diff --git a/modules/servers/thor/default.nix b/modules/servers/thor/default.nix index 52c342a..abd108d 100644 --- a/modules/servers/thor/default.nix +++ b/modules/servers/thor/default.nix @@ -1,5 +1,7 @@ {...}: { imports = [ ./changedetection-io.nix + ./forgejo.nix + ./secrets.nix ]; } diff --git a/modules/servers/thor/forgejo.nix b/modules/servers/thor/forgejo.nix new file mode 100644 index 0000000..1c82fc4 --- /dev/null +++ b/modules/servers/thor/forgejo.nix @@ -0,0 +1,34 @@ +{config, ...}: { + services.forgejo = { + enable = true; + settings = { + session = { + COOKIE_SECURE = true; + }; + server = { + ROOT_URL = "https://git.cronyakatsuki.xyz"; + HTTP_ADDR = "127.0.0.1"; + }; + }; + database = { + passwordFile = "${config.age.secrets.forgejo-db.path}"; + }; + }; + + services.traefik.dynamicConfigOptions.http = { + services.forgejo.loadBalancer.servers = [ + { + url = "http://localhost:3000"; + } + ]; + + routers.forgejo = { + rule = "Host(`git.cronyakatsuki.xyz`)"; + tls = { + certResolver = "porkbun"; + }; + service = "forgejo"; + entrypoints = "websecure"; + }; + }; +} diff --git a/modules/servers/thor/secrets.nix b/modules/servers/thor/secrets.nix new file mode 100644 index 0000000..60e4651 --- /dev/null +++ b/modules/servers/thor/secrets.nix @@ -0,0 +1,9 @@ +{ + age = { + secrets = { + forgejo-db = { + file = ../../../secrets/forgejo-db.age; + }; + }; + }; +} diff --git a/secrets/forgejo-db.age b/secrets/forgejo-db.age new file mode 100644 index 0000000..5e5a3bc Binary files /dev/null and b/secrets/forgejo-db.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index c0752c7..4b30ac4 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -19,4 +19,5 @@ in { "wg-desktop.age".publicKeys = systems ++ users; "rclone.age".publicKeys = systems ++ users; "navidrome.age".publicKeys = systems ++ users; + "forgejo-db.age".publicKeys = systems ++ users; }