85 lines
1.8 KiB
Nix
85 lines
1.8 KiB
Nix
# Forgejo Module
|
|
# Provides: Self-hosted Git service (Fork of Gitea)
|
|
#
|
|
# Usage:
|
|
# myModules.forgejo = {
|
|
# enable = true;
|
|
# domain = "git.example.com";
|
|
# };
|
|
|
|
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
|
|
let
|
|
cfg = config.myModules.forgejo;
|
|
in
|
|
{
|
|
options.myModules.forgejo = {
|
|
enable = lib.mkEnableOption "Forgejo Git service";
|
|
|
|
port = lib.mkOption {
|
|
type = lib.types.port;
|
|
default = 3002;
|
|
description = "Internal port to run Forgejo on";
|
|
};
|
|
|
|
domain = lib.mkOption {
|
|
type = lib.types.str;
|
|
example = "git.example.com";
|
|
description = "Public domain name for Forgejo";
|
|
};
|
|
|
|
disableRegistration = lib.mkOption {
|
|
type = lib.types.bool;
|
|
default = true;
|
|
description = "Disable public user registration";
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
services.forgejo = {
|
|
enable = true;
|
|
database.type = "postgres";
|
|
|
|
settings = {
|
|
server = {
|
|
DOMAIN = cfg.domain;
|
|
ROOT_URL = "https://${cfg.domain}/";
|
|
HTTP_ADDR = "127.0.0.1";
|
|
HTTP_PORT = cfg.port;
|
|
SSH_PORT = 2222;
|
|
};
|
|
service = {
|
|
DISABLE_REGISTRATION = cfg.disableRegistration;
|
|
};
|
|
session = {
|
|
COOKIE_SECURE = true;
|
|
};
|
|
security = {
|
|
PASSWORD_COMPLEXITY = "lower,upper,digit,spec";
|
|
MIN_PASSWORD_LENGTH = 12;
|
|
};
|
|
};
|
|
};
|
|
|
|
# Nginx Reverse Proxy
|
|
myModules.nginx.domains."${cfg.domain}" = {
|
|
port = cfg.port;
|
|
extraConfig = ''
|
|
client_max_body_size 512M;
|
|
'';
|
|
};
|
|
|
|
# Open SSH port for Git
|
|
networking.firewall.allowedTCPPorts = [ 2222 ];
|
|
|
|
# Backups (Add Forgejo data to restic if backup module is enabled)
|
|
myModules.backup.paths = [
|
|
config.services.forgejo.stateDir
|
|
];
|
|
};
|
|
}
|