Initial setup for git (forgejo)

2025-01-16 23:20:37 -05:00 · 2025-01-16 23:20:37 -05:00 · 0a2c3d46e0
commit 0a2c3d46e0
parent 9f4b8a6e70
2 changed files with 97 additions and 15 deletions
--- a/host/komodo/default.nix
+++ b/host/komodo/default.nix
@ -17,26 +17,26 @@

    # Local Modules
    ./modules/frp
+    ./modules/forgejo
    ./modules/komodo
  ];

  ## NETWORKING ##
  networking.firewall = {
    allowedTCPPorts = [
-      22
-      443
-      80
-      81
-      9120
-      3001
-      4041
-      5001
-      7475
-      8070
-      8080
-      8086
-      8090
-      9120
+      [REDACTED]
+      [REDACTED]
+      [REDACTED]
+      222 # GitTea SSH
+      [REDACTED]
+      [REDACTED]
+      3003 # GitTea
+      [REDACTED]
+      [REDACTED]
+      8080 # File Browser
+      [REDACTED]
+      [REDACTED]
+      [REDACTED]
    ];

    # Game Server Ports
@ -48,7 +48,7 @@
    ];

    allowedUDPPorts = [
-      8089
+      8089 # Grafana
    ];
  };

--- a/host/komodo/modules/forgejo/default.nix
+++ b/host/komodo/modules/forgejo/default.nix
@ -0,0 +1,82 @@
+# Configuration for Gitea instance
+
+{
+  config,
+  pkgs,
+  admin,
+  ...
+}:
+{
+  # Forgejo configuration
+  services.forgejo = {
+    enable = true;
+
+    stateDir = "/pool/forgejo";
+
+    # Settings
+    dump = {
+      # :D idk what this does
+      enable = false;
+      interval = "weekly";
+    };
+
+    settings = {
+      DEFAULT = {
+        # Configuration for Gitea
+        APP_NAME = "Ryot Git";
+        RUN_MODE = "dev";
+      };
+
+      server = {
+        # Configuration for reverse proxy
+        ROOT_URL = "https://git.ryot.foo/";
+        HTTP_ADDR = "0.0.0.0";
+        HTTP_PORT = 3003;
+        DOMAIN = "localhost";
+      };
+
+      repository = {
+        DEFAULT_PRIVATE = true;
+      };
+
+      ui = {
+        DEFAULT_THEME = "forgejo-dark";
+        SHOW_USER_EMAIL = false;
+      };
+
+      "ui.meta" = {
+        AUTHOR = "Ryot";
+        DESCRIPTION = "Ryot Gitea instance";
+        KEYWORDS = "";
+      };
+
+      security = {
+        INSTALL_LOCK = true;
+      };
+
+      session = {
+        SESSION_LIFE_TIME = 86400 * 7; # 1 week
+      };
+
+      picture = {
+        DISABLE_GRAVATAR = true;
+      };
+
+      "cron.sync_external_users".ENABLED = false;
+
+      log.LEVEL = "Info";
+      # Private server
+      service.DISABLE_REGISTRATION = false;
+      # Disable package manager functionality
+      packages.ENABLED = false;
+
+    };
+  };
+
+  users.users.forgejo.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClZstYoT64zHnGfE7LMYNiQPN5/gmCt382lC+Ji8lrH PVE"
+  ];
+
+  # Give admin group access to forgejo config
+  users.users.${admin}.extraGroups = [ "forgejo" ];
+}