forked from jan-leila/nix-config
53 lines
1.2 KiB
Nix
53 lines
1.2 KiB
Nix
{
|
|
lib,
|
|
config,
|
|
...
|
|
}: let
|
|
const = import ./const.nix;
|
|
httpPort = const.httpPort;
|
|
sshPort = const.sshPort;
|
|
db_user = "forgejo";
|
|
in {
|
|
imports = [
|
|
./proxy.nix
|
|
./database.nix
|
|
./fail2ban.nix
|
|
./impermanence.nix
|
|
];
|
|
|
|
config = lib.mkIf config.services.forgejo.enable {
|
|
assertions = [
|
|
{
|
|
assertion = config.services.forgejo.settings.server.BUILTIN_SSH_SERVER_USER == config.users.users.git.name;
|
|
message = "Forgejo BUILTIN_SSH_SERVER_USER hardcoded value does not match expected git user name";
|
|
}
|
|
];
|
|
|
|
services.forgejo = {
|
|
database = {
|
|
type = "postgres";
|
|
socket = "/run/postgresql";
|
|
};
|
|
lfs.enable = true;
|
|
settings = {
|
|
server = {
|
|
DOMAIN = config.services.forgejo.reverseProxy.domain;
|
|
HTTP_PORT = httpPort;
|
|
START_SSH_SERVER = true;
|
|
SSH_LISTEN_PORT = sshPort;
|
|
SSH_PORT = 22;
|
|
BUILTIN_SSH_SERVER_USER = "git";
|
|
ROOT_URL = "https://git.jan-leila.com";
|
|
};
|
|
service = {
|
|
DISABLE_REGISTRATION = true;
|
|
};
|
|
database = {
|
|
DB_TYPE = "postgres";
|
|
NAME = db_user;
|
|
USER = db_user;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|