current
1{
2 den.aspects.services.provides.forgejo.nixos = {
3 config,
4 pkgs,
5 ...
6 }: {
7 services.forgejo = {
8 enable = true;
9 package = pkgs.forgejo;
10 user = "git";
11 group = "forgejo";
12 database = {
13 type = "sqlite3";
14 };
15 settings = {
16 default = {
17 APP_NAME = "Forgejo"; # TODO: A new name for my forgejo instance.
18 APP_SLOGAN = "Beyond coding. We Forge."; # TODO: A new slogan.
19 };
20 server = {
21 DOMAIN = "repo.hpcesia.com";
22 HTTP_ADDR = "127.0.0.1";
23 HTTP_PORT = 3125;
24 PROTOCOL = "http";
25 START_SSH_SERVER = true;
26 SSH_PORT = 2233;
27 ROOT_URL = "https://${config.services.forgejo.settings.server.DOMAIN}/";
28 };
29 service = {
30 DISABLE_REGISTRATION = true;
31 ENABLE_NOTIFY_MAIL = true;
32 ENABLE_BASIC_AUTHENTICATION = false;
33 };
34 repository = {
35 DEFAULT_REPO_UNITS = "repo.code,repo.releases";
36 };
37 mailer = {
38 ENABLED = true;
39 PROTOCOL = "smtps";
40 SMTP_ADDR = "glacier.mxrouting.net";
41 SMTP_PORT = 465;
42 USER = "info@hpcesia.com";
43 FROM = "Forgejo Infomation <info@hpcesia.com>";
44 SUBJECT_PREFIX = "[repo.hpcesia.com] ";
45 };
46 # TODO: Enable federation after I finalize a suitable instance name and switch to an independent domain.
47 federation.ENABLED = false;
48 session.COOKIE_SECURE = true;
49 log = {
50 LEVEL = "Info";
51 ENABLE_SSH_LOG = true; # Enable ssh log for fail2ban.
52 "logger.router.MODE" = "Error";
53 };
54 actions = {
55 ENABLED = true;
56 };
57 };
58 secrets = {
59 mailer.PASSWD = config.vaultix.secrets.forgejo-mailer-password.path;
60 };
61 };
62
63 users.users."git" = {
64 isSystemUser = true;
65 useDefaultShell = true;
66 group = config.services.forgejo.group;
67 home = config.services.forgejo.stateDir;
68 };
69
70 networking.firewall.allowedTCPPorts = [
71 config.services.forgejo.settings.server.SSH_PORT
72 ];
73
74 vaultix.secrets.forgejo-mailer-password = {
75 file = ./mailer-password.age;
76 owner = "root";
77 group = "forgejo";
78 mode = "0440";
79 };
80 };
81}