{ inputs, outputs, lib, config, pkgs, ... }: let inherit (lib) mkEnableOption mkIf; cfg = config.horseman.containers.forgejo; username = config.horseman.username; HTTP_PORT = 3000; SSH_PORT = 34916; INSTANCE_URL = "http://local.git.server:3000"; SECRET = "7c31591e8b67225a116d4a4519ea8e507e08f71f"; # TODO REMOVE DATA_DIR = "/home/${username}/backups/volumes/forgejo"; BACKUP_FILE = "/home/${username}/backups/forgejo.tar"; in { options = { horseman.containers.forgejo = { enable = mkEnableOption "forgejo containers"; }; }; config = mkIf cfg.enable { networking.extraHosts = "192.168.100.3 local.git.server"; systemd.timers."backup-forgejo" = { wantedBy = ["timers.target"]; timerConfig = { OnCalendar = "daily"; Persistent = true; }; }; environment.systemPackages = [ pkgs.gnutar ]; systemd.services."backup-forgejo" = { script = '' ${pkgs.gnutar} -cf ${BACKUP_FILE} ${DATA_DIR} ''; serviceConfig = { User = "root"; }; }; containers.forgejoRunner = { autoStart = true; privateNetwork = true; hostAddress = "172.16.0.2"; localAddress = "192.168.100.2"; config = { config, pkgs, ... }: let configFile = pkgs.writeText "runner.yml" '' runner: labels: - "self-hosted:host" ''; in { environment.systemPackages = with pkgs; [ forgejo-runner ]; users.groups.runner = {}; users.users.runner = { isNormalUser = true; group = "runner"; }; systemd.services.startup = { script = '' cd ${config.users.users.runner.home} ${pkgs.forgejo-runner}/bin/forgejo-runner create-runner-file --instance http://192.168.100.3:3000 --secret ${SECRET} --name runner sleep 10 ${pkgs.forgejo-runner}/bin/forgejo-runner daemon --config ${configFile} ''; serviceConfig.User = "runner"; wantedBy = ["multi-user.target"]; }; system.stateVersion = "23.11"; }; }; containers.forgejo = { autoStart = true; privateNetwork = true; hostAddress = "172.16.0.3"; localAddress = "192.168.100.3"; bindMounts = { "/var/lib/forgejo" = { hostPath = DATA_DIR; isReadOnly = false; }; }; config = { config, pkgs, ... }: { environment.systemPackages = [pkgs.forgejo]; services.forgejo = { enable = true; stateDir = "/var/lib/forgejo"; settings = { server = { HTTP_PORT = HTTP_PORT; SSH_PORT = SSH_PORT; ROOT_URL = INSTANCE_URL; }; session = { COOKIE_SECURE = false; # TODO Set to true }; service = { DISABLE_REGISTRATION = true; }; }; }; systemd.services.startup = { script = '' cd ${config.users.users.forgejo.home} ${pkgs.forgejo}/bin/forgejo forgejo-cli actions register --name runner --secret ${SECRET} --config ${config.services.forgejo.stateDir}/custom/conf/app.ini ''; serviceConfig.User = "forgejo"; wantedBy = ["multi-user.target"]; }; networking = { firewall = { enable = true; allowedTCPPorts = [HTTP_PORT SSH_PORT]; }; # Use systemd-resolved inside the container # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 useHostResolvConf = lib.mkForce false; }; system.stateVersion = "23.11"; }; }; }; }