niksos/hosts/chmura/services/forgejo.nix

84 lines
2.6 KiB
Nix

{
config,
pkgs,
...
}: {
age.secrets.forgejo-runner-token.file = ../../../secrets/forgejo-runner-token.age;
services = {
forgejo = {
enable = true;
lfs.enable = true;
database.type = "postgres";
dump = {
enable = true;
type = "tar.xz";
};
settings = {
DEFAULT = {
APP_NAME = "fuck it we code";
};
server = rec {
DOMAIN = "git.jacekpoz.pl";
HTTP_PORT = 1849;
PROTOCOL = "http";
SSH_PORT = 8236;
ROOT_URL = "${PROTOCOL}://${DOMAIN}/";
};
service = {
DISABLE_REGISTRATION = true;
};
actions = {
ENABLED = true;
DEFAULT_ACTIONS_URL = "https://code.forgejo.org";
};
federation = {
ENABLED = true;
};
};
};
gitea-actions-runner = {
package = pkgs.forgejo-runner;
instances = {
chmura = {
enable = true;
name = config.networking.hostName;
url = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}";
tokenFile = config.age.secrets.forgejo-runner-token.path;
labels = [
"native:host"
];
hostPackages = with pkgs; [
nix
nodejs
git
bash
];
settings = {
log.level = "info";
runner = {
file = ".runner";
capacity = 2;
timeout = "3h";
insecure = false;
fetch_timeout = "5s";
fetch_interval = "2s";
};
};
};
};
};
};
systemd.services.gitea-runner-chmura.serviceConfig = {
ReadWritePaths = "/srv/web";
};
services.caddy = {
enable = true;
virtualHosts."git.jacekpoz.pl".extraConfig = ''
reverse_proxy * localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}
'';
};
}