{
config,
lib,
pkgs,
components,
inputs,
...
}:
let
mysqlPort = 3333;
sshPort = 2222;
mysqlPackage = pkgs.mariadb;
forgejoPort = 3000;
in
{
healthchecks.http.forgejjo = {
url = "https://git.ingolf-wagner.de/explore/repos";
expectedContent = "palo/nixos-config";
};
healthchecks.closed.public.ports.forgejo = [
mysqlPort
forgejoPort
];
networking.firewall.allowedTCPPorts = [ sshPort ];
networking.firewall.allowedUDPPorts = [ sshPort ];
# todo : make a healthcheck on open ssh port
services.nginx = {
enable = true;
statusPage = true;
virtualHosts = {
"git.ingolf-wagner.de" = {
forceSSL = true;
enableACME = true;
extraConfig = ''
client_max_body_size 2048M; # 2 GB (adjust as needed), for docker/podman push
'';
locations."/" = {
proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}";
};
};
};
};
containers.forgejo = {
privateNetwork = false;
autoStart = true;
specialArgs = {
inherit components;
};
config =
{
config,
lib,
components,
...
}:
{
nixpkgs.pkgs = pkgs;
imports = [
inputs.nix-topology.nixosModules.default
inputs.telemetry.nixosModules.container-telemetry-non-private-network
];
system.stateVersion = "24.11";
services.logrotate.checkConfig = false; # because uid 3000 does not exist in here
# ssh server (not really needed)
# ------------------------------
#services.openssh = {
# enable = true;
# ports = [ sshPort ];
# settings.X11Forwarding = false;
# settings.PasswordAuthentication = false;
#};
# forgejo
# -------
services.forgejo = {
enable = true;
package = pkgs.forgejo;
database = {
type = "mysql";
port = mysqlPort;
};
settings = {
server.SSH_PORT = sshPort;
server.START_SSH_SERVER = true;
server.HTTP_PORT = forgejoPort;
server.ROOT_URL = "https://git.ingolf-wagner.de/";
server.DOMAIN = "git.ingolf-wagner.de";
DEFAULT.APP_NAME = "git.ingolf-wagner.de";
service.DISABLE_REGISTRATION = true;
session.COOKIE_SECURE = true;
log.LEVEL = "Warn";
other = {
SHOW_FOOTER_VERSION = false;
};
};
};
# MySQL Database
# --------------
services.mysql = {
enable = true;
package = mysqlPackage;
settings.mysqld.port = mysqlPort;
ensureDatabases = [ config.services.forgejo.database.name ];
ensureUsers = [
{
name = config.services.forgejo.database.user;
ensurePermissions = {
"${config.services.forgejo.database.name}.*" = "ALL PRIVILEGES";
};
}
];
};
# Backup Database
# ---------------
services.mysqlBackup = {
enable = false;
databases = config.services.mysql.ensureDatabases;
singleTransaction = true;
};
};
};
}