loptland: I have no idea how nginx works, also need to read up on ACME and LetsEncrypt

2024-11-06 19:54:03 +01:00 · 2024-11-06 19:54:03 +01:00 · 8d6c10ccdf
parent aa08b78056
commit 8d6c10ccdf
1 changed files with 29 additions and 7 deletions
--- a/systems/x86_64-linux/loptland/default.nix
+++ b/systems/x86_64-linux/loptland/default.nix
@ -8,6 +8,9 @@
 let
  inherit (lib.${namespace}) enabled;

+  domainName = "v2202411240203293899.ultrasrv.de";
+  forgejoPort = 3000;
+
  sopsFile = lib.snowfall.fs.get-file "secrets/secrets-loptland.yaml";
 in
 {
@ -16,10 +19,6 @@ in
  environment.systemPackages = [ pkgs.forgejo-cli ];

  sops.secrets = {
-    domain = {
-      inherit sopsFile;
-    };
-
    forgejo_db_password = {
      inherit sopsFile;
    };
@ -33,18 +32,41 @@ in
    };
  };

+  services.nginx = {
+    enable = true;
+    virtualHosts = {
+      "git.${domainName}" = {
+        locations."/" = {
+          proxyPass = "http://localhost:${toString forgejoPort}/";
+        };
+      };
+    };
+  };
+
  services.forgejo = {
    enable = true;
+    database.type = "postgres";
    lfs.enable = true;
    database = {
      passwordFile = config.sops.secrets.forgejo_db_password.path;
    };
-    # settings = {
-    #   server.DOMAIN = config.sops.secrets.domain;
-    # };
-
+    settings = {
+      server = {
+        DOMAIN = "git.${domainName}";
+        ROOT_URL = "http://git.${domainName}:${toString forgejoPort}";
+        HTTP_PORT = forgejoPort;
      };

+      service.DISABLE_REGISTRATION = false;
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    forgejoPort
+    80
+    443
+  ];
+
  ${namespace} = {
    submodules = {
      basics = enabled;