iofq/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nix/nixos/oracle/forgejo.nix
iofq 3f81a20e87 move runner to node
2025-09-27 16:39:57 -05:00

88 lines
2.1 KiB
Nix
Raw Blame History

{ config, ... }:
let
cfg = config.services.forgejo;
srv = cfg.settings.server;
in
{
sops = {
defaultSopsFile = ../../secrets/restic.yaml;
secrets = {
"env" = {
sopsFile = ../../secrets/cf-acme.yaml;
};
"b2-forgejo/env" = { };
"b2-forgejo/repo" = { };
"b2-forgejo/password" = { };
};
};
security.acme = {
acceptTerms = true;
defaults = {
email = "acme@10110110.xyz";
dnsProvider = "cloudflare";
environmentFile = config.sops.secrets."env".path;
};
};
services.nginx = {
enable = true;
virtualHosts.${cfg.settings.server.DOMAIN} = {
forceSSL = true;
enableACME = true;
acmeRoot = null; # use DNS
locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
extraConfig = ''
client_max_body_size 512M;
'';
};
};
};
services.forgejo = {
enable = true;
database.type = "sqlite3";
dump.enable = true;
settings = {
DEFAULT = {
APP_NAME = "git.10110110.xyz";
APP_SLOGAN = "No rice, no life.";
};
server = {
DOMAIN = "git.10110110.xyz";
# You need to specify this to remove the port from URLs in the web UI.
ROOT_URL = "https://${srv.DOMAIN}/";
HTTP_PORT = 3000;
};
service.DISABLE_REGISTRATION = true;
oauth2_client = {
ENABLE_AUTO_REGISTRATION = true;
UPDATE_AVATAR = true;
};
session.COOKIE_SECURE = true;
actions = {
ENABLED = true;
DEFAULT_ACTIONS_URL = "github";
};
};
};
services.restic.backups = {
b2-forgejo = {
initialize = true;
environmentFile = config.sops.secrets."b2-forgejo/env".path;
repositoryFile = config.sops.secrets."b2-forgejo/repo".path;
passwordFile = config.sops.secrets."b2-forgejo/password".path;
paths = [
"/var/lib/forgejo"
];
timerConfig = {
OnCalendar = "*-*-* */6:00:00";
};
pruneOpts = [
"--keep-daily 31"
"--keep-monthly 6"
"--keep-yearly 2"
];
};
};
}
Reference in a new issue View git blame Copy permalink