lorenzo/servers
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add forgejo, remove authelia.

Browse source
This commit is contained in:
Lorenzo Good 2025-12-28 20:49:16 -06:00
parent dfb52f269c
commit 7d90587392
Signed by: lorenzo
GPG key ID: 7FCD64BD81180ED0
8 changed files with 179 additions and 68 deletions
Download patch file Download diff file Expand all files Collapse all files

57
common/services/gitea.nix Normal file
View file

@ -0,0 +1,57 @@
{
config,
lib,
pkgs,
...
}: let
inherit (lib) mkEnableOption mkIf mkOption;
cfg = config.foehammer.services.forgejo;
in {
options.foehammer.services.forgejo = {
enable = mkEnableOption "Enable Gitea Server";
port = mkOption {
type = lib.types.port;
default = 8225;
description = ''
What external port to serve over.
'';
};
ssh-port = mkOption {
type = lib.types.port;
default = 2222;
description = ''
What external port to serve over.
'';
};
domain = mkOption {
type = lib.types.str;
};
};
config = mkIf cfg.enable {
services.forgejo = {
enable = true;
lfs.enable = true;
settings = {
service = {
DISABLE_REGISTRATION = true;
SHOW_REGISTRATION_BUTTON = false;
};
ui = {
SHOW_USER_EMAIL = false;
};
server = {
HTTP_PORT = cfg.port;
DOMAIN = cfg.domain;
ROOT_URL = "https://${cfg.domain}";
SSH_PORT = cfg.ssh-port;
};
};
};
};
}

87
flake.lock generated
View file

@ -1,5 +1,50 @@
{ {
"nodes": { "nodes": {
"alejandra": {
"inputs": {
"fenix": "fenix",
"flakeCompat": "flakeCompat",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1660592437,
"narHash": "sha256-xFumnivtVwu5fFBOrTxrv6fv3geHKF04RGP23EsDVaI=",
"owner": "kamadorueda",
"repo": "alejandra",
"rev": "e7eac49074b70814b542fee987af2987dd0520b5",
"type": "github"
},
"original": {
"owner": "kamadorueda",
"ref": "3.0.0",
"repo": "alejandra",
"type": "github"
}
},
"fenix": {
"inputs": {
"nixpkgs": [
"alejandra",
"nixpkgs"
],
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1657607339,
"narHash": "sha256-HaqoAwlbVVZH2n4P3jN2FFPMpVuhxDy1poNOR7kzODc=",
"owner": "nix-community",
"repo": "fenix",
"rev": "b814c83d9e6aa5a28d0cf356ecfdafb2505ad37d",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "fenix",
"type": "github"
}
},
"flake-parts": { "flake-parts": {
"inputs": { "inputs": {
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
@ -18,18 +63,34 @@
"type": "github" "type": "github"
} }
}, },
"flakeCompat": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1765363881, "lastModified": 1766736597,
"narHash": "sha256-3C3xWn8/2Zzr7sxVBmpc1H1QfxjNfta5IMFe3O9ZEPw=", "narHash": "sha256-BASnpCLodmgiVn0M1MU2Pqyoz0aHwar/0qLkp7CjvSQ=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d2b1213bf5ec5e62d96b003ab4b5cbc42abfc0d0", "rev": "f560ccec6b1116b22e6ed15f4c510997d99d5852",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixos-25.05", "ref": "nixos-25.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -51,9 +112,27 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"alejandra": "alejandra",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
} }
},
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1657557289,
"narHash": "sha256-PRW+nUwuqNTRAEa83SfX+7g+g8nQ+2MMbasQ9nt6+UM=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "caf23f29144b371035b864a1017dbc32573ad56d",
"type": "github"
},
"original": {
"owner": "rust-lang",
"ref": "nightly",
"repo": "rust-analyzer",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

1
flake.nix
View file

@ -31,6 +31,7 @@
flake = { flake = {
lib = import ./lib inputs.nixpkgs withSystem; lib = import ./lib inputs.nixpkgs withSystem;
# overlays.default = final: prev: (import ./lib/packages.nix prev); # overlays.default = final: prev: (import ./lib/packages.nix prev);
nixosModules.default = {...}: { nixosModules.default = {...}: {

20
machines/lebesgue/config/configuration.nix
View file

@ -14,6 +14,11 @@
enable = true; enable = true;
}; };
services.forgejo = {
enable = true;
domain = "forge.foehammer.me";
};
services.vaultwarden = { services.vaultwarden = {
enable = true; enable = true;
domain = "https://passwords.foehammer.me"; domain = "https://passwords.foehammer.me";
@ -21,19 +26,6 @@
envPath = config.sops.secrets.vaultwarden-env.path; envPath = config.sops.secrets.vaultwarden-env.path;
}; };
services.authelia = {
enable = true;
domain = "foehammer.me";
url = "https://auth.foehammer.me";
jwtSecretFile = config.sops.secrets.authelia-jwtsecret.path;
userDbFile = config.sops.secrets.authelia-users.path;
# oidcIssuerPrivateKeyFile = config.sops.secrets.authelia-oidc-privkey.path;
# oidcHmacSecretFile = config.sops.secrets.authelia-oidc-hmac.path;
sessionSecretFile = config.sops.secrets.authelia-session-secret.path;
storageEncryptionKeyFile = config.sops.secrets.authelia-storage-encryption.path;
};
backups.restic = { backups.restic = {
enable = true; enable = true;
@ -41,7 +33,7 @@
environmentFile = config.sops.secrets.restic-env.path; environmentFile = config.sops.secrets.restic-env.path;
passwordFile = config.sops.secrets.restic-password.path; passwordFile = config.sops.secrets.restic-password.path;
paths = ["/var/lib/vaultwarden" "/var/lib/authelia"]; paths = ["/var/lib/vaultwarden" "/var/lib/authelia" "/var/lib/forgejo"];
}; };
tailscale = { tailscale = {

9
machines/lebesgue/config/routing.nix
View file

@ -8,14 +8,9 @@
reverse_proxy :${toString config.foehammer.services.vaultwarden.port} reverse_proxy :${toString config.foehammer.services.vaultwarden.port}
''; '';
}; };
"auth.foehammer.me" = { "forge.foehammer.me" = {
extraConfig = '' extraConfig = ''
reverse_proxy :${toString config.foehammer.services.authelia.port} reverse_proxy :${toString config.foehammer.services.forgejo.port}
'';
};
"goatcounter.foehammer.me" = {
extraConfig = ''
reverse_proxy :${toString config.foehammer.services.goatcounter.port}
''; '';
}; };
}; };

14
machines/lebesgue/config/secrets.nix
View file

@ -3,10 +3,6 @@
defaultSopsFile = ../secrets/main.yaml; defaultSopsFile = ../secrets/main.yaml;
secrets = let secrets = let
autheliaSecret = {
owner = "authelia-main";
sopsFile = ../secrets/authelia/secrets.yaml;
};
in { in {
admin-password.neededForUsers = true; admin-password.neededForUsers = true;
@ -17,16 +13,6 @@
restic-env = {owner = "restic";}; restic-env = {owner = "restic";};
restic-password = {owner = "restic";}; restic-password = {owner = "restic";};
restic-repository = {owner = "restic";}; restic-repository = {owner = "restic";};
authelia-jwtsecret = autheliaSecret;
authelia-oidc-privkey = autheliaSecret;
authelia-oidc-hmac = autheliaSecret;
authelia-session-secret = autheliaSecret;
authelia-storage-encryption = autheliaSecret;
authelia-users = {
owner = "authelia-main";
sopsFile = ../secrets/authelia/users.yaml;
};
}; };
}; };
} }

1
machines/lebesgue/config/state.nix
View file

@ -4,6 +4,7 @@
environment.persistence."/persist" = { environment.persistence."/persist" = {
directories = [ directories = [
"/var/cache/restic-backups-s3" "/var/cache/restic-backups-s3"
"/var/lib/forgejo"
"/var/lib/tailscale" "/var/lib/tailscale"
"/var/lib/goatcounter" "/var/lib/goatcounter"
"/var/log" "/var/log"

6
machines/lebesgue/flake.lock generated
View file

@ -50,11 +50,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1765838191, "lastModified": 1766736597,
"narHash": "sha256-m5KWt1nOm76ILk/JSCxBM4MfK3rYY7Wq9/TZIIeGnT8=", "narHash": "sha256-BASnpCLodmgiVn0M1MU2Pqyoz0aHwar/0qLkp7CjvSQ=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c6f52ebd45e5925c188d1a20119978aa4ffd5ef6", "rev": "f560ccec6b1116b22e6ed15f4c510997d99d5852",
"type": "github" "type": "github"
}, },
"original": { "original": {