nico/dots
2
2
Fork 1
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

forgejo: get certs for domain

Browse source
This commit is contained in:
Nico 2026-02-22 20:22:20 +11:00
parent 90ba20d2cc
commit 00133e544f
Signed by: nico
SSH key fingerprint: SHA256:XuacYOrGqRxC3jVFjfLROn1CSvLz85Dec6N7O9Gwu/0
1 changed files with 9 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

11
modules/services/forgejo.nix
View file

@ -25,13 +25,20 @@
};
};
security.acme.certs."${config.services.forgejo.settings.server.DOMAIN}" = {
domain = "${config.homelab.authDomain}";
dnsProvider = "cloudflare";
dnsResolver = "1.1.1.1:53";
dnsPropagationCheck = true;
};
# forgejo has user keys under its own .ssh/authorizedKeys file.
# nix blocks me from using users.users.<name>.openssh.authorizedKeys.keyFiles
# in order to only allow that to the forgejo user as it has "/var"
services.openssh.authorizedKeysInHomedir = lib.mkForce true;
services.caddy.virtualHosts."git.${config.homelab.publicDomain}" = {
useACMEHost = config.homelab.domain;
services.caddy.virtualHosts."${config.services.forgejo.settings.server.DOMAIN}" = {
useACMEHost = config.services.forgejo.settings.server.DOMAIN;
extraConfig = ''
reverse_proxy http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}
'';