nix dotfiles

2026-04-10 18:50:25 +03:00 · 2026-04-10 18:50:25 +03:00 · 7b8005c867
commit 7b8005c867
27 changed files with 1728 additions and 0 deletions
--- a/server/forgejo.nix
+++ b/server/forgejo.nix
@ -0,0 +1,66 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  cfg = config.services.forgejo;
+  srv = cfg.settings.server;
+in {
+  services.forgejo = {
+    enable = true;
+    appName = "git.itamar.site";
+    database.type = "sqlite3";
+    lfs.enable = true;
+
+    settings = {
+      server = {
+        DOMAIN = "git.itamar.site";
+        HTTP_ADDR = "127.0.0.1";
+        HTTP_PORT = 3000;
+        ROOT_URL = "https://git.itamar.site/";
+        PROTOCOL = "http"; 
+
+        DISABLE_SSH = false;
+        START_SSH_SERVER = false; 
+        SSH_DOMAIN = "git.itamar.site";
+        SSH_PORT = lib.head config.services.openssh.ports;
+
+        DISABLE_HTTP_GIT = true;
+      };
+
+      security = {
+        COOKIE_SECURE = true;
+      };
+
+      service = {
+        DISABLE_REGISTRATION = true;
+      };
+
+      log.LEVEL = "Info";
+    };
+  };
+
+  services.nginx = {
+    enable = true;
+    virtualHosts."git.itamar.site" = {
+      enableACME = true;
+      forceSSL = true;
+      extraConfig = ''
+        client_max_body_size 512M;
+      '';
+      locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
+    };
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "itamar@itamar.site";
+  };
+
+  services.openssh = {
+    enable = true;
+    ports = [22];
+  };
+
+  networking.firewall.allowedTCPPorts = [22 80 443];
+}