Add and configure new Git server using Forgejo

2024-01-14 23:19:41 +01:00 · 2024-01-14 23:19:41 +01:00 · ec5430ee34
commit ec5430ee34
parent 26132b1526
7 changed files with 182 additions and 0 deletions
--- a/config/hosts/git/forgejo.nix
+++ b/config/hosts/git/forgejo.nix
@ -0,0 +1,73 @@
+# Sources for this configuration:
+# - https://forgejo.org/
+# - https://forgejo.org/docs/latest/
+# - https://forgejo.org/docs/latest/admin/database-preparation/
+# - https://forgejo.org/docs/latest/admin/config-cheat-sheet/
+# - https://forgejo.org/docs/latest/admin/recommendations/
+# - https://codeberg.org/forgejo/forgejo/src/branch/forgejo/docs/content/administration/reverse-proxies.en-us.md
+# - https://forgejo.org/docs/latest/admin/email-setup/
+
+{ ... }:
+
+{
+  services.forgejo = {
+    enable = true;
+    database.type = "postgres";
+    mailerPasswordFile = "/secrets/forgejo-git-smtp-password.secret";
+
+    settings = {
+      DEFAULT = {
+        APP_NAME = "CCCHH Git";
+      };
+      server = {
+        DOMAIN = "git.hamburg.ccc.de";
+        PROTOCOL = "http";
+        HTTP_ADDR = "127.0.0.1";
+        HTTP_PORT = 3000;
+        ROOT_URL = "https://git.hamburg.ccc.de/";
+        # LOCAL_ROOT_URL is apparently what Forgejo uses to access itself.
+        # Doesn't need to be set.
+      };
+      admin = {
+        DISABLE_REGULAR_ORG_CREATION = false;
+      };
+      session = {
+        COOKIE_SECURE = true;
+      };
+      "ui.meta" = {
+        AUTHOR = "CCCHH Git";
+        DESCRIPTION = "Git instance of the CCCHH.";
+        KEYWORDS = "git,forge,forgejo,ccchh";
+      };
+      service = {
+        ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
+        DEFAULT_USER_VISIBILITY = "limited";
+        DEFAULT_KEEP_EMAIL_PRIVATE = true;
+      };
+      mailer = {
+        ENABLED = true;
+        FROM = "no-reply@git.hamburg.ccc.de";
+        PROTOCOL = "smtps";
+        SMTP_ADDR = "cow.hamburg.ccc.de";
+        SMTP_PORT = 465;
+        USER = "no-reply@git.hamburg.ccc.de";
+      };
+      cache = {
+        ENABLED = true;
+        ADAPTER = "redis";
+        HOST = "redis+socket:///run/redis-forgejo/redis.sock";
+      };
+    };
+  };
+
+  deployment.keys = {
+    "forgejo-git-smtp-password.secret" = {
+      keyCommand = [ "pass" "noc/vm-secrets/chaosknoten/git/smtp_password" ];
+      destDir = "/secrets";
+      user = "forgejo";
+      group = "forgejo";
+      permissions = "0640";
+      uploadAt = "pre-activation";
+    };
+  };
+}