feat: replace gitea with forgejo and move to MOMO

hosts/APPA/services/adguard-home.nix

@@ -58,11 +58,6 @@
             answer = "192.168.2.40";
             enabled = true;
           }
-          {
-            domain = config.services.gitea.settings.server.DOMAIN;
-            answer = "192.168.2.40";
-            enabled = true;
-          }
           {
             domain = config.services.nextcloud.hostName;
             answer = "192.168.2.40";
@@ -88,6 +83,11 @@
             answer = "144.24.175.22";
             enabled = true;
           }
+          {
+            domain = "git.dryb.org";
+            answer = "momo.dryb.org";
+            enabled = true;
+          }
           {
             domain = "syncthing.dryb.org";
             answer = "momo.dryb.org";

hosts/APPA/services/default.nix

@@ -4,7 +4,6 @@
     ./adguard-home.nix
     ./anki.nix
     ./ddclient.nix
-    ./gitea.nix
     ./homepage-dashboard.nix
     ./jellyfin.nix
     ./nextcloud.nix

hosts/APPA/services/gitea.nix

@@ -1,28 +0,0 @@
-{ config, ... }:
-{
-  age.secrets.passwords-gitea-db = {
-    file = ../../../secrets/passwords/gitea/db.age;
-    mode = "640";
-    owner = config.services.gitea.user;
-    group = config.services.gitea.group;
-  };
-
-  services.gitea = {
-    enable = true;
-    appName = "dryb.org: Gitea Service";
-    database = {
-      type = "postgres";
-      passwordFile = config.age.secrets.passwords-gitea-db.path;
-    };
-    settings = {
-      server = rec {
-        HTTP_PORT = 8003;
-        DOMAIN = "git.dryb.org";
-        ROOT_URL = "http://${DOMAIN}/";
-      };
-      service = {
-        DISABLE_REGISTRATION = true;
-      };
-    };
-  };
-}

hosts/APPA/services/homepage-dashboard.nix

@@ -98,13 +98,6 @@
               icon = "nextcloud";
             };
           }
-          {
-            "Gitea" = {
-              description = "https://git.dryb.org";
-              href = "https://git.dryb.org";
-              icon = "gitea";
-            };
-          }
           {
             "Anki" = {
               description = "https://anki.dryb.org";

hosts/APPA/services/nginx.nix

@@ -28,13 +28,6 @@
       useACMEHost = "dryb.org";
       forceSSL = true;
     };
-    virtualHosts."${config.services.gitea.settings.server.DOMAIN}" = {
-      useACMEHost = "dryb.org";
-      forceSSL = true;
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:8003";
-      };
-    };
     virtualHosts."anki.dryb.org" = {
       useACMEHost = "dryb.org";
       forceSSL = true;

hosts/APPA/services/postgresql.nix

@@ -4,7 +4,6 @@
   services.postgresql = {
     enable = true;
     ensureDatabases = [
-      config.services.gitea.user
       config.services.paperless.user
     ];
 
@@ -18,13 +17,11 @@
     # type   database     DBuser  auth-method  mapping
     authentication = ''
       local  all          postgres  peer
-      local  gitea        all       ident        map=gitea-users
       local  paperless    all       ident        map=paperless-users
     '';
 
     # name               sysuser        dbuser
     identMap = ''
-      gitea-users        gitea          gitea
       paperless-users    paperless      paperless
     '';
   };

hosts/MOMO/services/default.nix

@@ -1,6 +1,7 @@
 {
   imports = [
     ./acme.nix
+    ./forgejo.nix
     ./hedgedoc.nix
     ./miniflux.nix
     ./nginx.nix

hosts/MOMO/services/forgejo.nix

@@ -0,0 +1,20 @@
+{ config, ... }: {
+  services.forgejo = {
+    enable = true;
+    database = {
+      type = "postgres";
+      createDatabase = true;
+    };
+    settings = {
+      server = rec {
+        HTTP_PORT = 8003;
+        HTTP_ADDR = "127.0.0.1";
+        DOMAIN = "git.dryb.org";
+        ROOT_URL = "https://${DOMAIN}/";
+      };
+      service = {
+        DISABLE_REGISTRATION = true;
+      };
+    };
+  };
+}

hosts/MOMO/services/nginx.nix

@@ -1,4 +1,4 @@
-{ ... }:
+{ config, ... }:
 {
   services.nginx = {
     enable = true;
@@ -8,11 +8,18 @@
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
 
-    virtualHosts."hedgedoc.dryb.org" = {
+    virtualHosts."${config.services.forgejo.settings.server.DOMAIN}" = {
       addSSL = true;
       enableACME = true;
       locations."/" = {
-        proxyPass = "http://127.0.0.1:8009";
+        proxyPass = "http://127.0.0.1:8003";
+      };
+    };
+    virtualHosts."vaultwarden.dryb.org" = {
+      addSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8005";
       };
     };
     virtualHosts."miniflux.dryb.org" = {
@@ -22,6 +29,13 @@
         proxyPass = "http://127.0.0.1:8008";
       };
     };
+    virtualHosts."hedgedoc.dryb.org" = {
+      addSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8009";
+      };
+    };
     virtualHosts."syncthing.dryb.org" = {
       addSSL = true;
       enableACME = true;
@@ -29,13 +43,6 @@
         proxyPass = "http://127.0.0.1:8384";
       };
     };
-    virtualHosts."vaultwarden.dryb.org" = {
-      addSSL = true;
-      enableACME = true;
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:8005";
-      };
-    };
   };
 
   networking.firewall = {

hosts/MOMO/services/postgresql.nix

@@ -1,8 +1,11 @@
-{ ... }: {
+{ config, ... }: {
 
   services.postgresql = {
     enable = true;
-    ensureDatabases = [ "vaultwarden" "hedgedoc" ];
+    ensureDatabases = [
+      "vaultwarden"
+      "hedgedoc"
+    ];
 
     ensureUsers = [
       {
@@ -18,12 +21,14 @@
     # type   database     DBuser    auth-method  mapping
     authentication = ''
       local  all          postgres  peer
+      local  forgejo      all       ident        map=forgejo-users
       local  vaultwarden  all       ident        map=vaultwarden-users
       local  hedgedoc     all       ident        map=hedgedoc-users
     '';
 
     # name               sysuser        dbuser
     identMap = ''
+      forgejo-users      forgejo        forgejo
       vaultwarden-users  vaultwarden    vaultwarden
       hedgedoc-users     hedgedoc       hedgedoc
     '';