services: forgejo: Allow SSH login.

* rosenthal/services/web.scm (%forgejo-accounts): All SSH login.
services: Add forgejo-service-type.
2025-07-09 09:55:29 +00:00 · 2025-01-19 23:45:48 +08:00 · 2025-01-19 23:29:00 +08:00 · 2025-01-19 21:04:49 +08:00
3 changed files with 182 additions and 3 deletions
--- a/README.org
+++ b/README.org
@ -1,5 +1,4 @@
 # SPDX-FileCopyrightText: 2022, 2024 Hilton Chain <hako@ultrarare.space>
 #
 # SPDX-License-Identifier: CC0-1.0
 #+TITLE: Rosenthal - A certain Guix channel
@ -89,6 +88,7 @@ Rosenthal 頻道定義如下，將其加入 =~/.config/guix/channels.scm= 以由
 + dnsmasq-china-list
 + emacs-pcmpl-tailscale
 + emacs-wakatime-mode
 + forgejo
 + grub-efi-luks2
 + socks2http
 + tree-sitter-yaml
@ -114,6 +114,7 @@ Nonfree Software / 非自由軟件：
 + clash-service-type
 + docker-mailserver-service-type
 + iwd-service-type
 + forgejo-service-type
 + jellyfin-service-type
 + miniflux-service-type
 + misskey-service-type
--- a/rosenthal/packages/web.scm
+++ b/rosenthal/packages/web.scm
@ -1,10 +1,15 @@
-;; SPDX-FileCopyrightText: 2022 Hilton Chain <hako@ultrarare.space>
+;; SPDX-FileCopyrightText: 2022, 2025 Hilton Chain <hako@ultrarare.space>
 ;;
 ;; SPDX-License-Identifier: GPL-3.0-or-later
 (define-module (rosenthal packages web)
  #:use-module ((guix licenses) #:prefix license:)
  #:use-module (guix gexp)
  #:use-module (guix packages)
  #:use-module (guix download)
  #:use-module (guix git-download)
  #:use-module (guix build-system go)
  #:use-module (gnu packages golang)
  #:use-module (gnu packages web))
 (define-public buku-run-dev
@ -23,3 +28,77 @@
                (sha256
                 (base32
                  "079ygn39px71bypa54jn4z55iq24lxxcy7jv3ijy08iinqbfvldc")))))))
 ;; TODO: Package Forgejo without vendored dependencies.
 (define-public forgejo
  (package
    (name "forgejo")
    (version "10.0.0")
    (source (origin
              (method url-fetch)
              (uri (string-append
                    "https://codeberg.org/forgejo/forgejo/releases/download/v"
                    version "/forgejo-src-" version ".tar.gz"))
              (sha256
               (base32
                "0lwqn8l7dys7nnha47a05n865dsb13f973fkm167m3x8mwm8vm5i"))))
    (build-system go-build-system)
    (arguments
     (list #:go go-1.23
           #:install-source? #f
           #:tests? #f                  ;TODO
           #:import-path "code.gitea.io/gitea"
           #:build-flags
           #~(list (string-append
                    "-ldflags="
                    " -X main.ReleaseVersion=" #$(package-version this-package)
                    " -X main.Version=" #$(package-version this-package)
                    " -X main.ForgejoVersion=" #$(package-version this-package)
                    " -X code.gitea.io/gitea/modules/setting.AppWorkPath=/var/lib/forgejo"
                    " -X code.gitea.io/gitea/modules/setting.CustomPath=" #$output "/etc/forgejo"
                    " -X code.gitea.io/gitea/modules/setting.CustomConf=/etc/forgejo/app.ini"))
           #:modules
           '(((guix build gnu-build-system) #:prefix gnu:)
             (guix build go-build-system)
             (guix build union)
             (guix build utils))
           #:phases
           #~(modify-phases %standard-phases
               (replace 'unpack
                 (assoc-ref gnu:%standard-phases 'unpack))
               (add-after 'unpack 'support-module
                 (lambda _
                   (unsetenv "GO111MODULE")
                   (substitute* "go.mod"
                     (("^toolchain.*") ""))))
               (replace 'build
                 (lambda* (#:key build-flags (parallel-build? #t)
                           #:allow-other-keys)
                   (let* ((njobs (if parallel-build? (parallel-job-count) 1)))
                     (setenv "GOMAXPROCS" (number->string njobs)))
                   (apply invoke "go" "install"
                          "-v" "-x"
                          "-ldflags=-s -w"
                          "-trimpath"
                          build-flags)))
               (replace 'install
                 (lambda _
                   (mkdir-p (in-vicinity #$output "/etc/forgejo"))
                   (copy-file
                    "custom/conf/app.example.ini"
                    (in-vicinity #$output "etc/forgejo/app.ini"))
                   (for-each
                    (lambda (dir)
                      (copy-recursively
                       dir (string-append #$output "/etc/forgejo/" dir)))
                    '("options" "public" "templates"))
                   (with-directory-excursion (in-vicinity #$output "bin")
                     (rename-file "gitea" "forgejo"))))
               (replace 'install-license-files
                 (assoc-ref gnu:%standard-phases 'install-license-files)))))
    (synopsis "Lightweight software forge")
    (description
     "Forgejo is a self-hosted lightweight software forge.  Easy to install and
 low maintenance, it just does the job.")
    (home-page "https://forgejo.org/")
    (license license:gpl3+)))
--- a/rosenthal/services/web.scm
+++ b/rosenthal/services/web.scm
@ -6,14 +6,20 @@
  #:use-module (guix gexp)
  #:use-module (guix records)
  #:use-module (gnu packages admin)
  #:use-module (gnu packages version-control)
  #:use-module (rosenthal packages web)
  #:use-module (gnu services)
  #:use-module (gnu services admin)
  #:use-module (gnu services configuration)
  #:use-module (gnu services databases)
  #:use-module (gnu services docker)
  #:use-module (gnu services shepherd)
  #:use-module (gnu system shadow)
  #:use-module (rosenthal utils home-services-utils)
-  #:export (jellyfin-configuration
+  #:export (forgejo-configuration
            forgejo-service-type
            jellyfin-configuration
            jellyfin-service-type
            misskey-configuration
@ -22,6 +28,99 @@
            vaultwarden-configuration
            vaultwarden-service-type))
 ;;
 ;; Forgejo
 ;;
 (define (file-object? val)
  (or (string? val)
      (file-like? val)))
 (define list-of-file-likes?
  (list-of file-like?))
 (define-configuration forgejo-configuration
  (forgejo
   (file-like forgejo)
   "Package to provide @file{/bin/forgejo}.")
  (git-packages
   (list-of-file-likes (list git git-lfs))
   "@code{git} and extension packages to install.")
  (config-file
   (file-object "/var/lib/forgejo/app.ini")
   "Filesystem path or file-like object of Forgejo configuration,
@file{app.ini}.")
  (no-serialization))
 (define %forgejo-accounts
  (list (user-group (name "forgejo") (system? #t))
        (user-account
         (name "forgejo")
         (group "forgejo")
         (system? #t)
         (comment "Forgejo user")
         (home-directory "/var/lib/forgejo"))))
 (define %forgejo-postgresql-role
  (list (postgresql-role
         (name "forgejo")
         (create-database? #t))))
 (define forgejo-activation
  #~(begin
      (use-modules (guix build utils))
      (let ((dir "/var/lib/forgejo")
            (user (getpwnam "forgejo")))
        (mkdir-p dir)
        (chown dir (passwd:uid user) (passwd:gid user))
        (chmod dir #o750))))
 (define forgejo-shepherd-service
  (match-record-lambda <forgejo-configuration>
      (forgejo config-file)
    (list (shepherd-service
           (documentation "Run Forgejo.")
           (provision '(forgejo))
           (requirement '(loopback postgresql))
           (start
            #~(make-forkexec-constructor
               (list #$(file-append forgejo "/bin/forgejo")
                     "--config" #$config-file)
               #:user "forgejo"
               #:group "forgejo"
               #:log-file "/var/log/forgejo.log"
               #:environment-variables
               '("GIT_EXEC_PATH=/run/current-system/profile/libexec/git-core"
                 "GIT_SSL_CAINFO=/run/current-system/profile/etc/ssl/certs/ca-certificates.crt"
                 "HOME=/var/lib/forgejo"
                 "PATH=/run/current-system/profile/bin"
                 "SSL_CERT_DIR=/run/current-system/profile/etc/ssl/certs"
                 "SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt")
               #:resource-limits '((nofile 524288 524288))))
           (stop
            #~(make-kill-destructor))
           (actions
            (list (shepherd-configuration-action config-file)))))))
 (define forgejo-service-type
  (service-type
   (name 'forgejo)
   (extensions
    (list (service-extension account-service-type
                             (const %forgejo-accounts))
          (service-extension postgresql-role-service-type
                             (const %forgejo-postgresql-role))
          (service-extension profile-service-type
                             forgejo-configuration-git-packages)
          (service-extension activation-service-type
                             (const forgejo-activation))
          (service-extension shepherd-root-service-type
                             forgejo-shepherd-service)))
   (default-value (forgejo-configuration))
   (description "Run Forgejo.")))
 ;;
 ;; Jellyfin
 ;;
Author	SHA1	Message	Date
Hilton Chain	7a6a28e872	services: forgejo: Allow SSH login. * rosenthal/services/web.scm (%forgejo-accounts): All SSH login.	2025-01-19 23:45:48 +08:00
Hilton Chain	42cfb096d4	services: Add forgejo-service-type.	2025-01-19 23:29:00 +08:00
Hilton Chain	a643e97280	rosenthal: Add forgejo. * rosenthal/packages/web.scm (forgejo): New variable. * README.org (Packages): Add it.	2025-01-19 21:04:49 +08:00