1
Fork 0

Add basic forgejo config

This commit is contained in:
prescientmoon 2024-05-11 01:09:43 +02:00
parent aadbafcc1e
commit 490a77b67e
Signed by: prescientmoon
SSH key fingerprint: SHA256:UUF9JT2s8Xfyv76b8ZuVL7XrmimH4o49p4b+iexbVH4
13 changed files with 143 additions and 93 deletions

View file

@ -111,6 +111,7 @@ Most services are served over [tailscale](https://tailscale.com/), using certifi
- [Actual](https://actualbudget.org/) — budgeting tool.
- [Commafeed](https://github.com/Athou/commafeed) — rss reader
- [Forgejo](https://forgejo.org/) — git forge
- [Grafana](https://github.com/grafana/grafana) — pretty dashboards
- [Homer](https://github.com/bastienwirtz/homer) — server homepage
- [Intray](https://github.com/NorfairKing/intray) — GTD capture tool.

BIN
common/icons/forgejo.svg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 24 KiB

View file

@ -22,3 +22,4 @@ The idea is to always use consecutive ports, but never go back and try to recycl
| 8416 | [redlib](../hosts/nixos/lapetus/services/redlib.nix) |
| 8417 | [qbittorrent](../hosts/nixos/lapetus/services/qbittorrent.nix) |
| 8418 | [microbin](../hosts/nixos/lapetus/services/microbin.nix) |
| 8419 | [forgejo](../hosts/nixos/lapetus/services/forgejo.nix) |

View file

@ -1,28 +0,0 @@
{ lib, ... }: {
services.gitea = {
enable = true;
appName = "pinktea";
stateDir = "/persist/state/pinktea";
lfs.enable = true;
dump = {
enable = true;
type = "tar.gz";
};
# See [the cheatsheet](https://docs.gitea.com/next/administration/config-cheat-sheet)
settings = {
session.COOKIE_SECURE = false; # TODO: set to true when serving over https
repository = {
DISABLED_REPO_UNITS = "";
DEFAULT_REPO_UNITS = lib.strings.concatStringsSep "," [
"repo.code"
"repo.releases"
"repo.issues"
"repo.pulls"
];
DISABLE_STARS = true;
};
};
};
}

View file

@ -23,6 +23,7 @@
./services/jellyfin.nix
./services/qbittorrent.nix
./services/microbin.nix
./services/forgejo.nix
# ./services/ddclient.nix
./filesystems
./hardware

View file

@ -11,3 +11,4 @@ cloudflare_tunnel_credentials: |
microbin_env: |
MICROBIN_ADMIN_PASSWORD=...
MICROBIN_UPLOAD_PASSWORD=...
forgejo_mail_password: ...

View file

@ -5,6 +5,7 @@ grafana_discord_webhook: ENC[AES256_GCM,data:y17UjlnfNmtvim9REkop4abcU6BX0P5JnJY
invidious_hmac_key: ENC[AES256_GCM,data:eN3NNPYUSfPNnVz3aZK7IrnzoBA=,iv:eHEiB/TKL0W6TdWpXADCxEdhhGwUPwOLph2RjwTECh0=,tag:P5m6Uw8JkKVegQ840talPQ==,type:str]
cloudflare_tunnel_credentials: ENC[AES256_GCM,data:XuXXzhGdxYsF1ik2g7yS2wbaI08/AF60P8CnIhjJlMd+jRk36QovuBRRjkfV8BjOg0K+2b4yNHT/nS/ZSV6eorj4sbczw6D+p7LxrQfeVqqhXWyCjbJwQTTDFU9XB2xUohmmC1PJ1/nwShfn1LocPxgwWQiNpqwhTJroojzqxTHUBzCuAMmcZ7jwvd0SlDpZIszhbTQoLRzedRZpCdoNnWTc,iv:2oBLU3SvNUwJ2OYfCmyKiocUw9zU+yixO+tY/AE9sxc=,tag:T3v+MII+kDzomiAQJ0zUdg==,type:str]
microbin_env: ENC[AES256_GCM,data:nxiE9GIvEb0xgqomDdMyy2UtG25pt7h+6JUZkAgIejZbJfsKfpIJcG02WJoj07I2VeTtN10Wd8IbrW9QEt64mLzlG7hqJN0Uwq8bjL1j5IaK,iv:pCWmF52MhMfZtdtMsL7wwt+KB33E/UPNtXzkiJ7NOWE=,tag:79e0u2yyRYckivY85hLqpg==,type:str]
forgejo_mail_password: ENC[AES256_GCM,data:linrpmA8b+8e1+tWNl0=,iv:Mk7suPq0Jt960Zl9s2jj3SSAKt4t8Lv4eKdIo0o8JbE=,tag:TZ0qGJIVSFSUt/0cqamvdw==,type:str]
sops:
kms: []
gcp_kms: []
@ -29,8 +30,8 @@ sops:
RHZ6alYrUU5BZ2xlMkdGR1dWRG5aeGMKJdsdtVZ6Mk9Vo3a+tS+rzAgaF2wpH+8U
lWhA+c0Kbe8EJT8hm7Vr8PqBmElz4V9AnXSCTp7D+Cu4pfWsHopLUQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-10T18:21:41Z"
mac: ENC[AES256_GCM,data:JbRf7sVZLNiIR2vy0+Et7PqpZIvxYa8ZbqLUNNUzjilfIxaRcwRTjbV+IryGOXBve1rJoK9I6Y4dnaQOM/YpddNO2Nxb4PKGcgnQc6v4wrHfHBFZJVo7Teyy6jFfxBYCu0DOqIzBeQg7YLs29PpVoOjxjXDLLFfCK1WAlng+Af8=,iv:2yIV0h3jp/JTPhWjfRLI+Nd8kkIheePIKOf6u59wWiw=,tag:eHswLPB7oDJ98jqnJv2V6g==,type:str]
lastmodified: "2024-05-10T22:27:23Z"
mac: ENC[AES256_GCM,data:pH8KM1JvO6OK1yGNT90kPfd7+zoUnyoTNfWhCXHBERzLmxHuI8VopCGfgxqYtjyBE4yYAIsRpzJBMPKSnazoL9EBWB+uoSE3UNXMgwTBK/Oq+aW1Bj7akOfCiR9U8yzgfqI7ReAtbioOVO3K/RlgCzpNFdfvToKwm7tUFrektB8=,iv:ltMnlbzIQumavl96q76sv9iYf4IgKrLS2yRZQ1xb83o=,tag:1PILpbzUR7LXaiuukrH3bw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

View file

@ -0,0 +1,52 @@
{ lib, config, ... }:
let
port = 8419;
host = "git.moonythm.dev";
in
{
sops.secrets.forgejo_mail_password.sopsFile = ../secrets.yaml;
satellite.cloudflared.targets.${host}.port = port;
services.forgejo = {
enable = true;
appName = "moonforge";
stateDir = "/persist/state/var/lib/forgejo";
mailerPasswordFile = config.sops.secrets.forgejo_mail_password.path;
dump = {
enable = true;
type = "tar.gz";
};
lfs.enable = true;
# See [the cheatsheet](https://docs.gitea.com/next/administration/config-cheat-sheet)
settings = {
session.COOKIE_SECURE = true;
server = {
DOMAIN = host;
HTTP_PORT = port;
ROOT_URL = "https://${host}";
LANDING_PAGE = "prescientmoon"; # Make my profile the landing page
};
cron.ENABLED = true;
# service.DISABLE_REGISTRATION = true;
mailer = {
ENABLED = true;
SMTP_PORT = 465;
SMTP_ADDR = "smtp.migadu.com";
USER = "git";
};
repository = {
DISABLE_STARS = true;
DISABLED_REPO_UNITS = "";
DEFAULT_REPO_UNITS = lib.strings.concatStringsSep "," [
"repo.code"
];
};
};
};
}

View file

@ -63,6 +63,58 @@ in
];
}
# }}}
# {{{ External
{
name = "External";
icon = fa "arrow-up-right-from-square";
items = [
{
name = "Tailscale";
subtitle = "Access this homelab from anywhere";
logo = icon "tailscale.png";
url = "https://tailscale.com/";
}
{
name = "Dotfiles";
subtitle = "Configuration for all my machines";
logo = icon "github.png";
url = "https://github.com/mateiadrielrafael/everything-nix";
}
{
name = "Cloudflare";
subtitle = "Domain management";
logo = icon "cloudflare.png";
url = "https://dash.cloudflare.com/761d3e81b3e42551e33c4b73274ecc82/moonythm.dev/";
}
];
}
# }}}
# {{{ Productivity
{
name = "Productivity";
icon = fa "rocket";
items = [
{
name = "Intray";
subtitle = "GTD capture tool";
icon = fa "inbox";
url = "https://intray.moonythm.dev";
}
{
name = "Smos";
subtitle = "A comprehensive self-management system.";
icon = fa "cubes-stacked";
url = "https://smos.moonythm.dev";
}
{
name = "Actual";
subtitle = "Budgeting tool";
logo = icon "actual.png";
url = "https://actual.moonythm.dev";
}
];
}
# }}}
# {{{ Pillars
{
name = "Tooling";
@ -92,31 +144,11 @@ in
logo = icon "microbin.png";
url = "https://cal.moonythm.dev";
}
];
}
# }}}
# {{{ Productivity
{
name = "Productivity";
icon = fa "rocket";
items = [
{
name = "Intray";
subtitle = "GTD capture tool";
icon = fa "inbox";
url = "https://intray.moonythm.dev";
}
{
name = "Smos";
subtitle = "A comprehensive self-management system.";
icon = fa "cubes-stacked";
url = "https://smos.moonythm.dev";
}
{
name = "Actual";
subtitle = "Budgeting tool";
logo = icon "actual.png";
url = "https://actual.moonythm.dev";
name = "Forgejo";
subtitle = "Git forge";
logo = icon "forgejo.svg";
url = "https://git.moonythm.dev";
}
];
}
@ -165,32 +197,6 @@ in
];
}
# }}}
# {{{ External
{
name = "External";
icon = fa "arrow-up-right-from-square";
items = [
{
name = "Tailscale";
subtitle = "Access this homelab from anywhere";
logo = icon "tailscale.png";
url = "https://tailscale.com/";
}
{
name = "Dotfiles";
subtitle = "Configuration for all my machines";
logo = icon "github.png";
url = "https://github.com/mateiadrielrafael/everything-nix";
}
{
name = "Cloudflare";
subtitle = "Domain management";
logo = icon "cloudflare.png";
url = "https://dash.cloudflare.com/761d3e81b3e42551e33c4b73274ecc82/moonythm.dev/";
}
];
}
# }}}
];
};
});

View file

@ -7,9 +7,7 @@ in
imports = [ ./cloudflared.nix ];
sops.secrets.microbin_env.sopsFile = ../secrets.yaml;
services.cloudflared.tunnels =
config.satellite.cloudflared.proxy host;
satellite.cloudflared.targets.${host}.port = port;
services.microbin = {
enable = true;

View file

@ -16,6 +16,7 @@
./hardware
./boot.nix
./services/syncthing.nix
./services/forgejo.nix
];
# }}}

View file

@ -5,18 +5,33 @@ in
options.satellite.cloudflared = {
tunnel = lib.mkOption {
type = lib.types.string;
description = "Cloudflare tunnel id to use for the `satellite.cloudflared.proxy` helper";
description = "Cloudflare tunnel id to use for the `satellite.cloudflared.targets` helper";
};
proxy = lib.mkOption {
type = lib.types.functionTo lib.types.anything;
description = "Helper function for generating a quick proxy config";
targets = lib.mkOption {
description = "List of hosts to set up ingress rules for";
default = { };
type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: {
options = {
port = lib.mkOption {
type = lib.types.port;
description = "Localhost port to point the tunnel at";
};
host = lib.mkOption {
default = name;
type = lib.types.string;
description = "Host to direct traffic from";
};
};
}));
};
};
config.satellite.cloudflared.proxy = from: {
${cfg.tunnel} = {
ingress.${from} = "http://localhost:8418";
};
};
config.services.cloudflared.tunnels.${cfg.tunnel}.ingress = lib.attrsets.mapAttrs'
(_: { port, host }: {
name = host;
value = "http://localhost:${toString port}";
})
cfg.targets;
}

View file

@ -13,7 +13,9 @@ actual IN CNAME lapetus
api.intray IN CNAME lapetus
api.smos IN CNAME lapetus
cal IN CNAME lapetus
diptime IN CNAME lapetus
docs.smos IN CNAME lapetus
git IN CNAME lapetus
grafana IN CNAME lapetus
intray IN CNAME lapetus
irc IN CNAME lapetus
@ -28,7 +30,6 @@ search IN CNAME lapetus
smos IN CNAME lapetus
warden IN CNAME lapetus
yt IN CNAME lapetus
diptime IN CNAME lapetus
*.irc IN CNAME irc
; Tunnel used by lapetus