First test for biggoron

hosts/zora/default.nix

@@ -22,6 +22,7 @@
       ../../modules/server/nayru
       ../../modules/server/kalif
       ../../modules/server/maistro
+      ../../modules/server/biggoron
 
       # disko.nixosModules.disko
       agenix.nixosModules.default

hosts/zora/reverse-proxy.nix

@@ -50,6 +50,15 @@
           proxyWebsockets = true;
         };
       };
+      # 44303
+      "git.lyes.eu" = {
+        forceSSL = true;
+        enableACME = true;
+        extraConfig = ''
+          client_max_body_size 512M;
+        '';
+        locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}";
+      };
       
       # 9980
       "collabora.lyes.eu" = {

modules/server/biggoron/default.nix

@@ -0,0 +1,88 @@
+{ lib, config, ... }:
+let
+  cfg = config.services.forgejo;
+  srv = cfg.settings.server;
+in
+{
+  services.openssh = {
+    ports = [
+      22
+      2222
+    ];
+    settings.AcceptEnv = "GIT_PROTOCOL";
+  };
+
+  services.forgejo = {
+    enable = true;
+
+    database = {
+      type = "postgres";
+      user = "biggoron";
+      name = "biggoron";
+      passwordFile = config.age.secrets.biggoron-db-pass.path;
+    };
+
+    # Enable support for Git Large File Storage
+    lfs.enable = true;
+
+    settings = {
+      server = {
+        DOMAIN = "git.lyes.eu";
+        # You need to specify this to remove the port from URLs in the web UI.
+        ROOT_URL = "https://${srv.DOMAIN}/"; 
+        HTTP_PORT = 44303;
+        SSH_PORT = 2222;
+      };
+
+      # You can temporarily allow registration to create an admin user.
+      service.DISABLE_REGISTRATION = true; 
+
+      # Add support for actions, based on act: https://github.com/nektos/act
+      actions = {
+        ENABLED = true;
+        DEFAULT_ACTIONS_URL = "github";
+      };
+
+      # Sending emails is completely optional
+      # You can send a test email from the web UI at:
+      # Profile Picture > Site Administration > Configuration >  Mailer Configuration 
+      mailer = {
+        ENABLED = true;
+        PROTOCOL = "sendmail";
+        # SMTP_ADDR = "taf.lyes.eu";
+        # FROM = "noreply@${srv.DOMAIN}";
+        # USER = "noreply@${srv.DOMAIN}";
+      };
+
+      # oauth2_client = {
+      #   REGISTER_EMAIL_CONFIRM = true;
+      #   USERNAME = ;
+      # };
+    };
+
+    secrets = {
+      # mailer.PASSWD = config.age.secrets.forgejo-mailer-password.path;
+    };
+  };
+
+  systemd.services.forgejo.preStart = let 
+    adminCmd = "${lib.getExe cfg.package} admin user";
+    pwd = config.age.secrets.biggoron-admin-pass;
+    user = "biggoron-admin";
+  in ''
+    ${adminCmd} create --admin --email "root@localhost" --username ${user} --password "$(tr -d '\n' < ${pwd.path})" || true
+    ## uncomment this line to change an admin user which was already created
+    # ${adminCmd} change-password --username ${user} --password "$(tr -d '\n' < ${pwd.path})" || true
+  '';
+
+  age.secrets.biggoron-db-pass = {
+    file = ../../../secrets/zora/services/biggoron-db-pass.age;
+    mode = "400";
+    owner = "forgejo";
+  };
+
+  age.secrets.biggoron-admin-pass = {
+    file = ../../../secrets/zora/services/biggoron-admin-pass.age;
+    owner = "forgejo";
+  };
+}

secrets.nix

@@ -19,4 +19,6 @@ in
   "secrets/zora/services/baba-admin-pass.age".publicKeys = all;
   "secrets/zora/services/nayru-conf.age".publicKeys = all;
   "secrets/zora/services/kalif-conf.age".publicKeys = all;
+  "secrets/zora/services/biggoron-db-pass.age".publicKeys = all;
+  "secrets/zora/services/biggoron-admin-pass.age".publicKeys = all;
 }

secrets/zora/services/biggoron-admin-pass.age

@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 whuRpQ P68G0JmaYc5nhGKwEniDK2LKm4HoycvpwqiBpFk2L2g
+fc0q/oJ62WE/scr3B1GugO23aZdQVIidNcGOjF+Bcuk
+-> ssh-ed25519 TFqgIg iRBnxyUvUSqwqg9D5uEF8gAz8rsi7UAp8/2EMdpgoR4
+7cnFpewmqfCyZmES3wl8ZLtp+ZTQ78wkM/hnWULqZjI
+--- gCUl3rfwNHkXbV3Dl6wabG1ADLpOsYveOJjvoTd/bvk
+Õ+®°pd»¥Wú„ý±ìÚL}` ®z
ÒSå9`g _¨‡’¥0YªWùáå½=gùÌ¥Œµt+\”tÞÐo»%

secrets/zora/services/biggoron-db-pass.age

@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 whuRpQ oPvyRnkciZAWcJ77/nE2poQA4bbqhq/qxMIrO91BVD0
+bcWoQO6zcAa2vnh0/CO7vUiS+r2NXIAJzQRf1RuL6Oc
+-> ssh-ed25519 TFqgIg LhYaU7CdeiqoT9Gya3ClSermmLCxcRiEw32KMekknGM
+TMWCpK/SptahaWKvC7z2+0Z+jqt3uB0XlqwX9CrapKw
+--- adNmPtRtkeuyUw3HVal8a3/V7gZZ3fTNbyi7Vj/rsw8
+ÅyG_)ŽkâÐĦm‹rÿÇÑwðcVk¯	,ÆÚÕuݶùZPE!fì-‹‹æGZu ðˆÄB[
+6±¸iÕª5¾Y¯É®¾~Ȣ͗2ÁÏ;•9$Ùλ ‹•º\éa8ø(<28>‹— \ïM.g·vóÀ·Ož™ =}dÈp«Â­vPNU®»Z<C2BB>?@çÑyï9èÞ\§üC­6U'H