feat: deploy forgejo publicly

2024-10-30 19:30:16 -07:00 · 2024-10-30 19:30:16 -07:00 · 79228d7815
parent 3fc08e78e0
commit 79228d7815
8 changed files with 102 additions and 9 deletions
--- a/flake.nix
+++ b/flake.nix
@ -64,6 +64,16 @@
          };
        };

+        git = {
+          hostname = "git.alejandr0angul0.dev";
+          profiles.system = {
+            user = "root";
+            sshUser = "alejandro";
+            path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.git;
+            sshOpts = ["-A"];
+          };
+        };
+
        pi4 = let
          system = "aarch64-linux";
          pkgs = import inputs.nixpkgs {inherit system;};
--- a/homes/x86_64-linux/alejandro@git/default.nix
+++ b/homes/x86_64-linux/alejandro@git/default.nix
@ -0,0 +1,3 @@
+{...}: {
+  aa.installDefaults = false;
+}
--- a/homes/x86_64-linux/alejandro@minimal/default.nix
+++ b/homes/x86_64-linux/alejandro@minimal/default.nix
@ -0,0 +1,3 @@
+{...}: {
+  aa.installDefaults = false;
+}
--- a/modules/home/home/default.nix
+++ b/modules/home/home/default.nix
@ -24,6 +24,7 @@
      lib.mkIf (!config.${namespace}.isHeadless) {
        ${namespace} = {
          programs.firefox.enable = true;
+          programs.kitty.enable = true;
          windowManagers.sway.enable = true;
        };
      }
@ -39,7 +40,6 @@
        programs = {
          fzf.enable = true;
          gpg.enable = true;
-          kitty.enable = true;
          neovim.enable = true;
          yazi.enable = true;
          zoxide.enable = true;
--- a/modules/nixos/services/forgejo/default.nix
+++ b/modules/nixos/services/forgejo/default.nix
@ -12,6 +12,12 @@
 in {
  options.${namespace}.services.forgejo = {
    enable = mkEnableOption "forgejo";
+    domain = mkOption {
+      type = types.str;
+      description = ''
+        The domain name to use for this instance
+      '';
+    };
    acmeCertName = mkOption {
      type = types.str;
      default = "";
@ -33,15 +39,15 @@ in {

      settings = {
        server = {
-          DOMAIN = "git.kilonull.com";
-          ROOT_URL = "https://git.kilonull.com";
+          DOMAIN = cfg.domain;
+          ROOT_URL = "https://${cfg.domain}";
          HTTP_PORT = 3001;
        };

        session.COOKIE_SECURE = true;
        service.DISABLE_REGISTRATION = true;

-        webhook.ALLOWED_HOST_LIST = "hydra.kilonull.com";
+        # webhook.ALLOWED_HOST_LIST = "hydra.kilonull.com";

        ui.THEMES = ''
          catppuccin-latte-rosewater,catppuccin-latte-flamingo,catppuccin-latte-pink,catppuccin-latte-mauve,catppuccin-latte-red,catppuccin-latte-maroon,catppuccin-latte-peach,catppuccin-latte-yellow,catppuccin-latte-green,catppuccin-latte-teal,catppuccin-latte-sky,catppuccin-latte-sapphire,catppuccin-latte-blue,catppuccin-latte-lavender,catppuccin-frappe-rosewater,catppuccin-frappe-flamingo,catppuccin-frappe-pink,catppuccin-frappe-mauve,catppuccin-frappe-red,catppuccin-frappe-maroon,catppuccin-frappe-peach,catppuccin-frappe-yellow,catppuccin-frappe-green,catppuccin-frappe-teal,catppuccin-frappe-sky,catppuccin-frappe-sapphire,catppuccin-frappe-blue,catppuccin-frappe-lavender,catppuccin-macchiato-rosewater,catppuccin-macchiato-flamingo,catppuccin-macchiato-pink,catppuccin-macchiato-mauve,catppuccin-macchiato-red,catppuccin-macchiato-maroon,catppuccin-macchiato-peach,catppuccin-macchiato-yellow,catppuccin-macchiato-green,catppuccin-macchiato-teal,catppuccin-macchiato-sky,catppuccin-macchiato-sapphire,catppuccin-macchiato-blue,catppuccin-macchiato-lavender,catppuccin-mocha-rosewater,catppuccin-mocha-flamingo,catppuccin-mocha-pink,catppuccin-mocha-mauve,catppuccin-mocha-red,catppuccin-mocha-maroon,catppuccin-mocha-peach,catppuccin-mocha-yellow,catppuccin-mocha-green,catppuccin-mocha-teal,catppuccin-mocha-sky,catppuccin-mocha-sapphire,catppuccin-mocha-blue,catppuccin-mocha-lavender
@ -60,7 +66,7 @@ in {

    services.nginx = {
      enable = true;
-      virtualHosts."git.kilonull.com" =
+      virtualHosts."${cfg.domain}" =
        {
          locations."/" = {
            proxyPass = "http://127.0.0.1:${toString forgejo_cfg.settings.server.HTTP_PORT}";
--- a/systems/x86_64-do/minimal/default.nix
+++ b/systems/x86_64-do/minimal/default.nix
@ -0,0 +1,22 @@
+{...}: {
+  aa = {
+    nix.enable = true;
+
+    services = {
+      openssh.enable = true;
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    # SSH
+    22
+  ];
+
+  virtualisation.digitalOcean = {
+    setRootPassword = true;
+    setSshKeys = true;
+  };
+  security.sudo.wheelNeedsPassword = false;
+
+  system.stateVersion = "24.05";
+}
--- a/systems/x86_64-linux/git/default.nix
+++ b/systems/x86_64-linux/git/default.nix
@ -0,0 +1,53 @@
+{
+  inputs,
+  config,
+  ...
+}: let
+  domain = "git.alejandr0angul0.dev";
+in {
+  imports = ["${inputs.nixpkgs}/nixos/modules/virtualisation/digital-ocean-config.nix"];
+
+  aa = {
+    nix.enable = true;
+
+    services.forgejo = {
+      enable = true;
+      domain = domain;
+    };
+
+    services = {
+      openssh.enable = true;
+    };
+  };
+
+  services.nginx.virtualHosts."${domain}" = {
+    forceSSL = true;
+    enableACME = true;
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults = {
+      email = config.aa.user.email;
+      group = "nginx";
+    };
+  };
+
+  networking.hostName = "git";
+  networking.firewall.allowedTCPPorts = [
+    # SSH
+    22
+
+    # HTTP(S)
+    80
+    443
+  ];
+
+  virtualisation.digitalOcean = {
+    setRootPassword = true;
+    setSshKeys = true;
+  };
+  security.sudo.wheelNeedsPassword = false;
+
+  system.stateVersion = "24.05";
+}
--- a/systems/x86_64-linux/node/default.nix
+++ b/systems/x86_64-linux/node/default.nix
@ -50,10 +50,6 @@
      };
      acmeCertName = "kilonull.com";
    };
-    services.forgejo = {
-      enable = true;
-      acmeCertName = "kilonull.com";
-    };

    services.homeassistant = {
      enable = true;