toufy/adonis
toufy/adonis
1
Fork 0
Code Activity Actions
adonis/config/devops/forgejo.nix
toufic ar 0fefd6137a
Some checks failed
/ deploy (push) Failing after 8s
Details
config changes 
- network: add tor relay + snowflake proxy
- email: regex alias for admin
- search: enable some additional engines
2026-01-29 21:45:04 +02:00

128 lines
4 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
config,
lib,
...
}: let
customDomain = config.customOps.domain.fqdn;
mail = "forgejo@${customDomain}";
cfg = config.services.forgejo;
srv = cfg.settings.server;
in {
sops.secrets = {
"forgejo/mail".owner = "forgejo";
"forgejo/admin".owner = "forgejo";
"mailserver/forgejo".owner = "dovecot2";
};
mailserver.loginAccounts.${mail} = lib.mkIf config.mailserver.enable {
hashedPasswordFile = config.sops.secrets."mailserver/forgejo".path;
sendOnly = true;
};
services.nginx.virtualHosts.${srv.DOMAIN} = {
forceSSL = true;
enableACME = true;
extraConfig = ''
client_max_body_size 512M;
'';
locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
};
services.forgejo = {
enable = true;
lfs.enable = true;
settings = {
DEFAULT = {
APP_NAME = "git.${customDomain}";
APP_SLOGAN = "the git repositories of ${config.customOps.owner}'s projects";
APP_DISPLAY_NAME_FORMAT = "${config.customOps.owner}'s forge | {APP_NAME}";
};
server = {
DOMAIN = "git.${customDomain}";
ROOT_URL = "https://${srv.DOMAIN}/";
HTTP_PORT = 3000;
SSH_PORT = lib.head config.services.openssh.ports;
LANDING_PAGE = "/${config.customOps.owner}";
};
actions = {
ENABLED = true;
DEFAULT_ACTIONS_URL = "https://${srv.DOMAIN}";
};
repository = {
DISABLE_STARS = true;
};
ui = {
DEFAULT_THEME = "forgejo-auto";
THEMES = "forgejo-auto,forgejo-light,forgejo-dark";
DEFAULT_SHOW_FULL_NAME = true;
PREFERRED_TIMESTAMP_TENSE = "absolute";
};
"ui.meta" = {
AUTHOR = cfg.settings.DEFAULT.APP_NAME;
DESCRIPTION = cfg.settings.DEFAULT.APP_SLOGAN;
};
admin = {
DISABLE_REGULAR_ORG_CREATION = true;
};
security = {
INSTALL_LOCK = true;
GLOBAL_TWO_FACTOR_REQUIREMENT = "all";
PASSWORD_COMPLEXITY = "lower,upper,digit,spec";
DISABLE_QUERY_AUTH_TOKEN = true;
};
service = {
DISABLE_REGISTRATION = true;
VALID_SITE_URL_SCHEMES = "https";
};
"service.explore" = {
DISABLE_USERS_PAGE = true;
};
picture = {
ENABLE_FEDERATED_AVATAR = true;
AVATAR_MAX_FILE_SIZE = 10485760;
REPOSITORY_AVATAR_FALLBACK = "random";
};
federation = {
ENABLED = true;
};
mailer = lib.mkIf config.mailserver.enable {
ENABLED = true;
SMTP_ADDR = config.mailserver.fqdn;
FROM = mail;
USER = mail;
};
i18n = {
LANGS =
"en-US,zh-CN,zh-HK,zh-TW,da,de-DE,nds,fr-FR"
+ ",nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR"
+ ",pt-PT,pl-PL,bg,it-IT,fi-FI,fil,eo,tr-TR"
+ ",cs-CZ,sl,sv-SE,ko-KR,el-GR,fa-IR,hu-HU,"
+ "id-ID,ar";
NAMES =
"English,,"
+ ",,Dansk,Deutsch,Plattdüütsch"
+ ",Français,Nederlands,Latviešu,Русский,Українська"
+ ",,Español,Português do Brasil"
+ ",Português de Portugal,Polski,Български,Italiano"
+ ",Suomi,Filipino,Esperanto,Türkçe,Čeština,Slovenščina"
+ ",Svenska,,Ελληνικά,فارسی,Magyar nyelv"
+ ",Bahasa Indonesia,العربية";
};
other = {
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
};
};
secrets = lib.mkIf config.mailserver.enable {
mailer.PASSWD = config.sops.secrets."forgejo/mail".path;
};
};
systemd.services.forgejo.preStart = let
adminCmd = "${lib.getExe cfg.package} admin user";
passwd = config.sops.secrets."forgejo/admin".path;
user = config.customOps.owner;
email = "root@${config.mailserver.fqdn}";
in ''
${adminCmd} create --admin --email "${email}" --username ${user} --password "$(tr -d '\n' < ${passwd})" || true
'';
}
View git blame Copy permalink