70 lines
No EOL
1.7 KiB
Nix
70 lines
No EOL
1.7 KiB
Nix
{ config, lib, ... }:
|
|
|
|
{
|
|
sops.secrets = {
|
|
"forgejo/secret-key" = {
|
|
owner = "forgejo";
|
|
group = "forgejo";
|
|
};
|
|
"forgejo/internal-token" = {
|
|
owner = "forgejo";
|
|
group = "forgejo";
|
|
};
|
|
};
|
|
|
|
services.caddy.virtualHosts."git.wo2wz.fyi".extraConfig =
|
|
assert config.services.caddy.enable;
|
|
''
|
|
import default-settings
|
|
import cloudflare-tls
|
|
|
|
reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}
|
|
'';
|
|
|
|
services.forgejo = {
|
|
enable = true;
|
|
secrets.security = {
|
|
SECRET_KEY = lib.mkForce config.sops.secrets."forgejo/secret-key".path;
|
|
INTERNAL_TOKEN = lib.mkForce config.sops.secrets."forgejo/internal-token".path;
|
|
};
|
|
settings = {
|
|
DEFAULT = {
|
|
APP_NAME = "Wo2wz's Git";
|
|
APP_SLOGAN = "Powered by NixOS";
|
|
APP_DISPLAY_NAME_FORMAT = "{APP_NAME} - {APP_SLOGAN}";
|
|
};
|
|
|
|
"ui.meta" = {
|
|
AUTHOR = "Wo2wz's forgejo";
|
|
DESCRIPTION = ''in the forged jo, straight up "committing" it, and by "it" lets just say... my git'';
|
|
};
|
|
|
|
server = {
|
|
HTTP_ADDR = "127.0.0.1";
|
|
HTTP_PORT = 8008;
|
|
|
|
DOMAIN = "git.wo2wz.fyi";
|
|
ROOT_URL = "https://git.wo2wz.fyi/";
|
|
};
|
|
|
|
database.SQLITE_JOURNAL_MODE = "WAL";
|
|
cache = {
|
|
ADAPTER = "twoqueue";
|
|
HOST = ''{"size":100, "recent_ratio":0.25, "ghost_ratio":0.5}'';
|
|
};
|
|
|
|
openid = {
|
|
ENABLE_OPENID_SIGNUP = true;
|
|
ENABLE_OPENID_SIGNIN = true;
|
|
};
|
|
service = {
|
|
ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
|
|
ENABLE_INTERNAL_SIGNIN = false;
|
|
};
|
|
|
|
session.COOKIE_SECURE = true;
|
|
|
|
actions.ENABLED = false;
|
|
};
|
|
};
|
|
} |