Arion: Add forgejo

2024-03-07 16:48:08 +01:00 · 2024-03-07 16:48:08 +01:00 · 4f987b0a6f
commit 4f987b0a6f
parent 66b96a843f
3 changed files with 106 additions and 0 deletions
--- a/hosts/franz/arion/git/arion-compose.nix
+++ b/hosts/franz/arion/git/arion-compose.nix
@ -0,0 +1,59 @@
+{pkgs, ...}: {
+  project.name = "git";
+
+  networks.dmz = {
+    name = "dmz";
+    external = true;
+  };
+
+  networks.transport = {};
+
+  services = {
+    forgejo.service = {
+      image = "codeberg.org/forgejo/forgejo:1.21.6-0";
+      container_name = "forgejo";
+      useHostStore = true;
+      labels = {
+        "traefik.enable" = "true";
+        "traefik.http.routers.forgejo.entrypoints" = "websecure";
+        "traefik.http.routers.forgejo.rule" = "Host(`git.ghoscht.com`)";
+        "traefik.http.services.forgejo.loadbalancer.server.port" = "3000";
+        "traefik.docker.network" = "dmz";
+        "traefik.http.routers.forgejo.tls" = "true";
+        "traefik.http.routers.forgejo.tls.certresolver" = "letsencrypt";
+      };
+      volumes = [
+        "/home/ghoscht/.docker/git/forgejo_data:/data"
+        "/etc/localtime:/etc/localtime:ro"
+      ];
+      ports = [
+        "2222:22"
+      ];
+      environment = {
+        USER_UID = 1000;
+        USER_GID = 1000;
+        GITEA__database__DB_TYPE = "postgres";
+        GITEA__database__HOST = "db:5432";
+      };
+      env_file = [
+        "/home/ghoscht/.docker/git/forgejo.env"
+      ];
+      restart = "unless-stopped";
+      networks = [
+        "dmz"
+        "transport"
+      ];
+    };
+    db.service = {
+      image = "postgres:15.3-bullseye";
+      env_file = [
+        "/home/ghoscht/.docker/git/forgejo-db.env"
+      ];
+      volumes = ["/home/ghoscht/.docker/git/forgejo_db:/var/lib/postgresql/data"];
+      restart = "unless-stopped";
+      networks = [
+        "transport"
+      ];
+    };
+  };
+}
--- a/hosts/franz/arion/git/arion-pkgs.nix
+++ b/hosts/franz/arion/git/arion-pkgs.nix
@ -0,0 +1,6 @@
+# Instead of pinning Nixpkgs, we can opt to use the one in NIX_PATH
+import <nixpkgs> {
+  # We specify the architecture explicitly. Use a Linux remote builder when
+  # calling arion from other platforms.
+  system = "x86_64-linux";
+}
--- a/hosts/franz/arion/git/default.nix
+++ b/hosts/franz/arion/git/default.nix
@ -0,0 +1,41 @@
+{config, ...}: let
+  vars = import ../../../../vars.nix;
+in {
+  virtualisation.arion = {
+    projects.git.settings = {
+      imports = [./arion-compose.nix];
+    };
+  };
+
+  sops.secrets."forgejo/db_password" = {
+    owner = vars.user;
+  };
+  sops.secrets."forgejo/db_user" = {
+    owner = vars.user;
+  };
+  sops.secrets."forgejo/db_database" = {
+    owner = vars.user;
+  };
+
+  sops.templates."forgejo.env" = {
+    path = "/home/${vars.user}/.docker/git/forgejo.env";
+    owner = vars.user;
+    mode = "0775";
+    content = ''
+      GITEA__database__NAME="${config.sops.placeholder."forgejo/db_database"}"
+      GITEA__database__USER="${config.sops.placeholder."forgejo/db_user"}"
+      GITEA__database__PASSWD="${config.sops.placeholder."forgejo/db_password"}"
+    '';
+  };
+
+  sops.templates."forgejo-db.env" = {
+    path = "/home/${vars.user}/.docker/git/forgejo-db.env";
+    owner = vars.user;
+    mode = "0775";
+    content = ''
+      POSTGRES_DB="${config.sops.placeholder."forgejo/db_database"}"
+      POSTGRES_USER="${config.sops.placeholder."forgejo/db_user"}"
+      POSTGRES_PASSWORD="${config.sops.placeholder."forgejo/db_password"}"
+    '';
+  };
+}