test: trying to get microVMs to work

2025-12-07 05:27:13 -06:00 · 2025-11-11 01:01:05 -06:00 · 2025-11-11 01:01:05 -06:00 · 2582d3cec9
commit 2582d3cec9
parent 0c4173ceaf
9 changed files with 539 additions and 417 deletions
--- a/modules/nixos/guests/forgejo/default.nix
+++ b/modules/nixos/guests/forgejo/default.nix
@ -34,12 +34,8 @@ in
          ${serviceCfg.name} = {
            enable = true;
            lfs.enable = true;
-            database = {
-              type = "postgres";
-            };
            secrets = {
              mailer.PASSWD = "/run/secrets/smtp";
-              database.PASSWD = "/run/secrets/database";
            };
            settings = {
              server = {
@ -48,7 +44,7 @@ in
                HTTP_PORT = serviceCfg.ports.port0;
              };
              # If you need to start from scratch, don't forget to turn this off again
-              service.DISABLE_REGISTRATION = false;
+              service.DISABLE_REGISTRATION = true;
              actions = {
                ENABLED = true;
                DEFAULT_ACTIONS_URL = "github";
@ -76,17 +72,6 @@ in
              PermitRootLogin = "prohibit-password";
            };
          };
-
-          postgresql = {
-            enable = true;
-            ensureDatabases = [ serviceCfg.name ];
-            ensureUsers = [
-              {
-                name = serviceCfg.name;
-                ensureDBOwnership = true;
-              }
-            ];
-          };
        };

        networking.firewall.allowedTCPPorts = [
@ -128,7 +113,7 @@ in

          tmpfiles.rules = [
            "Z ${serviceCfg.varPaths.path0} 0755 ${serviceCfg.name} ${serviceCfg.name} -"
-            "Z /var/lib/postgresql 0755 postgres postgres -"
+            # "Z /var/lib/postgresql 0755 postgres postgres -"
          ];
        };

@ -167,15 +152,9 @@ in
            {
              mountPoint = "/var/lib/${serviceCfg.name}";
              proto = "virtiofs";
-              source = "${serviceCfg.mntPaths.path0}/data";
+              source = "${serviceCfg.mntPaths.path0}";
              tag = "${serviceCfg.name}_data";
            }
-            {
-              mountPoint = "/var/lib/postgresql";
-              proto = "virtiofs";
-              source = "${serviceCfg.mntPaths.path0}/database";
-              tag = "${serviceCfg.name}_database";
-            }
            {
              mountPoint = "/run/secrets";
              proto = "virtiofs";
@ -189,9 +168,7 @@ in
  };

  systemd.tmpfiles.rules = [
-    "d ${serviceCfg.mntPaths.path0}/data 0751 microvm wheel - -"
-    "d ${serviceCfg.mntPaths.path0}/database 0751 microvm wheel - -"
-
+    "d ${serviceCfg.mntPaths.path0} 0751 microvm wheel - -"
  ];

  services.caddy.virtualHosts."${host}" = {
@ -211,9 +188,5 @@ in
      owner = "root";
      mode = "0600";
    };
-    "${serviceCfg.name}/database" = {
-      owner = "root";
-      mode = "0600";
-    };
  };
 }