53 lines
1.4 KiB
Nix
53 lines
1.4 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
let
|
|
svc_domain = "git.${config.mine.settings.domain}";
|
|
|
|
in {
|
|
services.forgejo = {
|
|
enable = true;
|
|
|
|
package = pkgs.forgejo.overrideAttrs (old: {
|
|
patches = old.patches ++ [
|
|
./patches/signin-template.patch
|
|
./patches/link-accounts-template.patch
|
|
];
|
|
});
|
|
|
|
stateDir = config.mine.zfsMounts."rpool/safe/svcs/forgejo";
|
|
|
|
settings = {
|
|
server = {
|
|
DOMAIN = svc_domain;
|
|
ROOT_URL = "https://${svc_domain}";
|
|
HTTPPORT = 3000;
|
|
};
|
|
|
|
# sync ldap and forgejo
|
|
"cron.sync_external_users" = {
|
|
RUN_AT_START = true;
|
|
SCHEDULE = "@every 15m";
|
|
UPDATE_EXISTING = true;
|
|
};
|
|
|
|
# disable registration, only account linking is possible
|
|
service.DISABLE_REGISTRATION = true;
|
|
};
|
|
};
|
|
|
|
# TODO(eyJhb): remove after our ban expires (and nginx config)
|
|
# already issued for this exact set of domains in the last 168 hours: git.fricloud.dk, retry after 2024-08-10T01:34:44Z
|
|
security.acme.certs."git.fricloud.dk".extraDomainNames = [ "git2.fricloud.dk" ];
|
|
|
|
services.nginx.virtualHosts."${svc_domain}" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
extraConfig = ''
|
|
client_max_body_size 512M;
|
|
'';
|
|
locations."/".proxyPass = "http://localhost:${builtins.toString config.services.forgejo.settings.server.HTTPPORT}";
|
|
};
|
|
|
|
# settings
|
|
mine.settings.forgejo.domain = svc_domain;
|
|
}
|