Commit 9d90cfb

HPCesia <me@hpcesia.com>
2025-07-21 13:12:17
feat(service): add forgejo on pardo
1 parent 80d8989
Changed files (2)
hosts
chaser-pardofelis
hosts/chaser-pardofelis/caddy.nix
@@ -21,11 +21,12 @@
           # Assuming address start with `tcp://`.
           builtins.substring 6 (-1) config.services.authelia.instances.main.settings.server.address
         }";
-        vaultwarden = "http://localhost:${builtins.toString config.services.vaultwarden.config.rocketPort}";
+        forgejo = "http://localhost:${builtins.toString config.services.forgejo.settings.server.HTTP_PORT}";
         gotosocial = "http://localhost:${builtins.toString config.services.gotosocial.settings.port}";
         grafana = "http://localhost:${builtins.toString config.services.grafana.settings.server.http_port}";
         homepage = "http://localhost:${builtins.toString config.services.homepage-dashboard.listenPort}";
         prometheus = "http://${config.services.victoriametrics.listenAddress}";
+        vaultwarden = "http://localhost:${builtins.toString config.services.vaultwarden.config.rocketPort}";
       };
     in {
       "artalk.hpcesia.com".extraConfig = ''
@@ -56,6 +57,10 @@
         encode zstd gzip
         reverse_proxy ${localAddress.prometheus}
       '';
+      "repo.hpcesia.com".extraConfig = ''
+        encode zstd gzip
+        reverse_proxy ${localAddress.forgejo}
+      '';
       "trin.one".extraConfig = ''
         encode zstd gzip
         reverse_proxy ${localAddress.gotosocial}
hosts/chaser-pardofelis/forgejo.nix
@@ -0,0 +1,49 @@
+{
+  pkgs-unstable,
+  config,
+  ...
+}: {
+  services.forgejo = {
+    enable = true;
+    package = pkgs-unstable.forgejo;
+    user = "git";
+    group = "forgejo";
+    database = {
+      type = "sqlite3";
+    };
+    settings = {
+      default = {
+        APP_NAME = "Forgejo"; # TODO: A new name for my forgejo instance.
+        APP_SLOGAN = "Beyond coding. We Forge."; # TODO: A new slogan.
+      };
+      server = {
+        DOMAIN = "repo.hpcesia.com";
+        HTTP_ADDR = "127.0.0.1";
+        HTTP_PORT = 3125;
+        PROTOCOL = "http";
+        START_SSH_SERVER = true;
+        SSH_PORT = 2222;
+        ROOT_URL = "https://${config.services.forgejo.settings.server.DOMAIN}/";
+      };
+      # TODO: Enable federation after I finalize a suitable instance name and switch to an independent domain.
+      federation.ENABLED = false;
+      session.COOKIE_SECURE = true;
+      log = {
+        LEVEL = "Info";
+        ENABLE_SSH_LOG = true; # Enable ssh log for fail2ban.
+        "logger.router.MODE" = "Error";
+      };
+    };
+  };
+
+  users.users."git" = {
+    isSystemUser = true;
+    useDefaultShell = true;
+    group = config.services.forgejo.group;
+    home = config.services.forgejo.stateDir;
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    config.services.forgejo.settings.server.SSH_PORT
+  ];
+}