64 lines
1.5 KiB
Nix
64 lines
1.5 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}: {
|
|
sops.secrets = let
|
|
owner = config.services.forgejo.user;
|
|
group = config.services.forgejo.group;
|
|
in{
|
|
"forgejoHostKey/private" = {
|
|
inherit owner group;
|
|
name = "id_forgejo";
|
|
};
|
|
"forgejoHostKey/public" = {
|
|
inherit owner group;
|
|
name = "id_forgejo.pub";
|
|
};
|
|
};
|
|
|
|
specialisation.forgejoEnableRegistration.configuration.services.forgejo.settings.service.DISABLE_REGISTRATION = false;
|
|
services.forgejo = {
|
|
enable = true;
|
|
package = pkgs.forgejo-lts;
|
|
settings = {
|
|
service = {
|
|
DISABLE_REGISTRATION = lib.mkDefault true;
|
|
};
|
|
server = {
|
|
OFFLINE_MODE = false;
|
|
PROTOCOL = "http+unix";
|
|
ROOT_URL = "https://git.toast003.xyz";
|
|
START_SSH_SERVER = true;
|
|
SSH_PORT = 4222;
|
|
SSH_SERVER_HOST_KEYS = config.sops.secrets."forgejoHostKey/private".path;
|
|
SSH_SERVER_HOST_KEY = "id_forgejo";
|
|
};
|
|
repository = {
|
|
ENABLE_PUSH_CREATE_USER = true;
|
|
DEFAULT_PUSH_CREATE_PRIVATE = true;
|
|
DEFAULT_BRANCH = "main";
|
|
};
|
|
indexer = {
|
|
REPO_INDEXER_ENABLED = true;
|
|
};
|
|
};
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = with config; [
|
|
services.forgejo.settings.server.SSH_PORT
|
|
];
|
|
|
|
catppuccin.forgejo = {
|
|
enable = true;
|
|
};
|
|
|
|
# Set up caddy as the reverse proxy for Forgejo
|
|
services.caddy.virtualHosts.forgejo = {
|
|
hostName = "git.toast003.xyz";
|
|
extraConfig = ''
|
|
reverse_proxy unix/${config.services.forgejo.settings.server.HTTP_ADDR}
|
|
'';
|
|
};
|
|
}
|