92 lines
2.1 KiB
Nix
Executable file
92 lines
2.1 KiB
Nix
Executable file
{ lib, pkgs, config, ... }:
|
|
let
|
|
cfg = config.services.forgejo;
|
|
srv = cfg.settings.server;
|
|
|
|
fqdn = "git.symbiotrip.com";
|
|
|
|
smtpPassword = "Monaco55";
|
|
runnerToken = "PUT_RUNNER_REGISTRATION_TOKEN_HERE";
|
|
adminPassword = "2wiggyWah!";
|
|
|
|
adminUser = "jsutter";
|
|
adminEmail = "jsutter@symbiotrip.com";
|
|
|
|
|
|
in
|
|
|
|
{
|
|
security.acme.certs.${fqdn}.group = config.services.nginx.group;
|
|
services.nginx.virtualHosts.${fqdn} = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
useACMEHost = fqdn;
|
|
acmeRoot = null;
|
|
extraConfig = ''
|
|
client_max_body_size 512M;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
'';
|
|
locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
|
|
};
|
|
|
|
services.forgejo = {
|
|
enable = true;
|
|
database.type = "postgres";
|
|
lfs.enable = true;
|
|
|
|
settings = {
|
|
server = {
|
|
DOMAIN = fqdn;
|
|
ROOT_URL = "https://${fqdn}/";
|
|
HTTP_PORT = 3000;
|
|
};
|
|
|
|
service.DISABLE_REGISTRATION = true;
|
|
|
|
actions = {
|
|
ENABLED = true;
|
|
DEFAULT_ACTIONS_URL = "github";
|
|
};
|
|
|
|
mailer = {
|
|
ENABLED = true;
|
|
SMTP_ADDR = "mail.example.com";
|
|
FROM = "noreply@${fqdn}";
|
|
USER = "noreply@${fqdn}";
|
|
PASSWD = smtpPassword;
|
|
};
|
|
};
|
|
};
|
|
|
|
# Create/ensure admin user
|
|
systemd.services.forgejo.preStart = let
|
|
adminCmd = "${lib.getExe cfg.package} admin user";
|
|
in ''
|
|
${adminCmd} create \
|
|
--admin \
|
|
--username ${adminUser} \
|
|
--email "${adminEmail}" \
|
|
--password "${adminPassword}" \
|
|
--must-change-password=false || true
|
|
'';
|
|
|
|
# Actions runner (runs jobs in Docker containers per labels)
|
|
virtualisation.docker.enable = true;
|
|
|
|
services.gitea-actions-runner = {
|
|
package = pkgs.forgejo-runner;
|
|
instances.default = {
|
|
enable = true;
|
|
name = "warp";
|
|
url = "https://${fqdn}";
|
|
token = runnerToken;
|
|
labels = [
|
|
"node-22:docker://node:22-bookworm"
|
|
"nixos-latest:docker://nixos/nix"
|
|
# "native:host"
|
|
];
|
|
};
|
|
};
|
|
}
|