forgejo/module.nix: update, add sane settings
forgejo/module.nix: fix enable option
This commit is contained in:
parent
058ba83963
commit
4396e57afd
SSH key fingerprint:
SHA256:jpYIt4Vkz1NBTQcks/N9OPTfTFxE6KF2W/rV7hrfrIw
1 changed files with 105 additions and 48 deletions
|
|
@ -1,53 +1,110 @@
|
||||||
{config, ...}: let
|
{
|
||||||
cfg = config.services.forgejo;
|
config,
|
||||||
srv = cfg.settings.server;
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
inherit (lib.modules) mkIf;
|
||||||
|
inherit (config.services.forgejo) customDir user group;
|
||||||
|
cfg = config.modules.system.services;
|
||||||
|
|
||||||
|
port = 3000;
|
||||||
|
domain = "copeberg.org";
|
||||||
|
img = ./img;
|
||||||
|
acmeRoot = "/var/lib/acme/challenges-forgejo";
|
||||||
in {
|
in {
|
||||||
|
options.modules.system.services.forgejo.enable = lib.mkEnableOption "forgejo";
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
networking.firewall.allowedTCPPorts = [
|
||||||
|
443
|
||||||
|
80
|
||||||
|
];
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
virtualHosts.${cfg.settings.server.DOMAIN} = {
|
enable = true;
|
||||||
|
virtualHosts.${domain} = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
# enableACME = true;
|
||||||
|
useACMEHost = domain;
|
||||||
|
inherit acmeRoot;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
client_max_body_size 512M;
|
client_max_body_size 512M;
|
||||||
'';
|
'';
|
||||||
locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
|
locations."/" = {
|
||||||
|
recommendedProxysettings = true;
|
||||||
|
proxyPass = "http://localhost:${toString port}";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
security.acme = let
|
||||||
|
email = "charlie@charlieroot.dev";
|
||||||
|
in {
|
||||||
|
acceptTerms = true;
|
||||||
|
defaults.email = email;
|
||||||
|
defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
||||||
|
certs = {
|
||||||
|
${domain} = {
|
||||||
|
webroot = acmeRoot;
|
||||||
|
inherit email;
|
||||||
|
group = "nginx";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
services.forgejo = {
|
services.forgejo = {
|
||||||
enable = true;
|
enable = true;
|
||||||
database.type = "postgres";
|
package = pkgs.forgejo;
|
||||||
# Enable support for Git Large File Storage
|
|
||||||
lfs.enable = true;
|
user = "git";
|
||||||
|
database = {
|
||||||
|
user = "git";
|
||||||
|
type = "postgres";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Disable support for Git Large File Storage
|
||||||
|
lfs.enable = false;
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
server = {
|
server = {
|
||||||
DOMAIN = "copeberg.org";
|
DOMAIN = domain;
|
||||||
# You need to specify this to remove the port from URLs in the web UI.
|
# You need to specify this to remove the port from URLs in the web UI.
|
||||||
ROOT_URL = "https://${srv.DOMAIN}/";
|
ROOT_URL = "https://${domain}/";
|
||||||
HTTP_PORT = 3000;
|
HTTP_PORT = port;
|
||||||
};
|
};
|
||||||
# You can temporarily allow registration to create an admin user.
|
DEFAULT = {
|
||||||
|
APP_NAME = "Copeberg.org";
|
||||||
|
APP_SLOGAN = "Code and seethe.";
|
||||||
|
};
|
||||||
|
# disable registration by default.
|
||||||
service.DISABLE_REGISTRATION = true;
|
service.DISABLE_REGISTRATION = true;
|
||||||
|
|
||||||
# Add support for actions, based on act: https://github.com/nektos/act
|
# Add support for actions, based on act: https://github.com/nektos/act
|
||||||
actions = {
|
actions = {
|
||||||
ENABLED = false;
|
ENABLED = false;
|
||||||
DEFAULT_ACTIONS_URL = "github";
|
DEFAULT_ACTIONS_URL = "github";
|
||||||
};
|
};
|
||||||
# Sending emails is completely optional
|
|
||||||
# You can send a test email from the web UI at:
|
|
||||||
# Profile Picture > Site Administration > Configuration > Mailer Configuration
|
|
||||||
mailer = {
|
|
||||||
ENABLED = false;
|
|
||||||
# SMTP_ADDR = "mail.example.com";
|
|
||||||
# FROM = "noreply@${srv.DOMAIN}";
|
|
||||||
# USER = "noreply@${srv.DOMAIN}";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
# mailerPasswordFile = config.age.secrets.forgejo-mailer-password.path;
|
|
||||||
};
|
|
||||||
|
|
||||||
# age.secrets.forgejo-mailer-password = {
|
systemd.tmpfiles.rules = let
|
||||||
# file = ../secrets/forgejo-mailer-password.age;
|
# no crawlers, thank you.
|
||||||
# mode = "400";
|
robots = pkgs.writeText "robots-txt" ''
|
||||||
# owner = "forgejo";
|
User-agent: *
|
||||||
# };
|
Disallow: /
|
||||||
|
'';
|
||||||
|
in [
|
||||||
|
"d '${customDir}/public' 0750 ${user} ${group} - -"
|
||||||
|
"d '${customDir}/public/assets' 0750 ${user} ${group} - -"
|
||||||
|
"d '${customDir}/public/assets/img' 0750 ${user} ${group} - -"
|
||||||
|
|
||||||
|
"L+ '${customDir}/public/assets/img/logo.svg' - - - - ${img}/logo.svg"
|
||||||
|
"L+ '${customDir}/public/assets/img/logo.png' - - - - ${img}/logo.png"
|
||||||
|
"L+ '${customDir}/public/assets/img/apple-touch-icon' - - - - ${img}/logo.png"
|
||||||
|
"L+ '${customDir}/public/assets/img/favicon.svg' - - - - ${img}/logo.svg"
|
||||||
|
"L+ '${customDir}/public/assets/img/favicon.png' - - - - ${img}/logo.png"
|
||||||
|
|
||||||
|
"L+ ${customDir}/public/robots.txt - - - - ${robots.outPath}"
|
||||||
|
];
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue