68 lines
1.9 KiB
Nix
68 lines
1.9 KiB
Nix
{ config, pkgs, ... }:
|
|
|
|
{
|
|
nixpkgs.overlays = [
|
|
(self: super: {
|
|
# Always add '@cebula.camp' to LDAP email attribute, so that we can set
|
|
# the attribute to 'cn'. We don't have any other way to get an
|
|
# @cebula.camp email address.
|
|
forgejo-lts = super.forgejo-lts.overrideAttrs (oa: {
|
|
patches = oa.patches ++ [
|
|
./forgejo/0001-bad-bad-not-good-patch-it-s-3-am-and-i-am-tired.patch
|
|
];
|
|
doCheck = false;
|
|
});
|
|
})
|
|
];
|
|
services.forgejo = {
|
|
enable = true;
|
|
lfs.enable = true;
|
|
settings = {
|
|
service = {
|
|
DISABLE_REGISTRATION = false;
|
|
ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
|
|
ENABLE_NOTIFY_MAIL = false;
|
|
};
|
|
server = {
|
|
ROOT_URL = "https://git.orga.cebula.camp";
|
|
HTTP_PORT = 3001;
|
|
DOMAIN = "git.orga.cebula.camp";
|
|
START_SSH_SERVER = true;
|
|
SSH_PORT = 22;
|
|
SSH_LISTEN_PORT = 2223;
|
|
BUILTIN_SSH_SERVER_USER = "git";
|
|
};
|
|
oauth2_client = {
|
|
REGISTER_EMAIL_CONFIRM = false;
|
|
ENABLE_AUTO_REGISTRATION = true;
|
|
USERNAME = "nickname";
|
|
ACCOUNT_LINKING = "auto";
|
|
};
|
|
DEFAULT = {
|
|
APP_ANME = "CebulaGit";
|
|
};
|
|
};
|
|
};
|
|
|
|
#systemd.services.forgejo-secrets.script = ''
|
|
# ${pkgs.forgejo}/bin/gitea admin user create --username bofh --password dupa.8 --email q3k@q3k.org --admin --must-change-password=false
|
|
#'';
|
|
|
|
services.nginx.virtualHosts."git.orga.cebula.camp" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."/" = {
|
|
proxyPass = "http://localhost:3001";
|
|
};
|
|
};
|
|
|
|
# redirect external port 22 to internal 2223
|
|
networking.firewall.allowedTCPPorts = [ 22 2223 ];
|
|
networking.firewall.extraCommands = ''
|
|
iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 2223
|
|
'';
|
|
networking.firewall.extraStopCommands = ''
|
|
iptables -t nat -F PREROUTING
|
|
'';
|
|
}
|