add git hosting

flake.nix

@@ -38,6 +38,7 @@
 							kp2pml30.server = {
 								hostname = "kp2pml30.moe";
 								nginx = true;
+								forgejo = true;
 							};
 						}
 

nix/server/default.nix

@@ -18,6 +18,8 @@ in {
 
 		nginx = lib.mkEnableOption "";
 
+		forgejo = lib.mkEnableOption "";
+
 		sitePath = lib.mkOption {
 			type = lib.types.str;
 		};
@@ -28,6 +30,7 @@ in {
 		./nginx.nix
 		./boot.nix
 		./site.nix
+		./forgejo.nix
 	];
 
 	config = {

nix/server/forgejo.nix

@@ -0,0 +1,22 @@
+{ config
+, pkgs
+, lib
+, ...
+}:
+let
+	cfg = config.kp2pml30.server;
+in lib.mkIf cfg.forgejo {
+	services.forgejo = {
+		enable = true;
+		database.type = "postgres";
+		lfs.enable = true;
+		settings = {
+			server = {
+				DOMAIN = "git.${cfg.hostname}";
+				ROOT_URL = "https://git.${cfg.hostname}/";
+				HTTP_PORT = 8002;
+			};
+			service.DISABLE_REGISTRATION = true;
+		};
+	};
+}

nix/server/nginx.nix

@@ -6,6 +6,7 @@
 let
 	cfg = config.kp2pml30.server;
 	acmeRoot = "/var/lib/acme/acme-challenge";
+	pref = "kp2";
 in lib.mkIf cfg.nginx {
 	security.acme = {
 		acceptTerms = true;
@@ -13,7 +14,7 @@ in lib.mkIf cfg.nginx {
 		defaults.email = "kp2pml30@gmail.com";
 		#defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
 		certs."${cfg.hostname}" = {
-			extraDomainNames = [ "pr.${cfg.hostname}" "www.${cfg.hostname}" ];
+			extraDomainNames = [ "pr.${cfg.hostname}" "www.${cfg.hostname}" "git.${cfg.hostname}" ];
 			webroot = acmeRoot;
 			group = "nginx";
 		};
@@ -22,15 +23,27 @@ in lib.mkIf cfg.nginx {
 	services.nginx = {
 		enable = true;
 
+		virtualHosts."git.${cfg.hostname}" = {
+			enableACME = true;
+			acmeRoot = acmeRoot;
+
+			listen = [
+				{ addr = "0.0.0.0"; port = 80; }
+			];
+
+			locations."/" = {
+				proxyPass = "http://127.0.0.1:8002";
+			};
+		};
+
 		virtualHosts."${cfg.hostname}" = {
-			addSSL = true;
+			# addSSL = true;
 			# forceSSL = true;
 			enableACME = true;
 			acmeRoot = acmeRoot;
 
 			listen = [
 				{ addr = "0.0.0.0"; port = 80; }
-				# { addr = "0.0.0.0"; port = 444; ssl = true; }
 			];
 
 			locations."/" = {

nix/server/site.nix

@@ -7,7 +7,7 @@ let
 	cfg = config.kp2pml30.server;
 	src = builtins.fetchGit {
 		url = "https://github.com/kp2pml30/kp2pml30.github.io.git";
-		rev = "98e76b9ca1c9bcf619b2dae28601dc3c926dfa01";
+		rev = "855fb5c51c439179aeedf83e1b0ecdb0d4385023";
 	};
 	pack = (import "${src}/release.nix" args);
 in lib.mkIf cfg.nginx {

nix/server/stream.nginx

@@ -11,14 +11,15 @@ map $ssl_preread_server_name $name {
 	svr2.signal.org                         svr2;
 	updates.signal.org                      updates;
 	updates2.signal.org                     updates2;
-	backend1.svr3.signal.org                svr31;
-	backend2.svr3.signal.org                svr32;
-	backend3.svr3.signal.org                svr33;
+
+	kp2pml30.moe                            self;
+	git.kp2pml30.moe                        self;
+
 	default                                 deny;
 }
 
 upstream signal-service {
-	 server chat.signal.org:443;
+	server chat.signal.org:443;
 }
 
 upstream storage-service {
@@ -53,18 +54,6 @@ upstream svr2 {
 	server svr2.signal.org:443;
 }
 
-upstream svr31 {
-	server backend1.svr3.signal.org:443;
-}
-
-upstream svr32 {
-	server backend2.svr3.signal.org:443;
-}
-
-upstream svr33 {
-	server backend3.svr3.signal.org:443;
-}
-
 upstream updates {
 	server updates.signal.org:443;
 }
@@ -81,6 +70,10 @@ upstream self {
 	server 127.0.0.1:80;
 }
 
+upstream forgejo {
+	server 127.0.0.1:3000;
+}
+
 server {
 	listen          443 ssl;
 	server_name     pr.kp2pml30.moe;
@@ -93,11 +86,9 @@ server {
 }
 
 server {
-	listen 443 ssl;
-	server_name kp2pml30.moe;
-	error_log   /tmp/err.nginx debug;
-
-	proxy_pass self;
+	listen          443 ssl;
+	server_name     kp2pml30.moe git.kp2pml30.moe;
+	proxy_pass      self;
 
 	ssl_certificate         /var/lib/acme/kp2pml30.moe/fullchain.pem;
 	ssl_certificate_key     /var/lib/acme/kp2pml30.moe/key.pem;