pvsr.dev / nixfiles
NixOS system configurations + dotfiles via home-manager
fork atom
nixfiles / modules / services / forgejo.nix
at main 85 lines 2.8 kB view raw
pvsr.dev nixos tests for containers
70bda7cc
1{ self, ... }: 2let 3 hosts = self.nixosConfigurations; 4 domains.internal = "code.${hosts.ruan.config.networking.fqdn}"; 5 domains.external = "code.pvsr.dev"; 6in 7{ 8 flake.modules.nixos.core.networking.hosts.${hosts.ruan.config.local.ip} = [ domains.external ]; 9 local.desktops.ruan.local.caddy.internalProxies.${domains.external} = "${domains.internal}"; 10 11 local.containers."code.ruan" = 12 { config, pkgs, ... }: 13 { 14 environment.systemPackages = [ pkgs.forgejo ]; 15 environment.sessionVariables.FORGEJO_WORK_DIR = "/var/lib/forgejo"; 16 17 networking.firewall.allowedTCPPorts = [ 18 80 19 2222 20 ]; 21 22 local.testScript = '' 23 machine.wait_for_unit("forgejo.service") 24 machine.wait_for_open_port(80) 25 machine.wait_for_open_port(2222) 26 ''; 27 28 services.forgejo = { 29 enable = true; 30 package = pkgs.forgejo; 31 settings = { 32 server = { 33 PROTOCOL = "http"; 34 HTTP_ADDR = "::"; 35 HTTP_PORT = 80; 36 DOMAIN = "${domains.external}"; 37 ROOT_URL = "https://${domains.external}"; 38 START_SSH_SERVER = true; 39 SSH_DOMAIN = "${domains.internal}"; 40 SSH_PORT = 2222; 41 SSH_LISTEN_HOST = "::"; 42 SSH_LISTEN_PORT = 2222; 43 BUILTIN_SSH_SERVER_USER = "git"; 44 }; 45 DEFAULT.APP_NAME = "${domains.external}"; 46 "ui.meta" = { 47 AUTHOR = "${domains.external}"; 48 DESCRIPTION = "${domains.external}"; 49 }; 50 i18n = { 51 LANGS = "en-US"; 52 NAMES = "English"; 53 }; 54 other = { 55 SHOW_FOOTER_VERSION = false; 56 SHOW_FOOTER_TEMPLATE_LOAD_TIME = false; 57 SHOW_FOOTER_POWERED_BY = false; 58 }; 59 repository = { 60 PREFERRED_LICENSES = "MIT,GPL-3.0-or-later,AGPL-3.0-or-later"; 61 ENABLE_PUSH_CREATE_USER = true; 62 DEFAULT_PUSH_CREATE_PRIVATE = false; 63 DISABLED_REPO_UNITS = "repo.issues,repo.ext_issues,repo.pulls,repo.wiki,repo.ext_wiki,repo.projects,repo.packages,repo.actions"; 64 DISABLE_STARS = true; 65 DISABLE_DOWNLOAD_SOURCE_ARCHIVES = true; 66 }; 67 "repository.upload".ENABLED = false; 68 service = { 69 DISABLE_REGISTRATION = true; 70 }; 71 openid.ENABLE_OPENID_SIGNIN = false; 72 oauth2.ENABLED = false; 73 security = { 74 INSTALL_LOCK = true; 75 LOGIN_REMEMBER_DAYS = 365; 76 }; 77 api.ENABLE_SWAGGER = false; 78 cache = { 79 ADAPTER = "twoqueue"; 80 HOST = ''{"size":100, "recent_ratio":0.25, "ghost_ratio":0.5}''; 81 }; 82 }; 83 }; 84 }; 85}