created forgejo service

2025-01-02 16:21:44 -06:00 · 2025-01-02 16:21:44 -06:00 · 9ecba48dcf
commit 9ecba48dcf
parent fe1f2adf9f
2 changed files with 97 additions and 41 deletions
--- a/modules/nixos-modules/server/forgejo.nix
+++ b/modules/nixos-modules/server/forgejo.nix
@ -0,0 +1,36 @@
 {
  lib,
  config,
  ...
 }: let
  forgejoPort = 8081;
 in {
  options.host.forgejo = {
    enable = lib.mkEnableOption "should forgejo be enabled on this computer";
    subdomain = lib.mkOption {
      type = lib.types.str;
      description = "subdomain of base domain that forgejo will be hosted at";
      default = "forgejo";
    };
  };
  config =
    lib.mkIf config.host.forgejo.enable
    {
      enable = true;
      database = {
        type = "postgres";
        socket = "/run/postgresql";
      };
      lfs.enable = true;
      settings = {
        server = {
          DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}";
          HTTP_PORT = forgejoPort;
        };
      };
      host.reverse_proxy.subdomains.${config.host.jellyfin.subdomain} = {
        target = "http://localhost:${toString forgejoPort}";
      };
    };
 }
--- a/modules/nixos-modules/server/postgres.nix
+++ b/modules/nixos-modules/server/postgres.nix
@ -3,7 +3,9 @@
  lib,
  pkgs,
  ...
-}: {
+}: let
  dataDir = "/var/lib/postgresql/15";
 in {
  options = {
    host.postgres = {
      enable = lib.mkEnableOption "enable postgres";
@ -40,47 +42,65 @@
    };
  };
-  config = lib.mkIf config.host.postgres.enable {
+  config = lib.mkIf config.host.postgres.enable (lib.mkMerge [
-    services = {
+    {
-      postgresql = {
+      services = {
-        enable = true;
+        postgresql = {
-        ensureUsers =
+          enable = true;
-          [
+          ensureUsers =
-            {
+            [
-              name = "postgres";
+              {
-            }
+                name = "postgres";
-          ]
+              }
-          + (lib.attrsets.mapAttrsToList (user: {
+            ]
-              name = user.name;
+            + (lib.attrsets.mapAttrsToList (user: {
-              ensureDBOwnership = true;
+                name = user.name;
-            })
+                ensureDBOwnership = true;
-            config.host.postgres.extraDatabaseUsers);
+              })
-        ensureDatabases = lib.attrsets.mapAttrsToList (user: user.name) config.host.postgres.extraDatabaseUsers;
+              config.host.postgres.extraDatabaseUsers);
-        identMap =
+          ensureDatabases = lib.attrsets.mapAttrsToList (user: user.name) config.host.postgres.extraDatabaseUsers;
-          ''
+          identMap =
-            # ArbitraryMapName systemUser DBUser
+            ''
              # ArbitraryMapName systemUser DBUser
-            # Administration Users
+              # Administration Users
-            superuser_map      root      postgres
+              superuser_map      root      postgres
-            superuser_map      postgres  postgres
+              superuser_map      postgres  postgres
-          ''
+            ''
-          + (
+            + (
-            lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map      ${user.name}   postgres") config.host.postgres.extraAdminUsers)
+              lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map      ${user.name}   postgres") config.host.postgres.extraAdminUsers)
-          )
+            )
-          + ''
+            + ''
-            # Client Users
+              # Client Users
-          ''
+            ''
-          + (
+            + (
-            lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map      ${user.name}   ${user.name}") config.host.postgres.extraDatabaseUsers)
+              lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map      ${user.name}   ${user.name}") config.host.postgres.extraDatabaseUsers)
-          );
+            );
-        # configuration here lets users access the db that matches their name and lets user postgres access everything
+          # configuration here lets users access the db that matches their name and lets user postgres access everything
-        authentication = pkgs.lib.mkOverride 10 ''
+          authentication = pkgs.lib.mkOverride 10 ''
-          # type database DBuser    origin-address auth-method   optional_ident_map
+            # type database DBuser    origin-address auth-method   optional_ident_map
-          local  all      postgres                 peer          map=superuser_map
+            local  all      postgres                 peer          map=superuser_map
-          local  sameuser all                      peer          map=superuser_map
+            local  sameuser all                      peer          map=superuser_map
-        '';
+          '';
        };
      };
-    };
+    }
-  };
+
    (lib.mkIf config.host.impermanence.enable {
      assertions = [
        {
          assertion = config.services.postgresql.dataDir == dataDir;
          description = "postgres data directory does not match persistence";
        }
      ];
      environment.persistence."/persist/system/root" = {
        enable = true;
        hideMounts = true;
        directories = [
          dataDir
        ];
      };
    })
  ]);
 }