125 lines
3.2 KiB
Nix
125 lines
3.2 KiB
Nix
|
{
|
||
|
config,
|
||
|
inputs,
|
||
|
pkgs,
|
||
|
...
|
||
|
}: let
|
||
|
modules = ["services/misc/forgejo.nix" "services/continuous-integration/gitea-actions-runner.nix"];
|
||
|
pkgsUnstable = inputs.nixpkgs-unstable.legacyPackages.${pkgs.stdenv.system};
|
||
|
in {
|
||
|
# swap out stable for unstable modules
|
||
|
disabledModules = modules;
|
||
|
imports =
|
||
|
builtins.map (v: "${inputs.nixpkgs-unstable}/nixos/modules/${v}")
|
||
|
modules;
|
||
|
|
||
|
age.secrets = {
|
||
|
"services/forgejo/minio-secretkey".owner = config.services.forgejo.user;
|
||
|
"services/forgejo/password-database".owner = config.services.forgejo.user;
|
||
|
};
|
||
|
|
||
|
# forgejo ssh
|
||
|
networking.firewall.allowedTCPPorts = [22];
|
||
|
|
||
|
# indexer
|
||
|
services.elasticsearch.enable = true;
|
||
|
|
||
|
services.forgejo = {
|
||
|
enable = true;
|
||
|
|
||
|
package = pkgsUnstable.forgejo;
|
||
|
|
||
|
database = {
|
||
|
type = "postgres";
|
||
|
passwordFile = config.age.secrets."services/forgejo/password-database".path;
|
||
|
};
|
||
|
|
||
|
lfs.enable = true;
|
||
|
|
||
|
secrets = {
|
||
|
storage = {
|
||
|
MINIO_SECRET_ACCESS_KEY = config.age.secrets."services/forgejo/minio-secretkey".path;
|
||
|
};
|
||
|
};
|
||
|
|
||
|
settings = {
|
||
|
DEFAULT.APP_NAME = "winston's forgejo";
|
||
|
|
||
|
indexer = with config.services.elasticsearch; let
|
||
|
indexer = "elasticsearch";
|
||
|
conn = "http://${listenAddress}:${toString port}";
|
||
|
in {
|
||
|
REPO_INDEXER_ENABLED = true;
|
||
|
REPO_INDEXER_CONN_STR = conn;
|
||
|
REPO_INDEXER_TYPE = indexer;
|
||
|
ISSUE_INDEXER_CONN_STR = conn;
|
||
|
ISSUE_INDEXER_TYPE = indexer;
|
||
|
};
|
||
|
|
||
|
repository.ENABLE_PUSH_CREATE_USER = true;
|
||
|
|
||
|
server = rec {
|
||
|
DOMAIN = "code.winston.sh";
|
||
|
HTTP_ADDR = "127.0.0.1";
|
||
|
HTTP_PORT = 12492;
|
||
|
ROOT_URL = "https://${DOMAIN}/";
|
||
|
OFFLINE_MODE = false;
|
||
|
};
|
||
|
|
||
|
session = {
|
||
|
COOKIE_NAME = "forgejo-session";
|
||
|
COOKIE_SECURE = true;
|
||
|
SAME_SITE = "strict";
|
||
|
};
|
||
|
|
||
|
storage = {
|
||
|
STORAGE_TYPE = "minio";
|
||
|
|
||
|
SERVE_DIRECT = true;
|
||
|
MINIO_ENDPOINT = "s3.winston.sh";
|
||
|
|
||
|
MINIO_ACCESS_KEY_ID = "forgejo";
|
||
|
|
||
|
MINIO_BUCKET = "forgejo";
|
||
|
MINIO_LOCATION = "eu-central-1";
|
||
|
MINIO_USE_SSL = true;
|
||
|
};
|
||
|
|
||
|
"ui.meta".AUTHOR = "nekowinston's Forgejo - Beyond coding. We forge.";
|
||
|
|
||
|
other = {
|
||
|
SHOW_FOOTER_VERSION = false;
|
||
|
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
|
||
|
SHOW_FOOTER_POWERED_BY = false;
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
|
||
|
virtualisation.podman.enable = true;
|
||
|
services.gitea-actions-runner = {
|
||
|
package = pkgsUnstable.forgejo-runner;
|
||
|
instances.main = {
|
||
|
enable = true;
|
||
|
name = "main";
|
||
|
url = config.services.forgejo.settings.server.ROOT_URL;
|
||
|
tokenFile = config.age.secrets."services/forgejo/runner-token".path;
|
||
|
labels = ["ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest"];
|
||
|
settings.container = {
|
||
|
network = "host";
|
||
|
options = "--add-host=forgejo.winston.sh:host-gateway";
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
|
||
|
services.nginx.virtualHosts.${config.services.forgejo.settings.server.DOMAIN} = {
|
||
|
forceSSL = true;
|
||
|
enableACME = false;
|
||
|
useACMEHost = "winston.sh";
|
||
|
|
||
|
locations."/" = with config.services.forgejo.settings.server; {
|
||
|
extraConfig = "client_max_body_size 512M;";
|
||
|
proxyPass = "http://${HTTP_ADDR}:${toString HTTP_PORT}";
|
||
|
};
|
||
|
};
|
||
|
}
|