Commit 9d90cfb
Changed files (2)
hosts
chaser-pardofelis
hosts/chaser-pardofelis/caddy.nix
@@ -21,11 +21,12 @@
# Assuming address start with `tcp://`.
builtins.substring 6 (-1) config.services.authelia.instances.main.settings.server.address
}";
- vaultwarden = "http://localhost:${builtins.toString config.services.vaultwarden.config.rocketPort}";
+ forgejo = "http://localhost:${builtins.toString config.services.forgejo.settings.server.HTTP_PORT}";
gotosocial = "http://localhost:${builtins.toString config.services.gotosocial.settings.port}";
grafana = "http://localhost:${builtins.toString config.services.grafana.settings.server.http_port}";
homepage = "http://localhost:${builtins.toString config.services.homepage-dashboard.listenPort}";
prometheus = "http://${config.services.victoriametrics.listenAddress}";
+ vaultwarden = "http://localhost:${builtins.toString config.services.vaultwarden.config.rocketPort}";
};
in {
"artalk.hpcesia.com".extraConfig = ''
@@ -56,6 +57,10 @@
encode zstd gzip
reverse_proxy ${localAddress.prometheus}
'';
+ "repo.hpcesia.com".extraConfig = ''
+ encode zstd gzip
+ reverse_proxy ${localAddress.forgejo}
+ '';
"trin.one".extraConfig = ''
encode zstd gzip
reverse_proxy ${localAddress.gotosocial}
hosts/chaser-pardofelis/forgejo.nix
@@ -0,0 +1,49 @@
+{
+ pkgs-unstable,
+ config,
+ ...
+}: {
+ services.forgejo = {
+ enable = true;
+ package = pkgs-unstable.forgejo;
+ user = "git";
+ group = "forgejo";
+ database = {
+ type = "sqlite3";
+ };
+ settings = {
+ default = {
+ APP_NAME = "Forgejo"; # TODO: A new name for my forgejo instance.
+ APP_SLOGAN = "Beyond coding. We Forge."; # TODO: A new slogan.
+ };
+ server = {
+ DOMAIN = "repo.hpcesia.com";
+ HTTP_ADDR = "127.0.0.1";
+ HTTP_PORT = 3125;
+ PROTOCOL = "http";
+ START_SSH_SERVER = true;
+ SSH_PORT = 2222;
+ ROOT_URL = "https://${config.services.forgejo.settings.server.DOMAIN}/";
+ };
+ # TODO: Enable federation after I finalize a suitable instance name and switch to an independent domain.
+ federation.ENABLED = false;
+ session.COOKIE_SECURE = true;
+ log = {
+ LEVEL = "Info";
+ ENABLE_SSH_LOG = true; # Enable ssh log for fail2ban.
+ "logger.router.MODE" = "Error";
+ };
+ };
+ };
+
+ users.users."git" = {
+ isSystemUser = true;
+ useDefaultShell = true;
+ group = config.services.forgejo.group;
+ home = config.services.forgejo.stateDir;
+ };
+
+ networking.firewall.allowedTCPPorts = [
+ config.services.forgejo.settings.server.SSH_PORT
+ ];
+}