TheWanderingCrow/CrOS
1
0
Fork 0
mirror of https://github.com/TheWanderingCrow/CrOS.git synced 2026-01-11 09:44:08 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
CrOS/modules/services/forgejo/default.nix
TheWanderingCrow a1a60654b4 updates to lubelogger
2025-12-16 10:40:19 -05:00

63 lines
1.7 KiB
Nix
Raw Blame History

{ inputs, config, ... }:
let
sopsFolder = builtins.toString inputs.nix-secrets + "/sops";
in
{
services.caddy.virtualHosts."git.wanderingcrow.net".extraConfig = ''
reverse_proxy http://localhost:3000
'';
sops.secrets = {
"generic/smtp/server" = {
sopsFile = "${sopsFolder}/services.yaml";
};
"generic/smtp/port" = {
sopsFile = "${sopsFolder}/services.yaml";
};
"generic/smtp/user" = {
sopsFile = "${sopsFolder}/services.yaml";
};
"generic/smtp/pass" = {
sopsFile = "${sopsFolder}/services.yaml";
};
};
services.forgejo = {
enable = true;
lfs.enable = true;
database = {
type = "sqlite3";
createDatabase = true;
};
settings = {
server = {
DOMAIN = "git.wanderingcrow.net";
ROOT_URL = "https://git.wanderingcrow.net";
HTTP_PORT = 3000;
};
service = {
REGISTER_EMAIL_CONFIRM = true;
ENABLE_NOTIFY_MAIL = true;
# I want to offload account security to OIDC provider
REQUIRE_EXTERNAL_REGISTRATION_PASSWORD = false;
ENABLE_INTERNAL_SIGNIN = false;
EMAIL_DOMAIN_BLOCK_DISPOSABLE = true;
ALLOW_ONLY_EXTERNAL_REGISTRATION = false;
ENABLE_OPENID_SIGNIN = true;
ENABLE_OPENID_SIGNUP = true;
WHITELISTED_URIS = "auth.wanderingcrow.net";
};
mailer = {
ENABLED = true;
};
};
secrets = {
mailer = {
SMTP_ADDR = config.sops.secrets."generic/smtp/server".path;
SMTP_PORT = config.sops.secrets."generic/smtp/port".path;
USER = config.sops.secrets."generic/smtp/user".path;
PASSWD = config.sops.secrets."generic/smtp/pass".path;
};
};
};
}
Reference in a new issue View git blame Copy permalink