Add Forgejo

2025-12-25 05:36:59 +01:00 · 2025-03-04 05:20:49 +01:00 · 2025-03-04 05:20:49 +01:00 · c2f5e22bc6
commit c2f5e22bc6
parent 69d06e8e71
7 changed files with 98 additions and 5 deletions
--- a/modules/forgejo.nix
+++ b/modules/forgejo.nix
@ -0,0 +1,68 @@
+{ config, lib, ... }:
+with lib;
+let
+  cfg = config.custom.services.forgejo;
+  domain = "forge.froidmont.org";
+in
+{
+  options.custom.services.forgejo = {
+    enable = mkEnableOption "forgejo";
+  };
+
+  config = mkIf cfg.enable {
+    sops.secrets = {
+      forgejoDbPassword = {
+        owner = config.users.users.forgejo.name;
+        key = "forgejo/db_password";
+        restartUnits = [ "forgejo.service" ];
+      };
+    };
+
+    services.forgejo = {
+      enable = true;
+      stateDir = "/nix/var/data/forgejo";
+      database = {
+        createDatabase = false;
+        type = "postgres";
+        host = "127.0.0.1";
+        name = "forgejo";
+        user = "forgejo";
+        passwordFile = config.sops.secrets.forgejoDbPassword.path;
+      };
+      settings = {
+        server = {
+          PROTOCOL = "http+unix";
+          DOMAIN = domain;
+          ROOT_URL = "https://${domain}/";
+        };
+        session = {
+          COOKIE_SECURE = true;
+        };
+        DEFAULT = {
+          RUN_MODE = "prod";
+        };
+        mailer = {
+          ENABLED = true;
+          PROTOCOL = "sendmail";
+          FROM = "noreply@froidmont.org";
+          SENDMAIL_PATH = "/run/wrappers/bin/sendmail";
+          SENDMAIL_ARGS = "--";
+        };
+        service = {
+          DISABLE_REGISTRATION = true;
+        };
+      };
+    };
+
+    services.nginx.virtualHosts.${domain} = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}";
+        extraConfig = ''
+          client_max_body_size 512M;
+        '';
+      };
+    };
+  };
+}