diff --git a/flake.nix b/flake.nix index 0970e73..c7aaca4 100644 --- a/flake.nix +++ b/flake.nix @@ -38,6 +38,7 @@ kp2pml30.server = { hostname = "kp2pml30.moe"; nginx = true; + forgejo = true; }; } diff --git a/nix/server/default.nix b/nix/server/default.nix index 8315675..cdab9bd 100644 --- a/nix/server/default.nix +++ b/nix/server/default.nix @@ -18,6 +18,8 @@ in { nginx = lib.mkEnableOption ""; + forgejo = lib.mkEnableOption ""; + sitePath = lib.mkOption { type = lib.types.str; }; @@ -28,6 +30,7 @@ in { ./nginx.nix ./boot.nix ./site.nix + ./forgejo.nix ]; config = { diff --git a/nix/server/forgejo.nix b/nix/server/forgejo.nix new file mode 100644 index 0000000..c8e68e5 --- /dev/null +++ b/nix/server/forgejo.nix @@ -0,0 +1,22 @@ +{ config +, pkgs +, lib +, ... +}: +let + cfg = config.kp2pml30.server; +in lib.mkIf cfg.forgejo { + services.forgejo = { + enable = true; + database.type = "postgres"; + lfs.enable = true; + settings = { + server = { + DOMAIN = "git.${cfg.hostname}"; + ROOT_URL = "https://git.${cfg.hostname}/"; + HTTP_PORT = 8002; + }; + service.DISABLE_REGISTRATION = true; + }; + }; +} diff --git a/nix/server/nginx.nix b/nix/server/nginx.nix index b18c619..8de8b85 100644 --- a/nix/server/nginx.nix +++ b/nix/server/nginx.nix @@ -6,6 +6,7 @@ let cfg = config.kp2pml30.server; acmeRoot = "/var/lib/acme/acme-challenge"; + pref = "kp2"; in lib.mkIf cfg.nginx { security.acme = { acceptTerms = true; @@ -13,7 +14,7 @@ in lib.mkIf cfg.nginx { defaults.email = "kp2pml30@gmail.com"; #defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory"; certs."${cfg.hostname}" = { - extraDomainNames = [ "pr.${cfg.hostname}" "www.${cfg.hostname}" ]; + extraDomainNames = [ "pr.${cfg.hostname}" "www.${cfg.hostname}" "git.${cfg.hostname}" ]; webroot = acmeRoot; group = "nginx"; }; @@ -22,15 +23,27 @@ in lib.mkIf cfg.nginx { services.nginx = { enable = true; + virtualHosts."git.${cfg.hostname}" = { + enableACME = true; + acmeRoot = acmeRoot; + + listen = [ + { addr = "0.0.0.0"; port = 80; } + ]; + + locations."/" = { + proxyPass = "http://127.0.0.1:8002"; + }; + }; + virtualHosts."${cfg.hostname}" = { - addSSL = true; + # addSSL = true; # forceSSL = true; enableACME = true; acmeRoot = acmeRoot; listen = [ { addr = "0.0.0.0"; port = 80; } - # { addr = "0.0.0.0"; port = 444; ssl = true; } ]; locations."/" = { diff --git a/nix/server/site.nix b/nix/server/site.nix index 0b4aa11..880f724 100644 --- a/nix/server/site.nix +++ b/nix/server/site.nix @@ -7,7 +7,7 @@ let cfg = config.kp2pml30.server; src = builtins.fetchGit { url = "https://github.com/kp2pml30/kp2pml30.github.io.git"; - rev = "98e76b9ca1c9bcf619b2dae28601dc3c926dfa01"; + rev = "855fb5c51c439179aeedf83e1b0ecdb0d4385023"; }; pack = (import "${src}/release.nix" args); in lib.mkIf cfg.nginx { diff --git a/nix/server/stream.nginx b/nix/server/stream.nginx index 3b6c002..5d33c56 100644 --- a/nix/server/stream.nginx +++ b/nix/server/stream.nginx @@ -11,14 +11,15 @@ map $ssl_preread_server_name $name { svr2.signal.org svr2; updates.signal.org updates; updates2.signal.org updates2; - backend1.svr3.signal.org svr31; - backend2.svr3.signal.org svr32; - backend3.svr3.signal.org svr33; + + kp2pml30.moe self; + git.kp2pml30.moe self; + default deny; } upstream signal-service { - server chat.signal.org:443; + server chat.signal.org:443; } upstream storage-service { @@ -53,18 +54,6 @@ upstream svr2 { server svr2.signal.org:443; } -upstream svr31 { - server backend1.svr3.signal.org:443; -} - -upstream svr32 { - server backend2.svr3.signal.org:443; -} - -upstream svr33 { - server backend3.svr3.signal.org:443; -} - upstream updates { server updates.signal.org:443; } @@ -81,6 +70,10 @@ upstream self { server 127.0.0.1:80; } +upstream forgejo { + server 127.0.0.1:3000; +} + server { listen 443 ssl; server_name pr.kp2pml30.moe; @@ -93,11 +86,9 @@ server { } server { - listen 443 ssl; - server_name kp2pml30.moe; - error_log /tmp/err.nginx debug; - - proxy_pass self; + listen 443 ssl; + server_name kp2pml30.moe git.kp2pml30.moe; + proxy_pass self; ssl_certificate /var/lib/acme/kp2pml30.moe/fullchain.pem; ssl_certificate_key /var/lib/acme/kp2pml30.moe/key.pem;