diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 724f86e..668e10a 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -69,6 +69,10 @@ enable = true; subdomain = "media"; }; + forgejo = { + enable = true; + subdomain = "git"; + }; }; networking = { hostId = "c51763d6"; diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 9f06565..65d79d9 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -2,7 +2,8 @@ imports = [ ./network_storage ./reverse_proxy.nix - ./jellyfin.nix ./postgres.nix + ./jellyfin.nix + ./forgejo.nix ]; } diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index 96b9aeb..7ed3312 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -17,20 +17,33 @@ in { config = lib.mkIf config.host.forgejo.enable { - enable = true; - database = { - type = "postgres"; - socket = "/run/postgresql"; - }; - lfs.enable = true; - settings = { - server = { - DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; - HTTP_PORT = forgejoPort; + host = { + reverse_proxy.subdomains.${config.host.forgejo.subdomain} = { + target = "http://localhost:${toString forgejoPort}"; + }; + postgres = { + enable = true; + extraUsers = { + forgejo = { + isClient = true; + }; + }; }; }; - host.reverse_proxy.subdomains.${config.host.jellyfin.subdomain} = { - target = "http://localhost:${toString forgejoPort}"; + + services.forgejo = { + enable = true; + database = { + type = "postgres"; + socket = "/run/postgresql"; + }; + lfs.enable = true; + settings = { + server = { + DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; + HTTP_PORT = forgejoPort; + }; + }; }; }; } diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index 57a9cde..d6e3fe8 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -34,11 +34,11 @@ in { assertions = [ { assertion = config.services.jellyfin.dataDir == jellyfin_data_directory; - description = "jellyfin data directory does not match persistence"; + message = "jellyfin data directory does not match persistence"; } { assertion = config.services.jellyfin.cacheDir == jellyfin_cache_directory; - description = "jellyfin cache directory does not match persistence"; + message = "jellyfin cache directory does not match persistence"; } ]; diff --git a/modules/nixos-modules/server/postgres.nix b/modules/nixos-modules/server/postgres.nix index d22be17..fde5c97 100644 --- a/modules/nixos-modules/server/postgres.nix +++ b/modules/nixos-modules/server/postgres.nix @@ -5,38 +5,29 @@ ... }: let dataDir = "/var/lib/postgresql/15"; + adminUsers = lib.lists.filter (user: user.isAdmin) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); + clientUsers = lib.lists.filter (user: user.isClient) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); in { options = { host.postgres = { enable = lib.mkEnableOption "enable postgres"; - extraAdminUsers = lib.mkOption { - type = lib.types.attrsOf lib.types.submodule ({name, ...}: { + extraUsers = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { options = { name = lib.mkOption { type = lib.types.str; default = name; - description = '' - What should this users name on the system be - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.name"; + }; + isAdmin = lib.mkOption { + type = lib.types.bool; + default = false; + }; + isClient = lib.mkOption { + type = lib.types.bool; + default = false; }; }; - }); - default = {}; - }; - extraDatabaseUsers = lib.mkOption { - type = lib.types.attrsOf lib.types.submodule ({name, ...}: { - options = { - name = lib.mkOption { - type = lib.types.str; - default = name; - description = '' - What should this users name on the system be - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.name"; - }; - }; - }); + })); default = {}; }; }; @@ -47,18 +38,12 @@ in { services = { postgresql = { enable = true; - ensureUsers = - [ - { - name = "postgres"; - } - ] - + (lib.attrsets.mapAttrsToList (user: { - name = user.name; - ensureDBOwnership = true; - }) - config.host.postgres.extraDatabaseUsers); - ensureDatabases = lib.attrsets.mapAttrsToList (user: user.name) config.host.postgres.extraDatabaseUsers; + package = pkgs.postgresql_15; + ensureUsers = [ + { + name = "postgres"; + } + ]; identMap = '' # ArbitraryMapName systemUser DBUser @@ -68,14 +53,14 @@ in { superuser_map postgres postgres '' + ( - lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map ${user.name} postgres") config.host.postgres.extraAdminUsers) + lib.strings.concatLines (builtins.map (user: "superuser_map ${user.name} postgres") adminUsers) ) + '' # Client Users '' + ( - lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map ${user.name} ${user.name}") config.host.postgres.extraDatabaseUsers) + lib.strings.concatLines (builtins.map (user: "superuser_map ${user.name} ${user.name}") clientUsers) ); # configuration here lets users access the db that matches their name and lets user postgres access everything authentication = pkgs.lib.mkOverride 10 '' @@ -91,7 +76,7 @@ in { assertions = [ { assertion = config.services.postgresql.dataDir == dataDir; - description = "postgres data directory does not match persistence"; + message = "postgres data directory does not match persistence"; } ]; environment.persistence."/persist/system/root" = {