From 850f15885a05428f55a1af1bce990a3d9a1e173f Mon Sep 17 00:00:00 2001
From: Crony Akatsuki <crony@cronyakatsuki.xyz>
Date: Sat, 10 May 2025 08:24:19 +0200
Subject: [PATCH] feat(thor): add forgejo, code repo."

---
 modules/servers/thor/default.nix |   2 ++
 modules/servers/thor/forgejo.nix |  34 +++++++++++++++++++++++++++++++
 modules/servers/thor/secrets.nix |   9 ++++++++
 secrets/forgejo-db.age           | Bin 0 -> 964 bytes
 secrets/secrets.nix              |   1 +
 5 files changed, 46 insertions(+)
 create mode 100644 modules/servers/thor/forgejo.nix
 create mode 100644 modules/servers/thor/secrets.nix
 create mode 100644 secrets/forgejo-db.age

diff --git a/modules/servers/thor/default.nix b/modules/servers/thor/default.nix
index 52c342a..abd108d 100644
--- a/modules/servers/thor/default.nix
+++ b/modules/servers/thor/default.nix
@@ -1,5 +1,7 @@
 {...}: {
   imports = [
     ./changedetection-io.nix
+    ./forgejo.nix
+    ./secrets.nix
   ];
 }
diff --git a/modules/servers/thor/forgejo.nix b/modules/servers/thor/forgejo.nix
new file mode 100644
index 0000000..1c82fc4
--- /dev/null
+++ b/modules/servers/thor/forgejo.nix
@@ -0,0 +1,34 @@
+{config, ...}: {
+  services.forgejo = {
+    enable = true;
+    settings = {
+      session = {
+        COOKIE_SECURE = true;
+      };
+      server = {
+        ROOT_URL = "https://git.cronyakatsuki.xyz";
+        HTTP_ADDR = "127.0.0.1";
+      };
+    };
+    database = {
+      passwordFile = "${config.age.secrets.forgejo-db.path}";
+    };
+  };
+
+  services.traefik.dynamicConfigOptions.http = {
+    services.forgejo.loadBalancer.servers = [
+      {
+        url = "http://localhost:3000";
+      }
+    ];
+
+    routers.forgejo = {
+      rule = "Host(`git.cronyakatsuki.xyz`)";
+      tls = {
+        certResolver = "porkbun";
+      };
+      service = "forgejo";
+      entrypoints = "websecure";
+    };
+  };
+}
diff --git a/modules/servers/thor/secrets.nix b/modules/servers/thor/secrets.nix
new file mode 100644
index 0000000..60e4651
--- /dev/null
+++ b/modules/servers/thor/secrets.nix
@@ -0,0 +1,9 @@
+{
+  age = {
+    secrets = {
+      forgejo-db = {
+        file = ../../../secrets/forgejo-db.age;
+      };
+    };
+  };
+}
diff --git a/secrets/forgejo-db.age b/secrets/forgejo-db.age
new file mode 100644
index 0000000000000000000000000000000000000000..5e5a3bc3ea005ad3865a80ed2baa0248574c2860
GIT binary patch
literal 964
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSP3NXp@E?4l-Huv^4
z^tFh{PE7O*vv3V{bv5?%N%hzE%Z_ky4b3*QtaNmCcM1<SGT=(AG6^m8HOR6EHApH9
z@{Mrw3s28T3n|q$t_btjw(u!6%=RyJ*AENGk3_f4Ogkg6AW*@j#LvQ|Bs<dE#L&Ae
z*DyjmB-qr`B+tXgEiye*J2c<Ns4yki)i}S{Iho5eH!8a<$<Ng|H7htY$EdI>D&5lC
zv^+C2!!RT}xV%h1$*sIf+uy4)-x1xm9DRS6a7P9G%>3Yz)Zhx!WLN*Fpx_Kw%d`|n
zOLI%_l#sl<tTL~(B>%uf1E1oeuwpJ3@3P{^L=$(Ppu*&AW22170L!ve{jdO+$jD6J
z!hCJx3d;(8*PxuBG*@)n%(YFujRO_RQ~mODjmtxvD^t>(%#3nEA`7!!wZn1)BO;2u
zqmunooin^bbG^e;GLpH13IjsRLvvjWt4y8CQ<9B?+>%{$P0|B%5?#yFbJ8lxGE<zh
zgR}CIQ!zr)zuX|iy<EXOIU_3BNk88t)wLv`%q+#ABsrzLveL-3B-`99w=yiRvQpp2
zvpB^!G@HvJ#oNokKP{pnL_g6hv9vU}tfVv`HPX~O!qKZFJ;0z+yF%N{%cH={#1q|b
zX({?qK7k58>CR@Jo+jFU6(Ko6g^|f29(g{A*%hg7X{ALb<rM|`c@`<=&Msxz;htO>
ziGEq8Nug0GZf2%NVaAc(evv_e*(N5%W`UX7ekq~a#d%4|85J3+?)hB0y1EKJ71`#-
zre4~?epQv)DcX)kft7((`N?isZb|-LPC?~P!Dji+naM`Q1?gOm{FKZtEa;8qKPs-V
zHjCH)z4q0I*W#V8N3!JIYLM10kPdygwCZNnn&#@8t76NK&#O#17xr)E^eF*1gJcdr
zyRqx`v3SPZki@Mytj_t#pQ2qXHzYg0(bMHo-Ed=~Jd?8X{4QtHebq**zCZj|@Ys0r
z!@5W#zy3LgcDb&+b##`bXXmYZd(`ANFZc1AV0nXOO7oc;?#o-#ndkY5?M#X=?3s1P
z@%?PW4S9FF<KzV&Wc&}AFFkktp6+A1#VdFpNFR4z%24^&v-sTQc@t(!oIKn2B*jB9
e&9kfYNYmVZu1Z}oe5nS8JzCB^`yN%=tpNa)V_Mq)

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index c0752c7..4b30ac4 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -19,4 +19,5 @@ in {
   "wg-desktop.age".publicKeys = systems ++ users;
   "rclone.age".publicKeys = systems ++ users;
   "navidrome.age".publicKeys = systems ++ users;
+  "forgejo-db.age".publicKeys = systems ++ users;
 }