66 lines
1.7 KiB
Nix
66 lines
1.7 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
flakeSelf,
|
|
...
|
|
}: let
|
|
hostSecrets = "${flakeSelf.inputs.secrets}/" + config.networking.hostName + "/";
|
|
in {
|
|
age.secrets = {
|
|
forgejo-host-key = {
|
|
file = hostSecrets + "forgejoPrivateKey.age";
|
|
mode = "0400";
|
|
owner = "forgejo";
|
|
group = "forgejo";
|
|
};
|
|
"forgejo-host-key.pub" = {
|
|
file = hostSecrets + "forgejoPublicKey.age";
|
|
mode = "0400";
|
|
owner = "forgejo";
|
|
group = "forgejo";
|
|
};
|
|
};
|
|
|
|
specialisation.forgejoEnableRegistration.configuration.services.forgejo.settings.service.DISABLE_REGISTRATION = false;
|
|
services.forgejo = {
|
|
enable = true;
|
|
settings = {
|
|
service = {
|
|
DISABLE_REGISTRATION = lib.mkDefault true;
|
|
};
|
|
server = {
|
|
OFFLINE_MODE = false;
|
|
ROOT_URL = "http://git.everest.sable-pancake.ts.net";
|
|
START_SSH_SERVER = true;
|
|
SSH_PORT = 4222;
|
|
SSH_SERVER_HOST_KEYS = config.age.secrets.forgejo-host-key.path;
|
|
SSH_SERVER_HOST_KEY = "forgejo-host-key";
|
|
};
|
|
repository = {
|
|
ENABLE_PUSH_CREATE_USER = true;
|
|
DEFAULT_PUSH_CREATE_PRIVATE = true;
|
|
DEFAULT_BRANCH = "main";
|
|
};
|
|
};
|
|
};
|
|
|
|
# Add a cname for forgejo
|
|
services.dnsmasq.settings.cname = ["git.everest.sable-pancake.ts.net,everest"];
|
|
|
|
# Set up traefik as the reverse proxy for Forgejo
|
|
services.traefik = {
|
|
dynamicConfigOptions = {
|
|
http = {
|
|
routers = {
|
|
forgejo-subpath = {
|
|
rule = "Host(`git.everest.sable-pancake.ts.net`)";
|
|
service = "forgejo";
|
|
};
|
|
};
|
|
services.forgejo.loadBalancer.servers = [
|
|
{url = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}";}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
}
|