flake/modules/services/forgejo.nix
2024-09-17 03:10:20 +02:00

43 lines
1.1 KiB
Nix

{pkgs, lib, config, cfg, ...}:
with lib; with builtins; {
opt.domain = lib.mkOption {type = lib.types.str;};
services.forgejo = {
enable = true;
package = config.pkgsInstances.unstable.forgejo;
settings.server = {
ROOT_URL = "https://${cfg.domain}";
DOMAIN = cfg.domain;
HTTP_PORT = 48540;
OFFLINE_MODE = true; # disable gravatar, CDN
};
settings.actions = {
ENABLED = true;
};
settings."repository.upload" = {
FILE_MAX_SIZE = 4095;
MAX_FILES = 20;
};
settings."attachment" = {
MAX_SIZE = 4095;
MAX_FILES = 20;
};
settings.service = {
DISABLE_REGISTRATION = true;
DEFAULT_KEEP_EMAIL_PRIVATE = true;
};
database = {
user = "forgejo";
passwordFile = config.sops.secrets."hosts/forgenite/forgejo_db_password".path;
name = "forgejodb";
type = "mysql";
};
};
# Allow forgejo user to adjust authorized_keys dynamically
services.openssh.extraConfig = ''
Match User forgejo
AuthorizedKeysFile ${config.users.users.forgejo.home}/.ssh/authorized_keys
'';
networking.firewall.allowedTCPPorts = [48540];
}