From 9ecba48dcf302a1e564165bb731fd1dd1c916e3b Mon Sep 17 00:00:00 2001
From: Leyla Becker <git@jan-leila.com>
Date: Thu, 2 Jan 2025 16:21:44 -0600
Subject: [PATCH] created forgejo service

---
 modules/nixos-modules/server/forgejo.nix  |  36 ++++++++
 modules/nixos-modules/server/postgres.nix | 102 +++++++++++++---------
 2 files changed, 97 insertions(+), 41 deletions(-)
 create mode 100644 modules/nixos-modules/server/forgejo.nix

diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix
new file mode 100644
index 0000000..96b9aeb
--- /dev/null
+++ b/modules/nixos-modules/server/forgejo.nix
@@ -0,0 +1,36 @@
+{
+  lib,
+  config,
+  ...
+}: let
+  forgejoPort = 8081;
+in {
+  options.host.forgejo = {
+    enable = lib.mkEnableOption "should forgejo be enabled on this computer";
+    subdomain = lib.mkOption {
+      type = lib.types.str;
+      description = "subdomain of base domain that forgejo will be hosted at";
+      default = "forgejo";
+    };
+  };
+
+  config =
+    lib.mkIf config.host.forgejo.enable
+    {
+      enable = true;
+      database = {
+        type = "postgres";
+        socket = "/run/postgresql";
+      };
+      lfs.enable = true;
+      settings = {
+        server = {
+          DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}";
+          HTTP_PORT = forgejoPort;
+        };
+      };
+      host.reverse_proxy.subdomains.${config.host.jellyfin.subdomain} = {
+        target = "http://localhost:${toString forgejoPort}";
+      };
+    };
+}
diff --git a/modules/nixos-modules/server/postgres.nix b/modules/nixos-modules/server/postgres.nix
index 2aae5fa..d22be17 100644
--- a/modules/nixos-modules/server/postgres.nix
+++ b/modules/nixos-modules/server/postgres.nix
@@ -3,7 +3,9 @@
   lib,
   pkgs,
   ...
-}: {
+}: let
+  dataDir = "/var/lib/postgresql/15";
+in {
   options = {
     host.postgres = {
       enable = lib.mkEnableOption "enable postgres";
@@ -40,47 +42,65 @@
     };
   };
 
-  config = lib.mkIf config.host.postgres.enable {
-    services = {
-      postgresql = {
-        enable = true;
-        ensureUsers =
-          [
-            {
-              name = "postgres";
-            }
-          ]
-          + (lib.attrsets.mapAttrsToList (user: {
-              name = user.name;
-              ensureDBOwnership = true;
-            })
-            config.host.postgres.extraDatabaseUsers);
-        ensureDatabases = lib.attrsets.mapAttrsToList (user: user.name) config.host.postgres.extraDatabaseUsers;
-        identMap =
-          ''
-            # ArbitraryMapName systemUser DBUser
+  config = lib.mkIf config.host.postgres.enable (lib.mkMerge [
+    {
+      services = {
+        postgresql = {
+          enable = true;
+          ensureUsers =
+            [
+              {
+                name = "postgres";
+              }
+            ]
+            + (lib.attrsets.mapAttrsToList (user: {
+                name = user.name;
+                ensureDBOwnership = true;
+              })
+              config.host.postgres.extraDatabaseUsers);
+          ensureDatabases = lib.attrsets.mapAttrsToList (user: user.name) config.host.postgres.extraDatabaseUsers;
+          identMap =
+            ''
+              # ArbitraryMapName systemUser DBUser
 
-            # Administration Users
-            superuser_map      root      postgres
-            superuser_map      postgres  postgres
-          ''
-          + (
-            lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map      ${user.name}   postgres") config.host.postgres.extraAdminUsers)
-          )
-          + ''
+              # Administration Users
+              superuser_map      root      postgres
+              superuser_map      postgres  postgres
+            ''
+            + (
+              lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map      ${user.name}   postgres") config.host.postgres.extraAdminUsers)
+            )
+            + ''
 
-            # Client Users
-          ''
-          + (
-            lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map      ${user.name}   ${user.name}") config.host.postgres.extraDatabaseUsers)
-          );
-        # configuration here lets users access the db that matches their name and lets user postgres access everything
-        authentication = pkgs.lib.mkOverride 10 ''
-          # type database DBuser    origin-address auth-method   optional_ident_map
-          local  all      postgres                 peer          map=superuser_map
-          local  sameuser all                      peer          map=superuser_map
-        '';
+              # Client Users
+            ''
+            + (
+              lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map      ${user.name}   ${user.name}") config.host.postgres.extraDatabaseUsers)
+            );
+          # configuration here lets users access the db that matches their name and lets user postgres access everything
+          authentication = pkgs.lib.mkOverride 10 ''
+            # type database DBuser    origin-address auth-method   optional_ident_map
+            local  all      postgres                 peer          map=superuser_map
+            local  sameuser all                      peer          map=superuser_map
+          '';
+        };
       };
-    };
-  };
+    }
+
+    (lib.mkIf config.host.impermanence.enable {
+      assertions = [
+        {
+          assertion = config.services.postgresql.dataDir == dataDir;
+          description = "postgres data directory does not match persistence";
+        }
+      ];
+      environment.persistence."/persist/system/root" = {
+        enable = true;
+        hideMounts = true;
+        directories = [
+          dataDir
+        ];
+      };
+    })
+  ]);
 }