move forgejo to it's own module and enable fail2ban for it

2025-09-19 10:13:08 +02:00 · 2025-09-19 10:13:08 +02:00 · 07ef166529
commit 07ef166529
parent 8c940b7550
3 changed files with 74 additions and 62 deletions
--- a/os/hs/configuration.nix
+++ b/os/hs/configuration.nix
@ -8,6 +8,7 @@ let
    hs
  ];
  domain = "antoinev.freeboxos.fr";
+  utils = import ../utils.nix;
 in {
  imports = [
    ./hardware-configuration.nix
@ -97,16 +98,7 @@ in {
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
-    virtualHosts = let
-      reverseProxy = port: {
-        enableACME = true;
-        forceSSL = true;
-        locations."/" = {
-          proxyPass = "http://127.0.0.1:${builtins.toString port}";
-          proxyWebsockets = true;
-        };
-      };
-    in {
+    virtualHosts = {
      "immich.antoinevaure.fr" = {
        enableACME = true;
        forceSSL = true;
@ -124,65 +116,16 @@ in {
        };
      };

-      "jellyfin.antoinevaure.fr" = (reverseProxy 8096);
+      "jellyfin.antoinevaure.fr" = (utils.reverseProxy 8096);
      # "sonarr.${domain}" = (reverseProxy 8989);
      # "radarr.${domain}" = (reverseProxy 7878);
      # "qbittorrent.${domain}" = (reverseProxy qbittorrentPort);
-      "git.antoinevaure.fr" = (reverseProxy 3000);
+      "git.antoinevaure.fr" = (utils.reverseProxy 3000);
      # "nextcloud.${domain}" = {
      #   enableACME = true;
      #   forceSSL = true;
      # };
-      "nixcache.antoinevaure.fr" = (reverseProxy config.services.nix-serve.port);
-    };
-  };
-
-  services.forgejo = {
-    enable = true;
-    lfs.enable = true;
-    settings = {
-      server = {
-        DOMAIN = "git.antoinevaure.fr";
-        ROOT_URL = "https://git.antoinevaure.fr/"; 
-        HTTP_PORT = 3000;
-      };
-      # You can temporarily allow registration to create an admin user.
-      service.DISABLE_REGISTRATION = true; 
-      # Add support for actions, based on act: https://github.com/nektos/act
-      actions = {
-        ENABLED = true;
-        # DEFAULT_ACTIONS_URL = "github";
-      };
-
-      repository = {
-        ENABLE_PUSH_CREATE_USER = true;
-        ENABLE_PUSH_CREATE_ORG = true;
-      };
-      # Sending emails is completely optional
-      # You can send a test email from the web UI at:
-      # Profile Picture > Site Administration > Configuration >  Mailer Configuration 
-      # mailer = {
-      #   ENABLED = true;
-      #   SMTP_ADDR = "mail.example.com";
-      #   FROM = "noreply@${srv.DOMAIN}";
-      #   USER = "noreply@${srv.DOMAIN}";
-      # };
-    };
-  };
-
-  services.gitea-actions-runner = {
-    package = pkgs.forgejo-actions-runner;
-    instances.default = {
-      enable = true;
-      name = "monolith";
-      url = "https://git.antoinevaure.fr";
-      # Obtaining the path to the runner token file may differ
-      # tokenFile should be in format TOKEN=<secret>, since it's EnvironmentFile for systemd
-      tokenFile = /root/forgejo_runner_token;
-      labels = [
-        "native:host"
-      ];
-      hostPackages = with pkgs; [ bash coreutils gitMinimal config.nix.package ];
+      "nixcache.antoinevaure.fr" = (utils.reverseProxy config.services.nix-serve.port);
    };
  };