jasmine
b0bfb37d3c
Migrate from path-based persistence (/persist/var/lib/*) to dedicated BTRFS subvolumes for better data isolation and snapshot capabilities. - Move valuable user-facing services to /srv/* with srv-* subvolumes: - forgejo: git repositories and database - opengist: paste data - minecraft: game world data - lighttpd: static web content - containers: OCI container volumes - Update home directory to use hm-sajenim subvolume on viridian disk - Remove jupyterhub service (no longer in use) - Update borgbackup paths to match new service locations - Follow upstream service defaults where possible for maintainability Services kept on /persist (disposable state): - traefik, crowdsec, murmur
45 lines
1,016 B
Nix
45 lines
1,016 B
Nix
{config, ...}: let
|
|
hostname = config.networking.hostName;
|
|
in {
|
|
services.forgejo = {
|
|
enable = true;
|
|
stateDir = "/srv/forgejo";
|
|
settings = {
|
|
server = {
|
|
DOMAIN = "git.sajenim.dev";
|
|
ROOT_URL = "https://git.sajenim.dev";
|
|
HTTP_PORT = 3131;
|
|
LANDING_PAGE = "/jasmine";
|
|
};
|
|
service = {
|
|
DISABLE_REGISTRATION = true;
|
|
};
|
|
log.LEVEL = "Info";
|
|
};
|
|
};
|
|
|
|
services.traefik.dynamicConfigOptions.http.routers = {
|
|
forgejo = {
|
|
rule = "Host(`git.sajenim.dev`)";
|
|
entryPoints = [
|
|
"websecure"
|
|
];
|
|
service = "forgejo";
|
|
};
|
|
};
|
|
|
|
services.traefik.dynamicConfigOptions.http.services = {
|
|
forgejo.loadBalancer.servers = [
|
|
{url = "http://127.0.0.1:${toString config.services.forgejo.settings.server.HTTP_PORT}";}
|
|
];
|
|
};
|
|
|
|
fileSystems."/srv/forgejo" = {
|
|
device = "/dev/disk/by-label/${hostname}";
|
|
fsType = "btrfs";
|
|
options = [
|
|
"subvol=srv-forgejo"
|
|
"compress=zstd"
|
|
];
|
|
};
|
|
}
|