nixos-selfhost/forgejo.nix

{ config, ... }:

let
  domain = "git.glennwso.com";
	# derp = "hi";
in
{
  security.acme = {
    acceptTerms = true;
    defaults = {
      email = "glennpub@proton.me";
      dnsProvider = "cloudflare";
  #     # location of your CLOUDFLARE_DNS_API_TOKEN=[value]
  #     # https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#EnvironmentFile=
      environmentFile = "/etc/nixos/.secrets/cloudflare_dns_tokend";
    };
  };
  networking.firewall.allowedTCPPorts = [ 80 443 3000 ];
  services.forgejo = {
    enable = true;
    settings = {
      service = {
        # DISABLE_REGISTRATION = true;
      };
      server = {
        ROOT_URL = "https://${domain}/";
        LANDING_PAGE = "explore";
      };
    };
  };

  services.nginx = {
    enable = true;
    appendHttpConfig = ''
      map $uri $forgejo_access_log {
        default 1;
        /api/actions/runner.v1.RunnerService/FetchTask 0;
      }
    '';
  };

  services.nginx.virtualHosts.${domain} = {
    enableACME = true;
    forceSSL = true;
    locations."/" = {
      proxyPass = "http://localhost:3000/";
      # extraConfig = ''
      #   access_log /var/log/nginx/access.log main if=$forgejo_access_log;
      # '';
    };
  };
}
init hosting 2024-03-01 22:15:55 +01:00			`{ config, ... }:`

			`let`
			`domain = "git.glennwso.com";`
			`# derp = "hi";`
			`in`
			`{`
			`security.acme = {`
			`acceptTerms = true;`
			`defaults = {`
			`email = "glennpub@proton.me";`
			`dnsProvider = "cloudflare";`
			`# # location of your CLOUDFLARE_DNS_API_TOKEN=[value]`
			`# # https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#EnvironmentFile=`
			`environmentFile = "/etc/nixos/.secrets/cloudflare_dns_tokend";`
			`};`
			`};`
			`networking.firewall.allowedTCPPorts = [ 80 443 3000 ];`
			`services.forgejo = {`
			`enable = true;`
			`settings = {`
			`service = {`
			`# DISABLE_REGISTRATION = true;`
			`};`
			`server = {`
			`ROOT_URL = "https://${domain}/";`
			`LANDING_PAGE = "explore";`
			`};`
			`};`
			`};`

			`services.nginx = {`
			`enable = true;`
			`appendHttpConfig = ''`
			`map $uri $forgejo_access_log {`
			`default 1;`
			`/api/actions/runner.v1.RunnerService/FetchTask 0;`
			`}`
			`'';`
			`};`

			`services.nginx.virtualHosts.${domain} = {`
			`enableACME = true;`
			`forceSSL = true;`
			`locations."/" = {`
			`proxyPass = "http://localhost:3000/";`
			`# extraConfig = ''`
			`# access_log /var/log/nginx/access.log main if=$forgejo_access_log;`
			`# '';`
			`};`
			`};`
			`}`