diff --git a/hosts/franz/arion/git/arion-compose.nix b/hosts/franz/arion/git/arion-compose.nix new file mode 100644 index 0000000..e6e19a7 --- /dev/null +++ b/hosts/franz/arion/git/arion-compose.nix @@ -0,0 +1,59 @@ +{pkgs, ...}: { + project.name = "git"; + + networks.dmz = { + name = "dmz"; + external = true; + }; + + networks.transport = {}; + + services = { + forgejo.service = { + image = "codeberg.org/forgejo/forgejo:1.21.6-0"; + container_name = "forgejo"; + useHostStore = true; + labels = { + "traefik.enable" = "true"; + "traefik.http.routers.forgejo.entrypoints" = "websecure"; + "traefik.http.routers.forgejo.rule" = "Host(`git.ghoscht.com`)"; + "traefik.http.services.forgejo.loadbalancer.server.port" = "3000"; + "traefik.docker.network" = "dmz"; + "traefik.http.routers.forgejo.tls" = "true"; + "traefik.http.routers.forgejo.tls.certresolver" = "letsencrypt"; + }; + volumes = [ + "/home/ghoscht/.docker/git/forgejo_data:/data" + "/etc/localtime:/etc/localtime:ro" + ]; + ports = [ + "2222:22" + ]; + environment = { + USER_UID = 1000; + USER_GID = 1000; + GITEA__database__DB_TYPE = "postgres"; + GITEA__database__HOST = "db:5432"; + }; + env_file = [ + "/home/ghoscht/.docker/git/forgejo.env" + ]; + restart = "unless-stopped"; + networks = [ + "dmz" + "transport" + ]; + }; + db.service = { + image = "postgres:15.3-bullseye"; + env_file = [ + "/home/ghoscht/.docker/git/forgejo-db.env" + ]; + volumes = ["/home/ghoscht/.docker/git/forgejo_db:/var/lib/postgresql/data"]; + restart = "unless-stopped"; + networks = [ + "transport" + ]; + }; + }; +} diff --git a/hosts/franz/arion/git/arion-pkgs.nix b/hosts/franz/arion/git/arion-pkgs.nix new file mode 100644 index 0000000..69aad13 --- /dev/null +++ b/hosts/franz/arion/git/arion-pkgs.nix @@ -0,0 +1,6 @@ +# Instead of pinning Nixpkgs, we can opt to use the one in NIX_PATH +import { + # We specify the architecture explicitly. Use a Linux remote builder when + # calling arion from other platforms. + system = "x86_64-linux"; +} diff --git a/hosts/franz/arion/git/default.nix b/hosts/franz/arion/git/default.nix new file mode 100644 index 0000000..575625f --- /dev/null +++ b/hosts/franz/arion/git/default.nix @@ -0,0 +1,41 @@ +{config, ...}: let + vars = import ../../../../vars.nix; +in { + virtualisation.arion = { + projects.git.settings = { + imports = [./arion-compose.nix]; + }; + }; + + sops.secrets."forgejo/db_password" = { + owner = vars.user; + }; + sops.secrets."forgejo/db_user" = { + owner = vars.user; + }; + sops.secrets."forgejo/db_database" = { + owner = vars.user; + }; + + sops.templates."forgejo.env" = { + path = "/home/${vars.user}/.docker/git/forgejo.env"; + owner = vars.user; + mode = "0775"; + content = '' + GITEA__database__NAME="${config.sops.placeholder."forgejo/db_database"}" + GITEA__database__USER="${config.sops.placeholder."forgejo/db_user"}" + GITEA__database__PASSWD="${config.sops.placeholder."forgejo/db_password"}" + ''; + }; + + sops.templates."forgejo-db.env" = { + path = "/home/${vars.user}/.docker/git/forgejo-db.env"; + owner = vars.user; + mode = "0775"; + content = '' + POSTGRES_DB="${config.sops.placeholder."forgejo/db_database"}" + POSTGRES_USER="${config.sops.placeholder."forgejo/db_user"}" + POSTGRES_PASSWORD="${config.sops.placeholder."forgejo/db_password"}" + ''; + }; +}