137 lines
4.2 KiB
Nix
137 lines
4.2 KiB
Nix
# Edit this configuration file to define what should be installed on
|
|
# your system. Help is available in the configuration.nix(5) man page, on
|
|
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
|
|
|
|
# NixOS-WSL specific options are documented on the NixOS-WSL repository:
|
|
# https://github.com/nix-community/NixOS-WSL
|
|
|
|
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
let
|
|
cfg = config.services.forgejo;
|
|
srv = cfg.settings.server;
|
|
in
|
|
{
|
|
imports = [
|
|
./shared/system.nix
|
|
./shared/dev_user.nix
|
|
./shared/docker.nix
|
|
./shared/ssh.nix
|
|
];
|
|
|
|
users.users = {
|
|
# connection only via ssh key
|
|
backup = {
|
|
isNormalUser = true;
|
|
home = "/home/backup";
|
|
description = "User used to copy the forgejo backup into PTS network";
|
|
extraGroups = [ "forgejo" ];
|
|
openssh.authorizedKeys.keys = [
|
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDVdIrB5ytrzIVv+Zpmr5pesRj/aXGqS+gKd8wTL2tg4S8LYbyFWhos8uy+uAraU/vP1+ffxxQCKrjivxm53bZDpAXJKZyVV/defvJcOSQ2uhKM3c8LbTt/YR2AjoyTuOjj57ZFqQCDqEVIkFwbGuxCr4VclZpPD5Ny3StCTy9K8WJgKQ8pvXicB3msgy4hD3xL957F1wAFpyVufKrb45hrZyKfOLIgPTg/4l3sPVzBlsPUL4ZCkE2Gfmdtr2VUJ0ykZz9J8cJq59IN3nppqb2oqnwqcLWwhFy4U70SXCkwd0KtMICajp6H7qg73SUJPqgJewYRSLUiw4IxyD7Di1NU7WsPS+hS6QlTRFQKX3IaAkL26hXUgz8F1L9bd2CfVQxLQguFTS54hoFqcx/eNHtKiBvHBURJnBQDnpkQQbxaZ7D87TO6siuQklCUwaLvC8mjLv+D1+pXeJRZhEKefgkkYzd8A+SmTVuczfqTxP6PaMcx0plzj2uCmC03FcwWClDo1jcX3HpyCxLSBnyYWvzngHcropgqgrJbZYMluEBRn0SWMWbeiAxdyCCaxbL7buVKwwyR7/eoNG24lwWE2lqC6aV8wODg+Z+OVano1budInSJm85pabhEaZU52s2ETDFk6GbJr67Mka0NlrOaq/MrXtMpUTamfexnIXN53YNSrQ== ptspaper\d.rockstroh_adm@PTS-Filesrv03"
|
|
];
|
|
};
|
|
};
|
|
|
|
security.acme = {
|
|
defaults.email = "michael.huebner@ptspaper.de";
|
|
acceptTerms = true;
|
|
};
|
|
|
|
services = {
|
|
nginx = {
|
|
enable = true;
|
|
virtualHosts.${srv.DOMAIN} = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
extraConfig = ''
|
|
client_max_body_size 512M;
|
|
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
'';
|
|
locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
|
|
};
|
|
};
|
|
|
|
forgejo = {
|
|
enable = true;
|
|
database.type = "postgres";
|
|
lfs.enable = true;
|
|
settings = {
|
|
server = {
|
|
DOMAIN = "pts-paper.de";
|
|
ROOT_URL = "https://${srv.DOMAIN}";
|
|
HTTP_PORT = 3000;
|
|
SSH_PORT = 62;
|
|
|
|
STATIC_ROOT_PATH = pkgs.runCommand "patch-templates" { } ''
|
|
mkdir -p $out
|
|
${pkgs.lib.getExe' pkgs.coreutils "cp"} -r ${config.services.forgejo.package.data}/* $out
|
|
chmod u+w $out/templates/home.tmpl
|
|
${pkgs.lib.getExe' pkgs.coreutils "cp"} -f ${./home.tmpl} $out/templates/home.tmpl
|
|
chmod u-w $out/templates/home.tmpl
|
|
'';
|
|
};
|
|
service.DISABLE_REGISTRATION = true;
|
|
actions = {
|
|
ENABLED = true;
|
|
DEFAULT_ACTIONS_URL = "github";
|
|
};
|
|
mailer = {
|
|
ENABLED = true;
|
|
PROTOCOL = "smtp";
|
|
SMTP_ADDR = "80.151.91.109";
|
|
SMTP_PORT = 2525;
|
|
FROM = "Forgejo <noreply@ptspaper.de>";
|
|
USER = "noreply@ptspaper.de";
|
|
};
|
|
};
|
|
dump = {
|
|
enable = true;
|
|
interval = "20:00";
|
|
type = "tar.gz";
|
|
file = "forgejo_backup";
|
|
backupDir = "/backups";
|
|
};
|
|
};
|
|
|
|
openssh = {
|
|
ports = [ 62 ];
|
|
settings = {
|
|
AllowUsers = [ "forgejo" "backup" ];
|
|
};
|
|
};
|
|
|
|
renovate = {
|
|
enable = true;
|
|
schedule = "*:0/15";
|
|
credentials = {
|
|
RENOVATE_TOKEN = "/etc/renovate/token";
|
|
};
|
|
settings = {
|
|
endpoint = "https://pts-paper.de/api/v1/";
|
|
persistRepoData = true;
|
|
platform = "gitea";
|
|
gitAuthor = "Renovate <RenBotSCS@ptspaper.de>";
|
|
autodiscover = true;
|
|
onboardingConfig = {
|
|
extends = [ "config:recommended" ];
|
|
};
|
|
prCommitsPerRunLimit = 0;
|
|
};
|
|
};
|
|
|
|
cron = {
|
|
enable = true;
|
|
systemCronJobs = {
|
|
"30 20 * * * root chmod 660 /backups/forgejo_backup.tar.gz"
|
|
};
|
|
};
|
|
};
|
|
}
|