kp2pml30/dotfiles
1
0
Fork 0
mirror of https://github.com/kp2pml30/dotfiles.git synced 2026-02-16 23:34:42 +04:00
Code Issues Projects Releases Packages Wiki Activity Actions

add git hosting

Browse source
This commit is contained in:
kp2pml30 2025-03-03 06:27:50 +04:00
parent 70e965c63f
commit 778ad87a8a
6 changed files with 55 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

1
flake.nix
View file

@ -38,6 +38,7 @@
kp2pml30.server = { kp2pml30.server = {
hostname = "kp2pml30.moe"; hostname = "kp2pml30.moe";
nginx = true; nginx = true;
forgejo = true;
}; };
} }

3
nix/server/default.nix
View file

@ -18,6 +18,8 @@ in {
nginx = lib.mkEnableOption ""; nginx = lib.mkEnableOption "";
forgejo = lib.mkEnableOption "";
sitePath = lib.mkOption { sitePath = lib.mkOption {
type = lib.types.str; type = lib.types.str;
}; };
@ -28,6 +30,7 @@ in {
./nginx.nix ./nginx.nix
./boot.nix ./boot.nix
./site.nix ./site.nix
./forgejo.nix
]; ];
config = { config = {

22
nix/server/forgejo.nix Normal file
View file

@ -0,0 +1,22 @@
{ config
, pkgs
, lib
, ...
}:
let
cfg = config.kp2pml30.server;
in lib.mkIf cfg.forgejo {
services.forgejo = {
enable = true;
database.type = "postgres";
lfs.enable = true;
settings = {
server = {
DOMAIN = "git.${cfg.hostname}";
ROOT_URL = "https://git.${cfg.hostname}/";
HTTP_PORT = 8002;
};
service.DISABLE_REGISTRATION = true;
};
};
}

19
nix/server/nginx.nix
View file

@ -6,6 +6,7 @@
let let
cfg = config.kp2pml30.server; cfg = config.kp2pml30.server;
acmeRoot = "/var/lib/acme/acme-challenge"; acmeRoot = "/var/lib/acme/acme-challenge";
pref = "kp2";
in lib.mkIf cfg.nginx { in lib.mkIf cfg.nginx {
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
@ -13,7 +14,7 @@ in lib.mkIf cfg.nginx {
defaults.email = "kp2pml30@gmail.com"; defaults.email = "kp2pml30@gmail.com";
#defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory"; #defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
certs."${cfg.hostname}" = { certs."${cfg.hostname}" = {
extraDomainNames = [ "pr.${cfg.hostname}" "www.${cfg.hostname}" ]; extraDomainNames = [ "pr.${cfg.hostname}" "www.${cfg.hostname}" "git.${cfg.hostname}" ];
webroot = acmeRoot; webroot = acmeRoot;
group = "nginx"; group = "nginx";
}; };
@ -22,15 +23,27 @@ in lib.mkIf cfg.nginx {
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts."git.${cfg.hostname}" = {
enableACME = true;
acmeRoot = acmeRoot;
listen = [
{ addr = "0.0.0.0"; port = 80; }
];
locations."/" = {
proxyPass = "http://127.0.0.1:8002";
};
};
virtualHosts."${cfg.hostname}" = { virtualHosts."${cfg.hostname}" = {
addSSL = true; # addSSL = true;
# forceSSL = true; # forceSSL = true;
enableACME = true; enableACME = true;
acmeRoot = acmeRoot; acmeRoot = acmeRoot;
listen = [ listen = [
{ addr = "0.0.0.0"; port = 80; } { addr = "0.0.0.0"; port = 80; }
# { addr = "0.0.0.0"; port = 444; ssl = true; }
]; ];
locations."/" = { locations."/" = {

2
nix/server/site.nix
View file

@ -7,7 +7,7 @@ let
cfg = config.kp2pml30.server; cfg = config.kp2pml30.server;
src = builtins.fetchGit { src = builtins.fetchGit {
url = "https://github.com/kp2pml30/kp2pml30.github.io.git"; url = "https://github.com/kp2pml30/kp2pml30.github.io.git";
rev = "98e76b9ca1c9bcf619b2dae28601dc3c926dfa01"; rev = "855fb5c51c439179aeedf83e1b0ecdb0d4385023";
}; };
pack = (import "${src}/release.nix" args); pack = (import "${src}/release.nix" args);
in lib.mkIf cfg.nginx { in lib.mkIf cfg.nginx {

33
nix/server/stream.nginx
View file

@ -11,14 +11,15 @@ map $ssl_preread_server_name $name {
svr2.signal.org svr2; svr2.signal.org svr2;
updates.signal.org updates; updates.signal.org updates;
updates2.signal.org updates2; updates2.signal.org updates2;
backend1.svr3.signal.org svr31;
backend2.svr3.signal.org svr32; kp2pml30.moe self;
backend3.svr3.signal.org svr33; git.kp2pml30.moe self;
default deny; default deny;
} }
upstream signal-service { upstream signal-service {
server chat.signal.org:443; server chat.signal.org:443;
} }
upstream storage-service { upstream storage-service {
@ -53,18 +54,6 @@ upstream svr2 {
server svr2.signal.org:443; server svr2.signal.org:443;
} }
upstream svr31 {
server backend1.svr3.signal.org:443;
}
upstream svr32 {
server backend2.svr3.signal.org:443;
}
upstream svr33 {
server backend3.svr3.signal.org:443;
}
upstream updates { upstream updates {
server updates.signal.org:443; server updates.signal.org:443;
} }
@ -81,6 +70,10 @@ upstream self {
server 127.0.0.1:80; server 127.0.0.1:80;
} }
upstream forgejo {
server 127.0.0.1:3000;
}
server { server {
listen 443 ssl; listen 443 ssl;
server_name pr.kp2pml30.moe; server_name pr.kp2pml30.moe;
@ -93,11 +86,9 @@ server {
} }
server { server {
listen 443 ssl; listen 443 ssl;
server_name kp2pml30.moe; server_name kp2pml30.moe git.kp2pml30.moe;
error_log /tmp/err.nginx debug; proxy_pass self;
proxy_pass self;
ssl_certificate /var/lib/acme/kp2pml30.moe/fullchain.pem; ssl_certificate /var/lib/acme/kp2pml30.moe/fullchain.pem;
ssl_certificate_key /var/lib/acme/kp2pml30.moe/key.pem; ssl_certificate_key /var/lib/acme/kp2pml30.moe/key.pem;