66 lines
1.3 KiB
Nix
66 lines
1.3 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
...
|
|
}: let
|
|
cfg = config.services.forgejo;
|
|
srv = cfg.settings.server;
|
|
in {
|
|
services.forgejo = {
|
|
enable = true;
|
|
appName = "git.itamar.site";
|
|
database.type = "sqlite3";
|
|
lfs.enable = true;
|
|
|
|
settings = {
|
|
server = {
|
|
DOMAIN = "git.itamar.site";
|
|
HTTP_ADDR = "127.0.0.1";
|
|
HTTP_PORT = 3000;
|
|
ROOT_URL = "https://git.itamar.site/";
|
|
PROTOCOL = "http";
|
|
|
|
DISABLE_SSH = false;
|
|
START_SSH_SERVER = false;
|
|
SSH_DOMAIN = "git.itamar.site";
|
|
SSH_PORT = lib.head config.services.openssh.ports;
|
|
|
|
DISABLE_HTTP_GIT = true;
|
|
};
|
|
|
|
security = {
|
|
COOKIE_SECURE = true;
|
|
};
|
|
|
|
service = {
|
|
DISABLE_REGISTRATION = true;
|
|
};
|
|
|
|
log.LEVEL = "Info";
|
|
};
|
|
};
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
virtualHosts."git.itamar.site" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
extraConfig = ''
|
|
client_max_body_size 512M;
|
|
'';
|
|
locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
|
|
};
|
|
};
|
|
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults.email = "itamar@itamar.site";
|
|
};
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
ports = [22];
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [22 80 443];
|
|
}
|