51 lines
1.2 KiB
Nix
51 lines
1.2 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
outputs,
|
|
constants,
|
|
...
|
|
}:
|
|
|
|
{
|
|
imports = [
|
|
outputs.nixosModules.forgejo
|
|
outputs.nixosModules.forgejo-runner
|
|
];
|
|
|
|
services.forgejo = {
|
|
enable = true;
|
|
settings = {
|
|
server = {
|
|
DOMAIN = constants.services.forgejo.fqdn;
|
|
ROOT_URL = "https://${constants.services.forgejo.fqdn}/";
|
|
HTTP_PORT = constants.services.forgejo.port;
|
|
};
|
|
service = {
|
|
DISABLE_REGISTRATION = true;
|
|
};
|
|
mailer = {
|
|
ENABLED = true;
|
|
FROM = "forgejo@${constants.domain}";
|
|
SMTP_ADDR = constants.services.mail.fqdn;
|
|
SMTP_PORT = constants.services.mail.port;
|
|
USER = "forgejo@${constants.domain}";
|
|
};
|
|
};
|
|
sops = true; # Enable sops integration for secrets
|
|
};
|
|
|
|
services.forgejo-runner = {
|
|
enable = true;
|
|
url = "https://${constants.services.forgejo.fqdn}";
|
|
# Token needs to be set up via sops/secrets
|
|
sops = true;
|
|
};
|
|
|
|
services.nginx.virtualHosts."${constants.services.forgejo.fqdn}" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:${toString constants.services.forgejo.port}";
|
|
};
|
|
};
|
|
}
|