From 34c2661dad83ae2ae5daa615acb0f3b98aabf0ab Mon Sep 17 00:00:00 2001
From: wo2w <189177184+wo2wz@users.noreply.github.com>
Date: Fri, 23 Jan 2026 13:02:14 -0500
Subject: [PATCH] forgejo: use unix socket

---
 modules/nixos/services/homeserver/forgejo.nix | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/modules/nixos/services/homeserver/forgejo.nix b/modules/nixos/services/homeserver/forgejo.nix
index 6688183..84e82a2 100644
--- a/modules/nixos/services/homeserver/forgejo.nix
+++ b/modules/nixos/services/homeserver/forgejo.nix
@@ -12,13 +12,15 @@
     };
   };
 
+  users.groups.forgejo.members = [ "caddy" ];
+
   services.caddy.virtualHosts."git.wo2wz.fyi".extraConfig =
   assert config.services.caddy.enable;
   ''
     import default-settings
     import cloudflare-tls
 
-    reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}
+    reverse_proxy unix/${config.services.forgejo.settings.server.HTTP_ADDR}
   '';
 
   services.forgejo = {
@@ -40,11 +42,15 @@
       };
 
       server = {
-        HTTP_ADDR = "127.0.0.1";
-        HTTP_PORT = 8008;
+        PROTOCOL = "http+unix";
+        HTTP_ADDR = "/run/forgejo/forgejo.sock";
+        UNIX_SOCKET_PERMISSION = 660;
 
         DOMAIN = "git.wo2wz.fyi";
         ROOT_URL = "https://git.wo2wz.fyi/";
+
+        # cant work with cf tunnel unfortunately
+        DISABLE_SSH = true;
       };
       
       database.SQLITE_JOURNAL_MODE = "WAL";