feat(thor): add forgejo, code repo."

2025-05-10 08:24:19 +02:00 · 2025-05-10 08:24:19 +02:00 · 850f15885a
commit 850f15885a
parent ee550f58b7
5 changed files with 46 additions and 0 deletions
--- a/modules/servers/thor/default.nix
+++ b/modules/servers/thor/default.nix
@ -1,5 +1,7 @@
 {...}: {
  imports = [
    ./changedetection-io.nix
+    ./forgejo.nix
+    ./secrets.nix
  ];
 }
--- a/modules/servers/thor/forgejo.nix
+++ b/modules/servers/thor/forgejo.nix
@ -0,0 +1,34 @@
+{config, ...}: {
+  services.forgejo = {
+    enable = true;
+    settings = {
+      session = {
+        COOKIE_SECURE = true;
+      };
+      server = {
+        ROOT_URL = "https://git.cronyakatsuki.xyz";
+        HTTP_ADDR = "127.0.0.1";
+      };
+    };
+    database = {
+      passwordFile = "${config.age.secrets.forgejo-db.path}";
+    };
+  };
+
+  services.traefik.dynamicConfigOptions.http = {
+    services.forgejo.loadBalancer.servers = [
+      {
+        url = "http://localhost:3000";
+      }
+    ];
+
+    routers.forgejo = {
+      rule = "Host(`git.cronyakatsuki.xyz`)";
+      tls = {
+        certResolver = "porkbun";
+      };
+      service = "forgejo";
+      entrypoints = "websecure";
+    };
+  };
+}
--- a/modules/servers/thor/secrets.nix
+++ b/modules/servers/thor/secrets.nix
@ -0,0 +1,9 @@
+{
+  age = {
+    secrets = {
+      forgejo-db = {
+        file = ../../../secrets/forgejo-db.age;
+      };
+    };
+  };
+}
--- a/secrets/forgejo-db.age
+++ b/secrets/forgejo-db.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -19,4 +19,5 @@ in {
  "wg-desktop.age".publicKeys = systems ++ users;
  "rclone.age".publicKeys = systems ++ users;
  "navidrome.age".publicKeys = systems ++ users;
+  "forgejo-db.age".publicKeys = systems ++ users;
 }