feat(webserver): add forgejo
This commit is contained in:
parent
4c18f0a7ab
commit
93cf777ce7
4 changed files with 68 additions and 3 deletions
|
|
@ -18,12 +18,20 @@ in {
|
|||
}: {
|
||||
system.stateVersion = "22.05"; # Did you read the comment?
|
||||
|
||||
disabledModules = [
|
||||
"services/misc/forgejo.nix"
|
||||
];
|
||||
|
||||
imports = [
|
||||
"${repoFlake.inputs.nixpkgs_forgejo}/nixos/modules/services/misc/forgejo.nix"
|
||||
|
||||
../profiles/containers/configuration.nix
|
||||
|
||||
repoFlake.inputs.sops-nix.nixosModules.sops
|
||||
];
|
||||
|
||||
sops.defaultSopsFile = ./webserver_secrets.yaml;
|
||||
|
||||
networking.firewall.enable = true;
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
httpPort
|
||||
|
|
@ -73,6 +81,12 @@ in {
|
|||
reverse_proxy http://127.0.0.1:${builtins.toString config.services.lldap.settings.http_port}
|
||||
'';
|
||||
};
|
||||
|
||||
virtualHosts."forgejo.${domain}" = {
|
||||
extraConfig = ''
|
||||
reverse_proxy http://127.0.0.1:${builtins.toString config.services.forgejo.settings.server.HTTP_PORT}
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
services.hedgedoc = {
|
||||
|
|
@ -223,6 +237,27 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
sops.secrets.FORGEJO_JWT_SECRET = {};
|
||||
sops.secrets.FORGEJO_INTERNAL_TOKEN = {};
|
||||
sops.secrets.FORGEJO_SECRET_KEY = {};
|
||||
|
||||
services.forgejo = {
|
||||
enable = true;
|
||||
package = repoFlake.inputs.nixpkgs_forgejo.legacyPackages.${pkgs.system}.forgejo;
|
||||
settings = {
|
||||
service.DISABLE_REGISTRATION = true;
|
||||
server.HTTP_ADDR = "127.0.0.1";
|
||||
server.DISABLE_SSH = true;
|
||||
server.ROOT_URL = "https://forgejo.${domain}";
|
||||
server.HTTP_PORT = 3001;
|
||||
};
|
||||
secrets = {
|
||||
oauth2.JWT_SECRET = lib.mkForce config.sops.secrets.FORGEJO_JWT_SECRET.path;
|
||||
security.INTERNAL_TOKEN = lib.mkForce config.sops.secrets.FORGEJO_INTERNAL_TOKEN.path;
|
||||
security.SECRET_KEY = lib.mkForce config.sops.secrets.FORGEJO_SECRET_KEY.path;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.lldap.serviceConfig.User = config.users.users.lldap.name;
|
||||
systemd.services.lldap.serviceConfig.Group = config.users.groups.lldap.name;
|
||||
systemd.services.lldap.serviceConfig.DynamicUser = lib.mkForce false;
|
||||
|
|
@ -259,6 +294,11 @@ in {
|
|||
hostPath = "/var/lib/container-volumes/webserver/var-lib-lldap";
|
||||
isReadOnly = false;
|
||||
};
|
||||
|
||||
"/var/lib/forgejo" = {
|
||||
hostPath = "/var/lib/container-volumes/webserver/var-lib-forgejo";
|
||||
isReadOnly = false;
|
||||
};
|
||||
};
|
||||
|
||||
# extraFlags = ["--resolv-conf=bind-host"];
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue