faukah/nichts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
nichts/modules/services/forgejo/module.nix

180 lines
5.6 KiB
Nix
Raw Blame History

{
config,
lib,
pkgs,
...
}: let
inherit (pkgs) fetchurl;
inherit (lib.modules) mkIf;
inherit (config.services.forgejo) customDir user group;
cfg = config.modules.system.services.forgejo;
port = 3000;
domain = "copeberg.org";
img = ./img;
acmeRoot = "/var/lib/acme/challenges-forgejo";
dataDir = "/srv/data/forgejo";
in {
options.modules.system.services.forgejo.enable = lib.mkEnableOption "forgejo";
config = mkIf cfg.enable {
modules.system.services = {
database.postgresql.enable = true;
nginx.enable = true;
};
networking.firewall.allowedTCPPorts = [
443
80
3000
];
services.nginx = {
enable = true;
virtualHosts.${domain} = {
forceSSL = true;
# enableACME = true;
useACMEHost = domain;
inherit acmeRoot;
extraConfig = ''
# nginx defaults to a 1MB size limit for uploads, which
# *definitely* isn't enough for Git LFS.
# 'client_max_body_size 300m;' would set a limit of 300MB
# setting it to 0 means "no limit"
client_max_body_size 512M;
'';
locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://localhost:${toString port}";
};
};
};
security.acme = let
email = "charlie@charlieroot.dev";
in {
# testing server, do not use in production, but DO use it for setting things up.
# it has much higher rate limits.
# defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
certs = {
${domain} = {
webroot = acmeRoot;
inherit email;
group = "nginx";
};
};
};
# create the git user for forgejo
# NOTE: this is important and it will _not_ work otherwise.
users.users.git = {
home = dataDir;
useDefaultShell = true;
group = "git";
isSystemUser = true;
};
users.groups.git = {};
services.forgejo = {
enable = true;
package = pkgs.forgejo;
stateDir = dataDir;
user = "git";
group = "git";
database = {
createDatabase = true;
name = "git";
user = "git";
type = "postgres";
};
# Disable support for Git Large File Storage
lfs.enable = false;
settings = {
server = {
DOMAIN = domain;
# You need to specify this to remove the port from URLs in the web UI.
ROOT_URL = "https://${domain}/";
HTTP_PORT = port;
LANDING_PAGE = "home";
};
DEFAULT = {
APP_NAME = "Copeberg.org";
APP_SLOGAN = "Code and seethe.";
};
# disable registration by default.
service.DISABLE_REGISTRATION = true;
# Add support for actions, based on act: https://github.com/nektos/act
actions = {
ENABLED = false;
DEFAULT_ACTIONS_URL = "github";
};
ui = {
SHOW_USER_EMAIL = false;
THEMES = "codeberg-dark";
DEFAULT_THEME = "codeberg-dark";
};
# The glory of the old default branch name
repository = {
DEFAULT_BRANCH = "master";
};
"repository.signing" = {
SIGNING_KEY = "none";
};
};
};
systemd.tmpfiles.rules = let
# no crawlers, thank you.
robots = pkgs.writeText "robots-txt" ''
User-agent: *
Disallow: /
'';
base-brand = fetchurl {
url = "https://codeberg.org/Codeberg-Infrastructure/forgejo/raw/branch/codeberg-10/web_src/css/themes/codeberg/base-brand.css";
hash = "sha256-QJ775HpINf8klO3d/8h+tEw0vk34p19dWUCWWuVwcho=";
};
dark-variables = fetchurl {
url = "https://codeberg.org/Codeberg-Infrastructure/forgejo/raw/branch/codeberg-10/web_src/css/themes/codeberg/dark-variables.css";
hash = "sha256-nCSJUOU9/R1fldoKXTTZmP7vmRjYUk/OKkbgrJ/NrXQ=";
};
theme-codeberg-dark = fetchurl {
url = "https://codeberg.org/Codeberg-Infrastructure/forgejo/raw/branch/codeberg-10/web_src/css/themes/theme-codeberg-dark.css";
hash = "sha256-KyXznH49koRGlzIDDqagN4PvFGD/zCX//wrctmtfgBs=";
};
in [
"d '${customDir}/public' 0750 ${user} ${group} - -"
"d '${customDir}/public/assets' 0750 ${user} ${group} - -"
"d '${customDir}/public/assets/img' 0750 ${user} ${group} - -"
# Copeberg logo, thanks Raf <3
"L+ '${customDir}/public/assets/img/logo.svg' - - - - ${img}/logo.svg"
"L+ '${customDir}/public/assets/img/logo.png' - - - - ${img}/logo.png"
"L+ '${customDir}/public/assets/img/apple-touch-icon' - - - - ${img}/logo.png"
"L+ '${customDir}/public/assets/img/favicon.svg' - - - - ${img}/logo.svg"
"L+ '${customDir}/public/assets/img/favicon.png' - - - - ${img}/logo.png"
# Theming shenanigans
"d '${customDir}/public/assets' 0750 ${user} ${group} - -"
"d '${customDir}/public/assets/css' 0750 ${user} ${group} - -"
"d '${customDir}/public/assets/css/codeberg' 0750 ${user} ${group} - -"
"L+ '${customDir}/public/assets/css/theme-codeberg-dark.css' - - - - ${theme-codeberg-dark}"
"L+ '${customDir}/public/assets/css/codeberg/base-brand.css' - - - - ${base-brand}"
"L+ '${customDir}/public/assets/css/codeberg/dark-variables.css' - - - - ${dark-variables}"
# Templates
"d '${customDir}/templates ' 0750 ${user} ${group} - -"
# Home page
"L+ '${customDir}/templates' - - - - ${./templates}"
# Fuck off scrapers
"L+ ${customDir}/public/robots.txt - - - - ${robots.outPath}"
];
};
}
Reference in a new issue View git blame Copy permalink