diff --git a/configuration.nix b/configuration.nix index e03c694..1c63c37 100644 --- a/configuration.nix +++ b/configuration.nix @@ -6,7 +6,10 @@ # https://github.com/nix-community/NixOS-WSL { config, lib, pkgs, ... }: - +let + cfg = config.services.forgejo; + srv = cfg.settings.server; +in { imports = [ # include NixOS-WSL modules @@ -16,14 +19,7 @@ wsl.enable = true; wsl.defaultUser = "nixos"; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It's perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "24.05"; # Did you read the comment? + system.stateVersion = "24.11"; nix = { settings = { @@ -31,102 +27,59 @@ }; }; - environment = { - systemPackages = with pkgs; [ - git - vim - wget - curl - htop - ]; + environment.systemPackages = with pkgs; [ + git + ]; + + virtualisation.docker = { + enable = true; }; - openproject = pkgs.fetchFromGithub { - owner = "bendlas"; - repo = "openproject-nix"; - rev = ""; - sha256 = ""; + security.acme = { + defaults.email = "michael.huebner@ptspaper.de"; + acceptTerms = true; }; services = { + endlessh = { + enable = true; + port = 22; + }; + openssh = { enable = true; - settings.PermitRootLogin = "yes"; - }; - redis = { - servers = { - # Queue, naming it "" makes it use default values. - "".enable = true; - - socketio = { - enable = true; - port = 12311; - }; - }; - }; - }; - - networking = { - firewall = { - enable = false; - }; - }; - - users = { - mutableUsers = false; - - extraUsers = { - root = { - password = "root"; - }; + ports = [ 23 ]; }; - users = { - root = { - - }; - openproject = { - description = "User to run openproject"; - group = "openproject"; - isSystemUser = true; - home = "/var/lib/openproject"; - createHome = true; - } - }; - }; - - systemd = { - services = { - openproject = { - enable = true; - wantedBy = [ "multi-user.target" ]; - after = [ "mysql.service" "redis.service" "redis-socketio.service" ]; - description = "ERPNext"; - confinement = { - enable = true; - packages = [ pkgs.mariadb-client pkgs.nodejs penv ]; - }; - script = '' - export PYTHON_PATH=${penv}/${pkgs.python3.sitePackages} - export PATH="${pkgs.mariadb-client}/bin:${pkgs.nodejs}/bin:${penv}/bin:$PATH" - - # Initialize the DB - # Start the server - + nginx = { + enable = true; + virtualHosts.${srv.DOMAIN} = { + forceSSL = true; + enableACME = true; + extraConfig = '' + client_max_body_size 512M; ''; - serviceConfig = { - User = "erpnext"; - NoNewPrivileges = true; - Type = "simple"; - BindReadOnlyPaths = [ - "/etc/hosts:/etc/hosts" - "${pkgs.openproject}:${pkgs.openproject}" - ]; - BindPaths = [ - "/var/lib/openproject:/var/libopenproject" - ]; + locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}"; + }; + }; + + forgejo = { + enable = true; + database.type = "postgres"; + lfs.enable = true; + settings = { + server = { + DOMAIN = "localhost"; + ROOT_URL = "https://${srv.DOMAIN}"; + HTTP_PORT = 3000; + SSH_PORT = 62; + }; + service.DISABLE_REGISTRATION = true; + actions = { + ENABLED = true; + DEFAULT_ACTIONS_URL = "github"; }; }; }; }; -} +} \ No newline at end of file