diff --git a/flake.lock b/flake.lock index 3fdc758..d1254e6 100644 --- a/flake.lock +++ b/flake.lock @@ -82,16 +82,16 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1766201043, - "narHash": "sha256-eplAP+rorKKd0gNjV3rA6+0WMzb1X1i16F5m5pASnjA=", + "lastModified": 1751274312, + "narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b3aad468604d3e488d627c0b43984eb60e75e782", + "rev": "50ab793786d9de88ee30ec4e4c24fb4236fc2674", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-25.11", + "ref": "nixos-24.11", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index 15bb698..43ab903 100644 --- a/flake.nix +++ b/flake.nix @@ -2,13 +2,14 @@ description = "My homelab config"; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; agenix.url = "github:ryantm/agenix"; }; outputs = { self, nixpkgs, agenix, ... }: let system = "x86_64-linux"; + lib = nixpkgs.lib; mkHost = hostName: nixpkgs.lib.nixosSystem { inherit system; specialArgs = { inherit hostName; }; @@ -16,13 +17,18 @@ ./configuration.nix (./. + "/host/hard-${hostName}.nix") agenix.nixosModules.default - { networking.hostName = hostName; } + { + networking.hostName = hostName; + environment.systemPackages = [ agenix.packages.${system}.default ]; + } ]; }; + hosts = [ + "ThinkCentre-Server-004" + "VPS-Server-005" + ]; + in { - nixosConfigurations = { - "ThinkCentre-Server-004" = mkHost "ThinkCentre-Server-004"; - "VPS-Server-005" = mkHost "VPS-Server-005"; - }; + nixosConfigurations = lib.genAttrs hosts mkHost; }; } diff --git a/host/default.nix b/host/default.nix index cff6cb8..54e12b2 100644 --- a/host/default.nix +++ b/host/default.nix @@ -7,6 +7,7 @@ let module.searxng.enable = true; module.acme.enable = true; module.newt.enable = true; + module.forgejo.enable = true; }; }; in { diff --git a/module/default.nix b/module/default.nix index bec5d10..6cbae9d 100644 --- a/module/default.nix +++ b/module/default.nix @@ -28,6 +28,7 @@ in { ./searXNG.nix ./roundcube.nix ./vaultWarden.nix + ./forgejo.nix ]; options.module = { @@ -68,6 +69,14 @@ in { }; }; + forgejo = mkServiceOption { + desc = "Vaultwarden password manager"; + extraOpts = { + externalPort = mkPortOption 3000; + internalPort = mkPortOption 8223; + }; + }; + searxng = mkServiceOption { desc = "SearXNG meta-search engine"; extraOpts = { port = mkPortOption 1692; }; diff --git a/module/forgejo.nix b/module/forgejo.nix index fd45712..c626922 100644 --- a/module/forgejo.nix +++ b/module/forgejo.nix @@ -8,10 +8,10 @@ lib.mkIf config.module.forgejo.enable { lfs.enable = true; settings = { server = { - DOMAIN = "git.example.com"; + DOMAIN = "git.${config.module.domain}"; # You need to specify this to remove the port from URLs in the web UI. ROOT_URL = "https://${srv.DOMAIN}/"; - HTTP_PORT = 3000; + HTTP_PORT = 8222; }; }; }; diff --git a/module/nginx.nix b/module/nginx.nix index 9dd33c7..4717cf0 100644 --- a/module/nginx.nix +++ b/module/nginx.nix @@ -40,6 +40,15 @@ with lib; }; }; }) + (mkIf config.module.forgejo.enable { + "${config.module.hostName}-vault" = { + listen = [{ addr = "0.0.0.0"; port = config.module.forgejo.externalPort; }]; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.module.forgejo.internalPort}"; + }; + }; + }) + ]; networking.firewall.allowedTCPPorts = concatLists [ diff --git a/module/searXNG.nix b/module/searXNG.nix index 6101569..bc12764 100644 --- a/module/searXNG.nix +++ b/module/searXNG.nix @@ -1,6 +1,6 @@ { config,lib,pkgs, ... }: -lib.mkIf config.module.roundcube.enable { +lib.mkIf config.module.searxng.enable { services.searx = { enable = true; redisCreateLocally = true;