From f026fa1fdc634f97daf5000c63623e1b4fdce467 Mon Sep 17 00:00:00 2001 From: Ingolf Wagner Date: Sun, 13 Oct 2024 01:25:39 +0900 Subject: [PATCH] :building_construction: forgejo: sqlite -> mysql --- .../hardware-configuration/disko-config.nix | 12 ++ machines/orbi/service-forgejo.nix | 111 ++++++++++++++++-- 2 files changed, 110 insertions(+), 13 deletions(-) diff --git a/machines/orbi/hardware-configuration/disko-config.nix b/machines/orbi/hardware-configuration/disko-config.nix index ad45957..e02403c 100644 --- a/machines/orbi/hardware-configuration/disko-config.nix +++ b/machines/orbi/hardware-configuration/disko-config.nix @@ -137,6 +137,18 @@ in #"com.sun:auto-snapshot:monthly" = toString true; }; }; + "forgejo" = { + type = "zfs_fs"; + mountpoint = "/var/lib/nixos-containers/forgejo"; + options = { + mountpoint = "legacy"; + compression = "lz4"; + "com.sun:auto-snapshot:hourly" = toString true; + "com.sun:auto-snapshot:daily" = toString true; + #"com.sun:auto-snapshot:weekly" = toString true; + #"com.sun:auto-snapshot:monthly" = toString true; + }; + }; "taskchampion" = { type = "zfs_fs"; mountpoint = config.services.taskchampion-sync-server.dataDir; diff --git a/machines/orbi/service-forgejo.nix b/machines/orbi/service-forgejo.nix index 1695e7b..bf4db16 100644 --- a/machines/orbi/service-forgejo.nix +++ b/machines/orbi/service-forgejo.nix @@ -2,14 +2,30 @@ config, lib, pkgs, + components, + inputs, ... }: +let + mysqlPort = 3333; + sshPort = 2222; + mysqlPackage = pkgs.mysql; + forgejoPort = 3000; +in { healthchecks.http.forgejjo = { url = "https://git.ingolf-wagner.de/explore/repos"; expectedContent = "palo/nixos-config"; }; + healthchecks.closed.public.ports.forgejo = [ + mysqlPort + sshPort + forgejoPort + ]; + networking.firewall.allowedTCPPorts = [ sshPort ]; + networking.firewall.allowedUDPPorts = [ sshPort ]; + # todo : make a healthcheck on open ssh port services.nginx = { enable = true; @@ -25,20 +41,89 @@ }; }; - services.forgejo = { - enable = true; - package = pkgs.forgejo; - settings = { - server.ROOT_URL = "https://git.ingolf-wagner.de/"; - server.DOMAIN = "git.ingolf-wagner.de"; - DEFAULT.APP_NAME = "git.ingolf-wagner.de"; - service.DISABLE_REGISTRATION = true; - session.COOKIE_SECURE = true; - log.LEVEL = "Warn"; - other = { - SHOW_FOOTER_VERSION = false; - }; + containers.forgejo = { + privateNetwork = false; + autoStart = true; + specialArgs = { + inherit components; }; + + config = + { + config, + lib, + components, + ... + }: + { + nixpkgs.pkgs = pkgs; + imports = [ + "${components}/monitor/container.nix" + inputs.nix-topology.nixosModules.default + ]; + system.stateVersion = "24.11"; + services.logrotate.checkConfig = false; # because uid 3000 does not exist in here + + # ssh server (not really needed) + # ------------------------------ + #services.openssh = { + # enable = true; + # ports = [ sshPort ]; + # settings.X11Forwarding = false; + # settings.PasswordAuthentication = false; + #}; + + # forgejo + # ------- + services.forgejo = { + enable = true; + package = pkgs.forgejo; + database = { + type = "mysql"; + port = mysqlPort; + }; + settings = { + server.SSH_PORT = sshPort; + server.START_SSH_SERVER = true; + server.HTTP_PORT = forgejoPort; + server.ROOT_URL = "https://git.ingolf-wagner.de/"; + server.DOMAIN = "git.ingolf-wagner.de"; + DEFAULT.APP_NAME = "git.ingolf-wagner.de"; + service.DISABLE_REGISTRATION = true; + session.COOKIE_SECURE = true; + log.LEVEL = "Warn"; + other = { + SHOW_FOOTER_VERSION = false; + }; + }; + }; + + # MySQL Database + # -------------- + services.mysql = { + enable = true; + package = mysqlPackage; + settings.mysqld.port = mysqlPort; + ensureDatabases = [ config.services.forgejo.database.name ]; + ensureUsers = [ + { + name = config.services.forgejo.database.user; + ensurePermissions = { + "${config.services.forgejo.database.name}.*" = "ALL PRIVILEGES"; + }; + } + ]; + }; + + # Backup Database + # --------------- + services.mysqlBackup = { + enable = false; + databases = config.services.mysql.ensureDatabases; + singleTransaction = true; + }; + + }; }; }