2024-09-11 22:31:55 +02:00
|
|
|
{
|
|
|
|
config,
|
|
|
|
inputs,
|
|
|
|
pkgs,
|
|
|
|
...
|
|
|
|
}: let
|
|
|
|
modules = ["services/misc/forgejo.nix" "services/continuous-integration/gitea-actions-runner.nix"];
|
|
|
|
in {
|
|
|
|
# swap out stable for unstable modules
|
|
|
|
disabledModules = modules;
|
|
|
|
imports =
|
|
|
|
builtins.map (v: "${inputs.nixpkgs-unstable}/nixos/modules/${v}")
|
|
|
|
modules;
|
|
|
|
|
|
|
|
age.secrets = {
|
|
|
|
"services/forgejo/minio-secretkey".owner = config.services.forgejo.user;
|
|
|
|
"services/forgejo/password-database".owner = config.services.forgejo.user;
|
|
|
|
};
|
|
|
|
|
|
|
|
# forgejo ssh
|
|
|
|
networking.firewall.allowedTCPPorts = [22];
|
|
|
|
|
|
|
|
# indexer
|
|
|
|
services.elasticsearch.enable = true;
|
|
|
|
|
|
|
|
services.forgejo = {
|
|
|
|
enable = true;
|
|
|
|
|
2024-09-13 02:28:10 +02:00
|
|
|
package = pkgs.unstable.forgejo;
|
2024-09-11 22:31:55 +02:00
|
|
|
|
|
|
|
database = {
|
|
|
|
type = "postgres";
|
|
|
|
passwordFile = config.age.secrets."services/forgejo/password-database".path;
|
|
|
|
};
|
|
|
|
|
|
|
|
lfs.enable = true;
|
|
|
|
|
|
|
|
secrets = {
|
|
|
|
storage = {
|
|
|
|
MINIO_SECRET_ACCESS_KEY = config.age.secrets."services/forgejo/minio-secretkey".path;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
settings = {
|
|
|
|
DEFAULT.APP_NAME = "winston's forgejo";
|
|
|
|
|
|
|
|
indexer = with config.services.elasticsearch; let
|
|
|
|
indexer = "elasticsearch";
|
|
|
|
conn = "http://${listenAddress}:${toString port}";
|
|
|
|
in {
|
|
|
|
REPO_INDEXER_ENABLED = true;
|
|
|
|
REPO_INDEXER_CONN_STR = conn;
|
|
|
|
REPO_INDEXER_TYPE = indexer;
|
|
|
|
ISSUE_INDEXER_CONN_STR = conn;
|
|
|
|
ISSUE_INDEXER_TYPE = indexer;
|
|
|
|
};
|
|
|
|
|
|
|
|
repository.ENABLE_PUSH_CREATE_USER = true;
|
|
|
|
|
|
|
|
server = rec {
|
|
|
|
DOMAIN = "code.winston.sh";
|
2024-09-13 02:28:10 +02:00
|
|
|
ROOT_URL = "https://${DOMAIN}/";
|
|
|
|
|
2024-09-11 22:31:55 +02:00
|
|
|
HTTP_ADDR = "127.0.0.1";
|
|
|
|
HTTP_PORT = 12492;
|
2024-09-13 02:28:10 +02:00
|
|
|
|
|
|
|
# allow fetch from gravatar etc.
|
2024-09-11 22:31:55 +02:00
|
|
|
OFFLINE_MODE = false;
|
|
|
|
};
|
|
|
|
|
|
|
|
session = {
|
|
|
|
COOKIE_NAME = "forgejo-session";
|
|
|
|
COOKIE_SECURE = true;
|
|
|
|
SAME_SITE = "strict";
|
|
|
|
};
|
|
|
|
|
|
|
|
storage = {
|
|
|
|
STORAGE_TYPE = "minio";
|
|
|
|
|
|
|
|
SERVE_DIRECT = true;
|
|
|
|
MINIO_ENDPOINT = "s3.winston.sh";
|
|
|
|
|
|
|
|
MINIO_ACCESS_KEY_ID = "forgejo";
|
|
|
|
|
|
|
|
MINIO_BUCKET = "forgejo";
|
|
|
|
MINIO_LOCATION = "eu-central-1";
|
|
|
|
MINIO_USE_SSL = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
"ui.meta".AUTHOR = "nekowinston's Forgejo - Beyond coding. We forge.";
|
|
|
|
|
|
|
|
other = {
|
|
|
|
SHOW_FOOTER_VERSION = false;
|
|
|
|
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
|
|
|
|
SHOW_FOOTER_POWERED_BY = false;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
virtualisation.podman.enable = true;
|
|
|
|
services.gitea-actions-runner = {
|
2024-09-13 02:28:10 +02:00
|
|
|
package = pkgs.unstable.forgejo-runner;
|
2024-09-11 22:31:55 +02:00
|
|
|
instances.main = {
|
|
|
|
enable = true;
|
|
|
|
name = "main";
|
|
|
|
url = config.services.forgejo.settings.server.ROOT_URL;
|
|
|
|
tokenFile = config.age.secrets."services/forgejo/runner-token".path;
|
|
|
|
labels = ["ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest"];
|
|
|
|
settings.container = {
|
|
|
|
network = "host";
|
|
|
|
options = "--add-host=forgejo.winston.sh:host-gateway";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
services.nginx.virtualHosts.${config.services.forgejo.settings.server.DOMAIN} = {
|
|
|
|
forceSSL = true;
|
|
|
|
enableACME = false;
|
|
|
|
useACMEHost = "winston.sh";
|
|
|
|
|
2024-09-13 02:28:10 +02:00
|
|
|
locations = {
|
|
|
|
"/" = with config.services.forgejo.settings.server; {
|
|
|
|
extraConfig =
|
|
|
|
# nginx
|
|
|
|
''
|
|
|
|
access_log /var/log/nginx/forgejo.access.log combined_geoip;
|
|
|
|
client_max_body_size 512M;
|
|
|
|
'';
|
|
|
|
proxyPass = "http://${HTTP_ADDR}:${toString HTTP_PORT}";
|
|
|
|
};
|
|
|
|
|
|
|
|
# don't spam the log with runner polls
|
|
|
|
"/api/actions/runner.v1.RunnerService/FetchTask".extraConfig = "access_log off;";
|
2024-09-11 22:31:55 +02:00
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|