2024-06-20 00:09:45 +02:00
|
|
|
{
|
2024-08-29 11:46:38 +02:00
|
|
|
pkgs,
|
2024-06-20 00:09:45 +02:00
|
|
|
config,
|
2024-07-29 10:58:43 +02:00
|
|
|
_utils,
|
2024-06-20 00:09:45 +02:00
|
|
|
...
|
2024-07-29 10:58:43 +02:00
|
|
|
}: let
|
2024-08-29 11:46:38 +02:00
|
|
|
secrets = _utils.setupSecrets config {
|
|
|
|
|
secrets = ["turnstileSecret" "forgejoRunnerSecret"];
|
|
|
|
|
extra = {
|
|
|
|
|
owner = "forgejo";
|
|
|
|
|
group = "forgejo";
|
|
|
|
|
};
|
2024-06-20 00:09:45 +02:00
|
|
|
};
|
2024-07-29 10:58:43 +02:00
|
|
|
in {
|
2024-08-29 11:46:38 +02:00
|
|
|
imports = [secrets.generate];
|
2024-07-29 10:58:43 +02:00
|
|
|
|
|
|
|
|
cfTunnels."git.uku3lig.net" = "http://localhost:3000";
|
2024-06-20 00:09:45 +02:00
|
|
|
|
2024-05-19 11:22:42 +02:00
|
|
|
services = {
|
|
|
|
|
forgejo = {
|
|
|
|
|
enable = true;
|
2024-08-29 18:16:38 +02:00
|
|
|
package = pkgs.forgejo; # forgejo-lts by default
|
2024-05-18 23:03:42 +02:00
|
|
|
|
2024-05-19 11:22:42 +02:00
|
|
|
database = {
|
|
|
|
|
type = "postgres";
|
|
|
|
|
createDatabase = true;
|
2024-05-19 10:34:48 +02:00
|
|
|
};
|
2024-05-18 23:03:42 +02:00
|
|
|
|
2024-06-20 00:09:45 +02:00
|
|
|
secrets = {
|
2024-08-29 11:46:38 +02:00
|
|
|
service.CF_TURNSTILE_SECRET = secrets.get "turnstileSecret";
|
2024-06-20 00:09:45 +02:00
|
|
|
};
|
|
|
|
|
|
2024-05-19 11:22:42 +02:00
|
|
|
settings = {
|
|
|
|
|
DEFAULT.APP_NAME = "uku's forge";
|
|
|
|
|
|
|
|
|
|
server = {
|
|
|
|
|
ROOT_URL = "https://git.uku3lig.net";
|
|
|
|
|
START_SSH_SERVER = true;
|
|
|
|
|
BUILTIN_SSH_SERVER_USER = "git";
|
|
|
|
|
SSH_DOMAIN = "ssh.uku.moe";
|
|
|
|
|
SSH_LISTEN_PORT = 2222;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
service = {
|
|
|
|
|
ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
|
|
|
|
|
ENABLE_CAPTCHA = true;
|
2024-06-20 00:09:45 +02:00
|
|
|
CAPTCHA_TYPE = "cfturnstile";
|
|
|
|
|
CF_TURNSTILE_SITEKEY = "0x4AAAAAAAaemJiXmRluMxbQ";
|
2024-05-19 11:22:42 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
oauth2 = {
|
|
|
|
|
# providers are configured in the admin panel
|
|
|
|
|
ENABLED = true;
|
|
|
|
|
};
|
|
|
|
|
|
2024-08-29 11:46:38 +02:00
|
|
|
actions = {
|
|
|
|
|
ENABLED = true;
|
|
|
|
|
DEFAULT_ACTIONS_URL = "https://github.com";
|
|
|
|
|
};
|
2024-05-19 11:22:42 +02:00
|
|
|
|
|
|
|
|
"ui.meta" = {
|
|
|
|
|
AUTHOR = "uku's forge";
|
|
|
|
|
DESCRIPTION = "the place where literally nothing gets done";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
"repository.signing" = {
|
|
|
|
|
DEFAULT_TRUST_MODEL = "committer";
|
|
|
|
|
};
|
2024-05-18 23:03:42 +02:00
|
|
|
};
|
|
|
|
|
};
|
2024-05-19 11:22:42 +02:00
|
|
|
|
2024-08-29 11:46:38 +02:00
|
|
|
gitea-actions-runner = {
|
|
|
|
|
package = pkgs.forgejo-actions-runner;
|
|
|
|
|
instances.etna = {
|
|
|
|
|
enable = true;
|
|
|
|
|
name = "etna";
|
|
|
|
|
url = "https://git.uku3lig.net";
|
|
|
|
|
tokenFile = secrets.get "forgejoRunnerSecret";
|
|
|
|
|
labels = [
|
|
|
|
|
"ubuntu-latest:docker://catthehacker/ubuntu:act-latest"
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
settings = {
|
|
|
|
|
log.level = "info";
|
2024-08-29 19:27:06 +02:00
|
|
|
container.network = "host";
|
2024-08-29 11:46:38 +02:00
|
|
|
runner = {
|
|
|
|
|
capacity = 4;
|
|
|
|
|
timeout = "2h";
|
|
|
|
|
insecure = false;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2024-05-19 11:22:42 +02:00
|
|
|
frp.settings.proxies = [
|
|
|
|
|
{
|
|
|
|
|
name = "forgejo-ssh";
|
|
|
|
|
type = "tcp";
|
|
|
|
|
localIp = "127.0.0.1";
|
|
|
|
|
localPort = 2222;
|
|
|
|
|
remotePort = 22;
|
|
|
|
|
}
|
|
|
|
|
];
|
2024-05-19 10:34:48 +02:00
|
|
|
};
|
2024-05-18 23:03:42 +02:00
|
|
|
}
|
