reciproka-ops/profiles/reciproka-forgejo.nix

119 lines
3.2 KiB
Nix
Raw Normal View History

# Nix configuration for the Reciproka Kolectivo Forgejo service
2021-10-07 02:13:48 +00:00
{
2022-08-15 07:32:25 +00:00
config,
pkgs,
lib,
...
}: let
flake = builtins.getFlake (toString ../.);
nixpkgsUnstable = flake.inputs.nixpkgsUnstable;
in {
services.forgejo = {
enable = true; # Enable Forgejo
appName = "Reciproka Kolektivo: Forgejo Service"; # Give the site a name
2021-10-07 02:13:48 +00:00
database = {
2022-08-15 07:32:25 +00:00
type = "postgres"; # Database type
passwordFile = config.age.secrets.forgejo.path;
2021-10-07 02:13:48 +00:00
};
domain = "reciproka.dev"; # Domain name
httpPort = 3002; # Provided unique port
rootUrl = "https://reciproka.dev/"; # Root web URL
2021-10-07 02:13:48 +00:00
settings = let
DEFAULT.APP_NAME = "Reciproka Kolektivo: Forgejo Service"; # Give the site a name
server = {
DOMAIN = "reciproka.dev"; # Domain name
HTTP_PORT = 3002; # Provided unique port
ROOT_URL = "https://reciproka.dev/"; # Root web URL
};
2021-10-07 02:13:48 +00:00
in {
mailer = {
ENABLED = true;
FROM = "fonto@reciproka.dev";
2021-10-07 02:13:48 +00:00
};
repository = {
DEFAULT_BRANCH = "consensus";
};
service = {
DISABLE_REGISTRATION = true;
2021-10-07 02:13:48 +00:00
REGISTER_EMAIL_CONFIRM = true;
};
"markup.restructuredtext" = {
ENABLED = true;
FILE_EXTENSIONS = ".rst";
RENDER_COMMAND = "timeout 30s ${pkgs.pandoc}/bin/pandoc +RTS -M512M -RTS -f rst";
2021-10-07 02:13:48 +00:00
IS_INPUT_FILE = false;
};
ui = {
DEFAULT_THEME = "forgejo-auto"; # Set the default theme
THEMES = "forgejo-auto,forgejo-light,forgejo-dark,auto,arc-green,forgejo";
2021-10-07 02:13:48 +00:00
};
};
};
systemd = {
services = {
forgejo = {
# Ensure forgejo starts after keys are loaded
after = ["forgejo-dbpass-key.service"];
wants = ["forgejo-dbpass-key.service"];
};
};
};
2021-10-07 02:13:48 +00:00
services.postgresql = {
2022-08-15 07:32:25 +00:00
enable = true; # Ensure postgresql is enabled
2021-10-07 02:13:48 +00:00
authentication = ''
local forgejo all ident map=forgejo-users
2021-10-07 02:13:48 +00:00
'';
2022-08-15 07:32:25 +00:00
identMap =
# Map the forgejo user to postgresql
2021-10-07 02:13:48 +00:00
''
forgejo-users forgejo forgejo
2021-10-07 02:13:48 +00:00
'';
ensureDatabases = ["forgejo"]; # Ensure the database persists
2021-10-07 02:13:48 +00:00
ensureUsers = [
{
name = "forgejo"; # Ensure the database user persists
ensureDBOwnership = true;
2021-10-07 02:13:48 +00:00
}
];
2023-12-19 12:39:11 +00:00
package = pkgs.postgresql_16;
};
services.postgresqlBackup = {
enable = true;
compression = "zstd";
databases = ["forgejo"];
2023-12-19 12:39:11 +00:00
startAt = "*-*-* 15:00:00";
2021-10-07 02:13:48 +00:00
};
services.nginx = {
2022-08-15 07:32:25 +00:00
enable = true; # Enable Nginx
2021-10-07 02:13:48 +00:00
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
2022-08-15 07:32:25 +00:00
virtualHosts."source.jfdic.org" = {
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
locations."/" = {
return = "301 https://reciproka.dev$request_uri";
};
};
virtualHosts."reciproka.dev" = {
# Forgejo hostname
2022-08-15 07:32:25 +00:00
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
locations."/".proxyPass = "http://localhost:3002/"; # Proxy Forgejo
2021-10-07 02:13:48 +00:00
};
};
security.acme = {
acceptTerms = true;
certs = {
"reciproka.dev".email = "admin@reciproka.co";
"source.jfdic.org".email = "admin@reciproka.co";
2021-10-07 02:13:48 +00:00
};
};
}