forgejo: setup

2024-06-13 18:59:07 +07:00 · 2024-06-13 18:59:07 +07:00 · 6c09df8fa0
parent 39433f7488
commit 6c09df8fa0
3 changed files with 20 additions and 11 deletions
--- a/system/services/cockpit.nix
+++ b/system/services/cockpit.nix
@ -8,11 +8,9 @@ in
    environment.systemPackages = mkIf config.profile.podman.enable [
      (pkgs.callPackage ../packages/cockpit-podman.nix { })
    ];
-    sops.secrets."cockpit" = {
-      sopsFile = ../../secrets/caddy_reverse_proxy.yaml;
-      path = "/etc/caddy/sites-enabled/cockpit";
-      mode = "0440";
-    };
+    services.caddy.virtualHosts."cockpit.tigor.web.id".extraConfig = ''
+      reverse_proxy 0.0.0.0:9090
+    '';
    services.cockpit = {
      enable = true;
      openFirewall = true;
--- a/system/services/default.nix
+++ b/system/services/default.nix
@ -3,6 +3,7 @@
  imports = [
    ./caddy.nix
    ./cockpit.nix
+    ./forgejo.nix
    ./samba.nix
  ];
 }
--- a/system/services/forgejo.nix
+++ b/system/services/forgejo.nix
@ -5,18 +5,28 @@ let
 in
 {
  config = mkIf cfg.enable {
-    sops.secrets."forgejo" = {
-      sopsFile = ../../secrets/caddy_reverse_proxy.yaml;
-      path = "/etc/caddy/sites-enabled/forgejo";
-      mode = "0440";
-    };
+    services.caddy.virtualHosts."git.tigor.web.id".extraConfig = ''
+      reverse_proxy * unix//run/forgejo/forgejo.sock
+    '';
+

    services.forgejo = {
      enable = true;
      settings = {
-        server.PROTOCOL = "http+unix";
+        server = {
+          PROTOCOL = "http+unix";
+          SSH_PORT = 2222;
+          DOMAIN = "git.tigor.web.id";
+          HTTP_PORT = 443;
+          ROOT_URL = "https://${config.services.forgejo.settings.server.DOMAIN}:${toString config.services.forgejo.settings.server.HTTP_PORT}";
+        };
+        service = {
+          DISABLE_REGISTRATION = true;
+        };
        session.COOKIE_SECURE = true;
      };
    };
+
+    networking.firewall.allowedTCPPorts = [ config.services.forgejo.settings.server.SSH_PORT ];
  };
 }