🏗️ forgejo: sqlite -> mysql

This commit is contained in:
Ingolf Wagner 2024-10-13 01:25:39 +09:00
parent 05fbad21e1
commit f026fa1fdc
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
2 changed files with 110 additions and 13 deletions

View file

@ -137,6 +137,18 @@ in
#"com.sun:auto-snapshot:monthly" = toString true; #"com.sun:auto-snapshot:monthly" = toString true;
}; };
}; };
"forgejo" = {
type = "zfs_fs";
mountpoint = "/var/lib/nixos-containers/forgejo";
options = {
mountpoint = "legacy";
compression = "lz4";
"com.sun:auto-snapshot:hourly" = toString true;
"com.sun:auto-snapshot:daily" = toString true;
#"com.sun:auto-snapshot:weekly" = toString true;
#"com.sun:auto-snapshot:monthly" = toString true;
};
};
"taskchampion" = { "taskchampion" = {
type = "zfs_fs"; type = "zfs_fs";
mountpoint = config.services.taskchampion-sync-server.dataDir; mountpoint = config.services.taskchampion-sync-server.dataDir;

View file

@ -2,14 +2,30 @@
config, config,
lib, lib,
pkgs, pkgs,
components,
inputs,
... ...
}: }:
let
mysqlPort = 3333;
sshPort = 2222;
mysqlPackage = pkgs.mysql;
forgejoPort = 3000;
in
{ {
healthchecks.http.forgejjo = { healthchecks.http.forgejjo = {
url = "https://git.ingolf-wagner.de/explore/repos"; url = "https://git.ingolf-wagner.de/explore/repos";
expectedContent = "palo/nixos-config"; expectedContent = "palo/nixos-config";
}; };
healthchecks.closed.public.ports.forgejo = [
mysqlPort
sshPort
forgejoPort
];
networking.firewall.allowedTCPPorts = [ sshPort ];
networking.firewall.allowedUDPPorts = [ sshPort ];
# todo : make a healthcheck on open ssh port
services.nginx = { services.nginx = {
enable = true; enable = true;
@ -25,20 +41,89 @@
}; };
}; };
services.forgejo = { containers.forgejo = {
enable = true; privateNetwork = false;
package = pkgs.forgejo; autoStart = true;
settings = { specialArgs = {
server.ROOT_URL = "https://git.ingolf-wagner.de/"; inherit components;
server.DOMAIN = "git.ingolf-wagner.de";
DEFAULT.APP_NAME = "git.ingolf-wagner.de";
service.DISABLE_REGISTRATION = true;
session.COOKIE_SECURE = true;
log.LEVEL = "Warn";
other = {
SHOW_FOOTER_VERSION = false;
};
}; };
config =
{
config,
lib,
components,
...
}:
{
nixpkgs.pkgs = pkgs;
imports = [
"${components}/monitor/container.nix"
inputs.nix-topology.nixosModules.default
];
system.stateVersion = "24.11";
services.logrotate.checkConfig = false; # because uid 3000 does not exist in here
# ssh server (not really needed)
# ------------------------------
#services.openssh = {
# enable = true;
# ports = [ sshPort ];
# settings.X11Forwarding = false;
# settings.PasswordAuthentication = false;
#};
# forgejo
# -------
services.forgejo = {
enable = true;
package = pkgs.forgejo;
database = {
type = "mysql";
port = mysqlPort;
};
settings = {
server.SSH_PORT = sshPort;
server.START_SSH_SERVER = true;
server.HTTP_PORT = forgejoPort;
server.ROOT_URL = "https://git.ingolf-wagner.de/";
server.DOMAIN = "git.ingolf-wagner.de";
DEFAULT.APP_NAME = "git.ingolf-wagner.de";
service.DISABLE_REGISTRATION = true;
session.COOKIE_SECURE = true;
log.LEVEL = "Warn";
other = {
SHOW_FOOTER_VERSION = false;
};
};
};
# MySQL Database
# --------------
services.mysql = {
enable = true;
package = mysqlPackage;
settings.mysqld.port = mysqlPort;
ensureDatabases = [ config.services.forgejo.database.name ];
ensureUsers = [
{
name = config.services.forgejo.database.user;
ensurePermissions = {
"${config.services.forgejo.database.name}.*" = "ALL PRIVILEGES";
};
}
];
};
# Backup Database
# ---------------
services.mysqlBackup = {
enable = false;
databases = config.services.mysql.ensureDatabases;
singleTransaction = true;
};
};
}; };
} }