New service: Forgejo

2025-10-07 22:52:54 +02:00 · 2025-10-07 22:52:54 +02:00 · 0ba7940dba
commit 0ba7940dba
parent 3947745bec
8 changed files with 190 additions and 0 deletions
--- a/hosts/caddy/default.nix
+++ b/hosts/caddy/default.nix
@ -50,6 +50,12 @@ in
        host = p.hosts.firefly-iii;
      };

+      forgejo.proxy = {
+        enable = true;
+        domain = p.domains.public;
+        host = p.hosts.forgejo;
+      };
+
      immich.proxy = {
        enable = true;
        domain = p.domains.public;
--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -256,4 +256,15 @@ in
    # specialArgs = { };
  };

+  forgejo = nixpkgs.lib.nixosSystem {
+    pkgs = pkgs "x86_64-linux";
+    modules = [
+      nodeBaseModules
+      proxmoxModule
+      ./forgejo
+      agenix.nixosModules.default
+    ];
+    # specialArgs = { };
+  };
+
 }
--- a/hosts/deployments.nix
+++ b/hosts/deployments.nix
@ -166,6 +166,15 @@ in
    ];
  };

+  forgejo.deployment = {
+    targetHost = hosts.forgejo;
+    tags = [
+      "lxc"
+      "bacco"
+      "forgejo"
+    ];
+  };
+
  deadbeef.deployment = {
    allowLocalDeployment = true;
    targetHost = null;
--- a/hosts/forgejo/default.nix
+++ b/hosts/forgejo/default.nix
@ -0,0 +1,58 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+let
+  p = import ../parameters.nix;
+in
+{
+
+  age.secrets.scaleway-password.file = ../../secrets/scaleway-password.age;
+
+  my = {
+    utils = {
+      commons.enable = true;
+      lxc-standard.enable = true;
+    };
+
+    services.forgejo = {
+      enable = true;
+      stateDir = "/mnt/git";
+      proxy.domain = p.domains.public;
+      secrets = {
+        mailer.PASSWD = config.age.secrets.scaleway-password.path;
+      };
+      settings = {
+        service = {
+          DISABLE_REGISTRATION = true;
+        };
+        mailer = {
+          ENABLED = true;
+          PROTOCOL = "smtps";
+          SMTP_ADDR = "smtp.tem.scaleway.com";
+          SMTP_PORT = "465";
+          USER = "5cbeeec0-9c3a-441a-9772-c11e9650fcd2";
+          FROM = "git@${p.domains.public}";
+        };
+        oauth2_client = {
+          USERNAME = "openid";
+          ACCOUNT_LINKING = "auto";
+        };
+      };
+    };
+
+    networking.nas-samba-share = {
+      enable = true;
+      allowUsers = [ config.services.forgejo.user ];
+    };
+
+    virtualisation.proxmox.enable = true;
+  };
+
+  # Extra packages
+  environment.systemPackages = with pkgs; [ ];
+
+  system.stateVersion = "25.05";
+}
--- a/hosts/parameters.nix
+++ b/hosts/parameters.nix
@ -28,6 +28,7 @@ in
    firefly-iii = "firefly-iii.${private-domain}";
    paperless = "paperless.${private-domain}";
    zigbee2mqtt = "zigbee2mqtt.${private-domain}";
+    forgejo = "forgejo.${private-domain}";
  };
  email = "davide@${public-domain}";
 }