From 107cc4c6a4d650dfc022a962af321d803d53eaa6 Mon Sep 17 00:00:00 2001 From: "Casper V. Kristensen" Date: Sun, 28 Apr 2024 18:07:50 +0200 Subject: [PATCH] forgejo on sigma --- .gitea/workflows/update.yaml | 2 +- hosts/sigma/forgejo.nix | 85 ++++++++++++++++++++++++++++++++++++ 2 files changed, 86 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/update.yaml b/.gitea/workflows/update.yaml index e5e6b6b..078237c 100644 --- a/.gitea/workflows/update.yaml +++ b/.gitea/workflows/update.yaml @@ -20,7 +20,7 @@ jobs: - run: | # Configure SSH mkdir ~/.ssh/ - echo "git.caspervk.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAvPxSg6XN6znT1T4H0U1lzJBsGY7Uann+TBisWD3Drd" > ~/.ssh/known_hosts + echo "git.caspervk.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC4Kvx/lcFRvl7KlxqqhrJ32h3FzuzyLA5BNB42+p92c" > ~/.ssh/known_hosts echo "${{ secrets.SNOWFLAKE_SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519 chmod 0600 ~/.ssh/id_ed25519 diff --git a/hosts/sigma/forgejo.nix b/hosts/sigma/forgejo.nix index f5098a4..f2939f0 100644 --- a/hosts/sigma/forgejo.nix +++ b/hosts/sigma/forgejo.nix @@ -1,9 +1,83 @@ { config, + nixpkgs-unstable, pkgs, secrets, ... }: { + # Forgejo is a lightweight software forge (Git host), with a highlight on + # being completely free software. It's a fork of Gitea. + # https://wiki.nixos.org/wiki/Forgejo + services.forgejo = { + enable = true; + # TODO: remove package override in NixOS 24.04 + package = nixpkgs-unstable.legacyPackages.x86_64-linux.forgejo; + # Run Forgejo under git:git for better ssh clone urls. + user = "git"; + group = "git"; + # https://forgejo.org/docs/latest/admin/config-cheat-sheet/ + settings = { + DEFAULT = { + # Application name, used in the page title. + APP_NAME = "Git"; + }; + repository = { + # Default branch name of all repositories. + DEFAULT_BRANCH = "master"; + # Comma separated list of globally disabled repo units. + DISABLED_REPO_UNITS = "repo.issues,repo.ext_issues,repo.pulls,repo.wiki,repo.ext_wiki,repo.projects,repo.packages"; + }; + ui = { + # Default theme. + DEFAULT_THEME = "gitea-light"; + }; + server = { + # Listen address. Defaults to '0.0.0.0'. + HTTP_ADDR = "localhost"; + # Domain name of the server. + DOMAIN = "git.caspervk.net"; + # Full public URL of Forgejo server. + ROOT_URL = "https://git.caspervk.net/"; + # Landing page for unauthenticated users. + LANDING_PAGE = "/caspervk"; + }; + security = { + # Cookie lifetime, in days. + LOGIN_REMEMBER_DAYS = 365; + }; + service = { + # Disable registration, after which only admin can create accounts for + # users. + DISABLE_REGISTRATION = true; + }; + session = { + # Marks session cookies as “secure” as a hint for browsers to only send + # them via HTTPS. This option is recommend, if Forgejo is being served + # over HTTPS. + COOKIE_SECURE = true; + # Session engine provider. + PROVIDER = "db"; + }; + }; + }; + + # The configured Forgejo user and group is only created automatically if it + # is left at the default "forgejo". The following is copied from + # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/misc/forgejo.nix + # but with the mkIf removed and "forgejo" substituted for "git". + users.users = { + git = { + home = config.services.forgejo.stateDir; + useDefaultShell = true; + group = "git"; + isSystemUser = true; + }; + }; + users.groups = { + git = {}; + }; + + # https://wiki.nixos.org/wiki/Forgejo # https://forgejo.org/docs/latest/admin/actions/ services.gitea-actions-runner = { package = pkgs.forgejo-actions-runner; @@ -31,6 +105,17 @@ }; }; + environment.persistence."/nix/persist" = { + directories = [ + { + directory = "/var/lib/forgejo"; + user = "git"; + group = "git"; + mode = "0750"; + } + ]; + }; + age.secrets.forgejo-actions-runner-token-file = { file = "${secrets}/secrets/forgejo-actions-runner-token-file.age"; mode = "400";