77 lines
1.5 KiB
Nix
77 lines
1.5 KiB
Nix
{ pkgs, ... }:
|
|
|
|
let
|
|
fqdn = "git.kempkens.io";
|
|
in
|
|
{
|
|
services = {
|
|
forgejo = {
|
|
enable = true;
|
|
|
|
stateDir = "/var/lib/forgejo";
|
|
|
|
database = {
|
|
type = "postgres";
|
|
};
|
|
|
|
lfs.enable = true;
|
|
|
|
settings = {
|
|
DEFAULT = {
|
|
APP_NAME = "kempkens.io Forge";
|
|
};
|
|
|
|
server = {
|
|
PROTOCOL = "http+unix";
|
|
DOMAIN = fqdn;
|
|
ROOT_URL = "https://${fqdn}/";
|
|
LANDING_PAGE = "explore";
|
|
};
|
|
|
|
service = {
|
|
DISABLE_REGISTRATION = true;
|
|
};
|
|
|
|
mailer = {
|
|
ENABLED = true;
|
|
PROTOCOL = "sendmail";
|
|
FROM = "forgejo@mg.kempkens.io";
|
|
SENDMAIL_PATH = "${pkgs.system-sendmail}/bin/sendmail";
|
|
};
|
|
|
|
session = {
|
|
COOKIE_SECURE = true;
|
|
SAME_SITE = "strict";
|
|
};
|
|
|
|
actions = {
|
|
ENABLED = true;
|
|
};
|
|
|
|
other = {
|
|
SHOW_FOOTER_VERSION = false;
|
|
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
|
|
};
|
|
};
|
|
};
|
|
|
|
nginx.virtualHosts."${fqdn}" = {
|
|
quic = true;
|
|
http3 = true;
|
|
|
|
forceSSL = true;
|
|
useACMEHost = "kempkens.io";
|
|
|
|
extraConfig = ''
|
|
client_max_body_size 0;
|
|
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
|
'';
|
|
|
|
locations."/" = {
|
|
recommendedProxySettings = true;
|
|
proxyPass = "http://unix:/run/forgejo/forgejo.sock";
|
|
};
|
|
};
|
|
};
|
|
}
|