forked from CCCHH/nix-infra
June
88e3da11a6
Use the GPG keys used for the password-store noc directory for the admin keys. Switch the git hosts secret management from colmena to sops-nix. https://github.com/getsops/sops https://github.com/Mic92/sops-nix
86 lines
2.5 KiB
Nix
86 lines
2.5 KiB
Nix
# Sources for this configuration:
|
|
# - https://forgejo.org/
|
|
# - https://forgejo.org/docs/latest/
|
|
# - https://forgejo.org/docs/latest/admin/database-preparation/
|
|
# - https://forgejo.org/docs/latest/admin/config-cheat-sheet/
|
|
# - https://forgejo.org/docs/latest/admin/recommendations/
|
|
# - https://codeberg.org/forgejo/forgejo/src/branch/forgejo/docs/content/administration/reverse-proxies.en-us.md
|
|
# - https://forgejo.org/docs/latest/admin/email-setup/
|
|
|
|
{ pkgs-unstable, ... }:
|
|
|
|
{
|
|
services.forgejo = {
|
|
enable = true;
|
|
package = pkgs-unstable.forgejo;
|
|
database.type = "postgres";
|
|
mailerPasswordFile = "/run/secrets/forgejo_git_smtp_password";
|
|
|
|
settings = {
|
|
DEFAULT = {
|
|
APP_NAME = "CCCHH Git";
|
|
};
|
|
server = {
|
|
DOMAIN = "git.hamburg.ccc.de";
|
|
PROTOCOL = "http";
|
|
HTTP_ADDR = "127.0.0.1";
|
|
HTTP_PORT = 3000;
|
|
ROOT_URL = "https://git.hamburg.ccc.de/";
|
|
# LOCAL_ROOT_URL is apparently what Forgejo uses to access itself.
|
|
# Doesn't need to be set.
|
|
OFFLINE_MODE = true;
|
|
};
|
|
admin = {
|
|
DISABLE_REGULAR_ORG_CREATION = false;
|
|
};
|
|
session = {
|
|
COOKIE_SECURE = true;
|
|
};
|
|
"ui.meta" = {
|
|
AUTHOR = "CCCHH Git";
|
|
DESCRIPTION = "Git instance of the CCCHH.";
|
|
KEYWORDS = "git,forge,forgejo,ccchh";
|
|
};
|
|
service = {
|
|
ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
|
|
DEFAULT_USER_VISIBILITY = "limited";
|
|
DEFAULT_KEEP_EMAIL_PRIVATE = true;
|
|
ENABLE_BASIC_AUTHENTICATION = false;
|
|
};
|
|
repo = {
|
|
DEFAULT_REPO_UNITS = "repo.code,repo.issues,repo.pulls";
|
|
};
|
|
actions = {
|
|
ENABLED = true;
|
|
ARTIFACT_RETENTION_DAYS = 30;
|
|
};
|
|
mailer = {
|
|
ENABLED = true;
|
|
FROM = "no-reply@git.hamburg.ccc.de";
|
|
PROTOCOL = "smtps";
|
|
SMTP_ADDR = "cow.hamburg.ccc.de";
|
|
SMTP_PORT = 465;
|
|
USER = "no-reply@git.hamburg.ccc.de";
|
|
};
|
|
cache = {
|
|
ENABLED = true;
|
|
ADAPTER = "redis";
|
|
HOST = "redis+socket:///run/redis-forgejo/redis.sock";
|
|
};
|
|
indexer = {
|
|
ISSUE_INDEXER_TYPE = "elasticsearch";
|
|
ISSUE_INDEXER_CONN_STR = "http://127.0.0.1:9200";
|
|
REPO_INDEXER_ENABLED = true;
|
|
REPO_INDEXER_TYPE = "elasticsearch";
|
|
REPO_INDEXER_CONN_STR = "http://127.0.0.1:9200";
|
|
};
|
|
};
|
|
};
|
|
|
|
sops.secrets."forgejo_git_smtp_password" = {
|
|
mode = "0440";
|
|
owner = "forgejo";
|
|
group = "forgejo";
|
|
restartUnits = [ "forgejo.service" ];
|
|
};
|
|
}
|