diff --git a/src/system/modules/bitcoin/default.nix b/src/system/modules/bitcoin/default.nix index 6a4b89e..ef092ac 100644 --- a/src/system/modules/bitcoin/default.nix +++ b/src/system/modules/bitcoin/default.nix @@ -7,11 +7,6 @@ let home = "/var/lib/bitcoind"; - bitcoinConf = pkgs.writeTextFile { - name = "bitcoin.conf"; - text = builtins.readFile ./config/bitcoin.conf; - }; - in { options.modules.system.bitcoin = { enable = mkEnableOption "Bitcoin Server"; }; config = mkIf cfg.enable { @@ -36,7 +31,7 @@ in group = "bitcoin"; createHome = true; }; - "nginx" = { + "${config.services.nginx.user}" = { extraGroups = mkIf nginx.enable [ "bitcoin" ]; @@ -60,7 +55,7 @@ in enable = true; user = "btc"; group = "bitcoin"; - configFile = bitcoinConf; + configFile = ./config/bitcoin.conf; dataDir = home; pidFile = "${home}/bitcoind.pid"; }; diff --git a/src/system/modules/forgejo/default.nix b/src/system/modules/forgejo/default.nix index cf28443..384e140 100644 --- a/src/system/modules/forgejo/default.nix +++ b/src/system/modules/forgejo/default.nix @@ -37,7 +37,7 @@ in services.forgejo = rec { enable = true; user = "git"; - group = user; + group = "git"; stateDir = "/var/lib/forgejo"; settings = { @@ -45,15 +45,24 @@ in PROTOCOL = "http+unix"; DOMAIN = "127.0.0.1"; HTTP_ADDR = "/run/forgejo/forgejo.sock"; + ROOT_URL = "https://git.ramos.codes"; }; }; database = { + name = "git"; inherit user; type = "sqlite3"; path = "${stateDir}/data/forgejo.db"; createDatabase = true; }; + + dump = { + enable = true; + file = "git.bkup"; + type = "tar.gz"; + interval = "weekly"; + }; }; }; } diff --git a/src/system/modules/nginx/default.nix b/src/system/modules/nginx/default.nix index 61c717d..085ee08 100644 --- a/src/system/modules/nginx/default.nix +++ b/src/system/modules/nginx/default.nix @@ -4,6 +4,7 @@ with lib; let cfg = config.modules.system.nginx; module = config.modules.system; + forgejo = config.services.forgejo; in { options.modules.system.nginx = { enable = mkEnableOption "Nginx Reverse Proxy"; }; @@ -14,13 +15,16 @@ in description = "Web server system user"; isSystemUser = true; group = mkForce "${config.services.nginx.group}"; + extraGroups = [ + "${config.security.acme.defaults.group}" + ]; }; "btc" = { extraGroups = mkIf module.bitcoin.enable [ "${config.services.nginx.group}" ]; }; - "${config.services.forgejo.user}" = { + "${forgejo.user}" = { extraGroups = mkIf module.forgejo.enable [ "${config.services.nginx.group}" ]; @@ -36,18 +40,14 @@ in }; security.acme = - let - acmeDir = "/var/lib/acme"; - in { acceptTerms = true; + defaults = { + email = "${config.user.email}"; + validMinDays = 90; + }; certs = { "ramos.codes" = { - #webroot = "${acmeDir}/acme-challenge"; - directory = "${acmeDir}/ramos.codes"; - email = config.user.email; - group = "web"; - validMinDays = 90; extraDomainNames = attrNames config.services.nginx.virtualHosts; listenHTTP = ":80"; }; @@ -58,6 +58,8 @@ in enable = true; user = "nginx"; group = "web"; + recommendedProxySettings = true; + recommendedTlsSettings = true; virtualHosts = let @@ -74,7 +76,7 @@ in "git.ramos.codes" = mkIf module.forgejo.enable { locations = { "/" = { - proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}"; + proxyPass = "http://unix:${forgejo.settings.server.HTTP_ADDR}"; }; }; };