jan-leila/nix-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

created forgejo service

Browse source
This commit is contained in:
Leyla Becker 2025-01-02 16:21:44 -06:00
parent fe1f2adf9f
commit 9ecba48dcf
2 changed files with 97 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
modules/nixos-modules/server/forgejo.nix Normal file
View file

@ -0,0 +1,36 @@
{
lib,
config,
...
}: let
forgejoPort = 8081;
in {
options.host.forgejo = {
enable = lib.mkEnableOption "should forgejo be enabled on this computer";
subdomain = lib.mkOption {
type = lib.types.str;
description = "subdomain of base domain that forgejo will be hosted at";
default = "forgejo";
};
};
config =
lib.mkIf config.host.forgejo.enable
{
enable = true;
database = {
type = "postgres";
socket = "/run/postgresql";
};
lfs.enable = true;
settings = {
server = {
DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}";
HTTP_PORT = forgejoPort;
};
};
host.reverse_proxy.subdomains.${config.host.jellyfin.subdomain} = {
target = "http://localhost:${toString forgejoPort}";
};
};
}

102
modules/nixos-modules/server/postgres.nix
View file

@ -3,7 +3,9 @@
lib,
pkgs,
...
}: {
}: let
dataDir = "/var/lib/postgresql/15";
in {
options = {
host.postgres = {
enable = lib.mkEnableOption "enable postgres";
@ -40,47 +42,65 @@
};
};
config = lib.mkIf config.host.postgres.enable {
services = {
postgresql = {
enable = true;
ensureUsers =
[
{
name = "postgres";
}
]
+ (lib.attrsets.mapAttrsToList (user: {
name = user.name;
ensureDBOwnership = true;
})
config.host.postgres.extraDatabaseUsers);
ensureDatabases = lib.attrsets.mapAttrsToList (user: user.name) config.host.postgres.extraDatabaseUsers;
identMap =
''
# ArbitraryMapName systemUser DBUser
config = lib.mkIf config.host.postgres.enable (lib.mkMerge [
{
services = {
postgresql = {
enable = true;
ensureUsers =
[
{
name = "postgres";
}
]
+ (lib.attrsets.mapAttrsToList (user: {
name = user.name;
ensureDBOwnership = true;
})
config.host.postgres.extraDatabaseUsers);
ensureDatabases = lib.attrsets.mapAttrsToList (user: user.name) config.host.postgres.extraDatabaseUsers;
identMap =
''
# ArbitraryMapName systemUser DBUser
# Administration Users
superuser_map root postgres
superuser_map postgres postgres
''
+ (
lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map ${user.name} postgres") config.host.postgres.extraAdminUsers)
)
+ ''
# Administration Users
superuser_map root postgres
superuser_map postgres postgres
''
+ (
lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map ${user.name} postgres") config.host.postgres.extraAdminUsers)
)
+ ''
# Client Users
''
+ (
lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map ${user.name} ${user.name}") config.host.postgres.extraDatabaseUsers)
);
# configuration here lets users access the db that matches their name and lets user postgres access everything
authentication = pkgs.lib.mkOverride 10 ''
# type database DBuser origin-address auth-method optional_ident_map
local all postgres peer map=superuser_map
local sameuser all peer map=superuser_map
'';
# Client Users
''
+ (
lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map ${user.name} ${user.name}") config.host.postgres.extraDatabaseUsers)
);
# configuration here lets users access the db that matches their name and lets user postgres access everything
authentication = pkgs.lib.mkOverride 10 ''
# type database DBuser origin-address auth-method optional_ident_map
local all postgres peer map=superuser_map
local sameuser all peer map=superuser_map
'';
};
};
};
};
}
(lib.mkIf config.host.impermanence.enable {
assertions = [
{
assertion = config.services.postgresql.dataDir == dataDir;
description = "postgres data directory does not match persistence";
}
];
environment.persistence."/persist/system/root" = {
enable = true;
hideMounts = true;
directories = [
dataDir
];
};
})
]);
}