refactor: reorganize server modules

- Moved each individual service definition into a dedicated `services/` directory under every server module (e.g. `modules/servers/bragi/services/`). - Updated the corresponding `default.nix` files to import the renamed service modules from the new location. - Applied the same changes across all server modules, ensuring the API and import paths remain consistent.
2026-01-19 19:21:11 +01:00 · 2026-01-19 19:21:11 +01:00 · 4e783c052b
commit 4e783c052b
parent 8a149c3533
45 changed files with 97 additions and 63 deletions
--- a/modules/servers/thor/services/forgejo.nix
+++ b/modules/servers/thor/services/forgejo.nix
@ -0,0 +1,51 @@
+{config, ...}: {
+  services.forgejo = {
+    enable = true;
+    settings = {
+      session = {
+        COOKIE_SECURE = true;
+      };
+      service = {
+        REGISTER_MANUAL_CONFIRM = true;
+        ENABLE_CAPTCHA = true;
+        REQUIRE_CAPTCHA_FOR_LOGIN = true;
+      };
+      server = {
+        ROOT_URL = "https://git.cronyakatsuki.xyz";
+        HTTP_ADDR = "127.0.0.1";
+      };
+    };
+    database = {
+      passwordFile = "${config.age.secrets.forgejo-db.path}";
+    };
+  };
+
+  services.traefik.dynamicConfigOptions.http = {
+    services.forgejo.loadBalancer.servers = [
+      {
+        url = "http://localhost:3000";
+      }
+    ];
+
+    routers.forgejo = {
+      rule = "Host(`git.cronyakatsuki.xyz`)";
+      tls = {
+        certResolver = "porkbun";
+      };
+      service = "forgejo";
+      entrypoints = "websecure";
+    };
+  };
+
+  services.openssh = {
+    authorizedKeysFiles = ["/var/lib/%u/.ssh/authorized_keys"];
+    settings = {
+      AllowUsers = ["forgejo"];
+    };
+  };
+
+  services.restic.backups = {
+    local.paths = ["/var/lib/forgejo"];
+    server.paths = ["/var/lib/forgejo"];
+  };
+}