dump

2025-07-05 11:12:20 +02:00 · 2025-07-05 11:12:20 +02:00 · a90630ecb6
commit a90630ecb6
parent 4ed9ba0d24
98 changed files with 2063 additions and 729 deletions
--- a/nixos/hosts/forgejo/database.nix
+++ b/nixos/hosts/forgejo/database.nix
@ -1,14 +1,17 @@
-{ lib, pkgs, config, ... }:
-
 {
+  lib,
+  pkgs,
+  config,
+  ...
+}: {
  systemd.services.forgejo = {
-    after = [ "postgresql.service" ];
-    requires = [ "postgresql.service" ];
+    after = ["postgresql.service"];
+    requires = ["postgresql.service"];
  };

  services.postgresql = {
    enable = true;
-    ensureDatabases = [ "forgejo" ];
+    ensureDatabases = ["forgejo"];
    ensureUsers = [
      {
        name = "forgejo";
--- a/nixos/hosts/forgejo/forgejo.nix
+++ b/nixos/hosts/forgejo/forgejo.nix
@ -1,12 +1,15 @@
-{ lib, pkgs, config, ... }:
-let
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}: let
  cfg = config.services.forgejo;
  srv = cfg.settings.server;
  domain = "git.procopius.dk";
  ssh_domain = "gitssh.procopius.dk";
-in
-{
-  users.users.plasmagoat.extraGroups = [ "forgejo" ];
+in {
+  users.users.plasmagoat.extraGroups = ["forgejo"];

  services.forgejo = {
    enable = true;
@ -25,6 +28,15 @@ in
        SSH_PORT = 2222;
        SSH_DOMAIN = ssh_domain;
      };
+      mailer = {
+        ENABLED = true;
+        FROM = "git@procopius.dk";
+
+        PROTOCOL = "smtp+starttls";
+        SMTP_ADDR = "mail.procopius.dk";
+        USER = "admin@procopius.dk";
+        PASSWD = "mikael";
+      };
      database = {
        DB_TYPE = lib.mkForce "postgres";
        HOST = "/run/postgresql";
@ -33,12 +45,23 @@ in
      };
      service = {
        DISABLE_REGISTRATION = true;
+        # ENABLE_INTERNAL_SIGNIN = false;
+        ENABLE_NOTIFY_MAIL = true;
      };
      metrics = {
        ENABLED = true;
        ENABLED_ISSUE_BY_REPOSITORY = true;
        ENABLED_ISSUE_BY_LABEL = true;
      };
+      actions = {
+        ZOMBIE_TASK_TIMEOUT = "30m";
+      };
+      oauth2 = {
+      };
+      oauth2_client = {
+        ENABLE_AUTO_REGISTRATION = true;
+        UPDATE_AVATAR = true;
+      };
      # log = {
      #   ROOT_PATH = "/var/log/forgejo";
      #   MODE = "file";
@ -63,5 +86,5 @@ in
  '';

  # Optional: firewall
-  networking.firewall.allowedTCPPorts = [ 3000 2222 ];
+  networking.firewall.allowedTCPPorts = [3000 2222];
 }
--- a/nixos/hosts/forgejo/host.nix
+++ b/nixos/hosts/forgejo/host.nix
@ -0,0 +1,13 @@
+{ config, pkgs, modulesPath, lib, ... }:
+
+{
+  imports = [
+    ../../templates/base.nix
+    ../../secrets/shared-sops.nix
+    ./sops.nix
+    ./networking.nix
+    ./storage.nix
+    ./forgejo.nix
+    ./database.nix
+  ];
+}