Daholli/nixos-config
1
0
Fork 0
Code Issues 2 Pull requests Releases Packages Activity Actions

loptland: more modules

Browse source
This commit is contained in:
Christoph Hollizeck 2025-10-31 00:24:07 +01:00
parent 82f7af3856
commit 942f3262a7
Signed by: Daholli
GPG key ID: 249300664F2AF2C7
4 changed files with 90 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

1
modules/base/system/default.nix
View file

@ -50,7 +50,6 @@
defaultSopsFile = ../../../secrets/secrets.yaml; defaultSopsFile = ../../../secrets/secrets.yaml;
defaultSopsFormat = "yaml"; defaultSopsFormat = "yaml";
# age.keyFile = "/home/cholli/.config/sops/age/keys.txt";
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
}; };

47
modules/hosts/loptland/default.nix
View file

@ -14,8 +14,8 @@ in
... ...
}: }:
let let
domainName = "christophhollizeck.dev";
sopsFile = ../../../secrets/secrets-loptland.yaml; sopsFile = ../../../secrets/secrets-loptland.yaml;
in in
{ {
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
@ -26,11 +26,13 @@ in
[ [
(modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/profiles/qemu-guest.nix")
inputs.catppuccin.nixosModules.catppuccin inputs.catppuccin.nixosModules.catppuccin
inputs.sops-nix.nixosModules.sops
# System modules # System modules
base base
server server
hydra hydra
forgejo
factorio-server factorio-server
# apps # apps
@ -55,19 +57,38 @@ in
]; ];
sops = { # sops.secrets = {
secrets = { # "forgejo/mail/passwordHash" = {
"forgejo/db/password" = { # inherit sopsFile;
inherit sopsFile; # };
}; # };
"forgejo/mail/password" = {
inherit sopsFile; # mailserver = {
}; # enable = true;
"forgejo/mail/passwordHash" = { # fqdn = "mail.${domainName}";
inherit sopsFile; # domains = [ domainName ];
};
}; # loginAccounts = {
# "forgejo@${domainName}" = {
# hashedPasswordFile = config.sops.secrets."forgejo/mail/passwordHash".path;
# aliases = [ "no-reply@${domainName}" ];
# };
# };
# certificateScheme = "acme-nginx";
# stateVersion = 3;
# };
services.tailscale = {
enable = true;
useRoutingFeatures = "client";
}; };
networking.firewall.allowedTCPPorts = [
3000
80
443
];
}; };
} }

8
modules/hosts/loptland/nginx.nix
View file

@ -8,8 +8,6 @@
}: }:
let let
domainName = "christophhollizeck.dev"; domainName = "christophhollizeck.dev";
forgejoPort = 3000;
hydraPort = 2000;
in in
{ {
services.nginx = { services.nginx = {
@ -17,7 +15,7 @@
recommendedProxySettings = true; recommendedProxySettings = true;
virtualHosts = { virtualHosts = {
"git.${domainName}" = { "git.${domainName}" = lib.mkIf config.services.forgejo.enable {
forceSSL = true; forceSSL = true;
useACMEHost = domainName; useACMEHost = domainName;
@ -25,7 +23,7 @@
extraConfig = '' extraConfig = ''
client_max_body_size 200M; client_max_body_size 200M;
''; '';
proxyPass = "http://localhost:${toString forgejoPort}/"; proxyPass = "http://localhost:${toString 3000}/";
}; };
}; };
@ -34,7 +32,7 @@
useACMEHost = domainName; useACMEHost = domainName;
locations."/" = { locations."/" = {
proxyPass = "http://localhost:${toString hydraPort}/"; proxyPass = "http://localhost:${toString config.services.hydra.port}/";
}; };
}; };

53
modules/server/forgejo.nix Normal file
View file

@ -0,0 +1,53 @@
{
flake.modules.nixos.forgejo =
{ config, inputs, ... }:
let
domainName = "christophhollizeck.dev";
forgejoPort = 3000;
sopsFile = ../../secrets/secrets-loptland.yaml;
in
{
sops = {
secrets = {
"forgejo/db/password" = {
inherit sopsFile;
};
"forgejo/mail/password" = {
inherit sopsFile;
};
};
};
services.forgejo = {
enable = true;
database.type = "postgres";
lfs.enable = true;
database = {
passwordFile = config.sops.secrets."forgejo/db/password".path;
};
settings = {
server = {
DOMAIN = "git.${domainName}";
ROOT_URL = "https://git.${domainName}";
HTTP_PORT = forgejoPort;
};
mailer = {
ENABLED = true;
PROTOCOL = "smtps";
FROM = "no-reply@${domainName}";
SMTP_ADDR = "mail.${domainName}";
USER = "forgejo@${domainName}";
};
service.DISABLE_REGISTRATION = true;
};
secrets = {
mailer.PASSWD = config.sops.secrets."forgejo/mail/password".path;
};
};
};
}