removed testfile

README.md

@@ -1,3 +1,5 @@
-# nixos_gitea
+# nixos_forgejo
 
-Gitea but I'll try to make it running on NixOS somehow OwO
+Forgejo but it runs on NixOS.
+
+This includes a configuration.nix for the Forgejo CI-Runner and a backup script that should backup your Forgejo data to a Borg repo of your choice daily.

backup.nix

@@ -0,0 +1,67 @@
+{config, pkgs, lib, ... }:
+
+# NOTE: For this to work you should use MariaDB as your Forgejo-Database running on the same host. If this is not the case, update this script accordingly.
+let
+  makeBackupForRepo = repo: lib.getExe (pkgs.writeShellScriptBin "forgejo-borgbackup" ''
+    #!/bin/sh
+    set -e
+    #stop forgejo
+    systemctl stop forgejo.service
+    # Dump Forgejo DB
+    MYSQL_DATABASE="forgejodb"
+    ${pkgs.mariadb}/bin/mysqldump -u root ''${MYSQL_DATABASE} > /borgbackupcache/forgejobackup.sql
+    # BorgBackup
+    export BORG_PASSCOMMAND="cat /etc/nixos/borgpassword"
+    export BORG_REPO=${repo}
+    export BACKUP_NAME="forgejo-$(date +%Y-%m-%d-%H-%M)"
+
+    # Add everything to be backed up
+    ${pkgs.borgbackup}/bin/borg create --verbose --filter AME --list --stats --show-rc --compression lz4 --exclude-caches \
+      $BORG_REPO::$BACKUP_NAME \
+      /var/lib/forgejo/repositories/ \
+      /var/lib/forgejo/data/ \
+      /borgbackupcache/forgejobackup.sql \
+      /etc/nixos/
+    # Delete DB dump
+    rm /borgbackupcache/forgejobackup.sql
+    # Start Forgejo again
+    systemctl start forgejo.service
+    # Prune old backups
+    ${pkgs.borgbackup}/bin/borg prune --list $BORG_REPO --prefix 'forgejo-' --show-rc --keep-daily=7 --keep-weekly=4 --keep-monthly=6
+  '');
+  repos = repolistfile: lib.pipe repolistfile [
+    builtins.readFile
+    (lib.splitString "\n")
+    (lib.filter (s: s != ""))
+  ];
+  backups = repolistfile: builtins.map makeBackupForRepo (repos repolistfile);
+  in
+  {
+    environment.systemPackages = [ pkgs.borgbackup ];
+    # Create folders
+    systemd.tmpfiles.rules = [
+	    "d /borgbackupcache 700 root root"
+    ];
+    # Backup timer
+   systemd.services.borg-backup = {
+   description = "Borg Backup for Forgejo and the Forgejo MySQL Database";
+   serviceConfig = {
+     ExecStart = lib.getExe (pkgs.writeShellScriptBin "doBackups" (lib.concatStringsSep ";" (backups config._module.args.borgrepolistfile)));
+     User = "root";
+   };
+   requires= ["mysql.service"];
+   after = ["forgejo.service" "mysql.service" "network-online.target"];
+   wants = ["network-online.target"];
+   wantedBy = [ "multi-user.target" ];
+ };
+
+ systemd.timers.borg-backup = {
+   description = "Daily Borg Backup Timer";
+   wantedBy = [ "timers.target" ];
+   timerConfig = {
+     OnActiveSec = "30s";
+     OnCalendar = "daily";
+     Persistent = true;
+   };
+ };
+  }

ci-runner/configuration.nix

@@ -0,0 +1,115 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running `nixos-help`).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [
+      ./hardware-configuration.nix
+    ];
+
+  # Enable Flakes and the new command-line tool
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  # Set default editor to vim
+  environment.variables.EDITOR = "vim";
+  # Use UEFI
+  boot.loader.systemd-boot.enable = true;
+
+  # Use the GRUB 2 boot loader.
+  #boot.loader.grub.enable = true;
+  #boot.loader.grub.device = "/dev/sda";
+
+  networking.hostName = "forgejo-ci"; # Define your hostname.
+  # Set your time zone.
+  time.timeZone = "Europe/Berlin";
+
+
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.lyn = {
+    	isNormalUser = true;
+   	extraGroups = [ "wheel"];
+    	openssh.authorizedKeys.keys = [
+		"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMQfF+7FQO57dTmnhm0NLL4Av0g6yKLsfZlDFll+sCqyJJ0r1kSIGAumcXTVRjfwJIGXKZDU1+D4h1skd1gzFqM= forgejo-ci@secretive.Macbuch-Pro.local"
+	];
+	packages = with pkgs; [
+    ];
+};
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    git
+    vim 
+    wget
+    curl
+    docker
+    pkgs.forgejo-actions-runner
+    
+];
+# Enable docker
+virtualisation.docker = {
+  enable = true;
+  daemon.settings = {
+    fixed-cidr-v6 = "fd00::/80";
+    ipv6 = true;
+  };
+};
+# Forgejo actions runner
+services.gitea-actions-runner = {
+  instances = {
+	  "shibepro-ci" = {
+	    enable = true;
+    	    url = "https://git.shibe.pro";
+    	    name = "shibepro-ci";
+    	    tokenFile = "/etc/nixos/ci-token";
+    	    labels = [];
+	  };
+  };
+};
+
+  # Enable the OpenSSH daemon.
+  services.openssh = {
+	enable = true;
+	settings = {
+		X11Forwarding = true;
+		PermitRootLogin = "no";
+		PasswordAuthentication = false;
+	};
+	openFirewall = true;
+  };
+  
+
+
+  #enable qemu-guestagent
+  services.qemuGuest.enable = true;
+  # Disable password checking for wheel group users so we can solely rely on ssh keys
+  security.sudo.wheelNeedsPassword = false;
+
+  # Firewall stuff:
+  networking.firewall.enable = true;
+  networking.firewall.allowPing = true;
+ 
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  # Copy the NixOS configuration file and link it from the resulting system
+  # (/run/current-system/configuration.nix). This is useful in case you
+  # accidentally delete configuration.nix.
+  # system.copySystemConfiguration = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It's perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.05"; # Did you read the comment?
+
+}
+

configuration.nix

@@ -0,0 +1,130 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running `nixos-help`).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [
+      ./hardware-configuration.nix
+      # comment in backup.nix for borgbackuping forgejo 
+      ./backup.nix
+    ];
+  # Write path for borgbackup repos for backup.nix
+  _module.args.borgrepolistfile = ./borgrepos;
+
+  # Enable Flakes and the new command-line tool
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  # Set default editor to vim
+  environment.variables.EDITOR = "vim";
+  # Use UEFI
+  boot.loader.systemd-boot.enable = true;
+
+  # Use the GRUB 2 boot loader.
+  #boot.loader.grub.enable = true;
+  #boot.loader.grub.device = "/dev/sda";
+
+  networking.hostName = "forgejo"; # Define your hostname.
+  # Set your time zone.
+  time.timeZone = "Europe/Berlin";
+
+  users.users.lyn = {
+    	isNormalUser = true;
+   	extraGroups = [ "wheel"];
+    	openssh.authorizedKeys.keys = [
+		"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC7NUaBJOYgMnT2uUUUSB7gKaqqbgxXDghBkRqSGuZrAZzZYHlHH7nM6Re7+yOYMSoJGLaB4iaUDLSBBnyA6pLI= nixos_gitea@secretive.MacBook-Pro-(2).local"
+	];
+	packages = with pkgs; [
+    ];
+};
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    git
+    vim 
+    wget
+    curl
+    htop
+  ];
+  
+ 
+
+
+  # Enable the OpenSSH daemon.
+  services.openssh = {
+	enable = true;
+	settings = {
+		X11Forwarding = true;
+		PermitRootLogin = "no";
+		PasswordAuthentication = false;
+	};
+	openFirewall = true;
+  };
+  #Forgejo
+  services.forgejo = {
+    enable = true;
+    settings.server = {
+      ROOT_URL = "https://git.shibe.pro";
+      DOMAIN = "git.shibe.pro";
+      HTTP_PORT = 48540;
+      OFFLINE_MODE = true; # disable gravatar, CDN
+    };
+    settings.actions = {
+       ENABLED = true;
+    };
+    settings."repository.upload" = {
+	FILE_MAX_SIZE = 4095;
+	MAX_FILES = 20;
+    };
+    settings."attachment" = {
+        MAX_SIZE = 4095;
+        MAX_FILES = 20;
+    };
+
+    settings.service.DISABLE_REGISTRATION = true;
+    database = {
+      user = "forgejo";
+      passwordFile = "/etc/nixos/forgejo-dbpassword";
+      name = "forgejodb";
+      type = "mysql";
+    };
+  };
+
+  # Allow forgejo user to adjust authorized_keys dynamically
+  services.openssh.extraConfig = ''
+    Match User forgejo
+      AuthorizedKeysFile ${config.users.users.forgejo.home}/.ssh/authorized_keys
+  '';
+
+  #enable qemu-guestagent
+  services.qemuGuest.enable = true;
+  # Disable password checking for wheel group users so we can solely rely on ssh keys
+  security.sudo.wheelNeedsPassword = false;
+
+  # Firewall stuff:
+  networking.firewall.enable = true;
+  networking.firewall.allowPing = true;
+ 
+  # Open ports in the firewall.
+  networking.firewall.allowedTCPPorts = [48540 ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  # Copy the NixOS configuration file and link it from the resulting system
+  # (/run/current-system/configuration.nix). This is useful in case you
+  # accidentally delete configuration.nix.
+  # system.copySystemConfiguration = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It's perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.05"; # Did you read the comment?
+
+}
+

flake.nix

@@ -0,0 +1,23 @@
+{
+  description = "Forgejo flake";
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
+  };
+  outputs = { self, nixpkgs }@inputs: {
+  nixosConfigurations = {
+    "forgejo" = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+	modules = [
+          # Import the configuration.nix here, so that the
+          # old configuration file can still take effect.
+          # Note: configuration.nix itself is also a Nixpkgs Module,
+          ./configuration.nix
+        ];
+	specialArgs = { 
+		inherit inputs;
+		flake = self;
+	};
+    };
+  };
+};
+}