blob: 70af185e289dbc2d403c70f26dca8d08354970a3 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
{ config, pkgs, ... }:
let
# convenience wrapper for admin commands
forgejo-admin = pkgs.writeShellScriptBin "forgejo-admin" ''
sudo -u forgejo ${pkgs.forgejo}/bin/gitea -c ${config.services.forgejo.customDir}/conf/app.ini admin "$@"
'';
in
{
networking.firewall.allowedTCPPorts = [ 3000 ];
age.secrets.forgejo-fastmail = {
file = ../secrets/forgejo-fastmail.age;
};
environment.systemPackages = [ forgejo-admin ];
services.forgejo = {
enable = true;
dump = {
enable = true;
};
database.type = "postgres";
lfs.enable = false;
secrets = {
mailer.PASSWD = config.age.secrets.forgejo-fastmail.path;
};
settings = {
DEFAULT.APP_NAME = "¯\\_(ツ)_/¯";
session = {
COOKIE_SECURE = true;
PROVIDER = "db";
PROVIDER_CONFIG = "";
SESSION_LIFE_TIME = 86400 * 5;
};
server = {
DOMAIN = "code.fcuny.net";
ROOT_URL = "https://code.fcuny.net";
HTTP_PORT = 3000;
LANDING_PAGE = "explore";
};
mailer = {
ENABLED = true;
PROTOCOL = "smtp+starttls";
FROM = "code <forgejo@code.fcuny.net>";
USER = "franck@fcuny.net";
SMTP_ADDR = "smtp.fastmail.com";
};
metrics = {
ENABLED = true;
ENABLED_ISSUE_BY_LABEL = true;
ENABLED_ISSUE_BY_REPOSITORY = true;
};
service = {
REGISTER_EMAIL_CONFIRM = true;
DISABLE_REGISTRATION = true;
ALLOW_ONLY_EXTERNAL_REGISTRATION = false;
SHOW_REGISTRATION_BUTTON = true;
};
openid = {
ENABLE_OPENID_SIGNIN = true;
ENABLE_OPENID_SIGNUP = true;
};
oauth2_client = {
REGISTER_EMAIL_CONFIRM = false;
ENABLE_AUTO_REGISTRATION = true;
USERNAME = "preferred_username";
ACCOUNT_LINKING = "auto";
};
repository = {
DEFAULT_PRIVATE = "public";
DEFAULT_PUSH_CREATE_PRIVATE = true;
ENABLE_PUSH_CREATE_USER = true;
PREFERRED_LICENSES = "GPL-3.0-or-later,MIT";
DEFAULT_REPO_UNITS = "repo.code,repo.issues,repo.pulls";
DISABLE_STARS = true; # self-hosting so, doesn't make sense
};
"service.explore" = {
DISABLE_USERS_PAGE = true;
};
federation = {
ENABLED = true;
};
ui = {
# To protect privacy of users.
SHOW_USER_EMAIL = false;
};
};
};
# my.modules.backups = {
# local.paths = [ "/var/lib/forgejo" ];
# local.exclude = [
# "/var/lib/forgejo/data/indexers"
# "/var/lib/forgejo/data/repo-archive"
# "/var/lib/forgejo/data/tmp"
# ];
# remote.paths = [ "/var/lib/forgejo" ];
# remote.exclude = [
# "/var/lib/forgejo/data/indexers"
# "/var/lib/forgejo/data/repo-archive"
# "/var/lib/forgejo/data/tmp"
# ];
# };
}
|
