feat: replace gitea with forgejo and move to MOMO

2025-12-05 15:35:09 +01:00 · 2025-12-05 15:35:09 +01:00 · 157dc93980
commit 157dc93980
parent 87903828aa
10 changed files with 50 additions and 63 deletions
--- a/hosts/MOMO/services/default.nix
+++ b/hosts/MOMO/services/default.nix
@ -1,6 +1,7 @@
 {
  imports = [
    ./acme.nix
+    ./forgejo.nix
    ./hedgedoc.nix
    ./miniflux.nix
    ./nginx.nix
--- a/hosts/MOMO/services/forgejo.nix
+++ b/hosts/MOMO/services/forgejo.nix
@ -0,0 +1,20 @@
+{ config, ... }: {
+  services.forgejo = {
+    enable = true;
+    database = {
+      type = "postgres";
+      createDatabase = true;
+    };
+    settings = {
+      server = rec {
+        HTTP_PORT = 8003;
+        HTTP_ADDR = "127.0.0.1";
+        DOMAIN = "git.dryb.org";
+        ROOT_URL = "https://${DOMAIN}/";
+      };
+      service = {
+        DISABLE_REGISTRATION = true;
+      };
+    };
+  };
+}
--- a/hosts/MOMO/services/nginx.nix
+++ b/hosts/MOMO/services/nginx.nix
@ -1,4 +1,4 @@
-{ ... }:
+{ config, ... }:
 {
  services.nginx = {
    enable = true;
@ -8,11 +8,18 @@
    recommendedProxySettings = true;
    recommendedTlsSettings = true;

-    virtualHosts."hedgedoc.dryb.org" = {
+    virtualHosts."${config.services.forgejo.settings.server.DOMAIN}" = {
      addSSL = true;
      enableACME = true;
      locations."/" = {
-        proxyPass = "http://127.0.0.1:8009";
+        proxyPass = "http://127.0.0.1:8003";
+      };
+    };
+    virtualHosts."vaultwarden.dryb.org" = {
+      addSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8005";
      };
    };
    virtualHosts."miniflux.dryb.org" = {
@ -22,6 +29,13 @@
        proxyPass = "http://127.0.0.1:8008";
      };
    };
+    virtualHosts."hedgedoc.dryb.org" = {
+      addSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8009";
+      };
+    };
    virtualHosts."syncthing.dryb.org" = {
      addSSL = true;
      enableACME = true;
@ -29,13 +43,6 @@
        proxyPass = "http://127.0.0.1:8384";
      };
    };
-    virtualHosts."vaultwarden.dryb.org" = {
-      addSSL = true;
-      enableACME = true;
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:8005";
-      };
-    };
  };

  networking.firewall = {
--- a/hosts/MOMO/services/postgresql.nix
+++ b/hosts/MOMO/services/postgresql.nix
@ -1,8 +1,11 @@
-{ ... }: {
+{ config, ... }: {

  services.postgresql = {
    enable = true;
-    ensureDatabases = [ "vaultwarden" "hedgedoc" ];
+    ensureDatabases = [
+      "vaultwarden"
+      "hedgedoc"
+    ];

    ensureUsers = [
      {
@ -18,12 +21,14 @@
    # type   database     DBuser    auth-method  mapping
    authentication = ''
      local  all          postgres  peer
+      local  forgejo      all       ident        map=forgejo-users
      local  vaultwarden  all       ident        map=vaultwarden-users
      local  hedgedoc     all       ident        map=hedgedoc-users
    '';

    # name               sysuser        dbuser
    identMap = ''
+      forgejo-users      forgejo        forgejo
      vaultwarden-users  vaultwarden    vaultwarden
      hedgedoc-users     hedgedoc       hedgedoc
    '';