lyes/nixfiles
1
0
Fork 0
Code Issues Pull requests Activity Actions
nixfiles/modules/server/biggoron/default.nix
Lyes Saadi 7776dc1b92
Some minor tweaks
2025-12-24 16:56:38 +01:00

99 lines
2.9 KiB
Nix
Raw Blame History

{ lib, config, ... }:
let
cfg = config.services.forgejo;
srv = cfg.settings.server;
in
{
services.openssh.settings.AcceptEnv = [ "GIT_PROTOCOL" ];
# Fixing mailing issues
systemd.services.forgejo.serviceConfig = {
RestrictAddressFamilies = [
"AF_LOCAL"
"AF_NETLINK"
];
ReadWritePaths = [ "/var/spool/mail/" "/var/lib/postfix/queue/maildrop/" ];
NoNewPrivileges = lib.mkForce false;
PrivateUsers = lib.mkForce false;
SystemCallFilter = lib.mkForce [];
};
services.forgejo = {
enable = true;
# package = pkgs.forgejo;
# I don't understand why the fuck the user needs to be the same as the db's
# user = "biggoron";
# group = "biggoron";
database = {
type = "postgres";
user = "forgejo";
name = "forgejo";
passwordFile = config.age.secrets.biggoron-db-pass.path;
};
# Enable support for Git Large File Storage
lfs.enable = true;
settings = {
server = {
DOMAIN = "git.lyes.eu";
# You need to specify this to remove the port from URLs in the web UI.
ROOT_URL = "https://${srv.DOMAIN}/";
HTTP_PORT = 44303;
SSH_PORT = 22;
};
# You can temporarily allow registration to create an admin user.
service.DISABLE_REGISTRATION = false;
# Add support for actions, based on act: https://github.com/nektos/act
actions = {
ENABLED = true;
DEFAULT_ACTIONS_URL = "https://code.forgejo.org";
};
# Sending emails is completely optional
# You can send a test email from the web UI at:
# Profile Picture > Site Administration > Configuration > Mailer Configuration
mailer = {
ENABLED = true;
PROTOCOL = "sendmail";
FROM = "root-biggoron@lyes.eu";
SENDMAIL_PATH = "${config.security.wrapperDir}/sendmail";
};
oauth2_client = {
ENABLE_AUTO_REGISTRATION = true;
ACCOUNT_LINKING = "login";
};
};
# secrets = {
# # mailer.PASSWD = config.age.secrets.forgejo-mailer-password.path;
# };
};
systemd.services.forgejo.preStart = let
adminCmd = "${lib.getExe cfg.package} admin user";
pwd = config.age.secrets.biggoron-admin-pass;
user = "biggoron-admin";
in ''
${adminCmd} create --admin --email "root@localhost" --username ${user} --password "$(tr -d '\n' < ${pwd.path})" || true
## uncomment this line to change an admin user which was already created
# ${adminCmd} change-password --username ${user} --password "$(tr -d '\n' < ${pwd.path})" || true
'';
age.secrets.biggoron-db-pass = {
file = ../../../secrets/zora/services/biggoron-db-pass.age;
mode = "400";
owner = "forgejo";
group = "forgejo";
};
age.secrets.biggoron-admin-pass = {
file = ../../../secrets/zora/services/biggoron-admin-pass.age;
owner = "forgejo";
group = "forgejo";
};
}
Reference in a new issue View git blame Copy permalink