upRootNutrition/dotfiles
upRootNutrition/dotfiles
1
0
Fork 0
mirror of https://gitlab.com/upRootNutrition/dotfiles.git synced 2025-12-06 21:17:14 -06:00
Code Issues Projects 1 Releases Packages Wiki Activity Actions

test: forgejo microVM

Browse source
This commit is contained in:
Nick 2025-11-06 12:29:48 -06:00
parent 1376cdbe77
commit 6011a900de
5 changed files with 97 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

6
modules/config/instances/config/forgejo.nix
View file

@ -38,12 +38,12 @@ in
port0 = 3033;
};
interface = {
id = "${idPrefix}-${name}";
id = "${idPrefix}${name}";
mac = "02:00:00:00:00:50";
idUser = "${userPrefix}-${name}";
idUser = "${userPrefix}${name}";
macUser = "02:00:00:00:00:02";
ip = "192.168.50.50";
gate = "192.168.50.1";
gate = "192.168.50.2";
ssh = 2200;
};
ssl = {

57
modules/nixos/microvm/default.nix
View file

@ -3,4 +3,61 @@
imports = [
flake.inputs.microvm.nixosModules.host
];
# Enable systemd-networkd for microvm networking only
# NetworkManager handles the main network interface
systemd.network = {
enable = true;
wait-online.enable = false; # Don't wait for networkd interfaces
# Create a bridge for all microvms
netdevs = {
"20-br-vms" = {
netdevConfig = {
Name = "br-vms";
Kind = "bridge";
};
};
};
networks = {
# Configure the bridge with an IP in your LAN
"20-br-vms" = {
matchConfig.Name = "br-vms";
address = [ "192.168.50.2/24" ];
networkConfig = {
ConfigureWithoutCarrier = true;
# VMs will use this as their gateway
};
linkConfig = {
RequiredForOnline = "no";
};
};
# Tap interface for forgejo VM (handles both vm-forgejo and vm--forgejo)
"30-vm-forgejo" = {
matchConfig.Name = "vm-*forgejo";
networkConfig = {
Bridge = "br-vms";
ConfigureWithoutCarrier = true;
};
linkConfig = {
RequiredForOnline = "no";
};
};
# Tap interface for vaultwarden VM (if you add it)
"30-vm-vaultwarden" = {
matchConfig.Name = "vm-*vaultwarden";
networkConfig = {
Bridge = "br-vms";
ConfigureWithoutCarrier = true;
};
linkConfig = {
RequiredForOnline = "no";
};
};
};
};
}

30
modules/nixos/services/forgejo/default.nix
View file

@ -36,11 +36,6 @@ in
database.type = "postgres";
lfs.enable = true;
secrets = {
mailer.PASSWD = "${secrets}/${service.name}-smtp";
database.PASSWD = "${secrets}/${service.name}-database";
};
dump = {
interval = "5:00";
type = "zip";
@ -91,8 +86,33 @@ in
systemd = {
tmpfiles.rules = [
"d ${secrets} 0755 ${service.name} ${service.name} -"
"d /run/forgejo 0755 ${service.name} ${service.name} -"
];
services.copy-forgejo-secrets = {
description = "Prepare Forgejo secrets environment file";
before = [ "forgejo.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
User = service.name;
Group = service.name;
};
script = ''
cat > /run/forgejo/env << EOF
FORGEJO__database__PASSWD=$(cat /run/secrets/${service.name}-database)
FORGEJO__mailer__PASSWD=$(cat /run/secrets/${service.name}-smtp)
EOF
chmod 600 /run/forgejo/env
'';
};
services.forgejo = {
serviceConfig = {
EnvironmentFile = "/run/forgejo/env";
};
};
services.forgejo-dump = {
serviceConfig = {
ExecStartPost = "${pkgs.nushell}/bin/nu -c 'ls ${service.varPaths.path0}/dump | where name =~ forgejo-backup and modified < ((date now) - 7day) | each { rm $in.name }'";