Added forgejo, actual, and formatted some stuff

2025-09-23 13:23:13 +02:00 · 2025-09-23 13:23:13 +02:00 · 4e60d4fbc9
commit 4e60d4fbc9
parent a6e1b359ef
13 changed files with 293 additions and 130 deletions
--- a/moduler/dev.nix
+++ b/moduler/dev.nix
@ -41,6 +41,7 @@ in

 	# Blogging
    hugo
+	zola

 	# System Design
    sqlc
--- a/moduler/kitchenowl.nix
+++ b/moduler/kitchenowl.nix
@ -7,6 +7,34 @@
 let
 in
 {
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "fredrik@wastring.com";
+    certs."shop.wastring.com" = {
+      dnsProvider = "gandiv5";
+      webroot = null;
+      credentialsFile = config.sops.secrets.gandi_key.path;
+      dnsPropagationCheck = true;
+    };
+  };
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    virtualHosts."shop.wastring.com" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8080";
+        proxyWebsockets = true;
+        extraConfig =
+          "proxy_ssl_server_name on;"
+          +
+            # required when the server wants to use HTTP Authentication
+            "proxy_pass_header Authorization;";
+      };
+    };
+  };
  virtualisation.oci-containers = {
    backend = "podman";
 	containers = {
--- a/moduler/programs.nix
+++ b/moduler/programs.nix
@ -4,8 +4,7 @@
  inputs,
  lib,
  config,
-  pkgs,
-  myhostname,
+  pkgs, myhostname,
  ...
 }: {
 	services.udev = {
@ -39,6 +38,9 @@
 		xdg-user-dirs
 		angryipscanner

+		# TUI
+		gurk-rs
+
 		# Browsers
 		librewolf
 		chawan
--- a/moduler/programs/k9s/default.nix
+++ b/moduler/programs/k9s/default.nix
@ -9,8 +9,7 @@ let
 in
 {
  programs.k9s = {
-    # enable = true;
-    enable = false;
+    enable = true;
 	settings = {
 		k9s.ui.skin = "catppuccin-latte";
 	};
--- a/moduler/radicale.nix
+++ b/moduler/radicale.nix
@ -4,30 +4,11 @@
 }:
 {

-  security.acme = {
-    certs."cal.wastring.com" = {
-      dnsProvider = "gandiv5";
-      webroot = null;
-      credentialsFile = config.sops.secrets.gandi_key.path;
-      dnsPropagationCheck = true;
-    };
-  };
-  # services.nginx = {
-  #   virtualHosts."cal.wastring.com" = {
-  #     enableACME = true;
-  #     forceSSL = true;
-  #     locations."/" = {
-  #       proxyPass = "http://127.0.0.1:5232";
-  #       proxyWebsockets = true; # needed if you need to use WebSocket
-  #       extraConfig = "proxy_ssl_server_name on;" + "proxy_pass_header Authorization;";
-  #     };
-  #   };
-  # };
  services.radicale = {
    enable = true;
    settings = {
 		auth.type = "none";
-		server.hosts = [ "0.0.0.0:5232" ];
+		server.hosts = [ "100.64.0.4:5232" ];
 	};
  };
 }
--- a/moduler/services/actual/default.nix
+++ b/moduler/services/actual/default.nix
@ -0,0 +1,46 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib;
+{
+  options = {
+    actual = {
+      enable = mkEnableOption "enables Actual";
+      port = lib.mkOption {
+        type = lib.types.int;
+        default = 8001;
+        description = "The port that Actual is served on.";
+      };
+      hostname = lib.mkOption {
+        type = lib.types.str;
+        default = "localhost";
+        description = "The hostname that Actual is served on.";
+      };
+    };
+  };
+
+  config = mkMerge [
+    (mkIf config.actual.enable {
+      services = {
+        actual = {
+          enable = true;
+          openFirewall = true;
+          settings = {
+            port = config.actual.port;
+            hostname = config.actual.hostname;
+          };
+        };
+        nginx.virtualHosts."budget.wastring.com" = {
+          forceSSL = true;
+          enableACME = true;
+          locations."/" = {
+            proxyPass = "http://${toString config.actual.hostname}:${toString config.actual.port}";
+            proxyWebsockets = true;
+          };
+        };
+      };
+    })
+  ];
+}
--- a/moduler/services/forgejo/default.nix
+++ b/moduler/services/forgejo/default.nix
@ -0,0 +1,91 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}:
+let
+  cfg = config.services.forgejo;
+  srv = cfg.settings.server;
+in
+with lib;
+{
+  options = {
+    forgejo = {
+      enable = mkEnableOption "enables forgejo";
+      port = lib.mkOption {
+        type = lib.types.int;
+        default = 8003;
+        description = "The port that Actual is served on.";
+      };
+      domain = lib.mkOption {
+        type = lib.types.str;
+        default = "git.wastring.com";
+        description = "The hostname that Actual is served on.";
+      };
+    };
+  };
+  config = mkMerge [
+    (mkIf config.actual.enable {
+      services.nginx = {
+        virtualHosts.${config.forgejo.domain} = {
+          forceSSL = true;
+          enableACME = true;
+          extraConfig = ''
+            client_max_body_size 512M;
+          '';
+          locations."/".proxyPass = "http://localhost:${toString config.forgejo.port}";
+        };
+      };
+
+      sops.secrets.smtp_password = { };
+      sops.secrets.forgejo-admin-password.owner = "forgejo";
+      systemd.services.forgejo.preStart =
+        let
+          adminCmd = "${lib.getExe cfg.package} admin user";
+          pwd = config.sops.secrets.forgejo-admin-password;
+          user = "fw";
+        in
+        ''
+          ${adminCmd} create --admin --email "root@localhost" --username ${user} --password "$(tr -d '\n' < ${pwd.path})" || true
+          ## uncomment this line to change an admin user which was already created
+          # ${adminCmd} change-password --username ${user} --password "$(tr -d '\n' < ${pwd.path})" || true
+        '';
+
+      services.forgejo = {
+        enable = true;
+        database.type = "postgres";
+        # Enable support for Git Large File Storage
+        lfs.enable = true;
+        settings = {
+          server = {
+            DOMAIN = "${config.forgejo.domain}";
+            # You need to specify this to remove the port from URLs in the web UI.
+            ROOT_URL = "https://${config.forgejo.domain}/";
+            HTTP_PORT = config.forgejo.port;
+          };
+          # You can temporarily allow registration to create an admin user.
+          service.DISABLE_REGISTRATION = true;
+          # Add support for actions, based on act: https://github.com/nektos/act
+          actions = {
+            ENABLED = true;
+            DEFAULT_ACTIONS_URL = "github";
+          };
+          # Sending emails is completely optional
+          # You can send a test email from the web UI at:
+          # Profile Picture > Site Administration > Configuration >  Mailer Configuration
+          mailer = {
+            ENABLED = true;
+            SMTP_ADDR = "mail.gandi.net";
+            FROM = "noreply@${config.forgejo.domain}";
+            USER = "fredrik@wastring.com";
+          };
+        };
+        secrets = {
+          mailer.PASSWD = config.sops.secrets.smtp_password.path;
+        };
+      };
+    })
+  ];
+
+}