TheWanderingCrow/CrOS
1
0
Fork 0
mirror of https://github.com/TheWanderingCrow/CrOS.git synced 2026-02-06 04:38:53 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
CrOS/modules/services/forgejo/default.nix
TheWanderingCrow 839ed66c07 Use magicport for forgejo
2026-02-01 13:58:35 -05:00

69 lines
1.8 KiB
Nix
Raw Blame History

{
lib,
inputs,
config,
...
}:
let
sopsFolder = builtins.toString inputs.nix-secrets + "/sops";
port = builtins.toString (lib.custom.autoport "forgejo");
in
{
services.caddy.virtualHosts."git.wanderingcrow.net".extraConfig = ''
reverse_proxy http://localhost:${builtins.toString port}
'';
sops.secrets = {
"generic/smtp/server" = {
sopsFile = "${sopsFolder}/services.yaml";
};
"generic/smtp/port" = {
sopsFile = "${sopsFolder}/services.yaml";
};
"generic/smtp/user" = {
sopsFile = "${sopsFolder}/services.yaml";
};
"generic/smtp/pass" = {
sopsFile = "${sopsFolder}/services.yaml";
};
};
services.forgejo = {
enable = true;
lfs.enable = true;
database = {
type = "sqlite3";
createDatabase = true;
};
settings = {
server = {
DOMAIN = "git.wanderingcrow.net";
ROOT_URL = "https://git.wanderingcrow.net";
HTTP_PORT = port;
};
service = {
REGISTER_EMAIL_CONFIRM = true;
ENABLE_NOTIFY_MAIL = true;
# I want to offload account security to OIDC provider
REQUIRE_EXTERNAL_REGISTRATION_PASSWORD = false;
ENABLE_INTERNAL_SIGNIN = false;
EMAIL_DOMAIN_BLOCK_DISPOSABLE = true;
ALLOW_ONLY_EXTERNAL_REGISTRATION = false;
ENABLE_OPENID_SIGNIN = true;
ENABLE_OPENID_SIGNUP = true;
WHITELISTED_URIS = "auth.wanderingcrow.net";
};
mailer = {
ENABLED = true;
};
};
secrets = {
mailer = {
SMTP_ADDR = config.sops.secrets."generic/smtp/server".path;
SMTP_PORT = config.sops.secrets."generic/smtp/port".path;
USER = config.sops.secrets."generic/smtp/user".path;
PASSWD = config.sops.secrets."generic/smtp/pass".path;
};
};
};
}
Reference in a new issue View git blame Copy permalink