# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). # NixOS-WSL specific options are documented on the NixOS-WSL repository: # https://github.com/nix-community/NixOS-WSL { config, lib, pkgs, ... }: let cfg = config.services.forgejo; srv = cfg.settings.server; in { imports = [ ./shared/system.nix ./shared/dev_user.nix ./shared/docker.nix ./shared/ssh.nix ]; users.users = { # connection only via ssh key backup = { isNormalUser = true; home = "/home/backup"; description = "User used to copy the forgejo backup into PTS network"; extraGroups = [ "forgejo" ]; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDVdIrB5ytrzIVv+Zpmr5pesRj/aXGqS+gKd8wTL2tg4S8LYbyFWhos8uy+uAraU/vP1+ffxxQCKrjivxm53bZDpAXJKZyVV/defvJcOSQ2uhKM3c8LbTt/YR2AjoyTuOjj57ZFqQCDqEVIkFwbGuxCr4VclZpPD5Ny3StCTy9K8WJgKQ8pvXicB3msgy4hD3xL957F1wAFpyVufKrb45hrZyKfOLIgPTg/4l3sPVzBlsPUL4ZCkE2Gfmdtr2VUJ0ykZz9J8cJq59IN3nppqb2oqnwqcLWwhFy4U70SXCkwd0KtMICajp6H7qg73SUJPqgJewYRSLUiw4IxyD7Di1NU7WsPS+hS6QlTRFQKX3IaAkL26hXUgz8F1L9bd2CfVQxLQguFTS54hoFqcx/eNHtKiBvHBURJnBQDnpkQQbxaZ7D87TO6siuQklCUwaLvC8mjLv+D1+pXeJRZhEKefgkkYzd8A+SmTVuczfqTxP6PaMcx0plzj2uCmC03FcwWClDo1jcX3HpyCxLSBnyYWvzngHcropgqgrJbZYMluEBRn0SWMWbeiAxdyCCaxbL7buVKwwyR7/eoNG24lwWE2lqC6aV8wODg+Z+OVano1budInSJm85pabhEaZU52s2ETDFk6GbJr67Mka0NlrOaq/MrXtMpUTamfexnIXN53YNSrQ== ptspaper\d.rockstroh_adm@PTS-Filesrv03" ]; }; }; security.acme = { defaults.email = "michael.huebner@ptspaper.de"; acceptTerms = true; }; services = { nginx = { enable = true; virtualHosts.${srv.DOMAIN} = { forceSSL = true; enableACME = true; extraConfig = '' client_max_body_size 512M; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; ''; locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}"; }; }; forgejo = { enable = true; database.type = "postgres"; lfs.enable = true; settings = { server = { DOMAIN = "pts-paper.de"; ROOT_URL = "https://${srv.DOMAIN}"; HTTP_PORT = 3000; SSH_PORT = 62; STATIC_ROOT_PATH = pkgs.runCommand "patch-templates" { } '' mkdir -p $out ${pkgs.lib.getExe' pkgs.coreutils "cp"} -r ${config.services.forgejo.package.data}/* $out chmod u+w $out/templates/home.tmpl ${pkgs.lib.getExe' pkgs.coreutils "cp"} -f ${./home.tmpl} $out/templates/home.tmpl chmod u-w $out/templates/home.tmpl ''; }; service.DISABLE_REGISTRATION = true; actions = { ENABLED = true; DEFAULT_ACTIONS_URL = "github"; }; mailer = { ENABLED = true; PROTOCOL = "smtp"; SMTP_ADDR = "80.151.91.109"; SMTP_PORT = 2525; FROM = "Forgejo "; USER = "noreply@ptspaper.de"; }; }; dump = { enable = true; interval = "20:00"; type = "tar.gz"; file = "forgejo_backup"; backupDir = "/backups"; }; }; openssh = { ports = [ 62 ]; settings = { AllowUsers = [ "forgejo" "backup" ]; }; }; renovate = { enable = true; schedule = "*:0/15"; credentials = { RENOVATE_TOKEN = "/etc/renovate/token"; }; settings = { endpoint = "https://pts-paper.de/api/v1/"; persistRepoData = true; platform = "gitea"; gitAuthor = "Renovate "; autodiscover = true; onboardingConfig = { extends = [ "config:recommended" ]; }; prCommitsPerRunLimit = 0; }; }; cron = { enable = true; systemCronJobs = [ "30 20 * * * root chmod 660 /backups/forgejo_backup.tar.gz" ]; }; }; }