2024-10-22 08:32:28 +00:00
|
|
|
# Edit this configuration file to define what should be installed on
|
|
|
|
|
# your system. Help is available in the configuration.nix(5) man page, on
|
|
|
|
|
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
|
|
|
|
|
|
|
|
|
|
# NixOS-WSL specific options are documented on the NixOS-WSL repository:
|
|
|
|
|
# https://github.com/nix-community/NixOS-WSL
|
|
|
|
|
|
|
|
|
|
{ config, lib, pkgs, ... }:
|
2025-03-31 09:22:58 +00:00
|
|
|
let
|
|
|
|
|
cfg = config.services.forgejo;
|
|
|
|
|
srv = cfg.settings.server;
|
|
|
|
|
in
|
2024-10-22 08:32:28 +00:00
|
|
|
{
|
|
|
|
|
imports = [
|
|
|
|
|
# include NixOS-WSL modules
|
|
|
|
|
<nixos-wsl/modules>
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
wsl.enable = true;
|
|
|
|
|
wsl.defaultUser = "nixos";
|
|
|
|
|
|
2025-03-31 09:22:58 +00:00
|
|
|
system.stateVersion = "24.11";
|
2024-10-22 08:32:28 +00:00
|
|
|
|
|
|
|
|
nix = {
|
|
|
|
|
settings = {
|
|
|
|
|
experimental-features = [ "nix-command" "flakes" ];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2025-03-31 09:22:58 +00:00
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
|
git
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
virtualisation.docker = {
|
|
|
|
|
enable = true;
|
2024-10-22 08:32:28 +00:00
|
|
|
};
|
2024-10-22 12:09:08 +00:00
|
|
|
|
2025-03-31 09:22:58 +00:00
|
|
|
security.acme = {
|
|
|
|
|
defaults.email = "michael.huebner@ptspaper.de";
|
|
|
|
|
acceptTerms = true;
|
2024-10-22 12:09:08 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services = {
|
2025-03-31 09:22:58 +00:00
|
|
|
endlessh = {
|
2024-10-22 12:09:08 +00:00
|
|
|
enable = true;
|
2025-03-31 09:22:58 +00:00
|
|
|
port = 22;
|
2024-10-22 12:09:08 +00:00
|
|
|
};
|
|
|
|
|
|
2025-03-31 09:22:58 +00:00
|
|
|
openssh = {
|
|
|
|
|
enable = true;
|
|
|
|
|
ports = [ 23 ];
|
2024-10-22 12:09:08 +00:00
|
|
|
};
|
|
|
|
|
|
2025-03-31 09:22:58 +00:00
|
|
|
nginx = {
|
|
|
|
|
enable = true;
|
|
|
|
|
virtualHosts.${srv.DOMAIN} = {
|
|
|
|
|
forceSSL = true;
|
|
|
|
|
enableACME = true;
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
client_max_body_size 512M;
|
|
|
|
|
'';
|
|
|
|
|
locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
|
2024-10-22 12:09:08 +00:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2025-03-31 09:22:58 +00:00
|
|
|
forgejo = {
|
|
|
|
|
enable = true;
|
|
|
|
|
database.type = "postgres";
|
|
|
|
|
lfs.enable = true;
|
|
|
|
|
settings = {
|
|
|
|
|
server = {
|
|
|
|
|
DOMAIN = "localhost";
|
|
|
|
|
ROOT_URL = "https://${srv.DOMAIN}";
|
|
|
|
|
HTTP_PORT = 3000;
|
|
|
|
|
SSH_PORT = 62;
|
2024-10-22 12:09:08 +00:00
|
|
|
};
|
2025-03-31 09:22:58 +00:00
|
|
|
service.DISABLE_REGISTRATION = true;
|
|
|
|
|
actions = {
|
|
|
|
|
ENABLED = true;
|
|
|
|
|
DEFAULT_ACTIONS_URL = "github";
|
2024-10-22 12:09:08 +00:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
2025-03-31 13:16:45 +00:00
|
|
|
|
2025-03-31 13:23:13 +00:00
|
|
|
renovate = {
|
|
|
|
|
enable = true;
|
|
|
|
|
schedule = "TODO";
|
2025-03-31 13:23:49 +00:00
|
|
|
credentials = {
|
|
|
|
|
RENOVATE_TOKEN = "/etc/renovate/token";
|
|
|
|
|
};
|
2025-03-31 13:23:13 +00:00
|
|
|
settings = {
|
|
|
|
|
endpoint = "http://<url>.de/api/v1/";
|
|
|
|
|
persistRepoData = true;
|
|
|
|
|
platform = "forgejo";
|
|
|
|
|
autodiscover = true;
|
|
|
|
|
onboardingConfig= {
|
|
|
|
|
extends= ["config:recommended"];
|
|
|
|
|
};
|
|
|
|
|
prCommitsPerRunLimit= 0;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2025-03-31 13:16:45 +00:00
|
|
|
cron = {
|
|
|
|
|
enable = true;
|
|
|
|
|
systemCronJobs = [
|
|
|
|
|
"* * * * * root ls -l / > /tmp/cronout 2>&1"
|
|
|
|
|
];
|
2025-03-31 13:23:13 +00:00
|
|
|
};
|
2024-10-22 12:09:08 +00:00
|
|
|
};
|
2025-03-31 09:22:58 +00:00
|
|
|
}
|
