Cleanup, mostly Forgejo
This commit is contained in:
parent
5d0721716f
commit
bdefed51cf
|
@ -64,6 +64,10 @@ in
|
||||||
forgejo = {
|
forgejo = {
|
||||||
enable = true;
|
enable = true;
|
||||||
home = "/storage/services/forgejo";
|
home = "/storage/services/forgejo";
|
||||||
|
actions = {
|
||||||
|
enable = true;
|
||||||
|
token = config.secrets.services.forgejo.runner-token;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
msmtp.enable = true;
|
msmtp.enable = true;
|
||||||
nginx = {
|
nginx = {
|
||||||
|
@ -87,6 +91,15 @@ in
|
||||||
extraConfig = "proxy_ssl_server_name on;";
|
extraConfig = "proxy_ssl_server_name on;";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
"${config.secrets.services.forgejo.url}" = {
|
||||||
|
useACMEHost = config.secrets.networking.primaryDomain;
|
||||||
|
forceSSL = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://127.0.0.1:3000";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
extraConfig = "proxy_ssl_server_name on;"; # required when the target is also TLS server with multiple hosts
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
ssh = {
|
ssh = {
|
||||||
|
|
|
@ -21,14 +21,7 @@ with lib;
|
||||||
(mkIf cfg.enable {
|
(mkIf cfg.enable {
|
||||||
host.ui.flatpak.enable = true;
|
host.ui.flatpak.enable = true;
|
||||||
|
|
||||||
services.flatpak.packages = [
|
services.flatpak.packages = [ "com.vscodium.codium" ];
|
||||||
"com.vscodium.codium"
|
|
||||||
"dev.k8slens.OpenLens"
|
|
||||||
];
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
statix # Nix linting tool
|
|
||||||
];
|
|
||||||
})
|
})
|
||||||
(mkIf cfg.kubernetes.enable {
|
(mkIf cfg.kubernetes.enable {
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
@ -36,6 +29,8 @@ with lib;
|
||||||
kubernetes-helm
|
kubernetes-helm
|
||||||
kubevirt # Virtctl command-line tool
|
kubevirt # Virtctl command-line tool
|
||||||
];
|
];
|
||||||
|
|
||||||
|
services.flatpak.packages = [ "dev.k8slens.OpenLens" ];
|
||||||
})
|
})
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
53
modules/base/roles.nix
Normal file
53
modules/base/roles.nix
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
{
|
||||||
|
lib,
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.host.role;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options = {
|
||||||
|
host.role = lib.mkOption {
|
||||||
|
type = lib.types.enum [
|
||||||
|
"server"
|
||||||
|
"workstation"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkMerge [
|
||||||
|
# Servers
|
||||||
|
(lib.mkIf (cfg == "server") {
|
||||||
|
host.apps.tmux.enable = true;
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
htop
|
||||||
|
mdadm
|
||||||
|
];
|
||||||
|
})
|
||||||
|
|
||||||
|
# Workstations
|
||||||
|
(lib.mkIf (cfg == "workstation") {
|
||||||
|
host.ui = {
|
||||||
|
audio.enable = true;
|
||||||
|
bluetooth.enable = true;
|
||||||
|
gnome.enable = true;
|
||||||
|
flatpak.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
boot = {
|
||||||
|
# Enable Plymouth
|
||||||
|
plymouth.enable = true;
|
||||||
|
plymouth.theme = "bgrt";
|
||||||
|
|
||||||
|
# Increase minimum log level. This removes ACPI errors from the boot screen.
|
||||||
|
consoleLogLevel = 1;
|
||||||
|
|
||||||
|
# Add kernel parameters
|
||||||
|
kernelParams = [ "quiet" ];
|
||||||
|
};
|
||||||
|
})
|
||||||
|
];
|
||||||
|
}
|
|
@ -1,13 +0,0 @@
|
||||||
{ lib, ... }:
|
|
||||||
|
|
||||||
with lib;
|
|
||||||
{
|
|
||||||
options = {
|
|
||||||
host.role = mkOption {
|
|
||||||
type = types.enum [
|
|
||||||
"server"
|
|
||||||
"workstation"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,22 +0,0 @@
|
||||||
{
|
|
||||||
config,
|
|
||||||
lib,
|
|
||||||
modulesPath,
|
|
||||||
pkgs,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
let
|
|
||||||
inherit (config.host) role;
|
|
||||||
in
|
|
||||||
with lib;
|
|
||||||
{
|
|
||||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
|
||||||
|
|
||||||
config = mkIf (role == "server") {
|
|
||||||
host.apps.tmux.enable = true;
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
htop
|
|
||||||
mdadm
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,35 +0,0 @@
|
||||||
{
|
|
||||||
config,
|
|
||||||
lib,
|
|
||||||
modulesPath,
|
|
||||||
pkgs,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
let
|
|
||||||
inherit (config.host) role;
|
|
||||||
in
|
|
||||||
with lib;
|
|
||||||
{
|
|
||||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
|
||||||
|
|
||||||
config = mkIf (role == "workstation") {
|
|
||||||
host.ui = {
|
|
||||||
audio.enable = true;
|
|
||||||
bluetooth.enable = true;
|
|
||||||
gnome.enable = true;
|
|
||||||
flatpak.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
boot = {
|
|
||||||
# Enable Plymouth
|
|
||||||
plymouth.enable = true;
|
|
||||||
plymouth.theme = "bgrt";
|
|
||||||
|
|
||||||
# Increase minimum log level. This removes ACPI errors from the boot screen.
|
|
||||||
consoleLogLevel = 1;
|
|
||||||
|
|
||||||
# Add kernel parameters
|
|
||||||
kernelParams = [ "quiet" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -26,10 +26,31 @@ in
|
||||||
host.services.forgejo = {
|
host.services.forgejo = {
|
||||||
autostart = lib.mkEnableOption (lib.mdDoc "Automatically starts Forgejo at boot.");
|
autostart = lib.mkEnableOption (lib.mdDoc "Automatically starts Forgejo at boot.");
|
||||||
enable = lib.mkEnableOption (lib.mdDoc "Enables Forgejo Git hosting service.");
|
enable = lib.mkEnableOption (lib.mdDoc "Enables Forgejo Git hosting service.");
|
||||||
|
domain = lib.mkOption {
|
||||||
|
default = "";
|
||||||
|
type = lib.types.str;
|
||||||
|
description = "The root domain that Forgejo will be hosted on.";
|
||||||
|
example = "example.com";
|
||||||
|
};
|
||||||
home = lib.mkOption {
|
home = lib.mkOption {
|
||||||
default = "";
|
default = "";
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
description = "Where to store Forgejo's files";
|
description = "Where to store Forgejo's files";
|
||||||
|
example = "/home/forgejo";
|
||||||
|
};
|
||||||
|
url = lib.mkOption {
|
||||||
|
default = "";
|
||||||
|
type = lib.types.str;
|
||||||
|
description = "The complete URL where Forgejo is hosted.";
|
||||||
|
example = "https://forgejo.example.com";
|
||||||
|
};
|
||||||
|
actions = {
|
||||||
|
enable = lib.mkEnableOption (lib.mdDoc "Enables a local Forgejo Actions runner.");
|
||||||
|
token = lib.mkOption {
|
||||||
|
default = "";
|
||||||
|
type = lib.types.str;
|
||||||
|
description = "Token used to authenticate the runner with Forgejo.";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -40,35 +61,25 @@ in
|
||||||
pkgs.podman-tui
|
pkgs.podman-tui
|
||||||
];
|
];
|
||||||
services = {
|
services = {
|
||||||
nginx.virtualHosts."${config.secrets.services.forgejo.url}" = {
|
|
||||||
useACMEHost = config.secrets.networking.primaryDomain;
|
|
||||||
forceSSL = true;
|
|
||||||
locations."/" = {
|
|
||||||
proxyPass = "http://127.0.0.1:3000";
|
|
||||||
proxyWebsockets = true;
|
|
||||||
extraConfig = "proxy_ssl_server_name on;"; # required when the target is also TLS server with multiple hosts
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
forgejo = {
|
forgejo = {
|
||||||
enable = true;
|
enable = true;
|
||||||
lfs.enable = true;
|
lfs.enable = true;
|
||||||
settings.server = {
|
settings.server = {
|
||||||
DOMAIN = "${config.secrets.networking.primaryDomain}";
|
DOMAIN = cfg.domain;
|
||||||
ROOT_URL = "https://code.${config.secrets.networking.primaryDomain}/";
|
ROOT_URL = cfg.url;
|
||||||
HTTP_PORT = 3000;
|
HTTP_PORT = 3000;
|
||||||
};
|
};
|
||||||
useWizard = true;
|
useWizard = true;
|
||||||
} // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; };
|
} // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; };
|
||||||
|
|
||||||
# Enable runner for CI actions
|
# Enable runner for CI actions
|
||||||
gitea-actions-runner = {
|
gitea-actions-runner = lib.mkIf cfg.actions.enable {
|
||||||
package = pkgs.forgejo-actions-runner;
|
package = pkgs.forgejo-actions-runner;
|
||||||
instances.default = {
|
instances.default = {
|
||||||
enable = true;
|
enable = true;
|
||||||
name = config.networking.hostName;
|
name = config.networking.hostName;
|
||||||
url = "https://${config.secrets.services.forgejo.url}";
|
url = cfg.url;
|
||||||
token = config.secrets.services.forgejo.runner-token;
|
token = cfg.actions.token;
|
||||||
labels = [
|
labels = [
|
||||||
"nix:docker://nixos/nix" # Shoutout to Icewind 1991 for this syntax: https://icewind.nl/entry/gitea-actions-nix/
|
"nix:docker://nixos/nix" # Shoutout to Icewind 1991 for this syntax: https://icewind.nl/entry/gitea-actions-nix/
|
||||||
"debian:docker://node:20-bullseye"
|
"debian:docker://node:20-bullseye"
|
||||||
|
@ -84,8 +95,12 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.services = {
|
||||||
|
nginx.wants = [ config.systemd.services.forgejo.name ];
|
||||||
|
} // lib.optionalAttrs (!cfg.autostart) { forgejo.wantedBy = lib.mkForce [ ]; };
|
||||||
|
|
||||||
# Enable Podman for running...uh, runners.
|
# Enable Podman for running...uh, runners.
|
||||||
virtualisation = {
|
virtualisation = lib.mkIf cfg.actions.enable {
|
||||||
containers.enable = true;
|
containers.enable = true;
|
||||||
podman = {
|
podman = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -99,13 +114,9 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
# Allow containers to make DNS queries (https://www.reddit.com/r/NixOS/comments/199f16j/why_dont_my_podman_containers_have_internet_access/)
|
# Allow containers to make DNS queries (https://www.reddit.com/r/NixOS/comments/199f16j/why_dont_my_podman_containers_have_internet_access/)
|
||||||
networking.firewall.interfaces.podman4 = {
|
networking.firewall.interfaces.podman4 = lib.mkIf cfg.actions.enable {
|
||||||
allowedTCPPorts = [ 53 ];
|
allowedTCPPorts = [ 53 ];
|
||||||
allowedUDPPorts = [ 53 ];
|
allowedUDPPorts = [ 53 ];
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services = {
|
|
||||||
nginx.wants = [ config.systemd.services.forgejo.name ];
|
|
||||||
} // lib.optionalAttrs (!cfg.autostart) { forgejo.wantedBy = lib.mkForce [ ]; };
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue