pruned

2026-03-23 16:29:42 -04:00 · 2026-03-15 11:08:33 -04:00 · 2026-03-15 11:08:33 -04:00 · 072951659a
commit 072951659a
114 changed files with 6922 additions and 0 deletions
--- a/system/machines/server/modules/forgejo/default.nix
+++ b/system/machines/server/modules/forgejo/default.nix
@ -0,0 +1,100 @@
+{ pkgs, lib, config, ... }:
+
+with lib;
+let
+  cfg = config.modules.system.forgejo;
+  nginx = config.modules.system.nginx;
+  domain = "ramos.codes";
+  socketPath = "/run/forgejo/forgejo.sock";
+
+in
+{
+  options.modules.system.forgejo = {
+    enable = mkEnableOption "Forgejo Server";
+  };
+
+  config = mkIf cfg.enable {
+    users.groups.git = {};
+    users.users.git = {
+      isSystemUser = true;
+      group = "git";
+      home = "/var/lib/forgejo";
+      shell = "${pkgs.bash}/bin/bash";
+    };
+
+    users.users.nginx = mkIf nginx.enable {
+      extraGroups = [ "git" ];
+    };
+
+    # Bind mount from /data
+    fileSystems."/var/lib/forgejo" = {
+      device = "/data/forgejo";
+      fsType = "none";
+      options = [ "bind" ];
+    };
+
+    systemd.tmpfiles.rules = [
+      "d /data/forgejo 0750 git git -"
+      "d /data/forgejo/.ssh 0700 git git -"
+      "d /data/forgejo/custom 0750 git git -"
+      "d /data/forgejo/data 0750 git git -"
+    ];
+
+    services.forgejo = {
+      enable = true;
+      user = "git";
+      group = "git";
+      stateDir = "/var/lib/forgejo";
+
+      settings = {
+        DEFAULT = {
+          APP_NAME = "Git Server";
+          APP_SLOGAN = "";
+        };
+
+        service.REQUIRE_SIGNIN_VIEW = false;
+        server = {
+          DOMAIN = "git.${domain}";
+          ROOT_URL = "https://git.${domain}/";
+          PROTOCOL = "http+unix";
+          HTTP_ADDR = socketPath;
+          SSH_DOMAIN = "git.${domain}";
+          SSH_PORT = 22;
+          START_SSH_SERVER = false;
+          LANDING_PAGE = "explore";
+        };
+
+        service = {
+          REGISTER_MANUAL_CONFIRM = true;
+          DISABLE_REGISTRATION = false;
+          DEFAULT_ALLOW_CREATE_ORGANIZATION = false;
+        };
+
+        admin = {
+          DISABLE_REGULAR_ORG_CREATION = true;
+        };
+
+        auth = {
+          ENABLE_BASIC_AUTHENTICATION = true;
+        };
+      };
+
+      database = {
+        type = "sqlite3";
+        path = "/var/lib/forgejo/data/forgejo.db";
+      };
+    };
+
+    modules.system.backup.paths = [
+      "/var/lib/forgejo"
+    ];
+
+    services.nginx.virtualHosts."git.${domain}" = mkIf nginx.enable {
+      useACMEHost = domain;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://unix:${socketPath}";
+      };
+    };
+  };
+}