lyes/nixfiles
1
0
Fork 0
Code Issues Pull requests Activity Actions
nixfiles/modules/server/biggoron/default.nix
Lyes Saadi c594f5fb51
Welp, switch users
2025-12-13 14:40:35 +01:00

93 lines
2.5 KiB
Nix
Raw Blame History

{ lib, config, ... }:
let
cfg = config.services.forgejo;
srv = cfg.settings.server;
in
{
services.openssh = {
ports = [
22
2222
];
settings.AcceptEnv = "GIT_PROTOCOL";
};
services.forgejo = {
enable = true;
# I don't understand why the fuck the user needs to be the same as the db's
# user = "biggoron";
# group = "biggoron";
database = {
type = "postgres";
user = "forgejo";
name = "forgejo";
passwordFile = config.age.secrets.biggoron-db-pass.path;
};
# Enable support for Git Large File Storage
lfs.enable = true;
settings = {
server = {
DOMAIN = "git.lyes.eu";
# You need to specify this to remove the port from URLs in the web UI.
ROOT_URL = "https://${srv.DOMAIN}/";
HTTP_PORT = 44303;
SSH_PORT = 2222;
};
# You can temporarily allow registration to create an admin user.
service.DISABLE_REGISTRATION = true;
# Add support for actions, based on act: https://github.com/nektos/act
actions = {
ENABLED = true;
DEFAULT_ACTIONS_URL = "github";
};
# Sending emails is completely optional
# You can send a test email from the web UI at:
# Profile Picture > Site Administration > Configuration > Mailer Configuration
mailer = {
ENABLED = true;
PROTOCOL = "sendmail";
# SMTP_ADDR = "taf.lyes.eu";
# FROM = "noreply@${srv.DOMAIN}";
# USER = "noreply@${srv.DOMAIN}";
};
# oauth2_client = {
# REGISTER_EMAIL_CONFIRM = true;
# USERNAME = ;
# };
};
# secrets = {
# # mailer.PASSWD = config.age.secrets.forgejo-mailer-password.path;
# };
};
systemd.services.forgejo.preStart = let
adminCmd = "${lib.getExe cfg.package} admin user";
pwd = config.age.secrets.biggoron-admin-pass;
user = "biggoron-admin";
in ''
${adminCmd} create --admin --email "root@localhost" --username ${user} --password "$(tr -d '\n' < ${pwd.path})" || true
## uncomment this line to change an admin user which was already created
# ${adminCmd} change-password --username ${user} --password "$(tr -d '\n' < ${pwd.path})" || true
'';
age.secrets.biggoron-db-pass = {
file = ../../../secrets/zora/services/biggoron-db-pass.age;
mode = "400";
owner = "forgejo";
group = "forgejo";
};
age.secrets.biggoron-admin-pass = {
file = ../../../secrets/zora/services/biggoron-admin-pass.age;
owner = "forgejo";
group = "forgejo";
};
}
Reference in a new issue View git blame Copy permalink