87 lines
1.8 KiB
Nix
87 lines
1.8 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
...
|
|
}:
|
|
let
|
|
port = 5027;
|
|
certloc = "/var/lib/acme/fi33.buzz";
|
|
hostname = "git.fi33.buzz";
|
|
url = "https://git.fi33.buzz";
|
|
sshPort = lib.head config.services.openssh.ports;
|
|
in
|
|
{
|
|
services = {
|
|
forgejo = {
|
|
enable = true;
|
|
dump = {
|
|
enable = true;
|
|
interval = "00:00";
|
|
};
|
|
lfs.enable = true;
|
|
settings = {
|
|
server = {
|
|
# keep-sorted start
|
|
DOMAIN = hostname;
|
|
HTTP_PORT = port;
|
|
ROOT_URL = url;
|
|
SSH_PORT = sshPort;
|
|
# keep-sorted end
|
|
};
|
|
service.DISABLE_REGISTRATION = true;
|
|
};
|
|
user = "git";
|
|
group = "git";
|
|
};
|
|
|
|
openssh.settings.AllowUsers = [ "git" ];
|
|
|
|
gatus.settings.endpoints = [
|
|
{
|
|
name = "Forgejo";
|
|
group = "Private Services";
|
|
inherit url;
|
|
interval = "5m";
|
|
conditions = [
|
|
"[STATUS] == 200"
|
|
"[CONNECTED] == true"
|
|
"[RESPONSE_TIME] < 500"
|
|
];
|
|
alerts = [ { type = "ntfy"; } ];
|
|
}
|
|
{
|
|
name = "Forgejo SSH";
|
|
group = "Private Services";
|
|
url = "ssh://${hostname}:${toString sshPort}";
|
|
interval = "5m";
|
|
conditions = [
|
|
"[CONNECTED] == true"
|
|
"[RESPONSE_TIME] < 500"
|
|
];
|
|
alerts = [ { type = "ntfy"; } ];
|
|
}
|
|
];
|
|
|
|
borgbackup.jobs = {
|
|
onsite.paths = [ "/var/lib/forgejo" ];
|
|
offsite.paths = [ "/var/lib/forgejo" ];
|
|
};
|
|
|
|
caddy.virtualHosts.${hostname}.extraConfig = ''
|
|
reverse_proxy localhost:${toString port}
|
|
tls ${certloc}/cert.pem ${certloc}/key.pem {
|
|
protocols tls1.3
|
|
}
|
|
'';
|
|
};
|
|
|
|
users = {
|
|
users.git = {
|
|
home = "/var/lib/forgejo";
|
|
useDefaultShell = true;
|
|
group = "git";
|
|
isSystemUser = true;
|
|
};
|
|
groups.git = { };
|
|
};
|
|
}
|