feat: deploy forgejo publicly

flake.nix

@@ -64,6 +64,16 @@
           };
         };
 
+        git = {
+          hostname = "git.alejandr0angul0.dev";
+          profiles.system = {
+            user = "root";
+            sshUser = "alejandro";
+            path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.git;
+            sshOpts = ["-A"];
+          };
+        };
+
         pi4 = let
           system = "aarch64-linux";
           pkgs = import inputs.nixpkgs {inherit system;};

homes/x86_64-linux/alejandro@git/default.nix

@@ -0,0 +1,3 @@
+{...}: {
+  aa.installDefaults = false;
+}

homes/x86_64-linux/alejandro@minimal/default.nix

@@ -0,0 +1,3 @@
+{...}: {
+  aa.installDefaults = false;
+}

modules/home/home/default.nix

@@ -24,6 +24,7 @@
       lib.mkIf (!config.${namespace}.isHeadless) {
         ${namespace} = {
           programs.firefox.enable = true;
+          programs.kitty.enable = true;
           windowManagers.sway.enable = true;
         };
       }
@@ -39,7 +40,6 @@
         programs = {
           fzf.enable = true;
           gpg.enable = true;
-          kitty.enable = true;
           neovim.enable = true;
           yazi.enable = true;
           zoxide.enable = true;

modules/nixos/services/forgejo/default.nix

@@ -12,6 +12,12 @@
 in {
   options.${namespace}.services.forgejo = {
     enable = mkEnableOption "forgejo";
+    domain = mkOption {
+      type = types.str;
+      description = ''
+        The domain name to use for this instance
+      '';
+    };
     acmeCertName = mkOption {
       type = types.str;
       default = "";
@@ -33,15 +39,15 @@ in {
 
       settings = {
         server = {
-          DOMAIN = "git.kilonull.com";
+          DOMAIN = cfg.domain;
-          ROOT_URL = "https://git.kilonull.com";
+          ROOT_URL = "https://${cfg.domain}";
           HTTP_PORT = 3001;
         };
 
         session.COOKIE_SECURE = true;
         service.DISABLE_REGISTRATION = true;
 
-        webhook.ALLOWED_HOST_LIST = "hydra.kilonull.com";
+        # webhook.ALLOWED_HOST_LIST = "hydra.kilonull.com";
 
         ui.THEMES = ''
           catppuccin-latte-rosewater,catppuccin-latte-flamingo,catppuccin-latte-pink,catppuccin-latte-mauve,catppuccin-latte-red,catppuccin-latte-maroon,catppuccin-latte-peach,catppuccin-latte-yellow,catppuccin-latte-green,catppuccin-latte-teal,catppuccin-latte-sky,catppuccin-latte-sapphire,catppuccin-latte-blue,catppuccin-latte-lavender,catppuccin-frappe-rosewater,catppuccin-frappe-flamingo,catppuccin-frappe-pink,catppuccin-frappe-mauve,catppuccin-frappe-red,catppuccin-frappe-maroon,catppuccin-frappe-peach,catppuccin-frappe-yellow,catppuccin-frappe-green,catppuccin-frappe-teal,catppuccin-frappe-sky,catppuccin-frappe-sapphire,catppuccin-frappe-blue,catppuccin-frappe-lavender,catppuccin-macchiato-rosewater,catppuccin-macchiato-flamingo,catppuccin-macchiato-pink,catppuccin-macchiato-mauve,catppuccin-macchiato-red,catppuccin-macchiato-maroon,catppuccin-macchiato-peach,catppuccin-macchiato-yellow,catppuccin-macchiato-green,catppuccin-macchiato-teal,catppuccin-macchiato-sky,catppuccin-macchiato-sapphire,catppuccin-macchiato-blue,catppuccin-macchiato-lavender,catppuccin-mocha-rosewater,catppuccin-mocha-flamingo,catppuccin-mocha-pink,catppuccin-mocha-mauve,catppuccin-mocha-red,catppuccin-mocha-maroon,catppuccin-mocha-peach,catppuccin-mocha-yellow,catppuccin-mocha-green,catppuccin-mocha-teal,catppuccin-mocha-sky,catppuccin-mocha-sapphire,catppuccin-mocha-blue,catppuccin-mocha-lavender
@@ -60,7 +66,7 @@ in {
 
     services.nginx = {
       enable = true;
-      virtualHosts."git.kilonull.com" =
+      virtualHosts."${cfg.domain}" =
         {
           locations."/" = {
             proxyPass = "http://127.0.0.1:${toString forgejo_cfg.settings.server.HTTP_PORT}";

systems/x86_64-do/minimal/default.nix

@@ -0,0 +1,22 @@
+{...}: {
+  aa = {
+    nix.enable = true;
+
+    services = {
+      openssh.enable = true;
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    # SSH
+    22
+  ];
+
+  virtualisation.digitalOcean = {
+    setRootPassword = true;
+    setSshKeys = true;
+  };
+  security.sudo.wheelNeedsPassword = false;
+
+  system.stateVersion = "24.05";
+}

systems/x86_64-linux/git/default.nix

@@ -0,0 +1,53 @@
+{
+  inputs,
+  config,
+  ...
+}: let
+  domain = "git.alejandr0angul0.dev";
+in {
+  imports = ["${inputs.nixpkgs}/nixos/modules/virtualisation/digital-ocean-config.nix"];
+
+  aa = {
+    nix.enable = true;
+
+    services.forgejo = {
+      enable = true;
+      domain = domain;
+    };
+
+    services = {
+      openssh.enable = true;
+    };
+  };
+
+  services.nginx.virtualHosts."${domain}" = {
+    forceSSL = true;
+    enableACME = true;
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults = {
+      email = config.aa.user.email;
+      group = "nginx";
+    };
+  };
+
+  networking.hostName = "git";
+  networking.firewall.allowedTCPPorts = [
+    # SSH
+    22
+
+    # HTTP(S)
+    80
+    443
+  ];
+
+  virtualisation.digitalOcean = {
+    setRootPassword = true;
+    setSshKeys = true;
+  };
+  security.sudo.wheelNeedsPassword = false;
+
+  system.stateVersion = "24.05";
+}

systems/x86_64-linux/node/default.nix

@@ -50,10 +50,6 @@
       };
       acmeCertName = "kilonull.com";
     };
-    services.forgejo = {
-      enable = true;
-      acmeCertName = "kilonull.com";
-    };
 
     services.homeassistant = {
       enable = true;