From 6cf61cb4f5e139e56a2e329f8a5eb3f6b5a4207e Mon Sep 17 00:00:00 2001
From: L0m1g <git@lomig.me>
Date: Mon, 15 Sep 2025 18:20:53 +0200
Subject: [PATCH] Add forgejo

---
 flake.lock                           | 18 +++----
 hm/common/nvim.nix                   |  2 +
 hosts/terre-neuvas/configuration.nix |  4 +-
 hosts/terre-neuvas/hardware.nix      |  5 ++
 modules/services/caddy.nix           | 23 ++++++++-
 modules/services/forgejo.nix         | 72 ++++++++++++++++++++++++++++
 modules/services/pihole.nix          | 24 ++++++++++
 7 files changed, 136 insertions(+), 12 deletions(-)
 create mode 100644 modules/services/forgejo.nix
 create mode 100644 modules/services/pihole.nix

diff --git a/flake.lock b/flake.lock
index bf5fa73..66cbc40 100644
--- a/flake.lock
+++ b/flake.lock
@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1756903364,
-        "narHash": "sha256-vZh/YH2D7oDFek10r0TbGn3qJrqGv69sSP+oF8PFDqQ=",
+        "lastModified": 1757443987,
+        "narHash": "sha256-T7E4CIsZBUzrUcPRyTG9FA2xd48MtbQ/HpIaaCfwZwc=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "6159629d05a0e92bb7fb7211e74106ae1d552401",
+        "rev": "d587e11cef9caa9484ed090eddc55f4c56908342",
         "type": "github"
       },
       "original": {
@@ -43,11 +43,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1756886854,
-        "narHash": "sha256-6tooT142NLcFjt24Gi4B0G1pgWLvfw7y93sYEfSHlLI=",
+        "lastModified": 1757408970,
+        "narHash": "sha256-aSgK4BLNFFGvDTNKPeB28lVXYqVn8RdyXDNAvgGq+k0=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "0e6684e6c5755325f801bda1751a8a4038145d7d",
+        "rev": "d179d77c139e0a3f5c416477f7747e9d6b7ec315",
         "type": "github"
       },
       "original": {
@@ -59,11 +59,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1756936398,
-        "narHash": "sha256-/o1TTpMIICpjrMHBilL9lYm/r69uhdK1L8j1pfY6tWU=",
+        "lastModified": 1757438868,
+        "narHash": "sha256-b0aI1nv8Bob5o0wAYClpbp5Ury5ncDzFKsBPecA/F5A=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "47f28ad9378956563df9a884fd1b209b64336ba3",
+        "rev": "3dcb63379993929081024230943d5265e172ce02",
         "type": "github"
       },
       "original": {
diff --git a/hm/common/nvim.nix b/hm/common/nvim.nix
index 3d119e0..81ad9f0 100644
--- a/hm/common/nvim.nix
+++ b/hm/common/nvim.nix
@@ -110,6 +110,8 @@
 
       " Rendre les messages de swap moins dramatiques
       set shortmess+=A
+
+      inoremap <silent><expr> <Enter> pumvisible() ? coc#pum#confirm() : "\<CR>"
     '';
 
     extraPackages = with pkgs; [
diff --git a/hosts/terre-neuvas/configuration.nix b/hosts/terre-neuvas/configuration.nix
index 0dbb9f5..dcfb383 100644
--- a/hosts/terre-neuvas/configuration.nix
+++ b/hosts/terre-neuvas/configuration.nix
@@ -12,6 +12,7 @@
       ./hardware.nix
       ../../profiles/server-selfhosted.nix
       ../../modules/services/caddy.nix
+      ../../modules/services/forgejo.nix
     ];
 
   # Bootloader.
@@ -32,7 +33,7 @@
 
   users.users.lomig = {
     isNormalUser = true;
-    extraGroups = ["networkmanager" "lp" "wheel"];
+    extraGroups = ["networkmanager" "lp" "wheel" "docker" ];
     shell = pkgs.zsh;
   };
 
@@ -48,7 +49,6 @@
      git
      hugo
   ];
-
   networking.firewall.allowedTCPPorts = [ 80 ];
   system.stateVersion = "25.05"; # Did you read the comment?
 }
diff --git a/hosts/terre-neuvas/hardware.nix b/hosts/terre-neuvas/hardware.nix
index 11f1c0c..9bb56d2 100644
--- a/hosts/terre-neuvas/hardware.nix
+++ b/hosts/terre-neuvas/hardware.nix
@@ -24,6 +24,11 @@
       options = [ "fmask=0077" "dmask=0077" ];
     };
 
+  fileSystems."/srv" = 
+    { device = "/dev/disk/by-uuid/2ef442a9-0eab-4dc5-b17c-076e18a54873";
+      fsType = "btrfs";
+    };
+
   swapDevices =
     [ { device = "/dev/disk/by-uuid/c3a69154-ead9-4fcc-a9b1-3b741a42ee97"; }
     ];
diff --git a/modules/services/caddy.nix b/modules/services/caddy.nix
index 94efe9e..bb7ea1f 100644
--- a/modules/services/caddy.nix
+++ b/modules/services/caddy.nix
@@ -1,4 +1,4 @@
-_: {
+{ pkgs, ...}: {
   services.caddy = {
     enable = true;
     virtualHosts."blog.lomig.me" = {
@@ -10,4 +10,25 @@ _: {
   };
 
   networking.firewall.allowedTCPPorts = [ 80 443 ];
+  systemd.tmpfiles.rules = [
+    "d /var/www/lomig 0755 lomig users -"
+  ];
+  systemd.services.hugo-blog-build = {
+    description = "Build Hugo Blog";
+    after = [ "network.target" ];
+    serviceConfig = {
+      Type = "oneshot";
+      ExecStart = /home/lomig/scripts/blog-sync-and-build.sh;
+      User = "lomig";
+    };
+  };
+
+  systemd.timers.hugo-blog-build = {
+    description = "Daily Hugo Blog Build";
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      OnCalendar = "daily 06:00";
+      Persistent = true;
+    };
+  };
 }
diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix
new file mode 100644
index 0000000..fc224ee
--- /dev/null
+++ b/modules/services/forgejo.nix
@@ -0,0 +1,72 @@
+# NixOS module Forgejo avec SQLite, SSH et reverse proxy Caddy
+{ config, pkgs, lib, ... }: {
+
+  # --- Utilisateur dédié ---
+  users.users.git = {
+    isSystemUser = true;
+    home = "/var/lib/forgejo";
+    shell = pkgs.bash;
+    group = "git";
+  };
+  users.groups.git = {};
+
+  # --- Forgejo ---
+  services.forgejo = {
+    enable = true;
+    user = "git";
+    group = "git";
+    database = {
+      type = "sqlite3";
+      path = "/var/lib/forgejo/data/gitea.db";
+    };
+    settings = {
+      server = {
+        DOMAIN = "git.lomig.me";
+        ROOT_URL = "https://git.lomig.me/";
+        SSH_DOMAIN = "git.lomig.me";
+        HTTP_PORT = 3000;
+        SSH_PORT = 22;
+        START_SSH_SERVER = false;
+      };
+      service = {
+        DISABLE_REGISTRATION = true;
+        REGISTER_EMAIL_CONFIRM = false;
+      };
+      repository = {
+        DEFAULT_BRANCH = "main";
+      };
+    };
+  };
+
+  # --- Ouvrir les ports nécessaires ---
+  networking.firewall.allowedTCPPorts = [ 80 443 2222 ];
+
+  # --- Rediriger port SSH interne de Forgejo ---
+  services.openssh.enable = true;
+  networking.firewall.interfaces."eth0".allowedTCPPorts = [ 22 ]; # pour admin
+
+  # --- Caddy pour git.lomig.me ---
+  services.caddy = {
+    enable = true;
+    virtualHosts."git.lomig.me" = {
+      extraConfig = ''
+        reverse_proxy localhost:3000
+      '';
+    };
+  };
+
+  # --- Pour que Forgejo génère les bonnes URLs Git ---
+#  networking.hostName = "git"; # non strictement obligatoire
+
+  # --- Optionnel : config DNS ---
+  # git.lomig.me -> ton IP publique (ou IP locale si LAN)
+
+  # --- Pour te cloner un dépôt : ---
+  # git clone git@git.lomig.me:lomig/nom-du-repo.git
+
+  # --- Astuce : génère une paire de clés pour l’accès SSH Git ---
+  # ssh-keygen -t ed25519 -f ~/.ssh/id_git_forgejo
+  # puis ajoute la clé publique dans ton compte Forgejo
+
+}
+
diff --git a/modules/services/pihole.nix b/modules/services/pihole.nix
new file mode 100644
index 0000000..f3c7783
--- /dev/null
+++ b/modules/services/pihole.nix
@@ -0,0 +1,24 @@
+{
+  virtualisation.oci-containers.containers.pihole = {
+    image = "pihole/pihole:latest";
+    autoStart = true;
+
+    ports = [
+      "53:53/udp"
+      "53:53/tcp"
+      "80:80/tcp"
+    ];
+
+    environment = {
+      TZ = "Europe/Paris";
+      WEBPASSWORD = "changeme";  # Change à ta convenance
+      PIHOLE_DNS_ = "1.1.1.1;1.0.0.1";
+    };
+
+    volumes = [
+      "/srv/pihole/etc-pihole:/etc/pihole"
+      "/srv/pihole/etc-dnsmasq.d:/etc/dnsmasq.d"
+    ];
+    extraOptions = [ "--cap-add=NET_ADMIN" ];
+  };
+}