Initial framework: reusable modules, lib, pkgs, overlays, scripts, sample environment

2026-05-10 19:06:58 +02:00
commit c53d997d07
32 changed files with 1339 additions and 0 deletions
@@ -0,0 +1,90 @@
+{ config, pkgs, lib, ... }:
+
+let
+  cfg = config.services.git-forge;
+  inherit (lib) mkIf mkOption types;
+in
+
+{
+  options.services.git-forge = {
+    enable = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Enable the git forge service (Forgejo)";
+    };
+
+    domain = mkOption {
+      type = types.str;
+      default = "git.lagraula.fr";
+      description = "Domain name for the Forgejo instance";
+    };
+
+    sshPort = mkOption {
+      type = types.port;
+      default = 2222;
+      description = "SSH port for Git operations (avoid conflict with host SSH on 22)";
+    };
+
+    httpPort = mkOption {
+      type = types.port;
+      default = 3000;
+      description = "HTTP port for the Forgejo web interface";
+    };
+
+    dataDir = mkOption {
+      type = types.str;
+      default = "/var/lib/forgejo";
+      description = "Data directory for Forgejo repositories and database";
+    };
+
+    databaseType = mkOption {
+      type = types.enum [ "sqlite3" "postgres" "mysql" ];
+      default = "sqlite3";
+      description = "Database backend type";
+    };
+
+    settings = mkOption {
+      type = types.attrsOf types.anything;
+      default = { };
+      description = "Additional Forgejo settings (merged into services.forgejo.settings)";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    # Use the built-in NixOS forgejo module
+    services.forgejo = {
+      enable = true;
+      package = pkgs.forgejo;
+      settings = lib.recursiveUpdate {
+        server = {
+          DOMAIN = cfg.domain;
+          HTTP_PORT = cfg.httpPort;
+          HTTP_ADDR = "0.0.0.0";
+          ROOT_URL = "https://${cfg.domain}";
+          SSH_PORT = cfg.sshPort;
+          SSH_LISTEN_PORT = cfg.sshPort;
+        };
+        service = {
+          DISABLE_REGISTRATION = false;
+        };
+        "repository".ROOT = "${cfg.dataDir}/repos";
+      } (lib.mapAttrs (section: values: lib.mapAttrs (key: value: lib.mkDefault value) values) cfg.settings);
+
+      database = {
+        type = cfg.databaseType;
+      };
+
+      dump = {
+        type = "tar.zst";
+      };
+
+      # LXC container specifics - use the existing forgejo user
+      stateDir = cfg.dataDir;
+    };
+
+    # Open firewall ports for HTTP and SSH (git protocol)
+    networking.firewall = lib.mkIf config.services.forgejo.enable {
+      allowedTCPPorts = [ cfg.httpPort cfg.sshPort ];
+    };
+  };
+}