flake: sitch to npins

Signed-off-by: Bloxx12 <charlie@charlieroot.dev> Change-Id: I6a6a6964f4aa3349951fe7574622564452ad1af1
2025-07-19 21:51:37 +02:00 · 2025-07-19 21:51:37 +02:00 · 2e7d11c2ed
commit 2e7d11c2ed
parent 45179ade64
24 changed files with 707 additions and 731 deletions
--- a/modules/services/forgejo/forgejo.mod.nix
+++ b/modules/services/forgejo/forgejo.mod.nix
@ -0,0 +1,165 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (pkgs) fetchurl;
+  inherit (lib.modules) mkIf;
+  inherit (lib.options) mkEnableOption;
+  inherit (config.services.forgejo) customDir user group;
+
+  cfg = config.modules.system.services.forgejo;
+
+  port = 3000;
+  domain = "copeberg.org";
+  img = ./img;
+  dataDir = "/srv/data/forgejo";
+  dumpDir = "/srv/data/forgejo-dump";
+in {
+  options.modules.system.services.forgejo.enable = mkEnableOption "forgejo";
+
+  config = mkIf cfg.enable {
+    modules.system.services = {
+      database.postgresql.enable = true;
+      nginx.enable = true;
+    };
+
+    networking.firewall.allowedTCPPorts = [
+      443
+      80
+      3000
+    ];
+
+    services.nginx = {
+      enable = true;
+      virtualHosts.${domain} = {
+        addSSL = true;
+        enableACME = true;
+        locations."/" = {
+          proxyPass = "http://localhost:${toString port}";
+        };
+      };
+    };
+
+    # create the git user for forgejo
+    # NOTE: this is important and it will _not_ work otherwise.
+    users.users.git = {
+      home = dataDir;
+      useDefaultShell = true;
+      group = "git";
+      isSystemUser = true;
+    };
+    users.groups.git = {};
+
+    services.forgejo = {
+      enable = true;
+      package = pkgs.forgejo;
+      stateDir = dataDir;
+
+      user = "git";
+      group = "git";
+      database = {
+        createDatabase = true;
+        name = "git";
+        user = "git";
+        type = "postgres";
+      };
+
+      # Disable support for Git Large File Storage
+      lfs.enable = false;
+
+      settings = {
+        server = {
+          DOMAIN = domain;
+          # You need to specify this to remove the port from URLs in the web UI.
+          ROOT_URL = "https://${domain}/";
+          HTTP_PORT = port;
+          LANDING_PAGE = "home";
+        };
+        DEFAULT = {
+          APP_NAME = "Copeberg.org";
+          APP_SLOGAN = "Code and seethe.";
+        };
+        # disable registration by default.
+        service.DISABLE_REGISTRATION = true;
+
+        # Add support for actions, based on act: https://github.com/nektos/act
+        actions = {
+          ENABLED = false;
+          DEFAULT_ACTIONS_URL = "github";
+        };
+        ui = {
+          SHOW_USER_EMAIL = false;
+          THEMES = "codeberg-dark";
+          DEFAULT_THEME = "codeberg-dark";
+        };
+
+        # The glory of the old default branch name
+        repository = {
+          DEFAULT_BRANCH = "master";
+        };
+
+        "repository.signing" = {
+          SIGNING_KEY = "none";
+        };
+      };
+
+      dump = {
+        enable = false;
+        backupDir = dumpDir;
+        interval = "06:00";
+        type = "tar.xz";
+      };
+    };
+
+    systemd.tmpfiles.rules = let
+      # no crawlers, thank you.
+      robots = pkgs.writeText "robots-txt" ''
+        User-agent: *
+        Disallow: /
+      '';
+      base-brand = fetchurl {
+        url = "https://codeberg.org/Codeberg-Infrastructure/forgejo/raw/branch/codeberg-10/web_src/css/themes/codeberg/base-brand.css";
+        hash = "sha256-QJ775HpINf8klO3d/8h+tEw0vk34p19dWUCWWuVwcho=";
+      };
+      dark-variables = fetchurl {
+        url = "https://codeberg.org/Codeberg-Infrastructure/forgejo/raw/branch/codeberg-10/web_src/css/themes/codeberg/dark-variables.css";
+        hash = "sha256-nCSJUOU9/R1fldoKXTTZmP7vmRjYUk/OKkbgrJ/NrXQ=";
+      };
+      theme-codeberg-dark = fetchurl {
+        url = "https://codeberg.org/Codeberg-Infrastructure/forgejo/raw/branch/codeberg-10/web_src/css/themes/theme-codeberg-dark.css";
+        hash = "sha256-KyXznH49koRGlzIDDqagN4PvFGD/zCX//wrctmtfgBs=";
+      };
+    in [
+      "d '${customDir}/public' 0750 ${user} ${group} - -"
+      "d '${customDir}/public/assets' 0750 ${user} ${group} - -"
+      "d '${customDir}/public/assets/img' 0750 ${user} ${group} - -"
+      # Copeberg logo, thanks Raf <3
+      "L+ '${customDir}/public/assets/img/logo.svg' - - - - ${img}/logo.svg"
+      "L+ '${customDir}/public/assets/img/logo.png' - - - - ${img}/logo.png"
+      "L+ '${customDir}/public/assets/img/apple-touch-icon' - - - - ${img}/logo.png"
+      "L+ '${customDir}/public/assets/img/favicon.svg' - - - - ${img}/logo.svg"
+      "L+ '${customDir}/public/assets/img/favicon.png' - - - - ${img}/logo.png"
+
+      # Theming shenanigans
+      "d '${customDir}/public/assets' 0750 ${user} ${group} - -"
+      "d '${customDir}/public/assets/css' 0750 ${user} ${group} - -"
+      "d '${customDir}/public/assets/css/codeberg' 0750 ${user} ${group} - -"
+
+      "L+ '${customDir}/public/assets/css/theme-codeberg-dark.css' - - - - ${theme-codeberg-dark}"
+      "L+ '${customDir}/public/assets/css/codeberg/base-brand.css' - - - - ${base-brand}"
+      "L+ '${customDir}/public/assets/css/codeberg/dark-variables.css' - - - - ${dark-variables}"
+
+      # Templates
+      "d '${customDir}/templates' 0750 ${user} ${group} - -"
+      "d '${customDir}/templates/repo' 0750 ${user} ${group} - -"
+      # Home page
+      "L+ '${customDir}/templates/home.tmpl' - - - - ${./templates}/home.tmpl"
+      "L+ '${customDir}/templates/repo/header.tmpl' - - - - ${./templates/repo}/header.tmpl"
+
+      # Fuck off scrapers
+      "L+ ${customDir}/public/robots.txt - - - - ${robots.outPath}"
+    ];
+  };
+}