# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). # NixOS-WSL specific options are documented on the NixOS-WSL repository: # https://github.com/nix-community/NixOS-WSL { config, lib, pkgs, ... }: let cfg = config.services.forgejo; srv = cfg.settings.server; in { imports = [ "shared/system.nix" "shared/dev_user.nix" "shared/docker.nix" "shared/ssh.nix" ]; programs = { msmtp = { enable = true; defaults = { tls = true; }; accounts = { default = { auth = true; host = "TODO: e.g. smtp.strato.de"; port = 587; tls_starttls = true; from = "TODO: email"; user = "TODO: email"; password = "TODO"; }; }; }; }; security.acme = { defaults.email = "michael.huebner@ptspaper.de"; acceptTerms = true; }; services = { nginx = { enable = true; virtualHosts.${srv.DOMAIN} = { forceSSL = true; enableACME = true; extraConfig = '' client_max_body_size 512M; ''; locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}"; }; }; forgejo = { enable = true; database.type = "postgres"; lfs.enable = true; settings = { server = { DOMAIN = "localhost"; ROOT_URL = "https://${srv.DOMAIN}"; HTTP_PORT = 3000; SSH_PORT = 62; }; service.DISABLE_REGISTRATION = true; actions = { ENABLED = true; DEFAULT_ACTIONS_URL = "github"; }; }; }; renovate = { enable = true; schedule = "TODO"; credentials = { RENOVATE_TOKEN = "/etc/renovate/token"; }; settings = { endpoint = "http://.de/api/v1/"; persistRepoData = true; platform = "forgejo"; autodiscover = true; onboardingConfig= { extends= ["config:recommended"]; }; prCommitsPerRunLimit= 0; }; }; cron = { enable = true; systemCronJobs = [ "00 03 * * * forgejo sh backup_forgejo.sh -d /var/lib/forgejo -u TODO -s TODO -p TODO" ]; }; }; }