From f65c47213c7d5cc7fbc997add58ad2c3d9921b72 Mon Sep 17 00:00:00 2001 From: Dennis Date: Tue, 10 Mar 2026 20:07:40 +0100 Subject: [PATCH 01/10] adds memos configuration --- modules/hosts/dnsc-vps-sm/default.nix | 3 ++- modules/selfhosted/memos/default.nix | 17 +++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 modules/selfhosted/memos/default.nix diff --git a/modules/hosts/dnsc-vps-sm/default.nix b/modules/hosts/dnsc-vps-sm/default.nix index f5ea706..6e1c453 100644 --- a/modules/hosts/dnsc-vps-sm/default.nix +++ b/modules/hosts/dnsc-vps-sm/default.nix @@ -21,6 +21,7 @@ in uptime-kuma homepage actual-server + memos ( { config, ... }: @@ -66,7 +67,7 @@ in restic.backupPaths = [ "/var/backup/vaultwarden" "/data/actual-server" - # TODO: Include memos path, maybe uptime kuma + "/data/memos" ]; } ) diff --git a/modules/selfhosted/memos/default.nix b/modules/selfhosted/memos/default.nix new file mode 100644 index 0000000..607748e --- /dev/null +++ b/modules/selfhosted/memos/default.nix @@ -0,0 +1,17 @@ +{ ... }: +{ + flake.modules.nixos.memos = + { pkgs, config, ... }: + { + services.memos = { + enable = true; + settings = { + MEMOS_MODE = "prod"; + MEMOS_PORT = "9003"; + MEMOS_DATA = "/data/memos"; + MEMOS_DRIVER = "sqlite"; + MEMOS_INSTANCE_URL = "https://notes.dnsc.io"; + }; + }; + }; +} From 546a298406ccdd75464a35825bb698aba9d8cb62 Mon Sep 17 00:00:00 2001 From: Dennis Date: Tue, 10 Mar 2026 20:18:44 +0100 Subject: [PATCH 02/10] disables systemd boot for vps --- modules/hosts/dnsc-vps-sm/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/hosts/dnsc-vps-sm/default.nix b/modules/hosts/dnsc-vps-sm/default.nix index 6e1c453..e050a93 100644 --- a/modules/hosts/dnsc-vps-sm/default.nix +++ b/modules/hosts/dnsc-vps-sm/default.nix @@ -44,6 +44,8 @@ in }; system.stateVersion = "24.11"; + boot.loader.systemd-boot.enable = false; + boot.loader.efi.canTouchEfiVariables = false; boot.tmp.cleanOnBoot = true; zramSwap.enable = true; # Fix due to https://github.com/NixOS/nixpkgs/issues/180175 From f9aee5f484b2aef1315ce7ce6c222bd19f8e3879 Mon Sep 17 00:00:00 2001 From: Dennis Date: Tue, 10 Mar 2026 20:21:32 +0100 Subject: [PATCH 03/10] forces overwrite of conflicting values --- modules/hosts/dnsc-vps-sm/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/hosts/dnsc-vps-sm/default.nix b/modules/hosts/dnsc-vps-sm/default.nix index e050a93..bf7ada3 100644 --- a/modules/hosts/dnsc-vps-sm/default.nix +++ b/modules/hosts/dnsc-vps-sm/default.nix @@ -24,7 +24,7 @@ in memos ( - { config, ... }: + { config, lib, ... }: { imports = [ ./_hardware-configuration.nix @@ -44,8 +44,8 @@ in }; system.stateVersion = "24.11"; - boot.loader.systemd-boot.enable = false; - boot.loader.efi.canTouchEfiVariables = false; + boot.loader.systemd-boot.enable = lib.mkForce false; + boot.loader.efi.canTouchEfiVariables = lib.mkForce false; boot.tmp.cleanOnBoot = true; zramSwap.enable = true; # Fix due to https://github.com/NixOS/nixpkgs/issues/180175 From f2d2d5b7922e90d6466bd5210b4d0ad6130c6872 Mon Sep 17 00:00:00 2001 From: Dennis Date: Tue, 10 Mar 2026 20:23:51 +0100 Subject: [PATCH 04/10] fixes secret path --- modules/hosts/dnsc-vps-sm/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/hosts/dnsc-vps-sm/default.nix b/modules/hosts/dnsc-vps-sm/default.nix index bf7ada3..c8805ae 100644 --- a/modules/hosts/dnsc-vps-sm/default.nix +++ b/modules/hosts/dnsc-vps-sm/default.nix @@ -57,7 +57,7 @@ in "${config.users.users.dennis.home}/.ssh/id_ed25519" ]; secrets."vaultwarden/env" = { - file = "${secretsDir}/vaultwarden/env"; + file = "${secretsDir}/vaultwarden/env.age"; }; secrets."restic/password" = { file = "${secretsDir}/restic/password.age"; From 31976a7c9caec8879f40b15be454a6028d541212 Mon Sep 17 00:00:00 2001 From: Dennis Date: Tue, 10 Mar 2026 20:39:55 +0100 Subject: [PATCH 05/10] adapts backup paths --- modules/hosts/dnsc-vps-sm/default.nix | 6 ++++-- modules/selfhosted/homepage/default.nix | 2 +- modules/selfhosted/memos/default.nix | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/modules/hosts/dnsc-vps-sm/default.nix b/modules/hosts/dnsc-vps-sm/default.nix index c8805ae..b08be8e 100644 --- a/modules/hosts/dnsc-vps-sm/default.nix +++ b/modules/hosts/dnsc-vps-sm/default.nix @@ -68,8 +68,10 @@ in restic.repository = "sftp:dnsc-storage:restic/dnsc-server"; restic.backupPaths = [ "/var/backup/vaultwarden" - "/data/actual-server" - "/data/memos" + "/var/lib/vaultwarden" + "/var/lib/actual-server" + "/var/lib/memos" + "/var/lib/uptime-kuma" ]; } ) diff --git a/modules/selfhosted/homepage/default.nix b/modules/selfhosted/homepage/default.nix index e55d206..0ac7fc8 100644 --- a/modules/selfhosted/homepage/default.nix +++ b/modules/selfhosted/homepage/default.nix @@ -52,7 +52,7 @@ { title = "Notes"; url = "https://notes.dnsc.io"; - icon = "si:memos"; + icon = "si:parrotsecurity"; } { title = "Uptime Kuma"; diff --git a/modules/selfhosted/memos/default.nix b/modules/selfhosted/memos/default.nix index 607748e..24b6c3f 100644 --- a/modules/selfhosted/memos/default.nix +++ b/modules/selfhosted/memos/default.nix @@ -8,7 +8,7 @@ settings = { MEMOS_MODE = "prod"; MEMOS_PORT = "9003"; - MEMOS_DATA = "/data/memos"; + MEMOS_DATA = "/var/lib/memos"; MEMOS_DRIVER = "sqlite"; MEMOS_INSTANCE_URL = "https://notes.dnsc.io"; }; From 1e9cacb761af7438dfc11944aa88d119ff69df18 Mon Sep 17 00:00:00 2001 From: Dennis Date: Wed, 11 Mar 2026 22:42:54 +0100 Subject: [PATCH 06/10] configures forgejo --- modules/hosts/dnsc-vps-sm/default.nix | 3 +++ modules/selfhosted/caddy/default.nix | 3 +++ modules/selfhosted/forgejo/default.nix | 26 ++++++++++++++++++++++++++ secrets/forgejo/mail-password.age | 9 +++++++++ secrets/secrets.nix | 1 + 5 files changed, 42 insertions(+) create mode 100644 modules/selfhosted/forgejo/default.nix create mode 100644 secrets/forgejo/mail-password.age diff --git a/modules/hosts/dnsc-vps-sm/default.nix b/modules/hosts/dnsc-vps-sm/default.nix index b08be8e..d8f8d3a 100644 --- a/modules/hosts/dnsc-vps-sm/default.nix +++ b/modules/hosts/dnsc-vps-sm/default.nix @@ -62,6 +62,9 @@ in secrets."restic/password" = { file = "${secretsDir}/restic/password.age"; }; + secrets."forgejo/mail-password" = { + file = "${secretsDir}/forgejo/mail-password.age"; + }; }; # Custom Module Options diff --git a/modules/selfhosted/caddy/default.nix b/modules/selfhosted/caddy/default.nix index b7da834..efca4e8 100644 --- a/modules/selfhosted/caddy/default.nix +++ b/modules/selfhosted/caddy/default.nix @@ -35,6 +35,9 @@ virtualHosts."notes.dnsc.io".extraConfig = '' reverse_proxy localhost:9003 ''; + virtualHosts."git.dnsc.io".extraConfig = '' + reverse_proxy localhost:9004 + ''; }; }; } diff --git a/modules/selfhosted/forgejo/default.nix b/modules/selfhosted/forgejo/default.nix new file mode 100644 index 0000000..c7c052a --- /dev/null +++ b/modules/selfhosted/forgejo/default.nix @@ -0,0 +1,26 @@ +{ ... }: +{ + flake.modules.nixos.forgejo = + { pkgs, config, ... }: + { + services.forgejo = { + enable = true; + lfs.enable = true; + settings = { + server = { + DOMAIN = "git.dnsc.io"; + ROOT_URL = "https://git.dnsc.io/"; + HTTP_PORT = 9004; + }; + service.DISABLE_REGISTRATION = false; + mailer = { + ENABLED = true; + SMTP_ADDR = "me@dnsc.io"; + FROM = "git@dnsc.io"; + USER = "git@dnsc.io"; + }; + }; + secrets.mailer.PASSWD = config.age.secrets."forgejo/mail-password".path; + }; + }; +} diff --git a/secrets/forgejo/mail-password.age b/secrets/forgejo/mail-password.age new file mode 100644 index 0000000..ec441e8 --- /dev/null +++ b/secrets/forgejo/mail-password.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 JIw3cQ 6dRa6cCY05awbR5Ypq89K9nAPN1SBcoz67RrZ2PLvWE +yYJn+UHJHt+DX34+EHneLuCWDs4qw7l/+LUVe3DaVEo +-> ssh-ed25519 HufN+g Avtl/q3JuMecU5fFnGHqByHg5y/ZMVN90UDB325Mhi4 +7Mw+QqltaEDAOCCSlAG/aBOayGBxtOeiJwRfdXGX2ow +-> ssh-ed25519 cTYF0w 8VwH3Yz2dUAhAVBHeeZL7leSmyUQfMusiAEFLGnafhQ +mtc13Xfnc7X42iMgrxGVdLWk54H9IjjmTI2T26jWMXQ +--- bVcpPfFruDRU3VEipqVt6ztjsOon71V38jKdDQkhvQA +v'?cg܉ 8`neo *V GJ vNBSoC \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index cedfc8a..ff10e5a 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -12,6 +12,7 @@ in # Add like this: "secret1.age".publicKeys = systems; "vaultwarden/env.age".publicKeys = systems; "restic/password.age".publicKeys = systems; + "forgejo/mail-password.age".publicKeys = systems; } # 1. Create a file with secret From 3397c8541cabdbf34bb3fbbe1b014c0256911f1b Mon Sep 17 00:00:00 2001 From: Dennis Date: Wed, 11 Mar 2026 22:44:19 +0100 Subject: [PATCH 07/10] includes forgejo in vps --- modules/hosts/dnsc-vps-sm/default.nix | 1 + modules/selfhosted/forgejo/default.nix | 8 +++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/modules/hosts/dnsc-vps-sm/default.nix b/modules/hosts/dnsc-vps-sm/default.nix index d8f8d3a..ff4dfc5 100644 --- a/modules/hosts/dnsc-vps-sm/default.nix +++ b/modules/hosts/dnsc-vps-sm/default.nix @@ -22,6 +22,7 @@ in homepage actual-server memos + forgejo ( { config, lib, ... }: diff --git a/modules/selfhosted/forgejo/default.nix b/modules/selfhosted/forgejo/default.nix index c7c052a..ddce6c0 100644 --- a/modules/selfhosted/forgejo/default.nix +++ b/modules/selfhosted/forgejo/default.nix @@ -1,7 +1,12 @@ { ... }: { flake.modules.nixos.forgejo = - { pkgs, config, ... }: + { + pkgs, + config, + lib, + ... + }: { services.forgejo = { enable = true; @@ -11,6 +16,7 @@ DOMAIN = "git.dnsc.io"; ROOT_URL = "https://git.dnsc.io/"; HTTP_PORT = 9004; + SSH_PORT = lib.head config.services.openssh.ports; }; service.DISABLE_REGISTRATION = false; mailer = { From d40cbe396ef691fdb2331ee22dd766d3de780ed3 Mon Sep 17 00:00:00 2001 From: Dennis Date: Wed, 11 Mar 2026 22:51:58 +0100 Subject: [PATCH 08/10] adds forgejo directory to backup --- modules/hosts/dnsc-vps-sm/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/hosts/dnsc-vps-sm/default.nix b/modules/hosts/dnsc-vps-sm/default.nix index ff4dfc5..a6b66ff 100644 --- a/modules/hosts/dnsc-vps-sm/default.nix +++ b/modules/hosts/dnsc-vps-sm/default.nix @@ -76,6 +76,7 @@ in "/var/lib/actual-server" "/var/lib/memos" "/var/lib/uptime-kuma" + "/var/lib/forgejo" ]; } ) From 5d350680504dd5787c56ec771c329832dafd25b5 Mon Sep 17 00:00:00 2001 From: Dennis Date: Wed, 11 Mar 2026 23:02:49 +0100 Subject: [PATCH 09/10] adds root to secrets --- secrets/secrets.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/secrets/secrets.nix b/secrets/secrets.nix index ff10e5a..b15d5f3 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -2,9 +2,11 @@ let dnsc-air = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvXWZOPOJJDAoF+Sx/ZLoAVu6G/7/MAWoknBgMAzjul dennis@dnsc-mac"; dnsc-vps-sm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF/sUA38t7TI1LYADLBn898Hh0MTR4maiHVwEtDoN9W5 dnsc-vps-sm"; dnsc-server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM3mkEgvHrwjsEReHQHpLbMP71JLvp6XxMPyW7PTaLCd dennis@dnsc-server"; + dnsc-vps-sm-r = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKCIgMI4LjpYuVcFEhSM3VIYvOEb94jW/fJS+HZwPog8 root@dnsc-vps-sm"; systems = [ dnsc-air dnsc-vps-sm + dnsc-vps-sm-r dnsc-server ]; in From f7e4fdb662ed916990e00349dd7f5906b87d9ce6 Mon Sep 17 00:00:00 2001 From: Dennis Date: Wed, 11 Mar 2026 23:07:47 +0100 Subject: [PATCH 10/10] adds forgejo to hompage --- modules/selfhosted/forgejo/default.nix | 2 +- modules/selfhosted/homepage/default.nix | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/selfhosted/forgejo/default.nix b/modules/selfhosted/forgejo/default.nix index ddce6c0..cc7f5bc 100644 --- a/modules/selfhosted/forgejo/default.nix +++ b/modules/selfhosted/forgejo/default.nix @@ -18,7 +18,7 @@ HTTP_PORT = 9004; SSH_PORT = lib.head config.services.openssh.ports; }; - service.DISABLE_REGISTRATION = false; + service.DISABLE_REGISTRATION = true; mailer = { ENABLED = true; SMTP_ADDR = "me@dnsc.io"; diff --git a/modules/selfhosted/homepage/default.nix b/modules/selfhosted/homepage/default.nix index 0ac7fc8..9131164 100644 --- a/modules/selfhosted/homepage/default.nix +++ b/modules/selfhosted/homepage/default.nix @@ -49,6 +49,11 @@ url = "https://vault.dnsc.io"; icon = "si:vaultwarden"; } + { + title = "Forgejo"; + url = "https://git.dnsc.io"; + icon = "si:forgejo"; + } { title = "Notes"; url = "https://notes.dnsc.io";