dot013/spacestation
1
0
Fork 0
Code Issues Pull Requests Activity
Files
8847517d07a33a835ed2bacda3be1cd66c0d8fea
spacestation/capytal/forgejo.nix

80 lines
2.2 KiB
Nix
Raw Blame History

{
config,
lib,
pkgs,
...
}: let
cfg = config.services.forgejo;
in {
services.forgejo = {
enable = true;
package = pkgs.forgejo;
settings = let
initList = l: (lib.strings.concatStringsSep "," l);
in {
DEFAULT = {
APP_NAME = "Capytal Code";
};
admin = {
DISABLE_REGULAR_ORG_CREATION = true;
USER_DISABLED_FEATURES = "deletion manage_ssh_keys manage_gpg_keys";
EXTERNAL_USER_DISABLED_FEATURES = "deletion manage_ssh_keys manage_gpg_keys";
};
repository = {
DEFAULT_REPO_UNITS = initList [
"repo.code"
"repo.issues"
"repo.pulls"
];
};
security = {
REVERSE_PROXY_TRUSTED_PROXIES = "127.0.0.0/8,::1/128";
};
server = rec {
HTTP_PORT = 9960;
DOMAIN = "forge.capytal.company";
ROOT_URL = "https://${DOMAIN}";
};
service = {
DISABLE_REGISTRATION = true;
};
storage = {
STORAGE_TYPE = "minio";
MINIO_USE_SSL = false;
MINIO_ENDPOINT = "127.0.0.1:3461";
MINIO_BUCKET = "forgejo";
MINIO_LOCATION = config.services.garage.settings.s3_api.s3_region;
};
ui = {
# DEFAULT_THEME = "capytal-dark";
};
};
secrets = {
storage = {
MINIO_ACCESS_KEY_ID = "${config.sops.secrets."forgejo/s3/key".path}";
MINIO_SECRET_ACCESS_KEY = "${config.sops.secrets."forgejo/s3/secret".path}";
};
};
};
services.anubis.instances."forgejo" = {
settings = {
BIND = ":${toString (cfg.settings.server.HTTP_PORT + 2)}";
BIND_NETWORK = "tcp";
METRICS_BIND = ":${toString (cfg.settings.server.HTTP_PORT + 3)}";
METRICS_BIND_NETWORK = "tcp";
SERVE_ROBOTS_TXT = true;
TARGET = "http://localhost:${toString cfg.settings.server.HTTP_PORT}";
ED25519_PRIVATE_KEY_HEX_FILE = config.sops.secrets."forgejo/anubis/hexFile".path;
};
};
services.caddy.virtualHosts.":${toString (cfg.settings.server.HTTP_PORT + 1)}" = {
extraConfig = ''
reverse_proxy http://localhost${config.services.anubis.instances."forgejo".settings.BIND} {
header_up X-Real-Ip {remote_host}
}
'';
};
}
Reference in New Issue View Git Blame Copy Permalink