68 lines
1.6 KiB
Nix
68 lines
1.6 KiB
Nix
args@{ config, custom-utils, ... }:
|
|
let
|
|
domain = "git.jalr.de";
|
|
cfg = config.services.forgejo;
|
|
ports = import ../ports.nix args;
|
|
in
|
|
{
|
|
sops.secrets.forgejo-mail = {
|
|
owner = cfg.user;
|
|
sopsFile = ../secrets.yaml;
|
|
};
|
|
services.forgejo = {
|
|
enable = true;
|
|
lfs.enable = true;
|
|
mailerPasswordFile = config.sops.secrets.forgejo-mail.path;
|
|
settings = {
|
|
DEFAULT.APP_NAME = "jalr's git";
|
|
avatar.DISABLE_GRAVATAR = true;
|
|
mailer = {
|
|
ENABLED = true;
|
|
PROTOCOL = "smtps";
|
|
SMTP_ADDR = "hha.jalr.de";
|
|
FROM = "git@jalr.de";
|
|
USER = "git@jalr.de";
|
|
};
|
|
server = {
|
|
DOMAIN = domain;
|
|
PROTOCOL = "http+unix";
|
|
ROOT_URL = "https://${domain}/";
|
|
|
|
DISABLE_ROUTER_LOG = true;
|
|
OFFLINE_MODE = true;
|
|
|
|
BUILTIN_SSH_SERVER_USER = "git";
|
|
START_SSH_SERVER = true;
|
|
SSH_PORT = ports.forgejo-ssh.tcp;
|
|
SSH_SERVER_HOST_KEYS = "ssh/forgejo.ed25519";
|
|
};
|
|
service = {
|
|
DEFAULT_ALLOW_CREATE_ORGANIZATION = false;
|
|
DEFAULT_KEEP_EMAIL_PRIVATE = true;
|
|
ENABLE_NOTIFY_MAIL = false;
|
|
REGISTER_MANUAL_CONFIRM = true;
|
|
DISABLE_REGISTRATION = true;
|
|
};
|
|
session = {
|
|
PROVIDER = "file";
|
|
COOKIE_SECURE = true;
|
|
};
|
|
log.level = "Warn";
|
|
};
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [ cfg.settings.server.SSH_PORT ];
|
|
|
|
services.nginx.virtualHosts."${domain}" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
locations."/" = {
|
|
proxyPass = "http://unix:/run/forgejo/forgejo.sock";
|
|
};
|
|
|
|
extraConfig = ''
|
|
client_max_body_size 1G;
|
|
'';
|
|
};
|
|
}
|