Add basic forgejo container

2026-01-21 21:01:34 +01:00 · 2024-09-11 23:49:41 +02:00 · 2024-09-11 23:49:41 +02:00 · acefd7ce46
commit acefd7ce46
parent 0f9e3cbbc9
4 changed files with 73 additions and 2 deletions
--- a/hosts/stratus/containers/forgejo/default.nix
+++ b/hosts/stratus/containers/forgejo/default.nix
@ -0,0 +1,32 @@
+{
+  containers.forgejo.config =
+    { config, lib, ... }:
+    {
+      sops.secrets."forgejo-admin-password" = {
+        owner = config.users.users.forgejo.name;
+        inherit (config.users.users.forgejo) group;
+      };
+
+      services.forgejo = {
+        enable = true;
+        stateDir = "/data/forgejo";
+
+        lfs.enable = true;
+        database.type = "postgres";
+        settings = {
+          server = {
+            DOMAIN = config.networking.fqdn;
+            ROOT_URL = "https://${config.services.forgejo.settings.server.DOMAIN}/";
+          };
+          service.DISABLE_REGISTRATION = true;
+        };
+      };
+
+      systemd.services.forgejo.preStart = ''
+        create="${lib.getExe config.services.forgejo.package} admin user create"
+        $create --admin --email "sebastian.stork@pm.me" --username seb --password "$(cat ${config.sops.secrets.forgejo-admin-password.path})" || true
+      '';
+
+      myConfig.tailscale.serve = "3000";
+    };
+}
--- a/hosts/stratus/containers/forgejo/secrets.yaml
+++ b/hosts/stratus/containers/forgejo/secrets.yaml
@ -0,0 +1,31 @@
+tailscale-auth-key: ENC[AES256_GCM,data:OnCmxHy5wFAOOIv3G3rhMsjg9JjHnjENORDQGfVe+cxNSrcqb/Vb0n12jd5SCnxlqrUM+QLjo7yUaKa43M4=,iv:VWf+KsjMsAr6E7SyaXJivJzN7udZmle1LKvXXx2cSvY=,tag:DkqNwLvf2xXu5aUMvCSLWw==,type:str]
+forgejo-admin-password: ENC[AES256_GCM,data:l/6pYXwUEsu6dvEXQAhN46dXk08XCk33G1GeoLrm,iv:Z635DD5ca4wZ9vO2VAlo1rzockKL/XC0/GrQPV/59XA=,tag:XZVQS5tOPdBfYAIURfZ5vQ==,type:str]
+sops:
+  kms: []
+  gcp_kms: []
+  azure_kv: []
+  hc_vault: []
+  age:
+    - recipient: age1mpq8m4p7dnxh5ze3fh7etd2k6sp85zdnmp9te3e9chcw4pw07pcq960zh5
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZejdhUzZyQ1RROGZmZUdX
+        UFR6NlBsbVZDMjJwM3pidi8waWNWVS9id2tnClBxQ3J6N0IwOGZ5eFZFZHU1ZEN3
+        YUh2c3VUd2xLa3NEdWUzdE1aOUZONFUKLS0tIHpGM1pMeUFQYytoQmdncHJWUHlz
+        L003dzV4Z0lTRllkVDJlSm16S1crMlUKtW70ZGOCC9iwfQ7kxzx+DT7l2qSub9Bf
+        VfdlHP1XHXhEw3Don3OLrzwaIzXBbfqGGtpd0rWIoxISqjguBulR9g==
+        -----END AGE ENCRYPTED FILE-----
+    - recipient: age12k607dpdjt5dyq0w3hpgyfdyfrrfuutxgra0tgt8qja30er7cupsfps60n
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkdVFCOUt0TDdOZnA1c3NZ
+        UDVJcUNUS3dqVmJMOVIra0tEVEJ5cjVNYnljCkcxMXF2SGJFRDVDeEFFTEh5dUdV
+        MkEzQXE3TjhHcUJjdXhGSHZyanpVZ1UKLS0tIERlVXNXNjV5OHdyeG5LdCtIVWNG
+        YzNSUG5HWStBemtRZ0s4NzNOOTZRWDAKJHKjfzIPOQUoizt5SffPP/n4d+hOfGLg
+        bXsKSa99E5JMxskzYZQGH0G4OLZrJEMzegRW0DsJtEFwj8YORmn6iw==
+        -----END AGE ENCRYPTED FILE-----
+  lastmodified: "2024-09-11T19:43:05Z"
+  mac: ENC[AES256_GCM,data:3PK5wU8J1Q3wOyFuW3N2nbHgLzQm8OIWOFw79DpmmUFxTEkuRkXPyL3sCOoiie7oX07vkijRQc9PTYlE92CaeoiWS17kdYVOQt309izMsqK6A4Ga01uBt3tsWUsKfkawdM2nQ6Nlft4S55lZUEwYrcX5gJrbmWsdwf4boQ7HVMA=,iv:gZ5sazElY7l1FKns1qQcXBdPQiS2exod0XTFbXdMkqk=,tag:2da6i6jVSHIsgRsfQdEZ9w==,type:str]
+  pgp: []
+  unencrypted_suffix: _unencrypted
+  version: 3.9.0