86 lines
2.3 KiB
Nix
86 lines
2.3 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
...
|
|
}: let
|
|
home-manager = builtins.fetchTarball "https://github.com/nix-community/home-manager/archive/release-25.11.tar.gz";
|
|
cfg = config.services.forgejo;
|
|
srv = cfg.settings.server;
|
|
in {
|
|
local.hostname = "forgejoprg";
|
|
local.username = "forgejoprg";
|
|
local.userDescription = "Forgejo Admin";
|
|
local.address = "10.1.1.4";
|
|
|
|
# Enable Fedgejo service
|
|
services.nginx = {
|
|
enable = true;
|
|
virtualHosts."git.prg.local" = {
|
|
# Remove forceSSL and enableACME for local network
|
|
# forceSSL = true;
|
|
# enableACME = true;
|
|
extraConfig = ''
|
|
client_max_body_size 512M;
|
|
'';
|
|
locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
|
|
};
|
|
};
|
|
|
|
# Enable PostgreSQL for Forgejo
|
|
services.postgresql.enable = true;
|
|
|
|
# Forgejo configuration
|
|
services.forgejo = {
|
|
enable = true;
|
|
database = {
|
|
type = "postgres";
|
|
host = "10.1.1.251"; # IP of your database server
|
|
name = "forgejo";
|
|
user = "forgejo";
|
|
passwordFile = "/home/forgejoprg/password.txt"; # Store password in a separate file for security
|
|
};
|
|
lfs.enable = true;
|
|
|
|
settings = {
|
|
server = {
|
|
DOMAIN = "git.prg-radio.org";
|
|
ROOT_URL = "https://git.prg-radio.org/";
|
|
HTTP_PORT = 3000;
|
|
# SSH integration
|
|
SSH_PORT = lib.head config.services.openssh.ports;
|
|
};
|
|
|
|
# Temporarily allow registration to create admin user
|
|
service.DISABLE_REGISTRATION = false;
|
|
|
|
# Enable Actions support
|
|
actions = {
|
|
ENABLED = true;
|
|
DEFAULT_ACTIONS_URL = "github";
|
|
};
|
|
|
|
# Optional: Email configuration
|
|
# mailer = {
|
|
# ENABLED = false;
|
|
# };
|
|
};
|
|
};
|
|
|
|
# Open ports in the firewall.
|
|
networking.firewall.allowedTCPPorts = [3000];
|
|
|
|
imports = [
|
|
# ./secrets/secrets.nix # Add this locally after running add-secrets.zsh
|
|
# Optionally import local secrets if present (won't fail if missing)
|
|
(lib.optional (builtins.pathExists ./secrets/secrets.nix) ./secrets/secrets.nix)
|
|
./modules/desktop-manager/sway_greetd_homemanager.nix
|
|
./modules/local/hostname_username.nix
|
|
./modules/local/networking_local.nix
|
|
./modules/toolsets/remote_building.nix
|
|
./modules/bootloader/seabios.nix
|
|
./modules/lix-default.nix
|
|
];
|
|
|
|
system.stateVersion = "25.11";
|
|
}
|