORT = config.nixin.forge.http-port;
+        };
+        # You can temporarily allow registration to create an admin user.
+        service.DISABLE_REGISTRATION = true;
+        # Add support for actions, based on act: https://github.com/nektos/act
+        actions = {
+          ENABLED = true;
+          DEFAULT_ACTIONS_URL = "github";
+        };
+        # Sending emails is completely optional
+        # You can send a test email from the web UI at:
+        # Profile Picture > Site Administration > Configuration > Mailer Configuration
+        mailer = {
+          ENABLED = true;
+          PROTOCOL = "smtp+starttls";
+          SMTP_ADDR = "${config.nixin.forge.smtp-addr}";
+          FROM = "${config.nixin.forge.smtp-from}";
+          USER = "${config.nixin.forge.smtp-user}";
+          #PASSWD = "${config.nixin.forge.smtp-pwd}";
+        };
+      };
+      secrets.mailer.PASSWD = "${config.nixin.forge.smtp-pwd-file}";
+    };
+
+    systemd.services.forgejo.preStart = let 
+      adminCmd = "${lib.getExe config.services.forgejo.package} admin user";
+    in ''
+      env >/tmp/debug
+      ${adminCmd} create --admin --email "${config.nixin.forge.admin-email}" --username "${config.nixin.forge.admin-user}" --password "${config.nixin.forge.admin-pwd}" || true
+      ## uncomment this line to change an admin user which was already created
+      # ${adminCmd} change-password --username ${config.nixin.forge.admin-user} --password "${config.nixin.forge.admin-pwd}" || true
+    '';
+
+
+    services.traefik.dynamicConfigOptions.http.services."service-forgejo" = {
+      loadBalancer.servers = [
+        { url = "http://localhost:${toString config.nixin.forge.http-port}"; }
+      ];
+    };
+    services.traefik.dynamicConfigOptions.http.routers."router-forgejo" = {
+      rule = "Host(`${config.nixin.forge.domain}`)";
+      service = "service-forgejo";
+    };
+  };
+}
--- a/modules/reverse-proxy.nix
+++ b/modules/reverse-proxy.nix
@ -22,13 +22,12 @@ in
    api.insecure = false;

    # Enable logs
-    #log.filePath = "/var/log/traefik/traefik.log";
    log = {
      level = "INFO";
      filePath = "${config.services.traefik.dataDir}/traefik.log";
      format = "json";
    };
-    accessLog.filePath = "/var/log/traefik/accessLog.log";
+    accessLog.filePath = "${config.services.traefik.dataDir}/accessLog.log";

    # Enable Docker provider
    providers.docker = {