118 lines
3.2 KiB
Nix
118 lines
3.2 KiB
Nix
# Nix configuration for the Reciproka Forgejo service
|
|
{
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
...
|
|
}: let
|
|
flake = builtins.getFlake (toString ../.);
|
|
nixpkgsUnstable = flake.inputs.nixpkgsUnstable;
|
|
forgejo = nixpkgsUnstable.legacyPackages."${pkgs.system}".forgejo;
|
|
in {
|
|
services.gitea = {
|
|
enable = true; # Enable Forgejo
|
|
appName = "Reciproka Kolectiva: Forgejo Service"; # Give the site a name
|
|
database = {
|
|
type = "postgres"; # Database type
|
|
passwordFile = config.age.secrets.forgejo.path;
|
|
};
|
|
domain = "reciproka.dev"; # Domain name
|
|
rootUrl = "https://reciproka.dev/"; # Root web URL
|
|
httpPort = 3002; # Provided unique port
|
|
package = forgejo; # a soft fork of gitea
|
|
settings = let
|
|
docutils = pkgs.python37.withPackages (ps:
|
|
with ps; [
|
|
docutils # Provides rendering of ReStructured Text files
|
|
pygments # Provides syntax highlighting
|
|
]);
|
|
service.DISABLE_REGISTRATION = true;
|
|
in {
|
|
mailer = {
|
|
ENABLED = true;
|
|
FROM = "fonto@reciproka.dev";
|
|
};
|
|
repository = {
|
|
DEFAULT_BRANCH = "consensus";
|
|
};
|
|
service = {
|
|
REGISTER_EMAIL_CONFIRM = true;
|
|
};
|
|
"markup.restructuredtext" = {
|
|
ENABLED = true;
|
|
FILE_EXTENSIONS = ".rst";
|
|
RENDER_COMMAND = "${docutils}/bin/rst2html.py";
|
|
IS_INPUT_FILE = false;
|
|
};
|
|
ui = {
|
|
DEFAULT_THEME = "forgejo-auto"; # Set the default theme
|
|
THEMES = "forgejo-auto,forgejo-light,forgejo-dark,auto,arc-green,gitea";
|
|
};
|
|
};
|
|
};
|
|
|
|
systemd = {
|
|
services = {
|
|
gitea = {
|
|
# Ensure gitea starts after nixops keys are loaded
|
|
after = ["gitea-dbpass-key.service"];
|
|
wants = ["gitea-dbpass-key.service"];
|
|
};
|
|
};
|
|
};
|
|
|
|
services.postgresql = {
|
|
enable = true; # Ensure postgresql is enabled
|
|
authentication = ''
|
|
local gitea all ident map=gitea-users
|
|
'';
|
|
identMap =
|
|
# Map the gitea user to postgresql
|
|
''
|
|
gitea-users gitea gitea
|
|
'';
|
|
ensureDatabases = ["gitea"]; # Ensure the database persists
|
|
ensureUsers = [
|
|
{
|
|
name = "gitea"; # Ensure the database user persists
|
|
ensurePermissions = {
|
|
# Ensure the database permissions persist
|
|
"DATABASE gitea" = "ALL PRIVILEGES";
|
|
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
|
|
};
|
|
}
|
|
];
|
|
};
|
|
|
|
services.nginx = {
|
|
enable = true; # Enable Nginx
|
|
recommendedGzipSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedProxySettings = true;
|
|
recommendedTlsSettings = true;
|
|
virtualHosts."source.jfdic.org" = {
|
|
enableACME = true; # Use ACME certs
|
|
forceSSL = true; # Force SSL
|
|
locations."/" = {
|
|
return = "301 https://reciproka.dev$request_uri";
|
|
};
|
|
};
|
|
virtualHosts."reciproka.dev" = {
|
|
# Forgejo hostname
|
|
enableACME = true; # Use ACME certs
|
|
forceSSL = true; # Force SSL
|
|
locations."/".proxyPass = "http://localhost:3002/"; # Proxy Forgejo
|
|
};
|
|
};
|
|
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
certs = {
|
|
"reciproka.dev".email = "admin@reciproka.co";
|
|
"source.jfdic.org".email = "admin@reciproka.co";
|
|
};
|
|
};
|
|
|
|
users.groups.keys.members = ["gitea"]; # Required due to NixOps issue #1204
|
|
}
|