Overhaul

2025-10-17 19:58:11 +00:00 · 2025-10-17 19:58:11 +00:00 · f9132abd53
commit f9132abd53
parent b89303566a
12 changed files with 332 additions and 30 deletions
--- a/modules/forgejo/default.nix
+++ b/modules/forgejo/default.nix
@ -0,0 +1,44 @@
+{ pkgs, config, ... }:
+{
+  services.nginx.virtualHosts.${config.services.forgejo.settings.server.DOMAIN} = {
+    forceSSL = true;
+    enableACME = true;
+
+    extraConfig = ''
+      client_max_body_size 512M;
+    '';
+
+    locations."/" = {
+      proxyPass = "http://${toString config.services.forgejo.settings.server.ROOT_URL}:${toString config.services.forgejo.settings.server.HTTP_PORT}";
+
+      proxyWebsockets = true;
+
+      extraConfig = ''
+        proxy_pass_header Authorization;
+      '';
+    };
+  };
+
+  services.forgejo = {
+    enable = true;
+
+    database.type = "postgres";
+
+    lfs.enable = true;
+
+    settings = {
+      server = {
+        DOMAIN = "git.katkak.dev";
+        ROOT_URL = "127.0.0.1";
+        HTTP_PORT = 3000;
+      };
+
+      service.DISABLE_REGISTRATION = true;
+
+      actions = {
+        ENABLED = true;
+        DEFAULT_ACTIONS_URL = "github";
+      };
+    };
+  };
+}
--- a/modules/grafana/default.nix
+++ b/modules/grafana/default.nix
@ -1,13 +1,21 @@
 { pkgs, config, ... }:
 {
+  services.nginx.virtualHosts.${config.services.grafana.settings.server.domain} = {
+    locations."/" = {
+      proxyPass = "http://${toString config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port}";
+
+      proxyWebsockets = true;
+    };
+  };
+
  services.grafana = {
    enable = true;

    settings = {
      server = {
+        domain = "grafana.katkak.dev";
        http_addr = "127.0.0.1";
        http_port = 2342;
-        domain = "grafana.pele";
      };
    };

@ -22,21 +30,17 @@
    };
  };

-  services.nginx.virtualHosts.${config.services.grafana.settings.server.domain} = {
-    locations."/" = {
-      proxyPass = "http://${toString config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port}";
-      proxyWebsockets = true;
-    };
-  };
-
  services.prometheus = {
    enable = true;
+
    port = 9001;

    exporters = {
      node = {
        enable = true;
+
        enabledCollectors = [ "systemd" ];
+
        port = 9002;
      };
    };
@ -44,6 +48,7 @@
    scrapeConfigs = [
      {
        job_name = "nixos";
+
        static_configs = [
          {
            targets = [
--- a/modules/nginx/default.nix
+++ b/modules/nginx/default.nix
@ -0,0 +1,43 @@
+{ pkgs, config, ... }:
+{
+  # These ports need to be open for acme
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+
+  services.nginx = {
+    enable = true;
+
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+  };
+
+  age.secrets.acme = {
+    file = ../../secrets/acme.age;
+    owner = "acme";
+    group = "acme";
+  };
+
+  security.acme = {
+    acceptTerms = true;
+
+    defaults = {
+      group = config.services.nginx.group;
+
+      dnsProvider = "cloudflare";
+
+      email = "dezuttereluka@gmail.com";
+
+      credentialFiles = {
+        "CLOUDFLARE_DNS_API_TOKEN_FILE" = config.age.secrets.acme.path;
+      };
+    };
+
+    certs = {
+      "katkak.dev" = {
+        extraDomainNames = [ "*.katkak.dev" ];
+      };
+    };
+  };
+}