Move forgejo to hetznix

2025-01-05 15:18:56 +00:00 · 2025-01-05 15:18:56 +00:00 · d50f92ca1b
commit d50f92ca1b
parent 1156a9af04
14 changed files with 120 additions and 99 deletions
--- a/nix/hosts/hetznix/services/default.nix
+++ b/nix/hosts/hetznix/services/default.nix
@ -1,10 +1,7 @@
 {
  imports = [
-    ./acme.nix
    ./caddy
+    ./forgejo.nix
+    ./openssl.nix
  ];
-
-  services = {
-    openssh.enable = true;
-  };
 }
--- a/nix/hosts/hetznix/services/forgejo.nix
+++ b/nix/hosts/hetznix/services/forgejo.nix
@ -0,0 +1,28 @@
+{ config, ... }:
+
+{
+  services = {
+    forgejo = {
+      enable = true;
+
+      settings = {
+        server = {
+          DOMAIN = "code.oliverdavies.uk";
+          HTTP_PORT = 2223;
+        };
+
+        service = {
+          DISABLE_REGISTRATION = true;
+        };
+      };
+    };
+
+    caddy.virtualHosts."${config.services.forgejo.settings.server.DOMAIN}" = {
+      useACMEHost = "oliverdavies.uk";
+
+      extraConfig = "reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}";
+    };
+
+    openssh.settings.AllowUsers = [ "forgejo" ];
+  };
+}
--- a/nix/hosts/hetznix/services/openssl.nix
+++ b/nix/hosts/hetznix/services/openssl.nix
@ -0,0 +1,10 @@
+{
+  services.openssh = {
+    enable = true;
+
+    settings = {
+      AllowUsers = [ "opdavies" ];
+      PermitRootLogin = "no";
+    };
+  };
+}