Basic forgejo server config

configuration.nix

@@ -6,7 +6,10 @@
 # https://github.com/nix-community/NixOS-WSL
 
 { config, lib, pkgs, ... }:
-
+let
+  cfg = config.services.forgejo;
+  srv = cfg.settings.server;
+in
 {
   imports = [
     # include NixOS-WSL modules
@@ -16,14 +19,7 @@
   wsl.enable = true;
   wsl.defaultUser = "nixos";
 
-
+  system.stateVersion = "24.11";
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It's perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "24.05"; # Did you read the comment?
 
   nix = {
     settings = {
@@ -31,102 +27,59 @@
     };
   };
 
-  environment = {
+  environment.systemPackages = with pkgs; [
-    systemPackages = with pkgs; [
+    git
-      git
+  ];
-      vim
+
-      wget
+  virtualisation.docker = {
-      curl
+    enable = true;
-      htop
-    ];
   };
 
-  openproject = pkgs.fetchFromGithub {
+  security.acme = {
-    owner = "bendlas";
+    defaults.email = "michael.huebner@ptspaper.de";
-    repo = "openproject-nix";
+    acceptTerms = true;
-    rev = "";
-    sha256 = "";
   };
 
   services = {
+    endlessh = {
+      enable = true;
+      port = 22;
+    };
+
     openssh = {
       enable = true;
-      settings.PermitRootLogin = "yes";
+      ports = [ 23 ];
-    };
-    redis = {
-      servers = {
-        # Queue, naming it "" makes it use default values.
-        "".enable = true;
-
-        socketio = {
-          enable = true;
-          port = 12311;
-        };
-      };
-    };
-  };
-
-  networking = {
-    firewall = {
-      enable = false;
-    };
-  };
-
-  users = {
-    mutableUsers = false;
-
-    extraUsers = {
-      root = {
-        password = "root";
-      };
     };
 
-    users = {
+    nginx = {
-      root = {
+      enable = true;
-
+      virtualHosts.${srv.DOMAIN} = {
-      };
+        forceSSL = true;
-      openproject = {
+        enableACME = true;
-        description = "User to run openproject";
+        extraConfig = ''
-        group = "openproject";
+          client_max_body_size 512M;
-        isSystemUser = true;
-        home = "/var/lib/openproject";
-        createHome = true;
-      }
-    };
-  };
-
-  systemd = {
-    services = {
-      openproject = {
-        enable = true;
-        wantedBy = [ "multi-user.target" ];
-        after = [ "mysql.service" "redis.service" "redis-socketio.service" ];
-        description = "ERPNext";
-        confinement = {
-          enable = true;
-          packages = [ pkgs.mariadb-client pkgs.nodejs penv ];
-        };
-        script = ''
-          export PYTHON_PATH=${penv}/${pkgs.python3.sitePackages}
-          export PATH="${pkgs.mariadb-client}/bin:${pkgs.nodejs}/bin:${penv}/bin:$PATH"
-
-          # Initialize the DB
-          # Start the server
-
         '';
-        serviceConfig = {
+        locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
-          User = "erpnext";
+      };
-          NoNewPrivileges = true;
+    };
-          Type = "simple";
+
-          BindReadOnlyPaths = [
+    forgejo = {
-            "/etc/hosts:/etc/hosts"
+      enable = true;
-            "${pkgs.openproject}:${pkgs.openproject}"
+      database.type = "postgres";
-          ];
+      lfs.enable = true;
-          BindPaths = [
+      settings = {
-            "/var/lib/openproject:/var/libopenproject"
+        server = {
-          ];
+          DOMAIN = "localhost";
+          ROOT_URL = "https://${srv.DOMAIN}";
+          HTTP_PORT = 3000;
+          SSH_PORT = 62;
+        };
+        service.DISABLE_REGISTRATION = true;
+        actions = {
+          ENABLED = true;
+          DEFAULT_ACTIONS_URL = "github";
         };
       };
     };
   };
-}
+}