nixfiles-emily/config/services/forgejo.nix

{ config, inputs, pkgs, ... }: {
  imports = [
    inputs.sops-nix.nixosModules.sops
  ];
  sops.secrets."services/forgejo/mailerPassword" = {
    sopsFile = ../../secrets/services/forgejo.yaml;
    owner = "forgejo";
  };
  services.forgejo = {
    enable = true;
    mailerPasswordFile = config.sops.secrets."services/forgejo/mailerPassword".path;
    database = {
      createDatabase = true;
      type = "postgres";
      socket = "/run/postgresql";
    };
    dump = {
      enable = true;
      type = "tar.xz";
    };
    settings = {
      "cron.sync_external_users" = {
        RUN_AT_START = true;
        SCHEDULE = "@every 24h";
        UPDATE_EXISTING = true;
      };
      federation.ENABLED = true;
      log.LEVEL = "Info";
      mailer = {
        ENABLED = true;
        PROTOCOL = "smtp+starttls";
        FROM = "git@kyouma.net";
        SMTP_ADDR = "mail.kyouma.net";
        USER = "git@kyouma.net";
      };
      mirror.DEFAULT_INTERVAL = "1h";
      session = {
        COOKIE_SECURE = true;
        PROVIDER = "db";
        SESSION_LIFE_TIME = 2592000;
      };
      server = {
        STATIC_URL_PREFIX = "/static";
        PROTOCOL = "http+unix";
        DOMAIN = "git.kyouma.net";
      };
      security = {
        LOGIN_REMEMBER_DAYS = 90;
        PASSWORD_HASH_ALGO = "argon2";
        MIN_PASSWORD_LENGTH = 16;
        PASSWORD_COMPLEXITY = "spec";
      };
      service = {
        REGISTER_EMAIL_CONFIRM = true;
        ENABLE_NOTIFY_MAIL = true;
        ENABLE_CAPTCHA = true;
        DEFAULT_KEEP_EMAIL_PRIVATE = true;
      };
      repository.ENABLE_PUSH_CREATE_USER = true;
      ui = {
        EXPLORE_PAGING_NUM = 50;
        ISSUE_PAGING_NUM = 50;
        MEMBERS_PAGING_NUM = 50;
        DEFAULT_THEME = "forgejo-dark";
        SHOW_USER_EMAIL = false;
      };
    };
  };
  kyouma.nginx.virtualHosts."git.kyouma.net" = {
    locations."/static/".alias = "${pkgs.forgejo.data}/public/";
    locations."/" = {
      proxyPass = "http://unix:/run/forgejo/forgejo.socket";
    };
  };
  security.acme.certs."git.kyouma.net" = {};
}
added forgejo 2024-04-30 21:55:41 +02:00			`{ config, inputs, pkgs, ... }: {`
			`imports = [`
			`inputs.sops-nix.nixosModules.sops`
			`];`
			`sops.secrets."services/forgejo/mailerPassword" = {`
			`sopsFile = ../../secrets/services/forgejo.yaml;`
			`owner = "forgejo";`
			`};`
			`services.forgejo = {`
			`enable = true;`
			`mailerPasswordFile = config.sops.secrets."services/forgejo/mailerPassword".path;`
			`database = {`
			`createDatabase = true;`
			`type = "postgres";`
			`socket = "/run/postgresql";`
			`};`
			`dump = {`
			`enable = true;`
			`type = "tar.xz";`
			`};`
			`settings = {`
			`"cron.sync_external_users" = {`
			`RUN_AT_START = true;`
			`SCHEDULE = "@every 24h";`
			`UPDATE_EXISTING = true;`
			`};`
			`federation.ENABLED = true;`
			`log.LEVEL = "Info";`
			`mailer = {`
			`ENABLED = true;`
			`PROTOCOL = "smtp+starttls";`
			`FROM = "git@kyouma.net";`
			`SMTP_ADDR = "mail.kyouma.net";`
			`USER = "git@kyouma.net";`
			`};`
			`mirror.DEFAULT_INTERVAL = "1h";`
			`session = {`
			`COOKIE_SECURE = true;`
			`PROVIDER = "db";`
			`SESSION_LIFE_TIME = 2592000;`
			`};`
			`server = {`
			`STATIC_URL_PREFIX = "/static";`
			`PROTOCOL = "http+unix";`
			`DOMAIN = "git.kyouma.net";`
			`};`
			`security = {`
			`LOGIN_REMEMBER_DAYS = 90;`
			`PASSWORD_HASH_ALGO = "argon2";`
			`MIN_PASSWORD_LENGTH = 16;`
			`PASSWORD_COMPLEXITY = "spec";`
			`};`
			`service = {`
			`REGISTER_EMAIL_CONFIRM = true;`
			`ENABLE_NOTIFY_MAIL = true;`
			`ENABLE_CAPTCHA = true;`
			`DEFAULT_KEEP_EMAIL_PRIVATE = true;`
			`};`
			`repository.ENABLE_PUSH_CREATE_USER = true;`
			`ui = {`
			`EXPLORE_PAGING_NUM = 50;`
			`ISSUE_PAGING_NUM = 50;`
			`MEMBERS_PAGING_NUM = 50;`
			`DEFAULT_THEME = "forgejo-dark";`
			`SHOW_USER_EMAIL = false;`
			`};`
			`};`
			`};`
			`kyouma.nginx.virtualHosts."git.kyouma.net" = {`
			`locations."/static/".alias = "${pkgs.forgejo.data}/public/";`
			`locations."/" = {`
			`proxyPass = "http://unix:/run/forgejo/forgejo.socket";`
			`};`
			`};`
			`security.acme.certs."git.kyouma.net" = {};`
			`}`