nix: add vps setup

2026-01-15 16:51:34 +02:00 · 2026-01-14 21:45:55 +02:00 · 2026-01-14 21:45:55 +02:00 · 4240620b6b
commit 4240620b6b
parent 028a52d9ff
13 changed files with 498 additions and 0 deletions
--- a/nix/modules/forgejo.nix
+++ b/nix/modules/forgejo.nix
@ -0,0 +1,58 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+let
+  domain = "git.olexsmir.xyz";
+in
+{
+  services.caddy.virtualHosts.${domain}.extraConfig = ''
+    reverse_proxy http://localhost:3001
+  '';
+
+  services.forgejo = {
+    enable = true;
+    database.type = "sqlite3";
+    settings = {
+      server = {
+        DOMAIN = domain;
+        ROOT_URL = "https://${domain}/";
+        HTTP_PORT = 3001;
+        LANDING_PAGE = "explore";
+      };
+      DEFAULT.APP_NAME = "my git";
+      repository.DISABLE_STARS = true;
+      service.DISABLE_REGISTRATION = true;
+      ui.DEFAULT_THEME = "forgejo-dark";
+      actions = {
+        ENABLED = true;
+        DEFAULT_ACTIONS_URL = "https://${domain}";
+      };
+    };
+  };
+
+  # automatically setup user
+  age.secrets.forgejo-admin-password = {
+    file = ../secrets/forgejo-admin-password.age;
+    owner = "forgejo";
+    group = "forgejo";
+  };
+
+  systemd.services.forgejo.preStart =
+    let
+      adminCmd = "${lib.getExe config.services.forgejo.package} admin user";
+      passwordFile = config.age.secrets.forgejo-admin-password.path;
+      user = "olexsmir";
+    in
+    ''
+      ${adminCmd} create --admin --email "root@localhost" --username ${user} --password "$(tr -d '\n' < ${passwordFile})" || true
+      ## uncomment this line to change an admin user which was already created
+      # ${adminCmd} change-password --username ${user} --password "$(tr -d '\n' < ${passwordFile})" || true
+    '';
+
+  # TODO: setup workers
+  # ideally it would get a token automatically
+
+}