histausse/nixos-modules
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

add config for forgejo

Browse source
This commit is contained in:
Jean-Marie 'Histausse' Mineau 2024-02-10 18:31:53 +01:00
parent 7a2d7a0e75
commit 41ee11094f
Signed by: histausse
GPG key ID: B66AEEDA9B645AD2
1 changed files with 114 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

114
pp-forgejo.nix Normal file
View file

@ -0,0 +1,114 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfgBase = config.base;
cfg = config.services.ppForgejo;
in
{
options.services.ppForgejo = {
domain = mkOption {
type = types.str;
default = "git.${cfgBase.domainName}";
example = "git.example.com";
description = "The domain of the server";
};
openIdEnable = mkOption {
type = types.bool;
default = false;
description = "If OpenId provider is setup and should be used exclusively.";
};
openIdClientName = mkOption {
type = types.str;
default = "";
description = "The name (id) of the openId client to use exclusively.";
};
customPackage = mkOption {
type = types.package;
default = pkgs.fetchgit {
url = "https://git.mineau.eu/histausse/gitea_custom";
sha256 = "0r1kjkn0mkfyp2lb8j59frh1vnd1m54swpqwiasvg77r04ibfmn5";
};
description= "The package for custom configs like theme.";
};
dbPasswordFile = mkOption {
type = types.str;
default = "/etc/forgejo_db_pwd";
description = "The file containing the database password. Be sure to secure it.";
};
};
config = {
services.forgejo.appName = "git";
services.forgejo.stateDir = "/var/lib/forgejo"; # default value, /var/lib/gitea in gitea, move it before migration!
services.forgejo.enable = true;
services.forgejo.rootUrl = "https://${cfg.domain}/";
services.forgejo.settings.session.COOKIE_SECURE = lib.mkForce true; # Why do I need to override this???
# If true, openid users cannot create new account
#services.forgejo.settings.service.DISABLE_REGISTRATION = lib.mkForce (!cfg.openIdEnable);
services.forgejo.settings.service.DISABLE_REGISTRATION = lib.mkForce false;
services.forgejo.settings.service.ALLOW_ONLY_EXTERNAL_REGISTRATION = cfg.openIdEnable;
services.forgejo.lfs.enable = true;
services.forgejo.domain = cfg.domain;
# services.forgejo.database.type = "postgres"; # Default is sqlite3, probably better for a small instance
services.forgejo.database.passwordFile = cfg.dbPasswordFile;
# Set the permittions for the db file
system.activationScripts = {
forgejoDbFilePermission.text =
''
chmod 400 ${cfg.dbPasswordFile}
chown ${config.services.forgejo.user} ${cfg.dbPasswordFile}
'';
};
environment.systemPackages = with pkgs; [
forgejo
];
systemd.services.forgejo.environment.FORGEJO_CUSTOM = "${config.services.forgejo.stateDir}/custom";
systemd.services.forgejo.preStart = lib.mkAfter ''
find ${config.services.forgejo.stateDir}/ -type d -exec chmod u+w {} \;
cp -f -s -r ${cfg.customPackage}/* ${config.services.forgejo.stateDir}/custom/
'';
services.forgejo.settings = {
ui = {
THEMES = "forgejo-auto,forgejo-light,forgejo-dark,auto,gitea,arc-green,plex,aquamarine,dark,dracula,hotline,organizr,space-gray,hotpink,onedark,overseerr,nord";
DEFAULT_THEME = "forgejo-auto";
};
"ui.meta" = {
DESCRIPTION = "Code everywhere";
};
};
# NGINX
security.acme.acceptTerms = true;
security.acme.defaults.email = cfgBase.adminEmail;
services.nginx = {
enable = true;
virtualHosts = {
"${cfg.domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
extraConfig = ''
client_max_body_size 0;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass_request_headers on;
'';
};
locations."/user/login" = lib.mkIf (cfg.openIdEnable) {
return = "301 https://$host/user/oauth2/${cfg.openIdClientName}";
};
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
};
}