{ config, lib, pkgs, components, inputs, ... }: let mysqlPort = 3333; sshPort = 2222; mysqlPackage = pkgs.mariadb; forgejoPort = 3000; in { healthchecks.http.forgejjo = { url = "https://git.ingolf-wagner.de/explore/repos"; expectedContent = "palo/nixos-config"; }; healthchecks.closed.public.ports.forgejo = [ mysqlPort forgejoPort ]; networking.firewall.allowedTCPPorts = [ sshPort ]; networking.firewall.allowedUDPPorts = [ sshPort ]; # todo : make a healthcheck on open ssh port services.nginx = { enable = true; statusPage = true; virtualHosts = { "git.ingolf-wagner.de" = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; }; }; }; }; containers.forgejo = { privateNetwork = false; autoStart = true; specialArgs = { inherit components; }; config = { config, lib, components, ... }: { nixpkgs.pkgs = pkgs; imports = [ "${components}/monitor/container.nix" inputs.nix-topology.nixosModules.default inputs.telemetry.nixosModules.telemetry ]; system.stateVersion = "24.11"; services.logrotate.checkConfig = false; # because uid 3000 does not exist in here # ssh server (not really needed) # ------------------------------ #services.openssh = { # enable = true; # ports = [ sshPort ]; # settings.X11Forwarding = false; # settings.PasswordAuthentication = false; #}; # forgejo # ------- services.forgejo = { enable = true; package = pkgs.forgejo; database = { type = "mysql"; port = mysqlPort; }; settings = { server.SSH_PORT = sshPort; server.START_SSH_SERVER = true; server.HTTP_PORT = forgejoPort; server.ROOT_URL = "https://git.ingolf-wagner.de/"; server.DOMAIN = "git.ingolf-wagner.de"; DEFAULT.APP_NAME = "git.ingolf-wagner.de"; service.DISABLE_REGISTRATION = true; session.COOKIE_SECURE = true; log.LEVEL = "Warn"; other = { SHOW_FOOTER_VERSION = false; }; }; }; # MySQL Database # -------------- services.mysql = { enable = true; package = mysqlPackage; settings.mysqld.port = mysqlPort; ensureDatabases = [ config.services.forgejo.database.name ]; ensureUsers = [ { name = config.services.forgejo.database.user; ensurePermissions = { "${config.services.forgejo.database.name}.*" = "ALL PRIVILEGES"; }; } ]; }; # Backup Database # --------------- services.mysqlBackup = { enable = false; databases = config.services.mysql.ensureDatabases; singleTransaction = true; }; }; }; }