60 lines
1.6 KiB
Nix
60 lines
1.6 KiB
Nix
{ lib, pkgs, ... }:
|
|
let
|
|
forgejoConfigPath = "/var/lib/forgejo/custom/conf";
|
|
arrayToSecrets = elements:
|
|
builtins.listToAttrs (map (x: {
|
|
name = "forgejo/" + x;
|
|
value = {
|
|
path = "${forgejoConfigPath}/" + x;
|
|
owner = "forgejo";
|
|
};
|
|
}) elements);
|
|
in {
|
|
services = {
|
|
forgejo = {
|
|
enable = true;
|
|
settings = {
|
|
server = {
|
|
DOMAIN = "git.rcia.dev";
|
|
ROOT_URL = "https://git.rcia.dev";
|
|
HTTP_PORT = 3000;
|
|
DISABLE_SSH = true;
|
|
LFS_START_SERVER = true;
|
|
LFS_JWT_SECRET = "";
|
|
LFS_JWT_SECRET_URI = "file://${forgejoConfigPath}/lfs_jwt_secret";
|
|
};
|
|
database = {
|
|
type = "postgres";
|
|
passwordFile = "${forgejoConfigPath}/database_password";
|
|
};
|
|
security = {
|
|
INSTALL_LOCK = true;
|
|
INTERNAL_TOKEN = lib.mkForce "";
|
|
INTERNAL_TOKEN_URI = "file://${forgejoConfigPath}/internal_token";
|
|
SECRET_KEY = lib.mkForce "";
|
|
SECRET_KEY_URI = "file://${forgejoConfigPath}/secret_key";
|
|
};
|
|
oauth2 = {
|
|
JWT_SECRET = lib.mkForce "";
|
|
JWT_SECRET_URI = "file://${forgejoConfigPath}/oauth2_jwt_secret";
|
|
};
|
|
};
|
|
};
|
|
nginx.virtualHosts."git.rcia.dev" = {
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:3000";
|
|
clientMaxBodySize = "200M";
|
|
};
|
|
};
|
|
};
|
|
systemd.services.forgejo.preStart = ''
|
|
${pkgs.forgejo}/bin/gitea migrate
|
|
'';
|
|
sops.secrets = arrayToSecrets [
|
|
"database_password"
|
|
"internal_token"
|
|
"lfs_jwt_secret"
|
|
"oauth2_jwt_secret"
|
|
"secret_key"
|
|
];
|
|
}
|