flake/modules/services/forgejo.nix

{
  pkgs,
  lib,
  config,
  cfg,
  ...
}:
with lib;
with builtins; {
  opt.domain = lib.mkOption {type = lib.types.str;};
  services.forgejo = {
    enable = true;
    package = config.pkgsInstances.unstable.forgejo;
    settings.server = {
      ROOT_URL = "https://${cfg.domain}";
      DOMAIN = cfg.domain;
      HTTP_PORT = 48540;
      OFFLINE_MODE = true; # disable gravatar, CDN
    };
    settings.actions = {
      ENABLED = true;
    };
    settings."repository.upload" = {
      FILE_MAX_SIZE = 4095;
      MAX_FILES = 20;
    };
    settings."attachment" = {
      MAX_SIZE = 4095;
      MAX_FILES = 20;
    };

    settings.service = {
      DISABLE_REGISTRATION = true;
      DEFAULT_KEEP_EMAIL_PRIVATE = true;
    };
    database = {
      user = "forgejo";
      passwordFile = config.sops.secrets."hosts/forgenite/forgejo_db_password".path;
      name = "forgejodb";
      type = "mysql";
    };
  };

  # Allow forgejo user to adjust authorized_keys dynamically
  services.openssh.extraConfig = ''
    Match User forgejo
      AuthorizedKeysFile ${config.users.users.forgejo.home}/.ssh/authorized_keys
  '';
  networking.firewall.allowedTCPPorts = [48540];
}
autoformatted files 2024-10-29 08:55:56 +01:00			`{`
			`pkgs,`
			`lib,`
			`config,`
			`cfg,`
			`...`
			`}:`
			`with lib;`
			`with builtins; {`
fixed config for git itself 2024-09-17 03:10:20 +02:00			`opt.domain = lib.mkOption {type = lib.types.str;};`
restructure 2024-09-01 00:06:13 +02:00			`services.forgejo = {`
			`enable = true;`
switched lix to nixpkgs unstable, switched forgejo to unstable too 2024-09-06 05:01:21 +02:00			`package = config.pkgsInstances.unstable.forgejo;`
restructure 2024-09-01 00:06:13 +02:00			`settings.server = {`
it finally worky now \o/ 2024-09-17 02:46:45 +02:00			`ROOT_URL = "https://${cfg.domain}";`
			`DOMAIN = cfg.domain;`
restructure 2024-09-01 00:06:13 +02:00			`HTTP_PORT = 48540;`
			`OFFLINE_MODE = true; # disable gravatar, CDN`
			`};`
			`settings.actions = {`
autoformatted files 2024-10-29 08:55:56 +01:00			`ENABLED = true;`
restructure 2024-09-01 00:06:13 +02:00			`};`
			`settings."repository.upload" = {`
autoformatted files 2024-10-29 08:55:56 +01:00			`FILE_MAX_SIZE = 4095;`
			`MAX_FILES = 20;`
restructure 2024-09-01 00:06:13 +02:00			`};`
			`settings."attachment" = {`
autoformatted files 2024-10-29 08:55:56 +01:00			`MAX_SIZE = 4095;`
			`MAX_FILES = 20;`
restructure 2024-09-01 00:06:13 +02:00			`};`

			`settings.service = {`
autoformatted files 2024-10-29 08:55:56 +01:00			`DISABLE_REGISTRATION = true;`
			`DEFAULT_KEEP_EMAIL_PRIVATE = true;`
restructure 2024-09-01 00:06:13 +02:00			`};`
			`database = {`
			`user = "forgejo";`
ich werd zum joker 2024-09-06 02:01:59 +02:00			`passwordFile = config.sops.secrets."hosts/forgenite/forgejo_db_password".path;`
restructure 2024-09-01 00:06:13 +02:00			`name = "forgejodb";`
			`type = "mysql";`
			`};`
			`};`

			`# Allow forgejo user to adjust authorized_keys dynamically`
			`services.openssh.extraConfig = ''`
			`Match User forgejo`
			`AuthorizedKeysFile ${config.users.users.forgejo.home}/.ssh/authorized_keys`
			`'';`
			`networking.firewall.allowedTCPPorts = [48540];`
fixed forgejo service so it can build 2024-09-05 21:11:15 +02:00			`}`