guix-paketi/guix-system-forgejo.scm

(define-module (guix-system-forgejo))
(use-modules (gnu)
             (gnu packages bash)
             (gnu packages linux)
             (gnu services configuration)
             (gnu services shepherd)
             (kompot packages forgejo))

(use-service-modules networking ssh)

(define %forgejo-accounts
  (list (user-group (name "git-forgejo")
                    (system? #t))
        (user-account
         (name "git-forgejo")
         (group "git-forgejo")
         (system? #t)
         (comment "Forgejo User")
         (home-directory "/home/git-forgejo"))))

(define-configuration/no-serialization forgejo-configuration
  (forgejo
   (file-like forgejo-bin)
   "The forgejo package.")

  (domain
   (string "kompot.si")
   "The domain name of the server.")

  (user
   (string "git-forgejo")
   "The name of the user under which Forgejo will be executed.")

  (group
   (string "git-forgejo")
   "The name of the group under which Forgejo will be executed."))


(define (forgejo-configuration->file config)
  (mixed-text-file "forgejo.ini" "
APP_NAME = Crafter Tools
RUN_USER = " (forgejo-configuration-user config) "
WORK_PATH = /srv/forgejo
RUN_MODE = prod

[database]
DB_TYPE = sqlite3
HOST = 127.0.0.1:3306
NAME = forgejo
USER = forgejo
PASSWD =
SCHEMA =
SSL_MODE = disable
PATH = /srv/forgejo/data/forgejo.db
LOG_SQL = false

[repository]
ROOT = /srv/forgejo/data/forgejo-repositories

[server]
SSH_DOMAIN = " (forgejo-configuration-domain config) "
DOMAIN = localhost
HTTP_PORT = 3000
ROOT_URL = https://" (forgejo-configuration-domain config) ":3000/
APP_DATA_PATH = /srv/forgejo/data
DISABLE_SSH = false
SSH_PORT = 22
LFS_START_SERVER = true
LFS_JWT_SECRET = 1_yZPWVD-sFZmGSvMjt9_eMqjiHm1V5_oWEhmw8i3IM
OFFLINE_MODE = false

[lfs]
PATH = /srv/forgejo/data/lfs

[mailer]
ENABLED = false

[service]
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = false
DISABLE_REGISTRATION = false
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = false
REQUIRE_SIGNIN_VIEW = false
DEFAULT_KEEP_EMAIL_PRIVATE = true
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = noreply.localhost

[openid]
ENABLE_OPENID_SIGNIN = true
ENABLE_OPENID_SIGNUP = true

[cron.update_checker]
ENABLED = false

[session]
PROVIDER = file

[log]
MODE = console
LEVEL = info
ROOT_PATH = /srv/forgejo/log

[repository.pull-request]
DEFAULT_MERGE_STYLE = merge

[repository.signing]
DEFAULT_TRUST_MODEL = committer

[security]
INSTALL_LOCK = true
INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE3MDAyNDAwMTh9.3MFnsZWtz-Qu1I5mC1TWIXyhdGN6pDJsYE1iSugEhdM
PASSWORD_HASH_ALGO = pbkdf2_hi

[oauth2]
JWT_SECRET = DrvU6DPu8tIRVmeDfpmwLakm5m_IY13Cv00uMWaBo34
"))

(define %forgejo-activation
  #~(begin
      (use-modules (guix build utils))
      (mkdir-p "/srv/forgejo")
      (let ((user (getpwnam "git-forgejo")))
        (chown "/srv/forgejo"
               (passwd:uid user)
               (passwd:gid user)))))

(define (forgejo-shepherd-service config)
  "Return a <shepherd-service> for Forgejo with config."
  (let* ((forgejo (forgejo-configuration-forgejo config))
         (forgejo-bin (file-append forgejo "/bin/forgejo"))
         (forgejo-cfg (forgejo-configuration->file config)))
    (list (shepherd-service
           (documentation "Run the Forgejo Git forge")
           (requirement '(networking user-processes))
           (provision '(forgejo))
           (start #~(make-forkexec-constructor
                     (list #$forgejo-bin "--config" #$forgejo-cfg)
                     #:user #$(forgejo-configuration-user config)
                     #:group #$(forgejo-configuration-group config)
                     #:environment-variables (append (default-environment-variables)
                                                     (list (string-append "HOME=/home/"
                                                                          #$(forgejo-configuration-user config))))))
           (stop  #~(make-kill-destructor))))))

(define-public forgejo-service-type
  (service-type (name 'forgejo)
                (extensions
                 (list (service-extension shepherd-root-service-type
                                          forgejo-shepherd-service)
                       (service-extension account-service-type
                                          (const %forgejo-accounts))
                       (service-extension activation-service-type
                                          (const %forgejo-activation))))
                (default-value (forgejo-configuration))
                (description
                 "Run the forgejo forge")))

(operating-system
 (host-name "kompot-forgejo")
 (timezone "Europe/Ljubljana")
 (locale "sl_SI.utf8")

 (bootloader (bootloader-configuration
               (bootloader grub-bootloader)
               (targets '("unused"))))
 (file-systems %base-file-systems)
 ;; minimal packages for remote debugging
 (packages (list coreutils bash iproute procps forgejo-bin))
 ;; basic services
 (services (list (service dhcp-client-service-type)
                 (service syslog-service-type
                          (syslog-configuration))
                 (service forgejo-service-type
                          (forgejo-configuration
                           (domain "forgejo.kompot.si"))))))