2023-03-28 01:00:56 +00:00
|
|
|
# NixOps configuration for the hosts running Forgejo
|
2019-09-06 01:05:32 +00:00
|
|
|
{
|
2022-05-05 04:48:46 +00:00
|
|
|
config,
|
|
|
|
|
pkgs,
|
|
|
|
|
lib,
|
2023-03-28 01:00:56 +00:00
|
|
|
sources,
|
2022-05-05 04:48:46 +00:00
|
|
|
...
|
2023-03-28 01:00:56 +00:00
|
|
|
}: let
|
|
|
|
|
sources = import ../nix/sources.nix;
|
|
|
|
|
unstable = import sources.nixpkgsUnstable {};
|
|
|
|
|
in {
|
2024-02-06 16:08:09 +00:00
|
|
|
services.forgejo = {
|
2023-03-28 01:00:56 +00:00
|
|
|
enable = true; # Enable Forgejo
|
2019-09-06 01:05:32 +00:00
|
|
|
database = {
|
2021-11-16 04:57:23 +00:00
|
|
|
type = "postgres"; # Database type
|
2024-02-06 16:08:09 +00:00
|
|
|
passwordFile = "/run/keys/forgejo-dbpass"; # Where to find the password
|
2019-09-06 01:05:32 +00:00
|
|
|
};
|
2021-01-21 01:35:44 +00:00
|
|
|
settings = let
|
2023-06-11 23:35:42 +00:00
|
|
|
docutils = pkgs.python39.withPackages (ps:
|
2021-11-16 04:57:23 +00:00
|
|
|
with ps; [
|
|
|
|
|
docutils # Provides rendering of ReStructured Text files
|
|
|
|
|
pygments # Provides syntax highlighting
|
|
|
|
|
]);
|
2021-01-21 01:35:44 +00:00
|
|
|
in {
|
2024-02-06 16:08:09 +00:00
|
|
|
DEFAULT.APP_NAME = "mcwhirter.io: Forgejo Service"; # Give the site a name
|
2021-01-21 01:35:44 +00:00
|
|
|
mailer = {
|
|
|
|
|
ENABLED = true;
|
2024-02-06 16:08:09 +00:00
|
|
|
FROM = "forgejo@mcwhirter.io";
|
2021-01-21 01:35:44 +00:00
|
|
|
};
|
2022-05-05 04:48:46 +00:00
|
|
|
repository = {DEFAULT_BRANCH = "consensus";};
|
|
|
|
|
service = {REGISTER_EMAIL_CONFIRM = true;};
|
2024-02-06 16:08:09 +00:00
|
|
|
server = {
|
|
|
|
|
DOMAIN = "source.mcwhirter.io"; # Domain name
|
|
|
|
|
HTTP_PORT = 3002; # Provided unique port
|
|
|
|
|
ROOT_URL = "https://source.mcwhirter.io/"; # Root web URL
|
|
|
|
|
};
|
|
|
|
|
service = {
|
|
|
|
|
DISABLE_REGISTRATION = true;
|
|
|
|
|
};
|
2021-01-21 01:35:44 +00:00
|
|
|
"markup.restructuredtext" = {
|
|
|
|
|
ENABLED = true;
|
|
|
|
|
FILE_EXTENSIONS = ".rst";
|
|
|
|
|
RENDER_COMMAND = "${docutils}/bin/rst2html.py";
|
|
|
|
|
IS_INPUT_FILE = false;
|
|
|
|
|
};
|
2021-04-26 23:14:02 +00:00
|
|
|
ui = {
|
2023-03-28 01:00:56 +00:00
|
|
|
DEFAULT_THEME = "forgejo-auto"; # Set the default theme
|
|
|
|
|
THEMES = "forgejo-auto,forgejo-light,forgejo-dark,auto,arc-green,gitea";
|
2021-04-26 23:14:02 +00:00
|
|
|
};
|
2021-01-21 01:35:44 +00:00
|
|
|
};
|
2019-09-06 01:05:32 +00:00
|
|
|
};
|
|
|
|
|
|
2022-08-16 03:48:33 +00:00
|
|
|
systemd = {
|
|
|
|
|
services = {
|
2024-02-06 16:08:09 +00:00
|
|
|
forgejo = {
|
|
|
|
|
# Ensure forgejo starts after nixops keys are loaded
|
|
|
|
|
after = ["forgejo-dbpass-key.service"];
|
|
|
|
|
wants = ["forgejo-dbpass-key.service"];
|
2022-08-16 03:48:33 +00:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2019-09-06 01:05:32 +00:00
|
|
|
services.postgresql = {
|
2021-11-16 04:57:23 +00:00
|
|
|
enable = true; # Ensure postgresql is enabled
|
2019-09-06 06:50:59 +00:00
|
|
|
authentication = ''
|
2024-02-06 16:08:09 +00:00
|
|
|
local forgejo all ident map=forgejo-users
|
2019-09-06 06:50:59 +00:00
|
|
|
'';
|
2022-05-05 04:48:46 +00:00
|
|
|
identMap =
|
2024-02-06 16:08:09 +00:00
|
|
|
# Map the forgejo user to postgresql
|
2019-09-06 01:05:32 +00:00
|
|
|
''
|
2024-02-06 16:08:09 +00:00
|
|
|
forgejo-users forgejo forgejo
|
2019-09-06 01:05:32 +00:00
|
|
|
'';
|
2024-02-06 16:08:09 +00:00
|
|
|
ensureDatabases = ["forgejo"]; # Ensure the database persists
|
2022-05-05 04:48:46 +00:00
|
|
|
ensureUsers = [
|
|
|
|
|
{
|
2024-02-06 16:08:09 +00:00
|
|
|
name = "forgejo"; # Ensure the database user persists
|
|
|
|
|
ensureDBOwnership = true;
|
2022-05-05 04:48:46 +00:00
|
|
|
}
|
|
|
|
|
];
|
2019-09-06 01:05:32 +00:00
|
|
|
};
|
|
|
|
|
|
2024-02-06 16:08:09 +00:00
|
|
|
services.postgresqlBackup.databases = ["forgejo"];
|
2022-06-22 22:50:22 +00:00
|
|
|
|
2019-09-06 01:05:32 +00:00
|
|
|
services.nginx = {
|
2021-11-16 04:57:23 +00:00
|
|
|
enable = true; # Enable Nginx
|
2019-09-06 01:05:32 +00:00
|
|
|
recommendedGzipSettings = true;
|
|
|
|
|
recommendedOptimisation = true;
|
|
|
|
|
recommendedProxySettings = true;
|
|
|
|
|
recommendedTlsSettings = true;
|
2022-05-05 04:48:46 +00:00
|
|
|
virtualHosts."source.mcwhirter.io" = {
|
2023-03-28 01:00:56 +00:00
|
|
|
# Forgejo hostname
|
2021-11-16 04:57:23 +00:00
|
|
|
enableACME = true; # Use ACME certs
|
|
|
|
|
forceSSL = true; # Force SSL
|
2023-03-28 01:00:56 +00:00
|
|
|
locations."/".proxyPass = "http://localhost:3002/"; # Proxy Forgejo
|
2019-09-06 01:05:32 +00:00
|
|
|
};
|
2022-05-05 04:48:46 +00:00
|
|
|
virtualHosts."git.mcwhirter.io" = {
|
|
|
|
|
# Hostname to be redirected
|
2021-11-16 04:57:23 +00:00
|
|
|
enableACME = true; # Use ACME certs
|
|
|
|
|
forceSSL = true; # Force SSL
|
|
|
|
|
globalRedirect = "source.mcwhirter.io"; # Redirect permanently to the host
|
2019-12-09 05:06:08 +00:00
|
|
|
};
|
2022-05-05 04:48:46 +00:00
|
|
|
virtualHosts."code.mcwhirter.io" = {
|
|
|
|
|
# Hostname to be redirected
|
2021-11-16 04:57:23 +00:00
|
|
|
enableACME = true; # Use ACME certs
|
|
|
|
|
forceSSL = true; # Force SSL
|
|
|
|
|
globalRedirect = "source.mcwhirter.io"; # Redirect permanently to the host
|
2019-12-09 05:06:08 +00:00
|
|
|
};
|
2019-09-06 01:05:32 +00:00
|
|
|
};
|
|
|
|
|
|
2020-09-02 03:50:42 +00:00
|
|
|
security.acme = {
|
|
|
|
|
acceptTerms = true;
|
|
|
|
|
certs = {
|
2021-11-16 04:57:23 +00:00
|
|
|
"code.mcwhirter.io".email = "craige@mcwhirter.io";
|
|
|
|
|
"git.mcwhirter.io".email = "craige@mcwhirter.io";
|
2019-09-06 01:05:32 +00:00
|
|
|
"source.mcwhirter.io".email = "craige@mcwhirter.io";
|
2020-09-02 03:50:42 +00:00
|
|
|
};
|
2019-09-06 01:05:32 +00:00
|
|
|
};
|
|
|
|
|
|
2024-02-06 16:08:09 +00:00
|
|
|
users.groups.keys.members = ["forgejo"]; # Required due to NixOps issue #1204
|
2019-09-06 01:05:32 +00:00
|
|
|
}
|
