wo2w/nixos-config
1
0
Fork 0
Code Issues Pull requests Activity
nixos-config/modules/nixos/services/homeserver/forgejo.nix
wo2w 34c2661dad forgejo: use unix socket
2026-01-23 13:02:14 -05:00

72 lines
No EOL
1.8 KiB
Nix
Raw Blame History

{ config, lib, ... }:
{
sops.secrets = {
"forgejo/secret-key" = {
owner = "forgejo";
group = "forgejo";
};
"forgejo/internal-token" = {
owner = "forgejo";
group = "forgejo";
};
};
users.groups.forgejo.members = [ "caddy" ];
services.caddy.virtualHosts."git.wo2wz.fyi".extraConfig =
assert config.services.caddy.enable;
''
import default-settings
import cloudflare-tls
reverse_proxy unix/${config.services.forgejo.settings.server.HTTP_ADDR}
'';
services.forgejo = {
enable = true;
secrets.security = {
SECRET_KEY = lib.mkForce config.sops.secrets."forgejo/secret-key".path;
INTERNAL_TOKEN = lib.mkForce config.sops.secrets."forgejo/internal-token".path;
};
settings = {
DEFAULT = {
APP_NAME = "Wo2wz's Git";
APP_SLOGAN = "Powered by NixOS";
APP_DISPLAY_NAME_FORMAT = "{APP_NAME} - {APP_SLOGAN}";
};
"ui.meta" = {
AUTHOR = "Wo2wz's forgejo";
DESCRIPTION = ''in the forged jo, straight up "committing" it, and by "it" lets just say... my git'';
};
server = {
PROTOCOL = "http+unix";
HTTP_ADDR = "/run/forgejo/forgejo.sock";
UNIX_SOCKET_PERMISSION = 660;
DOMAIN = "git.wo2wz.fyi";
ROOT_URL = "https://git.wo2wz.fyi/";
# cant work with cf tunnel unfortunately
DISABLE_SSH = true;
};
database.SQLITE_JOURNAL_MODE = "WAL";
cache = {
ADAPTER = "twoqueue";
HOST = ''{"size":100, "recent_ratio":0.25, "ghost_ratio":0.5}'';
};
service = {
ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
ENABLE_INTERNAL_SIGNIN = false;
};
session.COOKIE_SECURE = true;
actions.ENABLED = false;
};
};
}
Reference in a new issue View git blame Copy permalink