Add forgejo on git.hunner.dev

2026-03-11 15:45:23 -07:00 · 2026-03-11 15:45:23 -07:00 · 23d22dd2ce
commit 23d22dd2ce
parent 8fce8ae927
3 changed files with 56 additions and 2 deletions
--- a/hosts/liminal/configuration.nix
+++ b/hosts/liminal/configuration.nix
@ -285,6 +285,7 @@
      clangStdenv
      cmake
      just
+      dtach
    ];
  };
  users.users.hunner = {
@ -394,6 +395,7 @@
      bitwarden-desktop
      bitwarden-cli
      itch
+      dtach
    ];
  };
  systemd.user.services = {
@ -534,8 +536,8 @@
  # services.openssh.enable = true;

  # Open ports in the firewall.
-  networking.firewall.allowedTCPPorts = [ 8080 8081 8082 1234 4096 4747 ];
-  networking.firewall.allowedUDPPorts = [ 8080 8081 8082 1234 4096 4747 ];
+  networking.firewall.allowedTCPPorts = [ 8080 8081 8082 1234 4096 ];
+  networking.firewall.allowedUDPPorts = [ 8080 8081 8082 1234 4096 ];
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;
  systemd.services.upower.enable = true;
--- a/hosts/ruil/configuration.nix
+++ b/hosts/ruil/configuration.nix
@ -5,6 +5,7 @@
    ./hardware-configuration.nix
    ./modules/vaultwarden.nix
    ./modules/etherpad-lite.nix
+    ./modules/forgejo.nix
    (modulesPath + "/virtualisation/digital-ocean-config.nix")
  ];

--- a/hosts/ruil/modules/forgejo.nix
+++ b/hosts/ruil/modules/forgejo.nix
@ -0,0 +1,51 @@
+{ config, ... }:
+
+let
+  domain = "git.hunner.dev";
+  port = 3000;
+in
+{
+  services.forgejo = {
+    enable = true;
+    user = "git";
+    group = "git";
+    lfs.enable = true;
+
+    settings = {
+      DEFAULT.APP_NAME = domain;
+
+      server = {
+        DOMAIN = domain;
+        ROOT_URL = "https://${domain}/";
+        HTTP_ADDR = "127.0.0.1";
+        HTTP_PORT = port;
+        DISABLE_SSH = false;
+        SSH_DOMAIN = domain;
+        SSH_PORT = 22;
+      };
+
+      session.COOKIE_SECURE = true;
+      service.DISABLE_REGISTRATION = false;
+    };
+  };
+
+  # Forgejo on git.hunner.dev (Cloudflare proxy -> nginx -> localhost:3000).
+  services.nginx.virtualHosts.${domain} = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:${toString port}";
+      proxyWebsockets = true;
+      recommendedProxySettings = true;
+    };
+  };
+
+  users.users.git = {
+    home = config.services.forgejo.stateDir;
+    useDefaultShell = true;
+    group = "git";
+    isSystemUser = true;
+  };
+
+  users.groups.git = { };
+}