69 lines
1.7 KiB
Nix
69 lines
1.7 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
flakeSelf,
|
|
pkgs,
|
|
...
|
|
}: let
|
|
hostSecrets = "${flakeSelf.inputs.secrets}/" + config.networking.hostName + "/";
|
|
in {
|
|
age.secrets = {
|
|
forgejo-host-key = {
|
|
file = hostSecrets + "forgejoPrivateKey.age";
|
|
mode = "0400";
|
|
owner = "forgejo";
|
|
group = "forgejo";
|
|
};
|
|
"forgejo-host-key.pub" = {
|
|
file = hostSecrets + "forgejoPublicKey.age";
|
|
mode = "0400";
|
|
owner = "forgejo";
|
|
group = "forgejo";
|
|
};
|
|
};
|
|
|
|
specialisation.forgejoEnableRegistration.configuration.services.forgejo.settings.service.DISABLE_REGISTRATION = false;
|
|
services.forgejo = {
|
|
enable = true;
|
|
package = pkgs.forgejo;
|
|
settings = {
|
|
service = {
|
|
DISABLE_REGISTRATION = lib.mkDefault true;
|
|
};
|
|
server = {
|
|
OFFLINE_MODE = false;
|
|
ROOT_URL = "https://git.everest.tailscale";
|
|
START_SSH_SERVER = true;
|
|
SSH_PORT = 4222;
|
|
SSH_SERVER_HOST_KEYS = config.age.secrets.forgejo-host-key.path;
|
|
SSH_SERVER_HOST_KEY = "forgejo-host-key";
|
|
};
|
|
repository = {
|
|
ENABLE_PUSH_CREATE_USER = true;
|
|
DEFAULT_PUSH_CREATE_PRIVATE = true;
|
|
DEFAULT_BRANCH = "main";
|
|
};
|
|
indexer = {
|
|
REPO_INDEXER_ENABLED = true;
|
|
};
|
|
};
|
|
};
|
|
|
|
# Add a record for forgejo
|
|
services.headscale.settings.dns.extra_records = [
|
|
{
|
|
name = "git.everest.tailscale";
|
|
type = "A";
|
|
value = "100.100.0.1";
|
|
}
|
|
];
|
|
|
|
# Set up caddy as the reverse proxy for Forgejo
|
|
services.caddy.virtualHosts.forgejo = {
|
|
hostName = "git.everest.tailscale";
|
|
extraConfig = ''
|
|
import tailscale
|
|
reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}
|
|
'';
|
|
};
|
|
}
|