diff --git a/hosts/nixos-server-reid/webapps/default.nix b/hosts/nixos-server-reid/webapps/default.nix index 0db3c55..235e1a1 100755 --- a/hosts/nixos-server-reid/webapps/default.nix +++ b/hosts/nixos-server-reid/webapps/default.nix @@ -6,11 +6,6 @@ in { config = { modules = { services = { - forgejo = { - enable = true; - domain = "git.reidlab.pink"; - port = 3000; - }; # you should probably keep this on # actually enables nginx, configures acme, @@ -22,6 +17,11 @@ in { "reidlab.pink".dataDir = "/var/www/reidlab.pink"; }; + forgejo = { + enable = true; + domain = "git.reidlab.pink"; + }; + matomo = { enable = true; domain = "analytics.reidlab.pink"; diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix index 28cf20d..c93bcee 100755 --- a/modules/services/forgejo.nix +++ b/modules/services/forgejo.nix @@ -10,62 +10,59 @@ in { type = types.str; default = "git.reidlab.pink"; }; - port = mkOption { - type = types.int; - default = 3000; - }; }; config = mkIf cfg.enable { - services = { - forgejo = { - enable = true; - stateDir = "/var/lib/${cfg.domain}"; - database.type = "postgres"; - settings = { - "DEFAULT" = { - APP_NAME = "reidlab's git instance"; - }; - "security" = { - INSTALL_LOCK = true; - PASSWORD_HASH_ALGO = "argon2"; - PASSWORD_CHECK_PWN = true; - }; - "ui.meta" = { - AUTHOR = "reidlab"; - DESCRIPTION = "reidlab's git instance"; - }; - "server" = { - DOMAIN = cfg.domain; - HTTP_PORT = cfg.port; - ROOT_URL = "https://${cfg.domain}/"; - }; - "repository" = { - DEFAULT_BRANCH = "main"; - }; - "picture" = { - DISABLE_GRAVATAR = false; - ENABLE_FEDERATED_AVATAR = true; - }; - "service" = { - ENABLE_CAPTCHA = false; - REGISTER_EMAIL_CONFIRM = false; - DEFAULT_KEEP_EMAIL_PRIVATE = true; - DEFAULT_ENABLE_TIMETRACING = true; - DISABLE_REGISTRATION = true; - }; - "federation" = { - ENABLED = true; - }; + services.forgejo = { + enable = true; + + stateDir = "/var/lib/${cfg.domain}"; + database.type = "postgres"; + settings = { + "DEFAULT" = { + APP_NAME = "reidlab's git instance"; + }; + "security" = { + INSTALL_LOCK = true; + PASSWORD_HASH_ALGO = "argon2"; + PASSWORD_CHECK_PWN = true; + }; + "ui.meta" = { + AUTHOR = "reidlab"; + DESCRIPTION = "reidlab's git instance"; + }; + "server" = { + DOMAIN = cfg.domain; + PROTOCOL = "http+unix"; + ROOT_URL = "https://${cfg.domain}/"; + }; + "repository" = { + DEFAULT_BRANCH = "main"; + }; + "picture" = { + DISABLE_GRAVATAR = false; + ENABLE_FEDERATED_AVATAR = true; + }; + "service" = { + ENABLE_CAPTCHA = false; + REGISTER_EMAIL_CONFIRM = false; + DEFAULT_KEEP_EMAIL_PRIVATE = true; + DEFAULT_ENABLE_TIMETRACING = true; + DISABLE_REGISTRATION = true; + }; + "federation" = { + ENABLED = true; }; }; + }; - nginx.virtualHosts."${cfg.domain}" = { - forceSSL = true; - enableACME = true; - locations."/".extraConfig = '' - client_max_body_size 600M; - proxy_pass http://127.0.0.1:${toString cfg.port}; + services.nginx.virtualHosts."${cfg.domain}" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}"; + extraConfig = '' + client_max_body_size 512M; ''; }; };