mauville: enable forgejo instance

2024-11-22 07:13:55 -05:00 · 2024-07-04 21:03:49 -04:00 · 2024-07-04 21:03:49 -04:00 · fdf1172468
parent 66cd452e23
commit fdf1172468
1 changed files with 61 additions and 11 deletions
--- a/hosts/mauville/default.nix
+++ b/hosts/mauville/default.nix
@ -83,6 +83,56 @@ in {

    fail2ban.enable = true;

+    forgejo = {
+      enable = true;
+      lfs.enable = true;
+
+      settings = {
+        actions = {
+          ENABLED = true;
+          DEFAULT_ACTIONS_URL = "https://github.com";
+        };
+
+        cron = {
+          ENABLED = true;
+          RUN_AT_START = false;
+        };
+
+        DEFAULT.APP_NAME = "Git @ RaffaufLabs.com";
+
+        repository = {
+          DEFAULT_BRANCH = "master";
+          ENABLE_PUSH_CREATE_ORG = true;
+          ENABLE_PUSH_CREATE_USER = true;
+          PREFERRED_LICENSES = "GPL-3.0";
+        };
+
+        federation.ENABLED = true;
+        picture.ENABLE_FEDERATED_AVATAR = true;
+        security.PASSWORD_CHECK_PWN = true;
+
+        server = {
+          LANDING_PAGE = "explore";
+          ROOT_URL = "https://git.${domain}/";
+        };
+
+        service = {
+          ALLOW_ONLY_INTERNAL_REGISTRATION = true;
+          DISABLE_REGISTRATION = false;
+          ENABLE_NOTIFY_MAIL = true;
+        };
+
+        session.COOKIE_SECURE = true;
+
+        ui.DEFAULT_THEME = "forgejo-auto";
+        "ui.meta" = {
+          AUTHOR = "Git @ RaffaufLabs.com";
+          DESCRIPTION = "Self-hosted git projects + toys.";
+          KEYWORDS = "git,forge,forgejo,aly raffauf";
+        };
+      };
+    };
+
    nginx = {
      enable = true;
      recommendedGzipSettings = true;
@ -90,19 +140,19 @@ in {
      recommendedTlsSettings = true;

      virtualHosts = {
-        # "git.${domain}" = {
-        #   enableACME = true;
-        #   forceSSL = true;
+        "git.${domain}" = {
+          enableACME = true;
+          forceSSL = true;

-        #   locations."/" = {
-        #     proxyPass = "http://127.0.0.1:4533";
-        #     proxyWebsockets = true;
+          locations."/" = {
+            proxyPass = "http://${config.services.forgejo.settings.server.HTTP_ADDR}:${toString config.services.forgejo.settings.server.HTTP_PORT}";
+
+            extraConfig = ''
+              client_max_body_size 512M;
+            '';
+          };
+        };

-        #     extraConfig = ''
-        #       proxy_buffering off;
-        #     '';
-        #   };
-        # };
        "music.${domain}" = {
          enableACME = true;
          forceSSL = true;