forked from CCCHH/nix-infra
June
2ba371f8cd
Also explicitly disable making users auto watch repos after their first commit to it.
88 lines
2.6 KiB
Nix
88 lines
2.6 KiB
Nix
# Sources for this configuration:
|
|
# - https://forgejo.org/
|
|
# - https://forgejo.org/docs/latest/
|
|
# - https://forgejo.org/docs/latest/admin/database-preparation/
|
|
# - https://forgejo.org/docs/latest/admin/config-cheat-sheet/
|
|
# - https://forgejo.org/docs/latest/admin/recommendations/
|
|
# - https://codeberg.org/forgejo/forgejo/src/branch/forgejo/docs/content/administration/reverse-proxies.en-us.md
|
|
# - https://forgejo.org/docs/latest/admin/email-setup/
|
|
|
|
{ pkgs-unstable, ... }:
|
|
|
|
{
|
|
services.forgejo = {
|
|
enable = true;
|
|
database.type = "postgres";
|
|
mailerPasswordFile = "/run/secrets/forgejo_git_smtp_password";
|
|
|
|
settings = {
|
|
DEFAULT = {
|
|
APP_NAME = "CCCHH Git";
|
|
};
|
|
server = {
|
|
DOMAIN = "git.hamburg.ccc.de";
|
|
PROTOCOL = "http";
|
|
HTTP_ADDR = "127.0.0.1";
|
|
HTTP_PORT = 3000;
|
|
ROOT_URL = "https://git.hamburg.ccc.de/";
|
|
# LOCAL_ROOT_URL is apparently what Forgejo uses to access itself.
|
|
# Doesn't need to be set.
|
|
OFFLINE_MODE = true;
|
|
};
|
|
admin = {
|
|
DISABLE_REGULAR_ORG_CREATION = false;
|
|
};
|
|
session = {
|
|
COOKIE_SECURE = true;
|
|
};
|
|
"ui.meta" = {
|
|
AUTHOR = "CCCHH Git";
|
|
DESCRIPTION = "Git instance of the CCCHH.";
|
|
KEYWORDS = "git,forge,forgejo,ccchh";
|
|
};
|
|
service = {
|
|
ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
|
|
DEFAULT_USER_VISIBILITY = "limited";
|
|
DEFAULT_KEEP_EMAIL_PRIVATE = true;
|
|
ENABLE_BASIC_AUTHENTICATION = false;
|
|
ENABLE_NOTIFY_MAIL = true;
|
|
AUTO_WATCH_NEW_REPOS = false;
|
|
AUTO_WATCH_ON_CHANGES = false;
|
|
};
|
|
repo = {
|
|
DEFAULT_REPO_UNITS = "repo.code,repo.issues,repo.pulls";
|
|
};
|
|
actions = {
|
|
ENABLED = true;
|
|
ARTIFACT_RETENTION_DAYS = 30;
|
|
};
|
|
mailer = {
|
|
ENABLED = true;
|
|
FROM = "no-reply@git.hamburg.ccc.de";
|
|
PROTOCOL = "smtps";
|
|
SMTP_ADDR = "cow.hamburg.ccc.de";
|
|
SMTP_PORT = 465;
|
|
USER = "no-reply@git.hamburg.ccc.de";
|
|
};
|
|
cache = {
|
|
ENABLED = true;
|
|
ADAPTER = "redis";
|
|
HOST = "redis+socket:///run/redis-forgejo/redis.sock";
|
|
};
|
|
indexer = {
|
|
ISSUE_INDEXER_TYPE = "elasticsearch";
|
|
ISSUE_INDEXER_CONN_STR = "http://127.0.0.1:9200";
|
|
REPO_INDEXER_ENABLED = true;
|
|
REPO_INDEXER_TYPE = "elasticsearch";
|
|
REPO_INDEXER_CONN_STR = "http://127.0.0.1:9200";
|
|
};
|
|
};
|
|
};
|
|
|
|
sops.secrets."forgejo_git_smtp_password" = {
|
|
mode = "0440";
|
|
owner = "forgejo";
|
|
group = "forgejo";
|
|
restartUnits = [ "forgejo.service" ];
|
|
};
|
|
}
|