Forgejo: enable Git LFS

infra/common/default.nix

@@ -1,4 +1,4 @@
-{ lib, ... }:
+{ lib, pkgs, ... }:
 
 let
   inherit (lib) mkDefault;
@@ -15,4 +15,23 @@ in
   i18n.defaultLocale = "en_US.UTF-8";
   system.stateVersion = "24.05"; # do not change
   nixpkgs.hostPlatform = mkDefault "x86_64-linux";
+
+  environment.systemPackages = with pkgs; [
+    (pkgs.vim_configurable.customize {
+      name = "vim";
+      vimrcConfig.packages.myplugins = with pkgs.vimPlugins; {
+        start = [ vim-nix ]; # load plugin on startup
+      };
+      vimrcConfig.customRC = ''
+        " your custom vimrc
+        set nocompatible
+        set backspace=indent,eol,start
+        " Turn on syntax highlighting by default
+        syntax on
+        " ...
+      '';
+    })
+    wget
+    subversion
+  ];
 }

infra/common/users.nix

@@ -29,9 +29,11 @@
 
   security.sudo.wheelNeedsPassword = false;
 
+  nix.settings.trusted-users = [ "@wheel" ];
+
   ## FIXME: Remove direct root authentication once NixOps4 supports users with
   ## password-less sudo.
-  users.root.openssh.authorizedKeys.keys = [
+  users.users.root.openssh.authorizedKeys.keys = [
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEElREJN0AC7lbp+5X204pQ5r030IbgCllsIxyU3iiKY"
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJg5TlS1NGCRZwMjDgBkXeFUXqooqRlM8fJdBAQ4buPg"
   ];

infra/flake-part.nix

@@ -17,11 +17,7 @@
           };
           nixpkgs = inputs.nixpkgs;
           nixos.module = {
-            imports = [
-              ./vm02116/configuration.nix
-              ./vm02116/forgejo.nix
-              ./vm02116/hardware-configuration.nix
-            ];
+            imports = [ ./vm02116 ];
           };
         };
 
@@ -35,11 +31,7 @@
           };
           nixpkgs = inputs.nixpkgs;
           nixos.module = {
-            imports = [
-              ./vm02179/configuration.nix
-              ./vm02179/hardware-configuration.nix
-              ./vm02179/gitea-runner.nix
-            ];
+            imports = [ ./vm02179 ];
           };
         };
 
@@ -53,11 +45,7 @@
           };
           nixpkgs = inputs.nixpkgs;
           nixos.module = {
-            imports = [
-              ./vm02186/procolix-configuration.nix
-              ./vm02186/hardware-configuration.nix
-              ./vm02186/gitea-runner.nix
-            ];
+            imports = [ ./vm02186 ];
           };
         };
       };
@@ -79,10 +67,7 @@
           };
           nixpkgs = inputs.nixpkgs;
           nixos.module = {
-            imports = [
-              ./vm02187/configuration.nix
-              ./vm02187/hardware-configuration.nix
-            ];
+            imports = [ ./vm02187 ];
           };
         };
       };

infra/vm02116/configuration.nix

@@ -1,38 +0,0 @@
-{ pkgs, ... }:
-
-{
-  imports = [ ../common ];
-
-  procolix.vm = {
-    name = "vm02116";
-    ip4 = "185.206.232.34";
-    ip6 = "2a00:51c0:12:1201::20";
-  };
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  environment.systemPackages = with pkgs; [
-    (pkgs.vim_configurable.customize {
-      name = "vim";
-      vimrcConfig.packages.myplugins = with pkgs.vimPlugins; {
-        start = [ vim-nix ]; # load plugin on startup
-      };
-      vimrcConfig.customRC = ''
-        " your custom vimrc
-        set nocompatible
-        set backspace=indent,eol,start
-        " Turn on syntax highlighting by default
-        syntax on
-        " ...
-      '';
-    })
-    wget
-    subversion
-  ];
-
-  ## vm02116 is running on old hardware based on a Xen VM environment, so it
-  ## needs these extra options. Once the VM gets moved to a newer node, these
-  ## two options can safely be removed.
-  boot.initrd.availableKernelModules = [ "xen_blkfront" ];
-  services.xe-guest-utilities.enable = true;
-}

infra/vm02116/default.nix

@@ -0,0 +1,28 @@
+{
+  imports = [
+    ../common
+    ./forgejo.nix
+  ];
+
+  procolix.vm = {
+    name = "vm02116";
+    ip4 = "185.206.232.34";
+    ip6 = "2a00:51c0:12:1201::20";
+  };
+
+  ## vm02116 is running on old hardware based on a Xen VM environment, so it
+  ## needs these extra options. Once the VM gets moved to a newer node, these
+  ## two options can safely be removed.
+  boot.initrd.availableKernelModules = [ "xen_blkfront" ];
+  services.xe-guest-utilities.enable = true;
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/3802a66d-e31a-4650-86f3-b51b11918853";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/2CE2-1173";
+    fsType = "vfat";
+  };
+}

infra/vm02116/forgejo.nix

@@ -5,6 +5,7 @@ in
 {
   services.forgejo = {
     enable = true;
+    lfs.enable = true;
     settings = {
       service = {
         DISABLE_REGISTRATION = true;

infra/vm02116/hardware-configuration.nix

@@ -1,11 +0,0 @@
-{
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/3802a66d-e31a-4650-86f3-b51b11918853";
-    fsType = "ext4";
-  };
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/2CE2-1173";
-    fsType = "vfat";
-  };
-}

infra/vm02179/configuration.nix

@@ -1,35 +0,0 @@
-{ pkgs, ... }:
-
-{
-  imports = [ ../common ];
-
-  procolix.vm = {
-    name = "vm02179";
-    ip4 = "185.206.232.179";
-    ip6 = "2a00:51c0:12:1201::179";
-  };
-
-  nix = {
-    settings.trusted-users = [ "@wheel" ];
-  };
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  environment.systemPackages = with pkgs; [
-    (pkgs.vim_configurable.customize {
-      name = "vim";
-      vimrcConfig.packages.myplugins = with pkgs.vimPlugins; {
-        start = [ vim-nix ]; # load plugin on startup
-      };
-      vimrcConfig.customRC = ''
-        " your custom vimrc
-        set nocompatible
-        set backspace=indent,eol,start
-        " Turn on syntax highlighting by default
-        syntax on
-        " ...
-      '';
-    })
-    wget
-  ];
-}

infra/vm02179/default.nix

@@ -1,4 +1,15 @@
 {
+  imports = [
+    ../common
+    ./gitea-runner.nix
+  ];
+
+  procolix.vm = {
+    name = "vm02179";
+    ip4 = "185.206.232.179";
+    ip6 = "2a00:51c0:12:1201::179";
+  };
+
   fileSystems."/" = {
     device = "/dev/disk/by-uuid/119863f8-55cf-4e2f-ac17-27599a63f241";
     fsType = "ext4";

infra/vm02186/default.nix

@@ -1,4 +1,15 @@
 {
+  imports = [
+    ../common
+    ./gitea-runner.nix
+  ];
+
+  procolix.vm = {
+    name = "vm02186";
+    ip4 = "185.206.232.186";
+    ip6 = "2a00:51c0:12:1201::186";
+  };
+
   fileSystems."/" = {
     device = "/dev/disk/by-uuid/833ac0f9-ad8c-45ae-a9bf-5844e378c44a";
     fsType = "ext4";

infra/vm02186/procolix-configuration.nix

@@ -1,31 +0,0 @@
-{ pkgs, ... }:
-
-{
-  imports = [ ../common ];
-
-  procolix.vm = {
-    name = "vm02186";
-    ip4 = "185.206.232.186";
-    ip6 = "2a00:51c0:12:1201::186";
-  };
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  environment.systemPackages = with pkgs; [
-    (pkgs.vim_configurable.customize {
-      name = "vim";
-      vimrcConfig.packages.myplugins = with pkgs.vimPlugins; {
-        start = [ vim-nix ]; # load plugin on startup
-      };
-      vimrcConfig.customRC = ''
-        " your custom vimrc
-        set nocompatible
-        set backspace=indent,eol,start
-        " Turn on syntax highlighting by default
-        syntax on
-        " ...
-      '';
-    })
-    wget
-  ];
-}

infra/vm02187/default.nix

@@ -1,4 +1,15 @@
 {
+  imports = [
+    ../common
+    ./wiki.nix
+  ];
+
+  procolix.vm = {
+    name = "vm02187";
+    ip4 = "185.206.232.187";
+    ip6 = "2a00:51c0:12:1201::187";
+  };
+
   fileSystems."/" = {
     device = "/dev/disk/by-uuid/a46a9c46-e32b-4216-a4aa-8819b2cd0d49";
     fsType = "ext4";

infra/vm02187/wiki.nix

@@ -1,14 +1,6 @@
 { pkgs, ... }:
 
 {
-  imports = [ ../common ];
-
-  procolix.vm = {
-    name = "vm02187";
-    ip4 = "185.206.232.187";
-    ip6 = "2a00:51c0:12:1201::187";
-  };
-
   services.phpfpm.pools.mediawiki.phpOptions = ''
     upload_max_filesize = 1024M;
     post_max_size = 1024M;
@@ -70,24 +62,4 @@
   };
 
   users.users.nginx.extraGroups = [ "acme" ];
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  environment.systemPackages = with pkgs; [
-    (pkgs.vim_configurable.customize {
-      name = "vim";
-      vimrcConfig.packages.myplugins = with pkgs.vimPlugins; {
-        start = [ vim-nix ]; # load plugin on startup
-      };
-      vimrcConfig.customRC = ''
-        " your custom vimrc
-        set nocompatible
-        set backspace=indent,eol,start
-        " Turn on syntax highlighting by default
-        syntax on
-        " ...
-      '';
-    })
-    wget
-  ];
 }