# Sources for this configuration: # - https://forgejo.org/ # - https://forgejo.org/docs/latest/ # - https://forgejo.org/docs/latest/admin/database-preparation/ # - https://forgejo.org/docs/latest/admin/config-cheat-sheet/ # - https://forgejo.org/docs/latest/admin/recommendations/ # - https://codeberg.org/forgejo/forgejo/src/branch/forgejo/docs/content/administration/reverse-proxies.en-us.md # - https://forgejo.org/docs/latest/admin/email-setup/ { pkgs, ... }: { services.forgejo = { enable = true; package = pkgs.forgejo; database.type = "postgres"; secrets = { mailer = { PASSWD = "/run/secrets/forgejo_git_smtp_password"; }; }; settings = { DEFAULT = { APP_NAME = "CCCHH Git"; }; server = { DOMAIN = "git.hamburg.ccc.de"; PROTOCOL = "http"; HTTP_ADDR = "127.0.0.1"; HTTP_PORT = 3000; ROOT_URL = "https://git.hamburg.ccc.de/"; # LOCAL_ROOT_URL is apparently what Forgejo uses to access itself. # Doesn't need to be set. OFFLINE_MODE = true; }; admin = { DISABLE_REGULAR_ORG_CREATION = false; }; session = { COOKIE_SECURE = true; }; "ui.meta" = { AUTHOR = "CCCHH Git"; DESCRIPTION = "Git instance of the CCCHH."; KEYWORDS = "git,forge,forgejo,ccchh"; }; service = { ALLOW_ONLY_EXTERNAL_REGISTRATION = true; DEFAULT_USER_VISIBILITY = "limited"; DEFAULT_KEEP_EMAIL_PRIVATE = true; ENABLE_BASIC_AUTHENTICATION = false; ENABLE_NOTIFY_MAIL = true; AUTO_WATCH_NEW_REPOS = false; AUTO_WATCH_ON_CHANGES = false; }; repo = { DEFAULT_REPO_UNITS = "repo.code,repo.issues,repo.pulls"; }; actions = { ENABLED = true; ARTIFACT_RETENTION_DAYS = 30; }; mailer = { ENABLED = true; FROM = "no-reply@git.hamburg.ccc.de"; PROTOCOL = "smtps"; SMTP_ADDR = "cow.hamburg.ccc.de"; SMTP_PORT = 465; USER = "no-reply@git.hamburg.ccc.de"; }; cache = { ENABLED = true; ADAPTER = "redis"; HOST = "redis+socket:///run/redis-forgejo/redis.sock"; }; indexer = { ISSUE_INDEXER_TYPE = "elasticsearch"; ISSUE_INDEXER_CONN_STR = "http://127.0.0.1:9200"; REPO_INDEXER_ENABLED = true; REPO_INDEXER_TYPE = "elasticsearch"; REPO_INDEXER_CONN_STR = "http://127.0.0.1:9200"; }; }; }; sops.secrets."forgejo_git_smtp_password" = { mode = "0440"; owner = "forgejo"; group = "forgejo"; restartUnits = [ "forgejo.service" ]; }; }