feat(services/forgejo): generalize configuration

raito commented

2025-02-23 23:55:48 +00:00

Owner

To welcome git.lix.systems in our ranks.

TODO:

overlay nix-forgejo to make it uniform
cleanup the UI fragment

Signed-off-by: Raito Bezarius masterancpp@gmail.com

To welcome git.lix.systems in our ranks. TODO: - [x] overlay `nix-forgejo` to make it uniform - [x] cleanup the UI fragment Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

raito referenced this pull request

2025-02-23 23:59:00 +00:00

Slowly absorb Lix infrastructure #89

raito changed title from ~~feat(services/forgejo): generalize configuration~~ to WIP: feat(services/forgejo): generalize configuration

2025-02-24 00:22:26 +00:00

emilylange force-pushed forgejo-lix from 41c66cb629 to 0b3487adfc

2025-02-25 16:01:15 +00:00

Compare

emilylange commented

2025-02-25 16:21:16 +00:00

Owner

@raito can you take a look at 41c66cb629..0b3487adfc (force push diff) and let me know what you think?

I removed a few things that are already the default upstream (like services.mysql and services.forgejo.database.user) and added an escape hatch (cfg.settings) and moved "git.timeout".MIGRATE out of the module.

Similarly, the Lix-specific values in ui and security.DISABLE_GIT_HOOKS can live outside the module now.

Also, is security.DISABLE_GIT_HOOKS actually actively used? I would prefer to drop it if not.

The git.lix.systems config could look something like:

Click to expand WIP config

{ pkgs, ... }:

{
  bagel.services.forgejo = {
    enable = true;
    enableForks = true;
    enablePackageRegistry = true;

    # sshBindAddr = "";

    domain = "git.lix.systems";
    package = pkgs.forgejo.overrideAttrs (old: { });

    appName = "Lix Systems";
    database.implementation = "mysql";

    # Note: Any setting specified in secrets always takes priority over the one in settings.
    secrets = {
      mailer = {
        # PASSWD = "";
        # USER = "";
      };
    };

    settings = {
      ui = {
        # Add the used emojis from https://volpeon.ink/emojis/ as well as https://github.com/chr-1x/dragn-emoji
        CUSTOM_EMOJIS = builtins.readFile ./emoji.txt;
        # Normal reaction emoji people always need.
        REACTIONS = "+1, -1, laugh, confused, heart, hooray, eyes, melting_face, neocat_scream_scared, neofox_scream_scared, drgn_scream, neocat_heart, neofox_heart, drgn_heart, neocat_floof_reach, neocat_pleading, neofox_floof_reach, neofox_pleading, drgn_pleading";

        THEMES = "lix-auto,lix-light,lix-dark,forgejo-auto,forgejo-light,forgejo-dark,gitea-auto,gitea-light,gitea-dark";

        DEFAULT_THEME = "lix-auto";
      };

      # Careful with these!
      security = {
        # Allow internal users with the right permissions to set up Git hooks.
        DISABLE_GIT_HOOKS = false;
      };
    };
  };
}

And I could restructure https://git.lix.systems/the-distro/nix-forgejo a bit and add a stable variant with the Lix patches instead of having them in-tree here.
I worry that we end up in a situation again where a simple nixpkgs bump is deferred because some patch does not apply.

@raito can you take a look at https://git.lix.systems/the-distro/infra/compare/41c66cb629a1628f58d2cab47b8806d0c3b4f213..0b3487adfca1a2a5e94126384a7a9a6dd0cde6c2 (force push diff) and let me know what you think? I removed a few things that are already the default upstream (like `services.mysql` and `services.forgejo.database.user`) and added an escape hatch (`cfg.settings`) and moved `"git.timeout".MIGRATE` out of the module. Similarly, the Lix-specific values in `ui` and `security.DISABLE_GIT_HOOKS` can live outside the module now. Also, is `security.DISABLE_GIT_HOOKS` actually actively used? I would prefer to drop it if not. The git.lix.systems config could look something like: <details> <summary>Click to expand WIP config</summary> ~~~nix { pkgs, ... }: { bagel.services.forgejo = { enable = true; enableForks = true; enablePackageRegistry = true; # sshBindAddr = ""; domain = "git.lix.systems"; package = pkgs.forgejo.overrideAttrs (old: { }); appName = "Lix Systems"; database.implementation = "mysql"; # Note: Any setting specified in secrets always takes priority over the one in settings. secrets = { mailer = { # PASSWD = ""; # USER = ""; }; }; settings = { ui = { # Add the used emojis from https://volpeon.ink/emojis/ as well as https://github.com/chr-1x/dragn-emoji CUSTOM_EMOJIS = builtins.readFile ./emoji.txt; # Normal reaction emoji people always need. REACTIONS = "+1, -1, laugh, confused, heart, hooray, eyes, melting_face, neocat_scream_scared, neofox_scream_scared, drgn_scream, neocat_heart, neofox_heart, drgn_heart, neocat_floof_reach, neocat_pleading, neofox_floof_reach, neofox_pleading, drgn_pleading"; THEMES = "lix-auto,lix-light,lix-dark,forgejo-auto,forgejo-light,forgejo-dark,gitea-auto,gitea-light,gitea-dark"; DEFAULT_THEME = "lix-auto"; }; # Careful with these! security = { # Allow internal users with the right permissions to set up Git hooks. DISABLE_GIT_HOOKS = false; }; }; }; } ~~~ </details> --- And I could restructure https://git.lix.systems/the-distro/nix-forgejo a bit and add a stable variant with the Lix patches instead of having them in-tree here. I worry that we end up in a situation again where a simple nixpkgs bump is deferred because some patch does not apply.

👍 1

raito commented

2025-03-08 17:53:54 +00:00

Author

Owner

@emilylange wrote in #179 (comment):

@raito can you take a look at 41c66cb629..0b3487adfc (force push diff) and let me know what you think?

I removed a few things that are already the default upstream (like services.mysql and services.forgejo.database.user) and added an escape hatch (cfg.settings) and moved "git.timeout".MIGRATE out of the module.

Similarly, the Lix-specific values in ui and security.DISABLE_GIT_HOOKS can live outside the module now.

Also, is security.DISABLE_GIT_HOOKS actually actively used? I would prefer to drop it if not.

The git.lix.systems config could look something like:

Click to expand WIP config
And I could restructure https://git.lix.systems/the-distro/nix-forgejo a bit and add a stable variant with the Lix patches instead of having them in-tree here. I worry that we end up in a situation again where a simple nixpkgs bump is deferred because some patch does not apply.

Looks good to me!

@emilylange wrote in https://git.lix.systems/the-distro/infra/pulls/179#issuecomment-9035: > @raito can you take a look at [`41c66cb629..0b3487adfc`](https://git.lix.systems/the-distro/infra/compare/41c66cb629a1628f58d2cab47b8806d0c3b4f213..0b3487adfca1a2a5e94126384a7a9a6dd0cde6c2) (force push diff) and let me know what you think? > > I removed a few things that are already the default upstream (like `services.mysql` and `services.forgejo.database.user`) and added an escape hatch (`cfg.settings`) and moved `"git.timeout".MIGRATE` out of the module. > > Similarly, the Lix-specific values in `ui` and `security.DISABLE_GIT_HOOKS` can live outside the module now. > > Also, is `security.DISABLE_GIT_HOOKS` actually actively used? I would prefer to drop it if not. > > The git.lix.systems config could look something like: > > Click to expand WIP config > And I could restructure https://git.lix.systems/the-distro/nix-forgejo a bit and add a stable variant with the Lix patches instead of having them in-tree here. I worry that we end up in a situation again where a simple nixpkgs bump is deferred because some patch does not apply. Looks good to me!