hyperforge: add forge

nixosConfigurations/hyperforge/default.nix

@@ -1,6 +1,8 @@
 {
   imports = [
     ./hardware.nix
+    ./forgejo.nix
+    ./nginx.nix
   ];
 
   config = {

nixosConfigurations/hyperforge/forgejo.nix

@@ -0,0 +1,24 @@
+{ config, lib, ... }:
+let
+  srv = config.services.forgejo.settings.server;
+in
+{
+  services.forgejo = {
+    enable = true;
+    database.type = "sqlite3";
+    lfs.enable = true;
+
+    settings = {
+      server = {
+        DOMAIN = "forge.darkest.space";
+        ROOT_URL = "https://${srv.DOMAIN}/";
+        HTTP_PORT = 3000;
+        SSH_PORT = lib.head config.services.openssh.ports;
+      };
+      service.DISABLE_REGISTRATION = true;
+      session.COOKIE_SECURE = true;
+    };
+  };
+
+  services.openssh.enable = true;
+}

nixosConfigurations/hyperforge/nginx.nix

@@ -0,0 +1,32 @@
+{ config, ... }:
+let
+  srv = config.services.forgejo.settings.server;
+in
+{
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "acme@darkest.space";
+  };
+
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+
+    virtualHosts.${srv.DOMAIN} = {
+      enableACME = true;
+      forceSSL = true;
+      extraConfig = ''
+        client_max_body_size 512M;
+      '';
+      locations."/".proxyPass = "http://127.0.0.1:${toString srv.HTTP_PORT}";
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+}