From 79228d781527e536311dca5538ee0d3e5c547fdc Mon Sep 17 00:00:00 2001
From: alejandro-angulo <iam@alejandr0angul0.dev>
Date: Wed, 30 Oct 2024 19:30:16 -0700
Subject: [PATCH] feat: deploy forgejo publicly

---
 flake.nix                                     | 10 ++++
 homes/x86_64-linux/alejandro@git/default.nix  |  3 ++
 .../alejandro@minimal/default.nix             |  3 ++
 modules/home/home/default.nix                 |  2 +-
 modules/nixos/services/forgejo/default.nix    | 14 +++--
 systems/x86_64-do/minimal/default.nix         | 22 ++++++++
 systems/x86_64-linux/git/default.nix          | 53 +++++++++++++++++++
 systems/x86_64-linux/node/default.nix         |  4 --
 8 files changed, 102 insertions(+), 9 deletions(-)
 create mode 100644 homes/x86_64-linux/alejandro@git/default.nix
 create mode 100644 homes/x86_64-linux/alejandro@minimal/default.nix
 create mode 100644 systems/x86_64-do/minimal/default.nix
 create mode 100644 systems/x86_64-linux/git/default.nix

diff --git a/flake.nix b/flake.nix
index 21ec927..de4c1fe 100644
--- a/flake.nix
+++ b/flake.nix
@@ -64,6 +64,16 @@
           };
         };
 
+        git = {
+          hostname = "git.alejandr0angul0.dev";
+          profiles.system = {
+            user = "root";
+            sshUser = "alejandro";
+            path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.git;
+            sshOpts = ["-A"];
+          };
+        };
+
         pi4 = let
           system = "aarch64-linux";
           pkgs = import inputs.nixpkgs {inherit system;};
diff --git a/homes/x86_64-linux/alejandro@git/default.nix b/homes/x86_64-linux/alejandro@git/default.nix
new file mode 100644
index 0000000..ebe2dc2
--- /dev/null
+++ b/homes/x86_64-linux/alejandro@git/default.nix
@@ -0,0 +1,3 @@
+{...}: {
+  aa.installDefaults = false;
+}
diff --git a/homes/x86_64-linux/alejandro@minimal/default.nix b/homes/x86_64-linux/alejandro@minimal/default.nix
new file mode 100644
index 0000000..ebe2dc2
--- /dev/null
+++ b/homes/x86_64-linux/alejandro@minimal/default.nix
@@ -0,0 +1,3 @@
+{...}: {
+  aa.installDefaults = false;
+}
diff --git a/modules/home/home/default.nix b/modules/home/home/default.nix
index 626ffe4..fd067af 100644
--- a/modules/home/home/default.nix
+++ b/modules/home/home/default.nix
@@ -24,6 +24,7 @@
       lib.mkIf (!config.${namespace}.isHeadless) {
         ${namespace} = {
           programs.firefox.enable = true;
+          programs.kitty.enable = true;
           windowManagers.sway.enable = true;
         };
       }
@@ -39,7 +40,6 @@
         programs = {
           fzf.enable = true;
           gpg.enable = true;
-          kitty.enable = true;
           neovim.enable = true;
           yazi.enable = true;
           zoxide.enable = true;
diff --git a/modules/nixos/services/forgejo/default.nix b/modules/nixos/services/forgejo/default.nix
index 01bdc75..2a4a8c7 100644
--- a/modules/nixos/services/forgejo/default.nix
+++ b/modules/nixos/services/forgejo/default.nix
@@ -12,6 +12,12 @@
 in {
   options.${namespace}.services.forgejo = {
     enable = mkEnableOption "forgejo";
+    domain = mkOption {
+      type = types.str;
+      description = ''
+        The domain name to use for this instance
+      '';
+    };
     acmeCertName = mkOption {
       type = types.str;
       default = "";
@@ -33,15 +39,15 @@ in {
 
       settings = {
         server = {
-          DOMAIN = "git.kilonull.com";
-          ROOT_URL = "https://git.kilonull.com";
+          DOMAIN = cfg.domain;
+          ROOT_URL = "https://${cfg.domain}";
           HTTP_PORT = 3001;
         };
 
         session.COOKIE_SECURE = true;
         service.DISABLE_REGISTRATION = true;
 
-        webhook.ALLOWED_HOST_LIST = "hydra.kilonull.com";
+        # webhook.ALLOWED_HOST_LIST = "hydra.kilonull.com";
 
         ui.THEMES = ''
           catppuccin-latte-rosewater,catppuccin-latte-flamingo,catppuccin-latte-pink,catppuccin-latte-mauve,catppuccin-latte-red,catppuccin-latte-maroon,catppuccin-latte-peach,catppuccin-latte-yellow,catppuccin-latte-green,catppuccin-latte-teal,catppuccin-latte-sky,catppuccin-latte-sapphire,catppuccin-latte-blue,catppuccin-latte-lavender,catppuccin-frappe-rosewater,catppuccin-frappe-flamingo,catppuccin-frappe-pink,catppuccin-frappe-mauve,catppuccin-frappe-red,catppuccin-frappe-maroon,catppuccin-frappe-peach,catppuccin-frappe-yellow,catppuccin-frappe-green,catppuccin-frappe-teal,catppuccin-frappe-sky,catppuccin-frappe-sapphire,catppuccin-frappe-blue,catppuccin-frappe-lavender,catppuccin-macchiato-rosewater,catppuccin-macchiato-flamingo,catppuccin-macchiato-pink,catppuccin-macchiato-mauve,catppuccin-macchiato-red,catppuccin-macchiato-maroon,catppuccin-macchiato-peach,catppuccin-macchiato-yellow,catppuccin-macchiato-green,catppuccin-macchiato-teal,catppuccin-macchiato-sky,catppuccin-macchiato-sapphire,catppuccin-macchiato-blue,catppuccin-macchiato-lavender,catppuccin-mocha-rosewater,catppuccin-mocha-flamingo,catppuccin-mocha-pink,catppuccin-mocha-mauve,catppuccin-mocha-red,catppuccin-mocha-maroon,catppuccin-mocha-peach,catppuccin-mocha-yellow,catppuccin-mocha-green,catppuccin-mocha-teal,catppuccin-mocha-sky,catppuccin-mocha-sapphire,catppuccin-mocha-blue,catppuccin-mocha-lavender
@@ -60,7 +66,7 @@ in {
 
     services.nginx = {
       enable = true;
-      virtualHosts."git.kilonull.com" =
+      virtualHosts."${cfg.domain}" =
         {
           locations."/" = {
             proxyPass = "http://127.0.0.1:${toString forgejo_cfg.settings.server.HTTP_PORT}";
diff --git a/systems/x86_64-do/minimal/default.nix b/systems/x86_64-do/minimal/default.nix
new file mode 100644
index 0000000..132bba8
--- /dev/null
+++ b/systems/x86_64-do/minimal/default.nix
@@ -0,0 +1,22 @@
+{...}: {
+  aa = {
+    nix.enable = true;
+
+    services = {
+      openssh.enable = true;
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    # SSH
+    22
+  ];
+
+  virtualisation.digitalOcean = {
+    setRootPassword = true;
+    setSshKeys = true;
+  };
+  security.sudo.wheelNeedsPassword = false;
+
+  system.stateVersion = "24.05";
+}
diff --git a/systems/x86_64-linux/git/default.nix b/systems/x86_64-linux/git/default.nix
new file mode 100644
index 0000000..291d4c7
--- /dev/null
+++ b/systems/x86_64-linux/git/default.nix
@@ -0,0 +1,53 @@
+{
+  inputs,
+  config,
+  ...
+}: let
+  domain = "git.alejandr0angul0.dev";
+in {
+  imports = ["${inputs.nixpkgs}/nixos/modules/virtualisation/digital-ocean-config.nix"];
+
+  aa = {
+    nix.enable = true;
+
+    services.forgejo = {
+      enable = true;
+      domain = domain;
+    };
+
+    services = {
+      openssh.enable = true;
+    };
+  };
+
+  services.nginx.virtualHosts."${domain}" = {
+    forceSSL = true;
+    enableACME = true;
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults = {
+      email = config.aa.user.email;
+      group = "nginx";
+    };
+  };
+
+  networking.hostName = "git";
+  networking.firewall.allowedTCPPorts = [
+    # SSH
+    22
+
+    # HTTP(S)
+    80
+    443
+  ];
+
+  virtualisation.digitalOcean = {
+    setRootPassword = true;
+    setSshKeys = true;
+  };
+  security.sudo.wheelNeedsPassword = false;
+
+  system.stateVersion = "24.05";
+}
diff --git a/systems/x86_64-linux/node/default.nix b/systems/x86_64-linux/node/default.nix
index f647198..57bd407 100644
--- a/systems/x86_64-linux/node/default.nix
+++ b/systems/x86_64-linux/node/default.nix
@@ -50,10 +50,6 @@
       };
       acmeCertName = "kilonull.com";
     };
-    services.forgejo = {
-      enable = true;
-      acmeCertName = "kilonull.com";
-    };
 
     services.homeassistant = {
       enable = true;