39 lines
1.2 KiB
Nix
39 lines
1.2 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
|
|
{
|
|
services.forgejo = {
|
|
enable = true;
|
|
stateDir = "/media/apps/git";
|
|
repositoryRoot = "${config.services.forgejo.stateDir}/repos";
|
|
database.createDatabase = true;
|
|
|
|
settings = {
|
|
session.COOKIE_SECURE = true;
|
|
server = {
|
|
DOMAIN = "git.${config.homelab.publicDomain}";
|
|
ROOT_URL = "https://${config.services.forgejo.settings.server.DOMAIN}";
|
|
SSH_PORT = 22;
|
|
# PROTOCOL = "https";
|
|
HTTP_PORT = 3000;
|
|
};
|
|
|
|
service = {
|
|
ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
|
|
SHOW_REGISTRATION_BUTTON = false;
|
|
ENABLE_PASSWORD_SIGNIN_FORM = false;
|
|
};
|
|
};
|
|
};
|
|
|
|
# forgejo has user keys under its own .ssh/authorizedKeys file.
|
|
# nix blocks me from using users.users.<name>.openssh.authorizedKeys.keyFiles
|
|
# in order to only allow that to the forgejo user as it has "/var"
|
|
services.openssh.authorizedKeysInHomedir = lib.mkForce true;
|
|
|
|
services.caddy.virtualHosts."git.${config.homelab.publicDomain}" = {
|
|
useACMEHost = config.homelab.domain;
|
|
extraConfig = ''
|
|
reverse_proxy http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}
|
|
'';
|
|
};
|
|
}
|