4c560abffd
- Extract forgejo-runner config from forgejo.nix into forgejo-runner.nix - Move forgejo-runner to stage 2 (requires running Forgejo for token) - Remove all stage-2 secrets from sops.nix (each service file owns its secrets) - Update first-install docs with corrected staged deployment flow - Fixes deployment failure caused by runner crashing with placeholder token
41 lines
907 B
Nix
41 lines
907 B
Nix
{
|
|
config,
|
|
outputs,
|
|
constants,
|
|
...
|
|
}:
|
|
|
|
{
|
|
imports = [
|
|
outputs.nixosModules.forgejo
|
|
];
|
|
|
|
services.forgejo = {
|
|
enable = true;
|
|
settings = {
|
|
server = {
|
|
DOMAIN = constants.services.forgejo.fqdn;
|
|
ROOT_URL = "https://${constants.services.forgejo.fqdn}/";
|
|
HTTP_PORT = constants.services.forgejo.port;
|
|
};
|
|
service = {
|
|
DISABLE_REGISTRATION = true;
|
|
};
|
|
mailer = {
|
|
ENABLED = true;
|
|
FROM = "forgejo@${constants.domain}";
|
|
SMTP_ADDR = constants.services.mail.fqdn;
|
|
SMTP_PORT = constants.services.mail.port;
|
|
USER = "forgejo@${constants.domain}";
|
|
};
|
|
};
|
|
};
|
|
|
|
services.nginx.virtualHosts."${constants.services.forgejo.fqdn}" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:${toString constants.services.forgejo.port}";
|
|
};
|
|
};
|
|
}
|