1
0
Fork 0

Cleanup, mostly Forgejo

This commit is contained in:
Andre 2024-06-04 14:18:45 -04:00
parent 5d0721716f
commit bdefed51cf
7 changed files with 101 additions and 99 deletions

View file

@ -64,6 +64,10 @@ in
forgejo = { forgejo = {
enable = true; enable = true;
home = "/storage/services/forgejo"; home = "/storage/services/forgejo";
actions = {
enable = true;
token = config.secrets.services.forgejo.runner-token;
};
}; };
msmtp.enable = true; msmtp.enable = true;
nginx = { nginx = {
@ -87,6 +91,15 @@ in
extraConfig = "proxy_ssl_server_name on;"; extraConfig = "proxy_ssl_server_name on;";
}; };
}; };
"${config.secrets.services.forgejo.url}" = {
useACMEHost = config.secrets.networking.primaryDomain;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
proxyWebsockets = true;
extraConfig = "proxy_ssl_server_name on;"; # required when the target is also TLS server with multiple hosts
};
};
}; };
}; };
ssh = { ssh = {

View file

@ -21,14 +21,7 @@ with lib;
(mkIf cfg.enable { (mkIf cfg.enable {
host.ui.flatpak.enable = true; host.ui.flatpak.enable = true;
services.flatpak.packages = [ services.flatpak.packages = [ "com.vscodium.codium" ];
"com.vscodium.codium"
"dev.k8slens.OpenLens"
];
environment.systemPackages = with pkgs; [
statix # Nix linting tool
];
}) })
(mkIf cfg.kubernetes.enable { (mkIf cfg.kubernetes.enable {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -36,6 +29,8 @@ with lib;
kubernetes-helm kubernetes-helm
kubevirt # Virtctl command-line tool kubevirt # Virtctl command-line tool
]; ];
services.flatpak.packages = [ "dev.k8slens.OpenLens" ];
}) })
]; ];
} }

53
modules/base/roles.nix Normal file
View file

@ -0,0 +1,53 @@
{
lib,
config,
pkgs,
...
}:
let
cfg = config.host.role;
in
{
options = {
host.role = lib.mkOption {
type = lib.types.enum [
"server"
"workstation"
];
};
};
config = lib.mkMerge [
# Servers
(lib.mkIf (cfg == "server") {
host.apps.tmux.enable = true;
environment.systemPackages = with pkgs; [
htop
mdadm
];
})
# Workstations
(lib.mkIf (cfg == "workstation") {
host.ui = {
audio.enable = true;
bluetooth.enable = true;
gnome.enable = true;
flatpak.enable = true;
};
boot = {
# Enable Plymouth
plymouth.enable = true;
plymouth.theme = "bgrt";
# Increase minimum log level. This removes ACPI errors from the boot screen.
consoleLogLevel = 1;
# Add kernel parameters
kernelParams = [ "quiet" ];
};
})
];
}

View file

@ -1,13 +0,0 @@
{ lib, ... }:
with lib;
{
options = {
host.role = mkOption {
type = types.enum [
"server"
"workstation"
];
};
};
}

View file

@ -1,22 +0,0 @@
{
config,
lib,
modulesPath,
pkgs,
...
}:
let
inherit (config.host) role;
in
with lib;
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
config = mkIf (role == "server") {
host.apps.tmux.enable = true;
environment.systemPackages = with pkgs; [
htop
mdadm
];
};
}

View file

@ -1,35 +0,0 @@
{
config,
lib,
modulesPath,
pkgs,
...
}:
let
inherit (config.host) role;
in
with lib;
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
config = mkIf (role == "workstation") {
host.ui = {
audio.enable = true;
bluetooth.enable = true;
gnome.enable = true;
flatpak.enable = true;
};
boot = {
# Enable Plymouth
plymouth.enable = true;
plymouth.theme = "bgrt";
# Increase minimum log level. This removes ACPI errors from the boot screen.
consoleLogLevel = 1;
# Add kernel parameters
kernelParams = [ "quiet" ];
};
};
}

View file

@ -26,10 +26,31 @@ in
host.services.forgejo = { host.services.forgejo = {
autostart = lib.mkEnableOption (lib.mdDoc "Automatically starts Forgejo at boot."); autostart = lib.mkEnableOption (lib.mdDoc "Automatically starts Forgejo at boot.");
enable = lib.mkEnableOption (lib.mdDoc "Enables Forgejo Git hosting service."); enable = lib.mkEnableOption (lib.mdDoc "Enables Forgejo Git hosting service.");
domain = lib.mkOption {
default = "";
type = lib.types.str;
description = "The root domain that Forgejo will be hosted on.";
example = "example.com";
};
home = lib.mkOption { home = lib.mkOption {
default = ""; default = "";
type = lib.types.str; type = lib.types.str;
description = "Where to store Forgejo's files"; description = "Where to store Forgejo's files";
example = "/home/forgejo";
};
url = lib.mkOption {
default = "";
type = lib.types.str;
description = "The complete URL where Forgejo is hosted.";
example = "https://forgejo.example.com";
};
actions = {
enable = lib.mkEnableOption (lib.mdDoc "Enables a local Forgejo Actions runner.");
token = lib.mkOption {
default = "";
type = lib.types.str;
description = "Token used to authenticate the runner with Forgejo.";
};
}; };
}; };
}; };
@ -40,35 +61,25 @@ in
pkgs.podman-tui pkgs.podman-tui
]; ];
services = { services = {
nginx.virtualHosts."${config.secrets.services.forgejo.url}" = {
useACMEHost = config.secrets.networking.primaryDomain;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
proxyWebsockets = true;
extraConfig = "proxy_ssl_server_name on;"; # required when the target is also TLS server with multiple hosts
};
};
forgejo = { forgejo = {
enable = true; enable = true;
lfs.enable = true; lfs.enable = true;
settings.server = { settings.server = {
DOMAIN = "${config.secrets.networking.primaryDomain}"; DOMAIN = cfg.domain;
ROOT_URL = "https://code.${config.secrets.networking.primaryDomain}/"; ROOT_URL = cfg.url;
HTTP_PORT = 3000; HTTP_PORT = 3000;
}; };
useWizard = true; useWizard = true;
} // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; }; } // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; };
# Enable runner for CI actions # Enable runner for CI actions
gitea-actions-runner = { gitea-actions-runner = lib.mkIf cfg.actions.enable {
package = pkgs.forgejo-actions-runner; package = pkgs.forgejo-actions-runner;
instances.default = { instances.default = {
enable = true; enable = true;
name = config.networking.hostName; name = config.networking.hostName;
url = "https://${config.secrets.services.forgejo.url}"; url = cfg.url;
token = config.secrets.services.forgejo.runner-token; token = cfg.actions.token;
labels = [ labels = [
"nix:docker://nixos/nix" # Shoutout to Icewind 1991 for this syntax: https://icewind.nl/entry/gitea-actions-nix/ "nix:docker://nixos/nix" # Shoutout to Icewind 1991 for this syntax: https://icewind.nl/entry/gitea-actions-nix/
"debian:docker://node:20-bullseye" "debian:docker://node:20-bullseye"
@ -84,8 +95,12 @@ in
}; };
}; };
systemd.services = {
nginx.wants = [ config.systemd.services.forgejo.name ];
} // lib.optionalAttrs (!cfg.autostart) { forgejo.wantedBy = lib.mkForce [ ]; };
# Enable Podman for running...uh, runners. # Enable Podman for running...uh, runners.
virtualisation = { virtualisation = lib.mkIf cfg.actions.enable {
containers.enable = true; containers.enable = true;
podman = { podman = {
enable = true; enable = true;
@ -99,13 +114,9 @@ in
}; };
# Allow containers to make DNS queries (https://www.reddit.com/r/NixOS/comments/199f16j/why_dont_my_podman_containers_have_internet_access/) # Allow containers to make DNS queries (https://www.reddit.com/r/NixOS/comments/199f16j/why_dont_my_podman_containers_have_internet_access/)
networking.firewall.interfaces.podman4 = { networking.firewall.interfaces.podman4 = lib.mkIf cfg.actions.enable {
allowedTCPPorts = [ 53 ]; allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 ]; allowedUDPPorts = [ 53 ];
}; };
systemd.services = {
nginx.wants = [ config.systemd.services.forgejo.name ];
} // lib.optionalAttrs (!cfg.autostart) { forgejo.wantedBy = lib.mkForce [ ]; };
}; };
} }