From ddc4d884b785af6ae6f41e95e774a8effccc8711 Mon Sep 17 00:00:00 2001
From: Giulio De Pasquale <git@depasquale.giugl.io>
Date: Sat, 26 Apr 2025 14:44:46 +0100
Subject: [PATCH] feat: first switch to modules with gitea

---
 flake.lock                         | 54 +++++++++++++++---------------
 flake.nix                          |  4 +--
 hosts/architect/default.nix        |  7 +++-
 hosts/architect/immich.nix         |  4 +--
 lib/host.nix                       |  1 +
 modules/default.nix                |  4 +++
 modules/services/default.nix       |  3 ++
 modules/services/gitea/default.nix | 48 ++++++++++++++++++++++++++
 8 files changed, 93 insertions(+), 32 deletions(-)
 create mode 100644 modules/default.nix
 create mode 100644 modules/services/default.nix
 create mode 100644 modules/services/gitea/default.nix

diff --git a/flake.lock b/flake.lock
index f831acc..1aedd01 100644
--- a/flake.lock
+++ b/flake.lock
@@ -8,11 +8,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1736955230,
-        "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=",
+        "lastModified": 1745630506,
+        "narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
+        "rev": "96e078c646b711aee04b82ba01aefbff87004ded",
         "type": "github"
       },
       "original": {
@@ -29,11 +29,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1700795494,
-        "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
+        "lastModified": 1744478979,
+        "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
         "owner": "lnl7",
         "repo": "nix-darwin",
-        "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
+        "rev": "43975d782b418ebf4969e9ccba82466728c2851b",
         "type": "github"
       },
       "original": {
@@ -51,11 +51,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1703113217,
-        "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
+        "lastModified": 1745494811,
+        "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
+        "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
         "type": "github"
       },
       "original": {
@@ -71,11 +71,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1744743431,
-        "narHash": "sha256-iyn/WBYDc7OtjSawbegINDe/gIkok888kQxk3aVnkgg=",
+        "lastModified": 1745557122,
+        "narHash": "sha256-eqSo9ugzsqhFgaDFYUZj943nurlX4L6f+AW0skJ4W+M=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "c61bfe3ae692f42ce688b5865fac9e0de58e1387",
+        "rev": "dd26f75fb4ec1c731d4b1396eaf4439ce40a91c1",
         "type": "github"
       },
       "original": {
@@ -88,7 +88,7 @@
     "local-unstable": {
       "locked": {
         "lastModified": 0,
-        "narHash": "sha256-uewgkTWbDOpOP+wEA3f03XEKsPHsJi0iDqBGQnxWQo0=",
+        "narHash": "sha256-eCA4jXsPHiBkrf1sNOfQPYS2g9DoCsICVzk4ec0cEdo=",
         "path": "/home/giulio/dev/nixpkgs",
         "type": "path"
       },
@@ -99,27 +99,27 @@
     },
     "nixos-unstable": {
       "locked": {
-        "lastModified": 1745391562,
-        "narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=",
+        "lastModified": 1745526057,
+        "narHash": "sha256-ITSpPDwvLBZBnPRS2bUcHY3gZSwis/uTe255QgMtTLA=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7",
+        "rev": "f771eb401a46846c1aebd20552521b233dd7e18b",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7",
+        "rev": "f771eb401a46846c1aebd20552521b233dd7e18b",
         "type": "github"
       }
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1703013332,
-        "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
+        "lastModified": 1745391562,
+        "narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
+        "rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7",
         "type": "github"
       },
       "original": {
@@ -131,11 +131,11 @@
     },
     "nixpkgs-master": {
       "locked": {
-        "lastModified": 1745320116,
-        "narHash": "sha256-buF0dp2U5gQeBnyIf1pHWVHeAvNZnR8mZ9Ca15R0J94=",
+        "lastModified": 1745674058,
+        "narHash": "sha256-q9V+BlfQxmdv/3IhlZp0e3nvmw8ka8JPzz9r64bR8Yg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "63351ff5b76b8dd96b16fa7a46afd10376ab7976",
+        "rev": "b80382cf91eb874c33358b59e92afd62997e4934",
         "type": "github"
       },
       "original": {
@@ -147,17 +147,17 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1745279238,
-        "narHash": "sha256-AQ7M9wTa/Pa/kK5pcGTgX/DGqMHyzsyINfN7ktsI7Fo=",
+        "lastModified": 1745487689,
+        "narHash": "sha256-FQoi3R0NjQeBAsEOo49b5tbDPcJSMWc3QhhaIi9eddw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "9684b53175fc6c09581e94cc85f05ab77464c7e3",
+        "rev": "5630cf13cceac06cefe9fc607e8dfa8fb342dde3",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "9684b53175fc6c09581e94cc85f05ab77464c7e3",
+        "rev": "5630cf13cceac06cefe9fc607e8dfa8fb342dde3",
         "type": "github"
       }
     },
diff --git a/flake.nix b/flake.nix
index 04f93c6..d3aec98 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,7 +1,7 @@
 {
   inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/9684b53175fc6c09581e94cc85f05ab77464c7e3";
-    nixos-unstable.url = "github:NixOS/nixpkgs/8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7";
+    nixpkgs.url = "github:NixOS/nixpkgs/5630cf13cceac06cefe9fc607e8dfa8fb342dde3";
+    nixos-unstable.url = "github:NixOS/nixpkgs/f771eb401a46846c1aebd20552521b233dd7e18b";
     nixpkgs-master.url = "github:NixOS/nixpkgs/master";
     local-unstable.url = "path:///home/giulio/dev/nixpkgs";
     pepeflake.url = "git+https://git.giugl.io/peperunas/pepeflake";
diff --git a/hosts/architect/default.nix b/hosts/architect/default.nix
index 67f5654..05c9d26 100644
--- a/hosts/architect/default.nix
+++ b/hosts/architect/default.nix
@@ -15,7 +15,6 @@ in
     ./hardware.nix
     ./firewall.nix
     ./nginx.nix
-    ./gitea.nix
     ./sonarr.nix
     ./radarr.nix
     ./bazarr.nix
@@ -35,6 +34,7 @@ in
     ./headscale.nix
     ./llm.nix
     # ./photoprism.nix
+    ./immich.nix
     ./sunshine.nix
     ./jellyseer.nix
     ./postgres.nix
@@ -155,5 +155,10 @@ in
     };
     smartd.enable = true;
   };
+
+  pepe.services.gitea = {
+    enable = true;
+    domain = "git.giugl.io";
+  };
 }
 
diff --git a/hosts/architect/immich.nix b/hosts/architect/immich.nix
index 5423588..bb530e1 100644
--- a/hosts/architect/immich.nix
+++ b/hosts/architect/immich.nix
@@ -4,12 +4,12 @@ let
   domain = "photos.giugl.io";
 in
 {
-  disabledModules = [ "services/web-apps/immich.nix" ];
+  # disabledModules = [ "services/web-apps/immich.nix" ];
   services = {
     immich = {
       enable = true;
       package = pkgs.unstablePkgs.immich;
-      accelerationDevices = null;
+      # accelerationDevices = null;
       # settings.server.externalDomain = "https://${domain}";
     };
   };
diff --git a/lib/host.nix b/lib/host.nix
index 2aaebfd..0acabd7 100644
--- a/lib/host.nix
+++ b/lib/host.nix
@@ -31,6 +31,7 @@
             (mkSysRole "common")
             (mkSysRole "acme")
             (mkUser { name = "root"; roles = [ ]; })
+            ../modules
           ];
 
           home-manager = {
diff --git a/modules/default.nix b/modules/default.nix
new file mode 100644
index 0000000..0d7bbef
--- /dev/null
+++ b/modules/default.nix
@@ -0,0 +1,4 @@
+{ ... }: {
+  imports = [ ./services ];
+}
+
diff --git a/modules/services/default.nix b/modules/services/default.nix
new file mode 100644
index 0000000..f9640c7
--- /dev/null
+++ b/modules/services/default.nix
@@ -0,0 +1,3 @@
+{ ... }: {
+  imports = [ ./gitea];
+}
diff --git a/modules/services/gitea/default.nix b/modules/services/gitea/default.nix
new file mode 100644
index 0000000..f13571f
--- /dev/null
+++ b/modules/services/gitea/default.nix
@@ -0,0 +1,48 @@
+{ config, pkgs, lib, ... }:
+
+let
+  inherit (lib) mkIf;
+
+  cfg = config.pepe.services.gitea;
+in
+{
+  options.pepe.services.gitea = with lib; {
+    enable = mkEnableOption "Enable gitea";
+    package = mkPackageOption pkgs "gitea" { };
+    domain = mkOption {
+      type = types.str;
+      default = null;
+    };
+  };
+
+  config = mkIf cfg.enable {
+    architect = {
+      firewall.openTCP = [ config.services.gitea.settings.server.SSH_PORT ];
+      vhost.${cfg.domain} = {
+        dnsInterfaces = [ "lan" "tailscale" ];
+        locations."/" = {
+          port = config.services.gitea.settings.server.HTTP_PORT;
+          allowWAN = true;
+        };
+      };
+    };
+
+    services.gitea = {
+      enable = true;
+      package = cfg.package;
+      database.type = "sqlite3";
+      appName = "Gitea";
+      # https://github.com/NixOS/nixpkgs/issues/235442#issuecomment-1574329453
+      lfs.enable = true;
+      settings = {
+        server = {
+          DOMAIN = cfg.domain;
+          ROOT_URL = "https://${cfg.domain}";
+          SSH_PORT = 22;
+          HTTP_PORT = 3001;
+        };
+      };
+    };
+
+  };
+}