From bdefed51cf6ce56a4343b66d88e13aa2742bfad4 Mon Sep 17 00:00:00 2001 From: Andre Date: Tue, 4 Jun 2024 14:18:45 -0400 Subject: [PATCH] Cleanup, mostly Forgejo --- hosts/Haven/default.nix | 13 +++++++++ modules/apps/development.nix | 11 ++------ modules/base/roles.nix | 53 +++++++++++++++++++++++++++++++++++ modules/roles/default.nix | 13 --------- modules/roles/server.nix | 22 --------------- modules/roles/workstation.nix | 35 ----------------------- modules/services/forgejo.nix | 53 +++++++++++++++++++++-------------- 7 files changed, 101 insertions(+), 99 deletions(-) create mode 100644 modules/base/roles.nix delete mode 100644 modules/roles/default.nix delete mode 100644 modules/roles/server.nix delete mode 100644 modules/roles/workstation.nix diff --git a/hosts/Haven/default.nix b/hosts/Haven/default.nix index ca57a20..7a4c931 100644 --- a/hosts/Haven/default.nix +++ b/hosts/Haven/default.nix @@ -64,6 +64,10 @@ in forgejo = { enable = true; home = "/storage/services/forgejo"; + actions = { + enable = true; + token = config.secrets.services.forgejo.runner-token; + }; }; msmtp.enable = true; nginx = { @@ -87,6 +91,15 @@ in extraConfig = "proxy_ssl_server_name on;"; }; }; + "${config.secrets.services.forgejo.url}" = { + useACMEHost = config.secrets.networking.primaryDomain; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:3000"; + proxyWebsockets = true; + extraConfig = "proxy_ssl_server_name on;"; # required when the target is also TLS server with multiple hosts + }; + }; }; }; ssh = { diff --git a/modules/apps/development.nix b/modules/apps/development.nix index 2cd9b34..8545542 100644 --- a/modules/apps/development.nix +++ b/modules/apps/development.nix @@ -21,14 +21,7 @@ with lib; (mkIf cfg.enable { host.ui.flatpak.enable = true; - services.flatpak.packages = [ - "com.vscodium.codium" - "dev.k8slens.OpenLens" - ]; - - environment.systemPackages = with pkgs; [ - statix # Nix linting tool - ]; + services.flatpak.packages = [ "com.vscodium.codium" ]; }) (mkIf cfg.kubernetes.enable { environment.systemPackages = with pkgs; [ @@ -36,6 +29,8 @@ with lib; kubernetes-helm kubevirt # Virtctl command-line tool ]; + + services.flatpak.packages = [ "dev.k8slens.OpenLens" ]; }) ]; } diff --git a/modules/base/roles.nix b/modules/base/roles.nix new file mode 100644 index 0000000..52d4053 --- /dev/null +++ b/modules/base/roles.nix @@ -0,0 +1,53 @@ +{ + lib, + config, + pkgs, + ... +}: + +let + cfg = config.host.role; +in +{ + options = { + host.role = lib.mkOption { + type = lib.types.enum [ + "server" + "workstation" + ]; + }; + }; + + config = lib.mkMerge [ + # Servers + (lib.mkIf (cfg == "server") { + host.apps.tmux.enable = true; + environment.systemPackages = with pkgs; [ + htop + mdadm + ]; + }) + + # Workstations + (lib.mkIf (cfg == "workstation") { + host.ui = { + audio.enable = true; + bluetooth.enable = true; + gnome.enable = true; + flatpak.enable = true; + }; + + boot = { + # Enable Plymouth + plymouth.enable = true; + plymouth.theme = "bgrt"; + + # Increase minimum log level. This removes ACPI errors from the boot screen. + consoleLogLevel = 1; + + # Add kernel parameters + kernelParams = [ "quiet" ]; + }; + }) + ]; +} diff --git a/modules/roles/default.nix b/modules/roles/default.nix deleted file mode 100644 index 13faf67..0000000 --- a/modules/roles/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ lib, ... }: - -with lib; -{ - options = { - host.role = mkOption { - type = types.enum [ - "server" - "workstation" - ]; - }; - }; -} diff --git a/modules/roles/server.nix b/modules/roles/server.nix deleted file mode 100644 index 24b99a5..0000000 --- a/modules/roles/server.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - config, - lib, - modulesPath, - pkgs, - ... -}: -let - inherit (config.host) role; -in -with lib; -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - config = mkIf (role == "server") { - host.apps.tmux.enable = true; - environment.systemPackages = with pkgs; [ - htop - mdadm - ]; - }; -} diff --git a/modules/roles/workstation.nix b/modules/roles/workstation.nix deleted file mode 100644 index 8b6af1f..0000000 --- a/modules/roles/workstation.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - config, - lib, - modulesPath, - pkgs, - ... -}: -let - inherit (config.host) role; -in -with lib; -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - config = mkIf (role == "workstation") { - host.ui = { - audio.enable = true; - bluetooth.enable = true; - gnome.enable = true; - flatpak.enable = true; - }; - - boot = { - # Enable Plymouth - plymouth.enable = true; - plymouth.theme = "bgrt"; - - # Increase minimum log level. This removes ACPI errors from the boot screen. - consoleLogLevel = 1; - - # Add kernel parameters - kernelParams = [ "quiet" ]; - }; - }; -} diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix index bab4501..d6abc1a 100644 --- a/modules/services/forgejo.nix +++ b/modules/services/forgejo.nix @@ -26,10 +26,31 @@ in host.services.forgejo = { autostart = lib.mkEnableOption (lib.mdDoc "Automatically starts Forgejo at boot."); enable = lib.mkEnableOption (lib.mdDoc "Enables Forgejo Git hosting service."); + domain = lib.mkOption { + default = ""; + type = lib.types.str; + description = "The root domain that Forgejo will be hosted on."; + example = "example.com"; + }; home = lib.mkOption { default = ""; type = lib.types.str; description = "Where to store Forgejo's files"; + example = "/home/forgejo"; + }; + url = lib.mkOption { + default = ""; + type = lib.types.str; + description = "The complete URL where Forgejo is hosted."; + example = "https://forgejo.example.com"; + }; + actions = { + enable = lib.mkEnableOption (lib.mdDoc "Enables a local Forgejo Actions runner."); + token = lib.mkOption { + default = ""; + type = lib.types.str; + description = "Token used to authenticate the runner with Forgejo."; + }; }; }; }; @@ -40,35 +61,25 @@ in pkgs.podman-tui ]; services = { - nginx.virtualHosts."${config.secrets.services.forgejo.url}" = { - useACMEHost = config.secrets.networking.primaryDomain; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:3000"; - proxyWebsockets = true; - extraConfig = "proxy_ssl_server_name on;"; # required when the target is also TLS server with multiple hosts - }; - }; - forgejo = { enable = true; lfs.enable = true; settings.server = { - DOMAIN = "${config.secrets.networking.primaryDomain}"; - ROOT_URL = "https://code.${config.secrets.networking.primaryDomain}/"; + DOMAIN = cfg.domain; + ROOT_URL = cfg.url; HTTP_PORT = 3000; }; useWizard = true; } // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; }; # Enable runner for CI actions - gitea-actions-runner = { + gitea-actions-runner = lib.mkIf cfg.actions.enable { package = pkgs.forgejo-actions-runner; instances.default = { enable = true; name = config.networking.hostName; - url = "https://${config.secrets.services.forgejo.url}"; - token = config.secrets.services.forgejo.runner-token; + url = cfg.url; + token = cfg.actions.token; labels = [ "nix:docker://nixos/nix" # Shoutout to Icewind 1991 for this syntax: https://icewind.nl/entry/gitea-actions-nix/ "debian:docker://node:20-bullseye" @@ -84,8 +95,12 @@ in }; }; + systemd.services = { + nginx.wants = [ config.systemd.services.forgejo.name ]; + } // lib.optionalAttrs (!cfg.autostart) { forgejo.wantedBy = lib.mkForce [ ]; }; + # Enable Podman for running...uh, runners. - virtualisation = { + virtualisation = lib.mkIf cfg.actions.enable { containers.enable = true; podman = { enable = true; @@ -99,13 +114,9 @@ in }; # Allow containers to make DNS queries (https://www.reddit.com/r/NixOS/comments/199f16j/why_dont_my_podman_containers_have_internet_access/) - networking.firewall.interfaces.podman4 = { + networking.firewall.interfaces.podman4 = lib.mkIf cfg.actions.enable { allowedTCPPorts = [ 53 ]; allowedUDPPorts = [ 53 ]; }; - - systemd.services = { - nginx.wants = [ config.systemd.services.forgejo.name ]; - } // lib.optionalAttrs (!cfg.autostart) { forgejo.wantedBy = lib.mkForce [ ]; }; }; }