diff --git a/systems/etna/forgejo.nix b/systems/etna/forgejo.nix index 58bef7f..3c469f9 100644 --- a/systems/etna/forgejo.nix +++ b/systems/etna/forgejo.nix @@ -1,44 +1,59 @@ _: { cfTunnels."git.uku3lig.net" = "http://localhost:3000"; - services.forgejo = { - enable = true; + services = { + forgejo = { + enable = true; - database = { - type = "postgres"; - createDatabase = true; - }; - - settings = { - DEFAULT.APP_NAME = "uku's forge"; - - server = { - DISABLE_SSH = true; - ROOT_URL = "https://git.uku3lig.net"; + database = { + type = "postgres"; + createDatabase = true; }; - service = { - ALLOW_ONLY_EXTERNAL_REGISTRATION = true; - # TODO enable turnstile once it gets fixed - # see codeberg:forgejo/forgejo#3832 - ENABLE_CAPTCHA = true; - }; + settings = { + DEFAULT.APP_NAME = "uku's forge"; - oauth2 = { - # providers are configured in the admin panel - ENABLED = true; - }; + server = { + ROOT_URL = "https://git.uku3lig.net"; + START_SSH_SERVER = true; + BUILTIN_SSH_SERVER_USER = "git"; + SSH_DOMAIN = "ssh.uku.moe"; + SSH_LISTEN_PORT = 2222; + }; - actions.ENABLED = false; + service = { + ALLOW_ONLY_EXTERNAL_REGISTRATION = true; + # TODO enable turnstile once it gets fixed + # see codeberg:forgejo/forgejo#3832 + ENABLE_CAPTCHA = true; + }; - "ui.meta" = { - AUTHOR = "uku's forge"; - DESCRIPTION = "the place where literally nothing gets done"; - }; + oauth2 = { + # providers are configured in the admin panel + ENABLED = true; + }; - "repository.signing" = { - DEFAULT_TRUST_MODEL = "committer"; + actions.ENABLED = false; + + "ui.meta" = { + AUTHOR = "uku's forge"; + DESCRIPTION = "the place where literally nothing gets done"; + }; + + "repository.signing" = { + DEFAULT_TRUST_MODEL = "committer"; + }; }; }; + + frp.settings.proxies = [ + { + name = "forgejo-ssh"; + type = "tcp"; + localIp = "127.0.0.1"; + localPort = 2222; + remotePort = 22; + } + ]; }; }