A new start

2024-03-21 15:00:36 +01:00 · 2024-03-21 15:00:36 +01:00 · f4e2368893
commit f4e2368893
93 changed files with 7621 additions and 0 deletions
--- a/systems/x86_64-linux/mx/forgejo.nix
+++ b/systems/x86_64-linux/mx/forgejo.nix
@ -0,0 +1,54 @@
+{ pkgs, lib, config, ... }:
+{
+  sops.secrets."postgres/gitea_dbpass" = {
+    sopsFile = ../../../.secrets/hetzner/postgres.yaml; # bring your own password file
+    owner = config.services.forgejo.user;
+  };
+
+  services.forgejo = {
+    enable = true;
+    user = "gitea";
+    group = "gitea";
+    stateDir = "/var/lib/gitea";
+    database = {
+      name = "gitea";
+      user = "gitea";
+      type = "postgres";
+      passwordFile = config.sops.secrets."postgres/gitea_dbpass".path;
+    };
+    settings.service.DISABLE_REGISTRATION = true;
+    settings.server = {
+      DOMAIN = "git.hoyer.xyz";
+      ROOT_URL = "https://git.hoyer.xyz/";
+      HTTP_PORT = 3001;
+    };
+    settings.log.LEVEL = "Warn";
+  };
+
+  users.users.gitea = {
+    home = "/var/lib/gitea";
+    useDefaultShell = true;
+    group = "gitea";
+    isSystemUser = true;
+  };
+
+  users.groups.gitea = { };
+
+  services.postgresql = {
+    package = pkgs.postgresql_14;
+    ensureDatabases = [
+      config.services.forgejo.database.name
+      "nextcloud"
+    ];
+    ensureUsers = [
+      {
+        name = config.services.forgejo.database.user;
+        ensureDBOwnership = true;
+      }
+      {
+        name = "nextcloud";
+        ensureDBOwnership = true;
+      }
+    ];
+  };
+}