chaos/nixfiles
1
0
Fork 0
Code Issues 2 Releases Activity
nixfiles/hosts/hetzner-arm/profiles/forgejo.nix
chaos 1df130d203
remove with ports
2024-07-20 13:12:02 +01:00

89 lines
2.1 KiB
Nix
Raw Blame History

{pkgs, ...}: {
services.forgejo = {
enable = true;
database = {
type = "sqlite3";
};
lfs.enable = true;
settings = {
DEFAULT.APP_NAME = "chaos's Forgejo";
server = rec {
DOMAIN = "forgejo.owo.monster";
ROOT_URL = "https://${DOMAIN}";
# Can't access /run out of container
HTTP_ADDR = "/var/sockets/forgejo/forgejo.sock";
PROTOCOL = "http+unix";
START_SSH_SERVER = true;
SSH_PORT = 2222;
SSH_LISTEN_PORT = SSH_PORT;
OFFLINE_MODE = true;
ENABLE_GZIP = true;
};
repository = {
DISABLED_REPO_UNITS = "repo.ext_issues,repo.pulls,repo.wiki,repo.ext_wiki,repo.projects,repo.packages";
DEFAULT_REPO_UNITS = "repo.code,repo.releases,repo.issues,repo.actions";
};
ui = {
DEFAULT_THEME = "forgejo-dark";
};
"ui.meta" = {
AUTHOR = "chaos's Forgejo";
DESCRIPTION = "chaos's personal Forgejo instance";
KEYWORDS = "";
};
indexer = {
REPO_INDEXER_ENABLED = true;
};
service = {
DISABLE_REGISTRATION = true;
};
"ssh.minimum_key_sizes" = {
ECDSA = -1;
# RSA currently enabled for spicywolf
# RSA = -1;
DSA = -1;
};
session = {
PROVIDER = "db";
};
oauth = {
ENABLE = false;
};
time = {
DEFAULT_UI_LOCATION = "Europe/London";
};
packages = {
ENABLE = false;
};
};
};
environment.systemPackages = [
(pkgs.writeShellScriptBin "forgejo" ''
sudo -u forgejo ${pkgs.forgejo}/bin/gitea -w /var/lib/forgejo "$@"
'')
];
systemd.services.forgejo.serviceConfig.ReadWritePaths = [
"/var/sockets/forgejo"
];
systemd.tmpfiles.rules = [
"d /var/sockets - root root"
"d /var/sockets/forgejo - forgejo forgejo"
];
services.nginx = {
enable = true;
virtualHosts."forgejo.owo.monster" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://unix:/var/sockets/forgejo/forgejo.sock";
};
};
networking.firewall.allowedTCPPorts = [
2222
];
}
Reference in a new issue View git blame Copy permalink