causalhonk/dots
1
0
Fork 0
forked from nico/dots
Code Pull requests Activity
dots/modules/services/forgejo.nix
Nico 66f036aee3 forgejo: fix ssh 
really only a temporary solution for now, ideally we would do it so
only the forgejo user can use the .ssh/authorizedKeys file in their home
folder. but nix purity rules prevents that
2025-05-03 16:34:35 +10:00

33 lines
1 KiB
Nix
Raw Blame History

{ config, pkgs, lib, ... }:
{
services.forgejo = {
enable = true;
stateDir = "/var/lib/forgejo";
repositoryRoot = "${config.services.forgejo.stateDir}/repositories";
database.createDatabase = true;
settings = {
session.COOKIE_SECURE = true;
server = {
DOMAIN = "git.${config.homelab.domain}";
ROOT_URL = "https://${config.services.forgejo.settings.server.DOMAIN}";
SSH_PORT = 22;
# PROTOCOL = "https";
HTTP_PORT = 3000;
};
};
};
# forgejo has user keys under its own .ssh/authorizedKeys file.
# nix blocks me from using users.users.<name>.openssh.authorizedKeys.keyFiles
# in order to only allow that to the forgejo user as it has "/var"
services.openssh.authorizedKeysInHomedir = lib.mkForce true;
services.caddy.virtualHosts."git.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}
'';
};
}
View git blame Copy permalink