uku/flake
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
flake/systems/etna/forgejo.nix
uku 5e171d9c06
fix(etna): switch forgejo to vesuvio proxy 
ssh url now matches https!!! yay!!!
2025-06-30 12:26:19 +02:00

128 lines
2.9 KiB
Nix
Raw Blame History

{
pkgs,
config,
_utils,
...
}:
let
secrets = _utils.setupSecrets config {
secrets = [
"turnstileSecret"
"forgejoRunnerSecret"
"forgejoMailerPasswd"
];
extra = {
owner = "forgejo";
group = "forgejo";
};
};
in
{
imports = [ secrets.generate ];
services = {
forgejo = {
enable = true;
package = pkgs.forgejo; # forgejo-lts by default
database = {
type = "postgres";
createDatabase = true;
};
secrets = {
service.CF_TURNSTILE_SECRET = secrets.get "turnstileSecret";
mailer.PASSWD = secrets.get "forgejoMailerPasswd";
};
settings = {
DEFAULT.APP_NAME = "uku's forge";
server = {
ROOT_URL = "https://git.uku3lig.net";
HTTP_ADDR = "0.0.0.0";
HTTP_PORT = 3000;
START_SSH_SERVER = true;
BUILTIN_SSH_SERVER_USER = "git";
SSH_DOMAIN = "git.uku3lig.net";
SSH_LISTEN_PORT = 2222;
};
service = {
ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
REGISTER_EMAIL_CONFIRM = true;
ENABLE_NOTIFY_MAIL = true;
EMAIL_DOMAIN_BLOCK_DISPOSABLE = true;
ENABLE_CAPTCHA = true;
CAPTCHA_TYPE = "cfturnstile";
CF_TURNSTILE_SITEKEY = "0x4AAAAAAAaemJiXmRluMxbQ";
};
oauth2 = {
# providers are configured in the admin panel
ENABLED = true;
};
mailer = {
ENABLED = true;
FROM = "\"uku's forge\" <services@uku3lig.net>";
PROTOCOL = "smtps";
SMTP_ADDR = "mx1.uku3lig.net";
SMTP_PORT = 465;
USER = "services@uku3lig.net";
};
actions = {
ENABLED = true;
DEFAULT_ACTIONS_URL = "https://github.com";
};
indexer = {
REPO_INDEXER_ENABLED = true;
};
"ui.meta" = {
AUTHOR = "uku's forge";
DESCRIPTION = "the place where literally nothing gets done";
};
"repository.signing" = {
DEFAULT_TRUST_MODEL = "committer";
};
};
};
gitea-actions-runner = {
package = pkgs.forgejo-actions-runner;
instances.etna = {
enable = true;
name = "etna";
url = "https://git.uku3lig.net";
tokenFile = secrets.get "forgejoRunnerSecret";
labels = [
"ubuntu-latest:docker://catthehacker/ubuntu:act-latest"
];
settings = {
log.level = "info";
container.network = "host";
runner = {
capacity = 4;
timeout = "2h";
insecure = false;
};
};
};
};
frp.settings.proxies = [
{
name = "forgejo-ssh";
type = "tcp";
localIp = "127.0.0.1";
localPort = config.services.forgejo.settings.server.SSH_LISTEN_PORT;
remotePort = 22;
}
];
};
}
Reference in a new issue View git blame Copy permalink