moved forgejo from cirrus to cirrostratus for more disk space.

2026-03-22 14:14:12 +01:00 · 2026-03-22 14:14:12 +01:00 · 2f3c84ca71
commit 2f3c84ca71
parent 14ac8a86ad
7 changed files with 24 additions and 6 deletions
--- a/configs/nixos/forgejo.nix
+++ b/configs/nixos/forgejo.nix
@ -17,6 +17,7 @@ in {
        DOMAIN = "git.venberg.xyz";
        ROOT_URL = "https://${srv.DOMAIN}";
        HTTP_PORT = 3000;
+        SSH_PORT = 2222;
        ENABLE_GZIP = true;
      };
      service.DISABLE_REGISTRATION = true;
@ -31,6 +32,8 @@ in {
    };
  };

+  services.openssh.ports = [srv.SSH_PORT];
+
  services.nginx.virtualHosts.${srv.DOMAIN} = {
    enableACME = true;
    forceSSL = true;
@ -44,6 +47,7 @@ in {
      "/var/lib/forgejo/custom"
      "/var/lib/forgejo/data"
      "/var/lib/forgejo/repositories"
+      "/var/lib/forgejo/.ssh"
    ];
    preBackupCommands = "systemctl stop forgejo.service";
    postBackupCommands = "systemctl start forgejo.service";
--- a/configs/nixos/sshd.nix
+++ b/configs/nixos/sshd.nix
@ -11,8 +11,12 @@
  ];
  services.openssh = {
    enable = true;
-    settings.PermitRootLogin = "prohibit-password";
-    settings.PasswordAuthentication = false;
+    ports = [22];
+    openFirewall = true;
+    settings = {
+      PermitRootLogin = "prohibit-password";
+      PasswordAuthentication = false;
+    };
  };
  # so we dont have to set TERM everytime we ssh in.
  environment.systemPackages = [pkgs.kitty.terminfo];
--- a/flake.nix
+++ b/flake.nix
@ -45,13 +45,13 @@

    #My nvim config.
    nvim-config = {
-      url = "git+ssh://forgejo@git.venberg.xyz/Gabe/nvim-config.git?shallow=1";
+      url = "git+ssh://forgejo@git.venberg.xyz:2222/Gabe/nvim-config.git?shallow=1";
      # url = "git+file:///home/gabe/nvim-config";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    nix-secrets = {
-      url = "git+ssh://forgejo@git.venberg.xyz/Gabe/nix-secrets.git?shallow=1";
+      url = "git+ssh://forgejo@git.venberg.xyz:2222/Gabe/nix-secrets.git?shallow=1";
      # url = "git+https://git.venberg.xyz/Gabe/nix-secrets.git?shallow=1";
      flake = false;
    };
--- a/hosts/cirrostratus/default.nix
+++ b/hosts/cirrostratus/default.nix
@ -28,6 +28,7 @@ inputs.nixpkgs.lib.nixosSystem {
    ../../configs/nixos/nginx-static.nix
    ../../configs/nixos/immich.nix
    ../../configs/nixos/homebox.nix
+    ../../configs/nixos/forgejo.nix
    ({
      config,
      pkgs,
--- a/hosts/cirrostratus/disk-config.nix
+++ b/hosts/cirrostratus/disk-config.nix
@ -69,6 +69,16 @@
          mountpoint = "/storage";
        };
        datasets = {
+          # This does not reflect reality,
+          # I was stupid and didnt put /var/lib on zfs,
+          # so now I just have datasets for a few folders in it.
+          lib = {
+            type = "zfs_fs";
+            options = {
+              compression = "zstd";
+              mountpoint = "/var/lib";
+            };
+          };
          postgres = {
            type = "zfs_fs";
            options = {
--- a/hosts/cirrus/default.nix
+++ b/hosts/cirrus/default.nix
@ -19,7 +19,6 @@ inputs.nixpkgs.lib.nixosSystem {
    ../../configs/nixos/sshd.nix
    ../../configs/nixos/secrets.nix
    ../../configs/nixos/radicale.nix
-    ../../configs/nixos/forgejo.nix
    ../../configs/nixos/homepage.nix
    ../../configs/nixos/freshrss.nix
    ../../configs/nixos/soju.nix
--- a/modules/nixos/restic.nix
+++ b/modules/nixos/restic.nix
@ -133,7 +133,7 @@
          paths = null;
          timerConfig = timer;
          pruneOpts = pruneOpts;
-          user = "root";
+          user = "restic";
        };
      })
      (