flake/modules/services/forgejo.nix

{pkgs, lib, config, cfg, ...}:
with lib; with builtins; {
  opt.domain = lib.mkOption {type = lib.types.str;};
  services.forgejo = {
    enable = true;
    package = config.pkgsInstances.unstable.forgejo;
    settings.server = {
      ROOT_URL = "https://${cfg.domain}";
      DOMAIN = cfg.domain;
      HTTP_PORT = 48540;
      OFFLINE_MODE = true; # disable gravatar, CDN
    };
    settings.actions = {
       ENABLED = true;
    };
    settings."repository.upload" = {
	FILE_MAX_SIZE = 4095;
	MAX_FILES = 20;
    };
    settings."attachment" = {
        MAX_SIZE = 4095;
        MAX_FILES = 20;
    };

    settings.service = {
	DISABLE_REGISTRATION = true;
	DEFAULT_KEEP_EMAIL_PRIVATE = true;
    };
    database = {
      user = "forgejo";
      passwordFile = config.sops.secrets."hosts/forgenite/forgejo_db_password".path;
      name = "forgejodb";
      type = "mysql";
    };
  };

  # Allow forgejo user to adjust authorized_keys dynamically
  services.openssh.extraConfig = ''
    Match User forgejo
      AuthorizedKeysFile ${config.users.users.forgejo.home}/.ssh/authorized_keys
  '';
  networking.firewall.allowedTCPPorts = [48540];
}
it finally worky now \o/ 2024-09-17 02:46:45 +02:00			`{pkgs, lib, config, cfg, ...}:`
fixed forgejo service so it can build 2024-09-05 21:11:15 +02:00			`with lib; with builtins; {`
fixed config for git itself 2024-09-17 03:10:20 +02:00			`opt.domain = lib.mkOption {type = lib.types.str;};`
restructure 2024-09-01 00:06:13 +02:00			`services.forgejo = {`
			`enable = true;`
switched lix to nixpkgs unstable, switched forgejo to unstable too 2024-09-06 05:01:21 +02:00			`package = config.pkgsInstances.unstable.forgejo;`
restructure 2024-09-01 00:06:13 +02:00			`settings.server = {`
it finally worky now \o/ 2024-09-17 02:46:45 +02:00			`ROOT_URL = "https://${cfg.domain}";`
			`DOMAIN = cfg.domain;`
restructure 2024-09-01 00:06:13 +02:00			`HTTP_PORT = 48540;`
			`OFFLINE_MODE = true; # disable gravatar, CDN`
			`};`
			`settings.actions = {`
			`ENABLED = true;`
			`};`
			`settings."repository.upload" = {`
			`FILE_MAX_SIZE = 4095;`
			`MAX_FILES = 20;`
			`};`
			`settings."attachment" = {`
			`MAX_SIZE = 4095;`
			`MAX_FILES = 20;`
			`};`

			`settings.service = {`
			`DISABLE_REGISTRATION = true;`
			`DEFAULT_KEEP_EMAIL_PRIVATE = true;`
			`};`
			`database = {`
			`user = "forgejo";`
ich werd zum joker 2024-09-06 02:01:59 +02:00			`passwordFile = config.sops.secrets."hosts/forgenite/forgejo_db_password".path;`
restructure 2024-09-01 00:06:13 +02:00			`name = "forgejodb";`
			`type = "mysql";`
			`};`
			`};`

			`# Allow forgejo user to adjust authorized_keys dynamically`
			`services.openssh.extraConfig = ''`
			`Match User forgejo`
			`AuthorizedKeysFile ${config.users.users.forgejo.home}/.ssh/authorized_keys`
			`'';`
			`networking.firewall.allowedTCPPorts = [48540];`
fixed forgejo service so it can build 2024-09-05 21:11:15 +02:00			`}`