unix socket forgejo?

2025-01-09 23:36:22 -08:00 · 2025-01-09 23:36:22 -08:00 · b482fbc2ea
commit b482fbc2ea
parent 2232ad3f31
2 changed files with 52 additions and 55 deletions
--- a/hosts/nixos-server-reid/webapps/default.nix
+++ b/hosts/nixos-server-reid/webapps/default.nix
@ -6,11 +6,6 @@ in {
  config = {
    modules = {
      services = {
        forgejo = {
          enable = true;
          domain = "git.reidlab.pink";
          port = 3000;
        };
        # you should probably keep this on
        # actually enables nginx, configures acme,
@ -22,6 +17,11 @@ in {
          "reidlab.pink".dataDir = "/var/www/reidlab.pink";
        };
        forgejo = {
          enable = true;
          domain = "git.reidlab.pink";
        };
        matomo = {
          enable = true;
          domain = "analytics.reidlab.pink";
--- a/modules/services/forgejo.nix
+++ b/modules/services/forgejo.nix
@ -10,62 +10,59 @@ in {
      type = types.str;
      default = "git.reidlab.pink";
    };
    port = mkOption {
      type = types.int;
      default = 3000;
    };
  };
  config = mkIf cfg.enable {
-    services = {
+    services.forgejo = {
-      forgejo = {
+      enable = true;
-        enable = true;
+
-        stateDir = "/var/lib/${cfg.domain}";
+      stateDir = "/var/lib/${cfg.domain}";
-        database.type = "postgres";
+      database.type = "postgres";
-        settings = {
+      settings = {
-          "DEFAULT" = {
+        "DEFAULT" = {
-            APP_NAME = "reidlab's git instance";
+          APP_NAME = "reidlab's git instance";
-          };
+        };
-          "security" = {
+        "security" = {
-            INSTALL_LOCK = true;
+          INSTALL_LOCK = true;
-            PASSWORD_HASH_ALGO = "argon2";
+          PASSWORD_HASH_ALGO = "argon2";
-            PASSWORD_CHECK_PWN = true;
+          PASSWORD_CHECK_PWN = true;
-          };
+        };
-          "ui.meta" = {
+        "ui.meta" = {
-            AUTHOR = "reidlab";
+          AUTHOR = "reidlab";
-            DESCRIPTION = "reidlab's git instance";
+          DESCRIPTION = "reidlab's git instance";
-          };
+        };
-          "server" = {
+        "server" = {
-            DOMAIN = cfg.domain;
+          DOMAIN = cfg.domain;
-            HTTP_PORT = cfg.port;
+          PROTOCOL = "http+unix";
-            ROOT_URL = "https://${cfg.domain}/";
+          ROOT_URL = "https://${cfg.domain}/";
-          };
+        };
-          "repository" = {
+        "repository" = {
-            DEFAULT_BRANCH = "main";
+          DEFAULT_BRANCH = "main";
-          };
+        };
-          "picture" = {
+        "picture" = {
-            DISABLE_GRAVATAR = false;
+          DISABLE_GRAVATAR = false;
-            ENABLE_FEDERATED_AVATAR = true;
+          ENABLE_FEDERATED_AVATAR = true;
-          };
+        };
-          "service" = {
+        "service" = {
-            ENABLE_CAPTCHA = false;
+          ENABLE_CAPTCHA = false;
-            REGISTER_EMAIL_CONFIRM = false;
+          REGISTER_EMAIL_CONFIRM = false;
-            DEFAULT_KEEP_EMAIL_PRIVATE = true;
+          DEFAULT_KEEP_EMAIL_PRIVATE = true;
-            DEFAULT_ENABLE_TIMETRACING = true;
+          DEFAULT_ENABLE_TIMETRACING = true;
-            DISABLE_REGISTRATION = true;
+          DISABLE_REGISTRATION = true;
-          };
+        };
-          "federation" = {
+        "federation" = {
-            ENABLED = true;
+          ENABLED = true;
          };
        };
      };
    };
-      nginx.virtualHosts."${cfg.domain}" = {
+    services.nginx.virtualHosts."${cfg.domain}" = {
-        forceSSL = true;
+      forceSSL = true;
-        enableACME = true;
+      enableACME = true;
-        locations."/".extraConfig = ''
+      locations."/" = {
-          client_max_body_size 600M;
+        proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}";
-          proxy_pass http://127.0.0.1:${toString cfg.port};
+        extraConfig = ''
          client_max_body_size 512M;
        '';
      };
    };