diff --git a/config/globals.nix b/config/globals.nix index 7c64ec5..6977146 100644 --- a/config/globals.nix +++ b/config/globals.nix @@ -23,9 +23,8 @@ services = { forgejo = { - home = "/var/lib/forgejo"; + home = "/var/lib/services/forgejo"; url = "govel.porzh.me"; - user = "git"; port = 3000; }; goaccess = { diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix index 0cee315..ad0fb13 100644 --- a/modules/services/forgejo.nix +++ b/modules/services/forgejo.nix @@ -3,23 +3,23 @@ let globals = import ../../config/globals.nix; in { # --- Utilisateur dédié --- - users.users.${globals.services.forgejo.user} = { + users.users.git = { isSystemUser = true; - home = globals.services.forgejo.home; + home = "/var/lib/forgejo"; shell = pkgs.bash; - group = globals.services.forgejo.user; + group = "git"; }; - users.groups.${globals.services.forgejo.user} = {}; + users.groups.git = {}; # --- Forgejo --- services = { forgejo = { enable = true; - user = globals.services.forgejo.user; - group = globals.services.forgejo.user; + user = "git"; + group = "git"; database = { type = "sqlite3"; - path = "${globals.services.forgejo.home}/data/gitea.db"; + path = "/var/lib/forgejo/data/gitea.db"; }; settings = { server = { @@ -27,6 +27,7 @@ in { ROOT_URL = "https://${globals.services.forgejo.url}/"; SSH_DOMAIN = globals.services.forgejo.url; HTTP_PORT = globals.services.forgejo.port; + SSH_PORT = 22; START_SSH_SERVER = false; }; service = { @@ -48,5 +49,22 @@ in { }; }; }; - networking.firewall.allowedTCPPorts = [80 443 22 ]; + + # --- Ouvrir les ports nécessaires --- + networking.firewall = { + allowedTCPPorts = [80 443 2222]; + interfaces."eth0".allowedTCPPorts = [22]; + }; + # --- Pour que Forgejo génère les bonnes URLs Git --- + # networking.hostName = "git"; # non strictement obligatoire + + # --- Optionnel : config DNS --- + # git.lomig.me -> ton IP publique (ou IP locale si LAN) + + # --- Pour te cloner un dépôt : --- + # git clone git@git.lomig.me:lomig/nom-du-repo.git + + # --- Astuce : génère une paire de clés pour l’accès SSH Git --- + # ssh-keygen -t ed25519 -f ~/.ssh/id_git_forgejo + # puis ajoute la clé publique dans ton compte Forgejo } diff --git a/modules/services/goaccess.nix b/modules/services/goaccess.nix index 2cc069c..7391f20 100644 --- a/modules/services/goaccess.nix +++ b/modules/services/goaccess.nix @@ -6,23 +6,11 @@ in { goaccess ]; - environment.etc."local/bin/generate-goaccess.sh".text = '' - #!/bin/sh - set -eu - - RAW_LOG="/var/log/caddy/access-${globals.services.levr.url}.log" - CLEAN_LOG="/tmp/goaccess-clean.log" - REPORT="${globals.services.goaccess.home}/index.html" - - ${pkgs.gnugrep}/bin/grep -v '192.168.' "$RAW_LOG" > "$CLEAN_LOG" - ${pkgs.goaccess}/bin/goaccess "$CLEAN_LOG" --log-format=CADDY -o "$REPORT"; - ''; - environment.etc."local/bin/generate-goaccess.sh".mode = "0755"; - + # Service pour générer le rapport statique GoAccess systemd.services.goaccess-report = { description = "Generate GoAccess HTML report"; serviceConfig = { - ExecStart = "/etc/local/bin/generate-goaccess.sh"; + ExecStart = "${pkgs.goaccess}/bin/goaccess /var/log/caddy/access-${globals.services.levr.url}.log --log-format=CADDY -o ${globals.services.goaccess.home}/index.html"; }; }; @@ -47,8 +35,4 @@ in { }; }; }; - - systemd.tmpfiles.rules = [ - "d ${globals.services.goaccess.home} 0755 root root -" - ]; }