nixos-config/machines/renge/services/forgejo.nix

82 lines
1.9 KiB
Nix
Raw Permalink Normal View History

{ config, lib, pkgs, ... }:
2021-02-21 13:04:36 +01:00
let
2023-12-10 15:36:11 +01:00
cfg = config.services.forgejo;
2021-02-21 13:04:36 +01:00
in
{
2023-12-10 15:36:11 +01:00
sops.secrets.forgejo-mail = {
owner = cfg.user;
sopsFile = ../secrets.yaml;
};
2023-12-10 15:36:11 +01:00
systemd.services.forgejo.serviceConfig.SupplementaryGroups = lib.singleton "keys";
2021-02-21 13:04:36 +01:00
2023-12-10 15:36:11 +01:00
services.forgejo = {
2021-02-21 13:04:36 +01:00
enable = true;
lfs = {
enable = true;
};
database.type = "postgres";
2023-12-10 15:36:11 +01:00
mailerPasswordFile = config.sops.secrets.forgejo-mail.path;
2021-02-21 13:04:36 +01:00
settings = {
2023-12-10 15:36:11 +01:00
DEFAULT = {
APP_NAME = "sbrudergit";
};
2021-02-21 13:04:36 +01:00
mailer = {
ENABLED = true;
2023-12-10 15:36:11 +01:00
PROTOCOL = "smtps";
SMTP_ADDR = "vueko.sbruder.de";
FROM = "forgejo@sbruder.de";
USER = "forgejo@sbruder.de";
2021-02-21 13:04:36 +01:00
};
avatar = {
DISABLE_GRAVATAR = true;
};
server = {
2023-05-30 11:51:53 +02:00
# http server
DOMAIN = "git.sbruder.de";
PROTOCOL = "http+unix";
ROOT_URL = "https://git.sbruder.de/";
2021-02-21 13:04:36 +01:00
# privacy
DISABLE_ROUTER_LOG = true;
OFFLINE_MODE = true;
# internal ssh server
BUILTIN_SSH_SERVER_USER = "git";
START_SSH_SERVER = true;
2022-12-10 15:15:11 +01:00
SSH_PORT = 2022;
2023-12-10 15:36:11 +01:00
SSH_SERVER_HOST_KEYS = "ssh/forgejo.ed25519,ssh/forgejo.rsa";
2021-02-21 13:04:36 +01:00
};
service = {
DEFAULT_ALLOW_CREATE_ORGANIZATION = false;
2021-02-21 13:04:36 +01:00
DEFAULT_KEEP_EMAIL_PRIVATE = true;
ENABLE_NOTIFY_MAIL = true;
NO_REPLY_ADDRESS = "users.git.sbruder.de";
REGISTER_MANUAL_CONFIRM = true;
2021-02-21 13:04:36 +01:00
};
2021-04-19 14:35:42 +02:00
session = {
PROVIDER = "file";
2022-12-10 15:15:11 +01:00
COOKIE_SECURE = true;
};
log = {
LEVEL = "Warn";
2021-04-19 14:35:42 +02:00
};
2021-02-21 13:04:36 +01:00
};
};
2022-12-10 15:15:11 +01:00
networking.firewall.allowedTCPPorts = [ cfg.settings.server.SSH_PORT ];
2021-02-21 13:04:36 +01:00
services.nginx.virtualHosts."git.sbruder.de" = {
enableACME = true;
forceSSL = true;
locations."/" = {
2023-12-10 15:36:11 +01:00
proxyPass = "http://unix:/run/forgejo/forgejo.sock";
2021-02-21 13:04:36 +01:00
};
extraConfig = ''
client_max_body_size 1G; # Git LFS
'';
2021-02-21 13:04:36 +01:00
};
}