nixos/services/forgejo.nix

60 lines
1.4 KiB
Nix
Raw Normal View History

2023-09-11 20:23:04 +02:00
{
config,
lib,
...
}:
with lib;
2024-05-09 12:41:24 +02:00
mkIf (elem "forgejo" config.machine.services) {
2023-09-11 20:23:04 +02:00
services = {
2024-05-09 12:41:24 +02:00
forgejo = let
2023-09-11 20:23:04 +02:00
cfg = config.machine;
2024-05-09 12:41:24 +02:00
inherit ((findFirst (s: s.service == "forgejo") cfg cfg.vHosts)) domain;
2023-09-11 20:23:04 +02:00
in {
enable = true;
user = "git";
2023-09-11 20:23:04 +02:00
database = {
type = "mysql";
user = "git";
2024-05-09 12:41:24 +02:00
name = "forgejo";
passwordFile = config.sops.secrets."services/forgejo/dbPass".path;
2020-11-23 23:07:42 +01:00
};
2023-09-11 20:23:04 +02:00
settings = {
repository = {
DISABLE_HTTP_GIT = false;
USE_COMPAT_SSH_URI = true;
};
2023-09-11 20:23:04 +02:00
security = {
INSTALL_LOCK = true;
2024-05-09 12:41:24 +02:00
COOKIE_USERNAME = "forgejo_username";
COOKIE_REMEMBER_NAME = "forgejo_userauth";
2023-09-11 20:23:04 +02:00
};
2019-02-26 13:44:40 +01:00
2023-09-11 20:23:04 +02:00
server = {
DOMAIN = domain;
ROOT_URL = "https://${domain}/";
};
2023-09-11 20:23:04 +02:00
service = {
DISABLE_REGISTRATION = lib.mkForce true;
};
2023-09-11 20:23:04 +02:00
session = {
cookieSecure = true;
};
};
2020-11-23 23:07:42 +01:00
};
};
2024-05-09 12:41:24 +02:00
sops.secrets."services/forgejo/dbPass" = {
2023-09-11 21:36:54 +02:00
owner = "git";
2024-05-09 12:41:24 +02:00
group = "forgejo";
2023-09-11 21:36:54 +02:00
};
2023-09-11 20:23:04 +02:00
users.users.git = {
2024-05-09 12:41:24 +02:00
description = "Forgejo Service";
2023-09-11 20:23:04 +02:00
isNormalUser = true;
2024-05-09 12:41:24 +02:00
home = config.services.forgejo.stateDir;
createHome = false;
2023-09-11 20:23:04 +02:00
useDefaultShell = true;
};
}