5ba78886d2
- Add automatic SD image builds for Raspberry Pi via Forgejo Actions - Enable binfmt emulation on cryodev-main for aarch64 cross-builds - Add sd-image.nix module to cryodev-pi configuration - Create comprehensive docs/ structure with installation guides - Split installation docs into: first-install (server), reinstall, new-client (Pi) - Add lib/utils.nix and apps/rebuild from synix - Fix headplane module for new upstream API (tale/headplane) - Fix various module issues (mailserver stateVersion, option conflicts) - Add placeholder secrets.yaml files for both hosts - Remove old INSTRUCTIONS.md (content moved to docs/)
53 lines
1.2 KiB
Nix
53 lines
1.2 KiB
Nix
{
|
|
config,
|
|
outputs,
|
|
constants,
|
|
...
|
|
}:
|
|
|
|
{
|
|
imports = [
|
|
outputs.nixosModules.forgejo
|
|
outputs.nixosModules.forgejo-runner
|
|
];
|
|
|
|
services.forgejo = {
|
|
enable = true;
|
|
settings = {
|
|
server = {
|
|
DOMAIN = constants.services.forgejo.fqdn;
|
|
ROOT_URL = "https://${constants.services.forgejo.fqdn}/";
|
|
HTTP_PORT = constants.services.forgejo.port;
|
|
};
|
|
service = {
|
|
DISABLE_REGISTRATION = true;
|
|
};
|
|
mailer = {
|
|
ENABLED = true;
|
|
FROM = "forgejo@${constants.domain}";
|
|
SMTP_ADDR = constants.services.mail.fqdn;
|
|
SMTP_PORT = constants.services.mail.port;
|
|
USER = "forgejo@${constants.domain}";
|
|
};
|
|
};
|
|
};
|
|
|
|
services.forgejo-runner = {
|
|
enable = true;
|
|
url = "https://${constants.services.forgejo.fqdn}";
|
|
tokenFile = config.sops.secrets."forgejo-runner/token".path;
|
|
};
|
|
|
|
sops.secrets."forgejo-runner/token" = {
|
|
# gitea-runner user is created by gitea-actions-runner service
|
|
mode = "0400";
|
|
};
|
|
|
|
services.nginx.virtualHosts."${constants.services.forgejo.fqdn}" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:${toString constants.services.forgejo.port}";
|
|
};
|
|
};
|
|
}
|