1
Fork 0
satellite/hosts/nixos/lapetus/services/forgejo.nix

67 lines
2 KiB
Nix
Raw Permalink Normal View History

2024-05-11 01:09:43 +02:00
{ lib, config, ... }:
{
2024-05-11 01:22:34 +02:00
sops.secrets.forgejo_mail_password = {
sopsFile = ../secrets.yaml;
2024-07-08 03:06:27 +02:00
owner = config.services.forgejo.user;
group = config.services.forgejo.group;
2024-05-11 01:22:34 +02:00
};
2024-07-08 03:06:27 +02:00
satellite.cloudflared.at.git.port = config.satellite.ports.forgejo;
# Add CNAME record for ssh access. Unlike the http interface,
# this will only get exposed over tailscale, so it is safe.
satellite.dns.records = [
{
type = "CNAME";
zone = config.satellite.dns.domain;
at = "ssh.git";
to = config.networking.hostName;
}
];
2024-05-11 01:09:43 +02:00
services.forgejo = {
enable = true;
stateDir = "/persist/state/var/lib/forgejo";
mailerPasswordFile = config.sops.secrets.forgejo_mail_password.path;
2024-10-17 13:24:26 +02:00
dump.enable = false; # We already backup via rsync + have zfs snapshots to rollback to
2024-05-11 01:09:43 +02:00
lfs.enable = true;
# See [the cheatsheet](https://docs.gitea.com/next/administration/config-cheat-sheet)
settings = {
2024-05-22 14:04:20 +02:00
default.APP_NAME = "moonforge";
2024-05-11 01:09:43 +02:00
server = {
2024-07-08 03:06:27 +02:00
DOMAIN = config.satellite.cloudflared.at.git.host;
HTTP_PORT = config.satellite.cloudflared.at.git.port;
ROOT_URL = config.satellite.cloudflared.at.git.url;
2024-05-11 01:09:43 +02:00
LANDING_PAGE = "prescientmoon"; # Make my profile the landing page
SSH_DOMAIN = "ssh.${config.satellite.cloudflared.at.git.host}";
2024-05-11 01:09:43 +02:00
};
cron.ENABLED = true;
2024-05-11 02:05:45 +02:00
service.DISABLE_REGISTRATION = true;
2024-05-22 14:04:20 +02:00
session.COOKIE_SECURE = true;
2024-05-11 01:09:43 +02:00
mailer = {
ENABLED = true;
SMTP_PORT = 465;
SMTP_ADDR = "smtp.migadu.com";
2024-05-11 01:33:02 +02:00
USER = "git@orbit.moonythm.dev";
2024-05-11 01:09:43 +02:00
};
repository = {
DISABLE_STARS = true;
2024-09-11 16:30:19 +02:00
DEFAULT_REPO_UNITS = lib.strings.concatStringsSep "," [ "repo.code" ];
2024-11-09 12:45:25 +01:00
ENABLE_PUSH_CREATE_USER = true;
ENABLE_PUSH_CREATE_ORG = true;
2024-05-11 01:09:43 +02:00
};
};
};
2024-10-11 17:24:20 +02:00
# Clean up dumps older than a week.
# The data is also saved in zfs snapshots and rsync backups,
# so this is just an extra layer of safety.
systemd.tmpfiles.rules = [ "d ${config.services.forgejo.stateDir}/dump - - - 7d" ];
2024-05-11 01:09:43 +02:00
}