nixfiles/hosts/hetzner-arm/profiles/forgejo.nix

{pkgs, ...}: {
  services.forgejo = {
    enable = true;
    database = {
      type = "sqlite3";
    };
    lfs.enable = true;
    settings = {
      DEFAULT.APP_NAME = "chaos's Forgejo";
      server = rec {
        DOMAIN = "forgejo.owo.monster";
        ROOT_URL = "https://${DOMAIN}";
        # Can't access /run out of container
        HTTP_ADDR = "/var/sockets/forgejo/forgejo.sock";
        PROTOCOL = "http+unix";
        START_SSH_SERVER = true;
        SSH_PORT = 2222;
        SSH_LISTEN_PORT = SSH_PORT;
        OFFLINE_MODE = true;
        ENABLE_GZIP = true;
      };
      repository = {
        DISABLED_REPO_UNITS = "repo.ext_issues,repo.pulls,repo.wiki,repo.ext_wiki,repo.projects,repo.packages";
        DEFAULT_REPO_UNITS = "repo.code,repo.releases,repo.issues,repo.actions";
      };
      ui = {
        DEFAULT_THEME = "forgejo-dark";
      };
      "ui.meta" = {
        AUTHOR = "chaos's Forgejo";
        DESCRIPTION = "chaos's personal Forgejo instance";
        KEYWORDS = "";
      };
      indexer = {
        REPO_INDEXER_ENABLED = true;
      };
      service = {
        DISABLE_REGISTRATION = true;
      };
      "ssh.minimum_key_sizes" = {
        ECDSA = -1;
        # RSA currently enabled for spicywolf
        # RSA = -1;
        DSA = -1;
      };
      session = {
        PROVIDER = "db";
      };
      oauth = {
        ENABLE = false;
      };
      time = {
        DEFAULT_UI_LOCATION = "Europe/London";
      };
      packages = {
        ENABLE = false;
      };
    };
  };

  environment.systemPackages = [
    (pkgs.writeShellScriptBin "forgejo" ''
      sudo -u forgejo ${pkgs.forgejo}/bin/gitea -w /var/lib/forgejo "$@"
    '')
  ];

  systemd.services.forgejo.serviceConfig.ReadWritePaths = [
    "/var/sockets/forgejo"
  ];

  systemd.tmpfiles.rules = [
    "d /var/sockets - root root"
    "d /var/sockets/forgejo - forgejo forgejo"
  ];

  services.nginx = {
    enable = true;
    virtualHosts."forgejo.owo.monster" = {
      enableACME = true;
      forceSSL = true;
      locations."/".proxyPass = "http://unix:/var/sockets/forgejo/forgejo.sock";
    };
  };

  networking.firewall.allowedTCPPorts = [
    2222
  ];
}
add forgejo to hetzner-arm 2023-09-30 12:37:07 +01:00			`{pkgs, ...}: {`
			`services.forgejo = {`
			`enable = true;`
move all postgres to one daemon, redo wireguard some, roundcube is haunted and network interface is broken somehow 2023-10-02 03:08:24 +01:00			`database = {`
			`type = "sqlite3";`
			`};`
add forgejo to hetzner-arm 2023-09-30 12:37:07 +01:00			`lfs.enable = true;`
			`settings = {`
			`DEFAULT.APP_NAME = "chaos's Forgejo";`
			`server = rec {`
			`DOMAIN = "forgejo.owo.monster";`
			`ROOT_URL = "https://${DOMAIN}";`
			`# Can't access /run out of container`
move forgejo to host 2024-07-20 12:58:45 +01:00			`HTTP_ADDR = "/var/sockets/forgejo/forgejo.sock";`
add forgejo to hetzner-arm 2023-09-30 12:37:07 +01:00			`PROTOCOL = "http+unix";`
			`START_SSH_SERVER = true;`
			`SSH_PORT = 2222;`
			`SSH_LISTEN_PORT = SSH_PORT;`
			`OFFLINE_MODE = true;`
			`ENABLE_GZIP = true;`
			`};`
			`repository = {`
			`DISABLED_REPO_UNITS = "repo.ext_issues,repo.pulls,repo.wiki,repo.ext_wiki,repo.projects,repo.packages";`
			`DEFAULT_REPO_UNITS = "repo.code,repo.releases,repo.issues,repo.actions";`
			`};`
			`ui = {`
			`DEFAULT_THEME = "forgejo-dark";`
			`};`
			`"ui.meta" = {`
			`AUTHOR = "chaos's Forgejo";`
			`DESCRIPTION = "chaos's personal Forgejo instance";`
			`KEYWORDS = "";`
			`};`
			`indexer = {`
			`REPO_INDEXER_ENABLED = true;`
			`};`
			`service = {`
			`DISABLE_REGISTRATION = true;`
			`};`
			`"ssh.minimum_key_sizes" = {`
			`ECDSA = -1;`
enable rsa keys in forgejo 2023-10-23 20:08:10 +01:00			`# RSA currently enabled for spicywolf`
			`# RSA = -1;`
add forgejo to hetzner-arm 2023-09-30 12:37:07 +01:00			`DSA = -1;`
			`};`
			`session = {`
			`PROVIDER = "db";`
			`};`
			`oauth = {`
			`ENABLE = false;`
			`};`
			`time = {`
			`DEFAULT_UI_LOCATION = "Europe/London";`
			`};`
			`packages = {`
			`ENABLE = false;`
			`};`
			`};`
			`};`

			`environment.systemPackages = [`
			`(pkgs.writeShellScriptBin "forgejo" ''`
			`sudo -u forgejo ${pkgs.forgejo}/bin/gitea -w /var/lib/forgejo "$@"`
			`'')`
			`];`

			`systemd.services.forgejo.serviceConfig.ReadWritePaths = [`
move forgejo to host 2024-07-20 12:58:45 +01:00			`"/var/sockets/forgejo"`
add forgejo to hetzner-arm 2023-09-30 12:37:07 +01:00			`];`

			`systemd.tmpfiles.rules = [`
move forgejo to host 2024-07-20 12:58:45 +01:00			`"d /var/sockets - root root"`
			`"d /var/sockets/forgejo - forgejo forgejo"`
add forgejo to hetzner-arm 2023-09-30 12:37:07 +01:00			`];`
move forgejo to host 2024-07-20 12:58:45 +01:00
			`services.nginx = {`
			`enable = true;`
			`virtualHosts."forgejo.owo.monster" = {`
			`enableACME = true;`
			`forceSSL = true;`
			`locations."/".proxyPass = "http://unix:/var/sockets/forgejo/forgejo.sock";`
			`};`
			`};`
move mpd to host 2024-07-20 13:11:15 +01:00
remove with ports 2024-07-20 13:12:02 +01:00			`networking.firewall.allowedTCPPorts = [`
move mpd to host 2024-07-20 13:11:15 +01:00			`2222`
			`];`
add forgejo to hetzner-arm 2023-09-30 12:37:07 +01:00			`}`