2025-03-04 20:11:09 +01:00
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
lib,
|
|
|
|
|
pkgs,
|
|
|
|
|
...
|
|
|
|
|
}: let
|
2025-04-10 18:51:10 +02:00
|
|
|
inherit (pkgs) fetchurl;
|
2025-03-04 20:11:09 +01:00
|
|
|
inherit (lib.modules) mkIf;
|
|
|
|
|
inherit (config.services.forgejo) customDir user group;
|
2025-04-10 18:51:10 +02:00
|
|
|
|
2025-03-04 21:01:50 +01:00
|
|
|
cfg = config.modules.system.services.forgejo;
|
2025-03-04 20:11:09 +01:00
|
|
|
|
|
|
|
|
port = 3000;
|
|
|
|
|
domain = "copeberg.org";
|
|
|
|
|
img = ./img;
|
|
|
|
|
acmeRoot = "/var/lib/acme/challenges-forgejo";
|
2025-03-04 21:01:50 +01:00
|
|
|
dataDir = "/srv/data/forgejo";
|
2025-03-02 21:40:06 +01:00
|
|
|
in {
|
2025-03-04 20:11:09 +01:00
|
|
|
options.modules.system.services.forgejo.enable = lib.mkEnableOption "forgejo";
|
|
|
|
|
|
|
|
|
|
config = mkIf cfg.enable {
|
2025-03-04 21:01:50 +01:00
|
|
|
modules.system.services = {
|
|
|
|
|
database.postgresql.enable = true;
|
2025-04-06 22:59:44 +02:00
|
|
|
nginx.enable = true;
|
2025-03-04 21:01:50 +01:00
|
|
|
};
|
|
|
|
|
|
2025-03-04 20:11:09 +01:00
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
|
|
|
443
|
|
|
|
|
80
|
2025-03-05 18:30:48 +01:00
|
|
|
3000
|
2025-03-04 20:11:09 +01:00
|
|
|
];
|
|
|
|
|
|
|
|
|
|
services.nginx = {
|
|
|
|
|
enable = true;
|
|
|
|
|
virtualHosts.${domain} = {
|
|
|
|
|
forceSSL = true;
|
|
|
|
|
# enableACME = true;
|
|
|
|
|
useACMEHost = domain;
|
|
|
|
|
inherit acmeRoot;
|
|
|
|
|
extraConfig = ''
|
2025-03-05 07:52:53 +01:00
|
|
|
# nginx defaults to a 1MB size limit for uploads, which
|
|
|
|
|
# *definitely* isn't enough for Git LFS.
|
|
|
|
|
# 'client_max_body_size 300m;' would set a limit of 300MB
|
|
|
|
|
# setting it to 0 means "no limit"
|
2025-03-04 20:11:09 +01:00
|
|
|
client_max_body_size 512M;
|
|
|
|
|
'';
|
|
|
|
|
locations."/" = {
|
2025-03-04 21:01:50 +01:00
|
|
|
recommendedProxySettings = true;
|
2025-03-04 20:11:09 +01:00
|
|
|
proxyPass = "http://localhost:${toString port}";
|
|
|
|
|
};
|
|
|
|
|
};
|
2025-03-02 21:40:06 +01:00
|
|
|
};
|
|
|
|
|
|
2025-03-04 20:11:09 +01:00
|
|
|
security.acme = let
|
|
|
|
|
email = "charlie@charlieroot.dev";
|
|
|
|
|
in {
|
2025-03-06 07:14:27 +01:00
|
|
|
# testing server, do not use in production, but DO use it for setting things up.
|
|
|
|
|
# it has much higher rate limits.
|
|
|
|
|
# defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
2025-03-04 20:11:09 +01:00
|
|
|
certs = {
|
|
|
|
|
${domain} = {
|
|
|
|
|
webroot = acmeRoot;
|
|
|
|
|
inherit email;
|
|
|
|
|
group = "nginx";
|
|
|
|
|
};
|
2025-03-02 21:40:06 +01:00
|
|
|
};
|
2025-03-04 20:11:09 +01:00
|
|
|
};
|
2025-03-04 21:01:50 +01:00
|
|
|
|
2025-03-05 07:52:53 +01:00
|
|
|
# create the git user for forgejo
|
|
|
|
|
# NOTE: this is important and it will _not_ work otherwise.
|
|
|
|
|
users.users.git = {
|
|
|
|
|
home = dataDir;
|
|
|
|
|
useDefaultShell = true;
|
|
|
|
|
group = "git";
|
|
|
|
|
isSystemUser = true;
|
|
|
|
|
};
|
|
|
|
|
users.groups.git = {};
|
|
|
|
|
|
2025-03-04 20:11:09 +01:00
|
|
|
services.forgejo = {
|
|
|
|
|
enable = true;
|
|
|
|
|
package = pkgs.forgejo;
|
2025-03-04 21:01:50 +01:00
|
|
|
stateDir = dataDir;
|
2025-03-04 20:11:09 +01:00
|
|
|
|
|
|
|
|
user = "git";
|
2025-03-05 07:52:53 +01:00
|
|
|
group = "git";
|
2025-03-04 20:11:09 +01:00
|
|
|
database = {
|
2025-03-05 07:52:53 +01:00
|
|
|
createDatabase = true;
|
2025-03-04 21:01:50 +01:00
|
|
|
name = "git";
|
2025-03-04 20:11:09 +01:00
|
|
|
user = "git";
|
|
|
|
|
type = "postgres";
|
2025-03-02 21:40:06 +01:00
|
|
|
};
|
2025-03-04 20:11:09 +01:00
|
|
|
|
|
|
|
|
# Disable support for Git Large File Storage
|
|
|
|
|
lfs.enable = false;
|
|
|
|
|
|
|
|
|
|
settings = {
|
|
|
|
|
server = {
|
|
|
|
|
DOMAIN = domain;
|
|
|
|
|
# You need to specify this to remove the port from URLs in the web UI.
|
|
|
|
|
ROOT_URL = "https://${domain}/";
|
|
|
|
|
HTTP_PORT = port;
|
2025-04-10 22:01:10 +02:00
|
|
|
LANDING_PAGE = "home";
|
2025-03-04 20:11:09 +01:00
|
|
|
};
|
|
|
|
|
DEFAULT = {
|
|
|
|
|
APP_NAME = "Copeberg.org";
|
|
|
|
|
APP_SLOGAN = "Code and seethe.";
|
|
|
|
|
};
|
|
|
|
|
# disable registration by default.
|
|
|
|
|
service.DISABLE_REGISTRATION = true;
|
|
|
|
|
|
|
|
|
|
# Add support for actions, based on act: https://github.com/nektos/act
|
|
|
|
|
actions = {
|
|
|
|
|
ENABLED = false;
|
|
|
|
|
DEFAULT_ACTIONS_URL = "github";
|
|
|
|
|
};
|
2025-03-05 18:30:48 +01:00
|
|
|
ui = {
|
|
|
|
|
SHOW_USER_EMAIL = false;
|
2025-04-10 18:51:10 +02:00
|
|
|
THEMES = "codeberg-dark";
|
|
|
|
|
DEFAULT_THEME = "codeberg-dark";
|
2025-03-05 18:30:48 +01:00
|
|
|
};
|
2025-03-05 15:24:59 +01:00
|
|
|
|
|
|
|
|
"repository.signing" = {
|
|
|
|
|
SIGNING_KEY = "none";
|
|
|
|
|
};
|
2025-03-02 21:40:06 +01:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2025-03-04 20:11:09 +01:00
|
|
|
systemd.tmpfiles.rules = let
|
|
|
|
|
# no crawlers, thank you.
|
|
|
|
|
robots = pkgs.writeText "robots-txt" ''
|
|
|
|
|
User-agent: *
|
|
|
|
|
Disallow: /
|
|
|
|
|
'';
|
2025-04-10 18:51:10 +02:00
|
|
|
base-brand = fetchurl {
|
|
|
|
|
url = "https://codeberg.org/Codeberg-Infrastructure/forgejo/raw/branch/codeberg-10/web_src/css/themes/codeberg/base-brand.css";
|
|
|
|
|
hash = "sha256-QJ775HpINf8klO3d/8h+tEw0vk34p19dWUCWWuVwcho=";
|
|
|
|
|
};
|
|
|
|
|
dark-variables = fetchurl {
|
|
|
|
|
url = "https://codeberg.org/Codeberg-Infrastructure/forgejo/raw/branch/codeberg-10/web_src/css/themes/codeberg/dark-variables.css";
|
|
|
|
|
hash = "sha256-nCSJUOU9/R1fldoKXTTZmP7vmRjYUk/OKkbgrJ/NrXQ=";
|
|
|
|
|
};
|
|
|
|
|
theme-codeberg-dark = fetchurl {
|
|
|
|
|
url = "https://codeberg.org/Codeberg-Infrastructure/forgejo/raw/branch/codeberg-10/web_src/css/themes/theme-codeberg-dark.css";
|
|
|
|
|
hash = "sha256-KyXznH49koRGlzIDDqagN4PvFGD/zCX//wrctmtfgBs=";
|
|
|
|
|
};
|
2025-03-04 20:11:09 +01:00
|
|
|
in [
|
|
|
|
|
"d '${customDir}/public' 0750 ${user} ${group} - -"
|
|
|
|
|
"d '${customDir}/public/assets' 0750 ${user} ${group} - -"
|
|
|
|
|
"d '${customDir}/public/assets/img' 0750 ${user} ${group} - -"
|
2025-04-10 18:51:10 +02:00
|
|
|
# Copeberg logo, thanks Raf <3
|
2025-03-04 20:11:09 +01:00
|
|
|
"L+ '${customDir}/public/assets/img/logo.svg' - - - - ${img}/logo.svg"
|
|
|
|
|
"L+ '${customDir}/public/assets/img/logo.png' - - - - ${img}/logo.png"
|
|
|
|
|
"L+ '${customDir}/public/assets/img/apple-touch-icon' - - - - ${img}/logo.png"
|
|
|
|
|
"L+ '${customDir}/public/assets/img/favicon.svg' - - - - ${img}/logo.svg"
|
|
|
|
|
"L+ '${customDir}/public/assets/img/favicon.png' - - - - ${img}/logo.png"
|
|
|
|
|
|
2025-04-10 18:51:10 +02:00
|
|
|
# Theming shenanigans
|
|
|
|
|
"d '${customDir}/public/assets' 0750 ${user} ${group} - -"
|
|
|
|
|
"d '${customDir}/public/assets/css' 0750 ${user} ${group} - -"
|
|
|
|
|
"d '${customDir}/public/assets/css/codeberg' 0750 ${user} ${group} - -"
|
|
|
|
|
|
|
|
|
|
"L+ '${customDir}/public/assets/css/theme-codeberg-dark.css' - - - - ${theme-codeberg-dark}"
|
|
|
|
|
"L+ '${customDir}/public/assets/css/codeberg/base-brand.css' - - - - ${base-brand}"
|
|
|
|
|
"L+ '${customDir}/public/assets/css/codeberg/dark-variables.css' - - - - ${dark-variables}"
|
|
|
|
|
|
2025-04-10 22:01:10 +02:00
|
|
|
# Templates
|
|
|
|
|
"d '${customDir}/templates ' 0750 ${user} ${group} - -"
|
|
|
|
|
# Home page
|
|
|
|
|
"L+ '${customDir}/templates' - - - - ${./templates}"
|
|
|
|
|
|
2025-04-10 18:51:10 +02:00
|
|
|
# Fuck off scrapers
|
2025-03-04 20:11:09 +01:00
|
|
|
"L+ ${customDir}/public/robots.txt - - - - ${robots.outPath}"
|
|
|
|
|
];
|
|
|
|
|
};
|
2025-03-02 21:40:06 +01:00
|
|
|
}
|
