forked from CCCHH/nix-infra
74 lines
2.1 KiB
Nix
74 lines
2.1 KiB
Nix
# Sources for this configuration:
|
|
# - https://forgejo.org/
|
|
# - https://forgejo.org/docs/latest/
|
|
# - https://forgejo.org/docs/latest/admin/database-preparation/
|
|
# - https://forgejo.org/docs/latest/admin/config-cheat-sheet/
|
|
# - https://forgejo.org/docs/latest/admin/recommendations/
|
|
# - https://codeberg.org/forgejo/forgejo/src/branch/forgejo/docs/content/administration/reverse-proxies.en-us.md
|
|
# - https://forgejo.org/docs/latest/admin/email-setup/
|
|
|
|
{ ... }:
|
|
|
|
{
|
|
services.forgejo = {
|
|
enable = true;
|
|
database.type = "postgres";
|
|
mailerPasswordFile = "/secrets/forgejo-git-smtp-password.secret";
|
|
|
|
settings = {
|
|
DEFAULT = {
|
|
APP_NAME = "CCCHH Git";
|
|
};
|
|
server = {
|
|
DOMAIN = "git.hamburg.ccc.de";
|
|
PROTOCOL = "http";
|
|
HTTP_ADDR = "127.0.0.1";
|
|
HTTP_PORT = 3000;
|
|
ROOT_URL = "https://git.hamburg.ccc.de/";
|
|
# LOCAL_ROOT_URL is apparently what Forgejo uses to access itself.
|
|
# Doesn't need to be set.
|
|
};
|
|
admin = {
|
|
DISABLE_REGULAR_ORG_CREATION = false;
|
|
};
|
|
session = {
|
|
COOKIE_SECURE = true;
|
|
};
|
|
"ui.meta" = {
|
|
AUTHOR = "CCCHH Git";
|
|
DESCRIPTION = "Git instance of the CCCHH.";
|
|
KEYWORDS = "git,forge,forgejo,ccchh";
|
|
};
|
|
service = {
|
|
ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
|
|
DEFAULT_USER_VISIBILITY = "limited";
|
|
DEFAULT_KEEP_EMAIL_PRIVATE = true;
|
|
};
|
|
mailer = {
|
|
ENABLED = true;
|
|
FROM = "no-reply@git.hamburg.ccc.de";
|
|
PROTOCOL = "smtps";
|
|
SMTP_ADDR = "cow.hamburg.ccc.de";
|
|
SMTP_PORT = 465;
|
|
USER = "no-reply@git.hamburg.ccc.de";
|
|
};
|
|
cache = {
|
|
ENABLED = true;
|
|
ADAPTER = "redis";
|
|
HOST = "redis+socket:///run/redis-forgejo/redis.sock";
|
|
};
|
|
};
|
|
};
|
|
|
|
deployment.keys = {
|
|
"forgejo-git-smtp-password.secret" = {
|
|
keyCommand = [ "pass" "noc/vm-secrets/chaosknoten/git/smtp_password" ];
|
|
destDir = "/secrets";
|
|
user = "forgejo";
|
|
group = "forgejo";
|
|
permissions = "0640";
|
|
uploadAt = "pre-activation";
|
|
};
|
|
};
|
|
}
|