nix-cfg/hosts/vps1/services/git.nix

147 lines
4 KiB
Nix
Raw Normal View History

2024-05-11 19:41:08 +02:00
# Big thanks to Pyrox for their config! https://git.pyrox.dev/pyrox/nix/src/branch/main/hosts/marvin/services/git.nix
{ lib, pkgs, config, data, ... }:
2024-05-11 19:41:08 +02:00
let
2024-05-15 21:14:50 +02:00
inherit (data.host) rootDomain;
inherit (data.services.git) domain sshPort;
2024-05-16 03:24:08 +02:00
mailDomain = data.services.mailserver.domain;
2024-05-11 19:41:08 +02:00
cfg = config.services.forgejo;
srv = cfg.settings.server;
stateDir = "/var/lib/forgejo";
customDir = "${stateDir}/custom";
confDir = "${customDir}/conf";
2024-05-16 03:24:08 +02:00
sops_opts = {
sopsFile = ../secrets/forgejo.yaml;
format = "yaml";
owner = "forgejo";
group = "forgejo";
};
2024-05-11 19:41:08 +02:00
in
{
services.nginx.virtualHosts.${domain} = {
forceSSL = true;
useACMEHost = "${rootDomain}";
extraConfig = ''
client_max_body_size 512M;
'';
locations."/" = {
proxyPass = "http://127.0.0.1:${toString srv.HTTP_PORT}";
recommendedProxySettings = true;
};
};
services.forgejo = {
enable = true;
inherit stateDir;
inherit customDir;
database = {
type = "postgres";
createDatabase = true;
passwordFile = config.sops.secrets."forgejo/db_password".path;
};
settings = {
server = {
DOMAIN = domain;
ROOT_URL = "https://${srv.DOMAIN}/";
2024-05-11 21:39:17 +02:00
HTTP_ADDR = "127.0.0.1";
HTTP_PORT = 3001;
2024-05-15 21:14:50 +02:00
SSH_PORT = sshPort;
2024-05-11 19:41:08 +02:00
};
2024-05-12 00:17:51 +02:00
DEFAULT = {
APP_NAME = "Lgmrszd's git";
};
2024-05-16 03:36:39 +02:00
admin = {
SEND_NOTIFICATION_EMAIL_ON_NEW_USER = true;
};
2024-05-12 20:16:21 +02:00
session = {
PROVIDER = "db";
COOKIE_SECURE = true;
COOKIE_NAME = "lgmgit-session";
DOMAIN = domain;
GC_INTERVAL_TIME = 86400 * 7;
SESSION_LIFE_TIME = 86400 * 7;
};
service = {
DISABLE_REGISTRATION = false;
ALLOW_ONLY_INTERNAL_REGISTRATION = false;
ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
SHOW_REGISTRATION_BUTTON = false;
2024-05-16 03:36:39 +02:00
ENABLE_NOTIFY_MAIL = true;
2024-05-16 22:30:13 +02:00
REGISTER_EMAIL_CONFIRM = false;
DEFAULT_KEEP_EMAIL_PRIVATE = true;
DEFAULT_ALLOW_CREATE_ORGANIZATION = false;
};
"service.explore" = {
DISABLE_USERS_PAGE = true;
};
2024-05-16 03:36:39 +02:00
oauth2_client = {
REGISTER_EMAIL_CONFIRM = false;
2024-05-16 22:30:13 +02:00
UPDATE_AVATAR = false;
2024-05-16 03:36:39 +02:00
};
repository = {
MAX_CREATION_LIMIT = 0;
2024-05-12 00:17:51 +02:00
ALLOW_FORK_WITHOUT_MAXIMUM_LIMIT = false;
2024-05-12 20:07:38 +02:00
ENABLE_PUSH_CREATE_USER = true;
2024-05-12 00:17:51 +02:00
};
"ui.meta" = {
AUTHOR = "Lgmrszd";
DESCRIPTION = "Lgmrszd's forgejo instance";
};
2024-05-11 19:41:08 +02:00
actions = {
ENABLED = true;
DEFAULT_ACTIONS_URL = "https://code.forgejo.org";
2024-05-11 19:41:08 +02:00
};
mailer = {
2024-05-16 02:28:51 +02:00
ENABLED = true;
2024-05-16 03:24:08 +02:00
PROTOCOL = "smtps";
SMTP_ADDR = mailDomain;
SMTP_PORT = 465;
USER = "forgejo@${rootDomain}";
FROM = "Lgmrszd's Forgejo <forgejo@${domain}>";
2024-05-16 02:28:51 +02:00
SENDMAIL_PATH = "/run/wrappers/bin/sendmail";
SENDMAIL_ARGS = "--";
2024-05-11 19:41:08 +02:00
};
2024-05-16 03:24:08 +02:00
"email.incoming" = {
ENABLED = true;
REPLY_TO_ADDRESS = "forgejo+%{token}@${domain}";
HOST = mailDomain;
PORT = 993;
USE_TLS = true;
USERNAME = "forgejo@${rootDomain}";
};
2024-05-11 19:41:08 +02:00
};
2024-07-10 22:59:41 +02:00
secrets = {
"email.incoming".PASSWORD = config.sops.secrets."forgejo/email_password".path;
mailer.PASSWD = config.sops.secrets."forgejo/email_password".path;
};
2024-05-11 19:41:08 +02:00
};
services.gitea-actions-runner = {
package = pkgs.forgejo-actions-runner;
instances.default = {
enable = true;
name = "mainrunner";
url = "https://${domain}";
# Obtaining the path to the runner token file may differ
tokenFile = /run/runnersecret;
labels = [
"ubuntu-latest:docker://node:16-bullseye"
"ubuntu-22.04:docker://node:16-bullseye"
#"ubuntu-20.04:docker://node:16-bullseye"
#"ubuntu-18.04:docker://node:16-buster"
## optionally provide native execution on the host:
"native:host"
];
};
};
# TODO move to separate
virtualisation.docker.enable = true;
2024-05-16 03:24:08 +02:00
sops.secrets."forgejo/email_password" = sops_opts;
sops.secrets."forgejo/db_password" = sops_opts;
2024-05-12 00:17:51 +02:00
}