feat: add forgejo

2026-01-22 08:06:50 +01:00 · 2026-01-22 00:00:45 +01:00 · 2026-01-22 00:00:45 +01:00 · d43fb3016d
commit d43fb3016d
parent ff8b5b4f7b
14 changed files with 111 additions and 1 deletions
--- a/modules/homelab/default.nix
+++ b/modules/homelab/default.nix
@ -7,6 +7,7 @@
    ./arr.nix
    ./audiobookshelf.nix
    ./freshrss.nix
+    ./forgejo.nix
    ./glance.nix
    ./home-assistant
    ./jellyfin.nix
--- a/modules/homelab/forgejo.nix
+++ b/modules/homelab/forgejo.nix
@ -0,0 +1,75 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+lib.mkIf config.fireproof.homelab.enable (let
+  domain = "forgejo.nickolaj.com";
+in {
+  age.secrets.forgejo-runner-token = {
+    rekeyFile = ../../secrets/hosts/homelab/forgejo-runner-token.age;
+    mode = "0600";
+  };
+
+  services.forgejo = {
+    enable = true;
+    database.type = "postgres";
+    dump = {
+      enable = true;
+      interval = "daily";
+    };
+    settings = {
+      server = {
+        DOMAIN = domain;
+        ROOT_URL = "https://${domain}/";
+        HTTP_PORT = 3000;
+        HTTP_ADDR = "127.0.0.1";
+      };
+      service = {
+        DISABLE_REGISTRATION = true;
+        ENABLE_INTERNAL_SIGNIN = false;
+      };
+      actions = {
+        ENABLED = true;
+      };
+    };
+  };
+
+  services.gitea-actions-runner = {
+    package = pkgs.forgejo-runner;
+    instances.homelab = {
+      enable = true;
+      name = "homelab";
+      url = "https://${domain}";
+      tokenFile = config.age.secrets.forgejo-runner-token.path;
+      labels = [
+        "ubuntu-latest:docker://node:20-bookworm"
+      ];
+    };
+  };
+  systemd.services.gitea-runner-default.serviceConfig.DynamicUser = lib.mkForce false;
+
+  services.postgresql = {
+    ensureDatabases = ["forgejo"];
+    ensureUsers = [
+      {
+        name = "forgejo";
+        ensureDBOwnership = true;
+      }
+    ];
+  };
+
+  services.restic.backups.homelab.paths = [
+    config.services.forgejo.stateDir
+    config.services.forgejo.dump.backupDir
+  ];
+
+  services.nginx.virtualHosts."${domain}" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:3000";
+    };
+  };
+})
--- a/modules/homelab/glance.nix
+++ b/modules/homelab/glance.nix
@ -216,6 +216,12 @@ in {
                      icon = "sh:freshrss";
                      same-tab = true;
                    }
+                    {
+                      title = "Forgejo";
+                      url = "https://forgejo.nickolaj.com";
+                      icon = "sh:forgejo";
+                      same-tab = true;
+                    }
                    {
                      title = "Sonarr";
                      url = "https://sonarr.nickolaj.com";