mirror of
https://github.com/Noratrieb/vps.git
synced 2026-01-14 16:55:00 +01:00
73 lines
1.8 KiB
Nix
73 lines
1.8 KiB
Nix
{ config, lib, pkgs, ... }: {
|
|
age.secrets.forgejo_s3_key_secret.file = ../../secrets/forgejo_s3_key_secret.age;
|
|
|
|
|
|
services.forgejo = {
|
|
enable = true;
|
|
database = {
|
|
type = "sqlite3";
|
|
};
|
|
lfs.enable = false;
|
|
|
|
settings = {
|
|
DEFAULT = {
|
|
APP_NAME = "this forge meows";
|
|
APP_SLOGAN = "this forge meows";
|
|
};
|
|
|
|
server = rec {
|
|
DOMAIN = "git.noratrieb.dev";
|
|
ROOT_URL = "https://${DOMAIN}/";
|
|
HTTP_PORT = 5015;
|
|
};
|
|
|
|
service = {
|
|
DISABLE_REGISTRATION = true;
|
|
};
|
|
|
|
storage = {
|
|
STORAGE_TYPE = "minio";
|
|
MINIO_ENDPOINT = "127.0.0.1:3900";
|
|
MINIO_ACCESS_KEY_ID = "GKc8bfd905eb7f85980ffe84c9";
|
|
MINIO_BUCKET = "forgejo";
|
|
MINIO_BUCKET_LOOKUP = "auto";
|
|
MINIO_LOCATION = "garage";
|
|
MINIO_USE_SSL = false;
|
|
};
|
|
};
|
|
|
|
secrets = {
|
|
storage = {
|
|
MINIO_SECRET_ACCESS_KEY = config.age.secrets.forgejo_s3_key_secret.path;
|
|
};
|
|
};
|
|
};
|
|
|
|
services.caddy.virtualHosts."git.noratrieb.dev" = {
|
|
logFormat = "";
|
|
extraConfig = ''
|
|
encode zstd gzip
|
|
reverse_proxy * localhost:5015
|
|
'';
|
|
};
|
|
|
|
services.custom-backup-restic.jobs = [{
|
|
app = "forgejo";
|
|
# this is a mess. do not question it. it is a beautiful mess.
|
|
dynamicFilesFrom = "${lib.getExe pkgs.sudo} --user=forgejo ${lib.getExe (pkgs.writeShellApplication {
|
|
name = "backup-forgejo.sh";
|
|
runtimeInputs = [ pkgs.unzip ];
|
|
text = ''
|
|
rm -rf /tmp/forgejo-backup
|
|
mkdir -p /tmp/forgejo-backup
|
|
{
|
|
cd /tmp/forgejo-backup
|
|
${lib.getExe config.services.forgejo.package} dump -c ${config.services.forgejo.customDir}/conf/app.ini
|
|
unzip forgejo-dump-* >/dev/null
|
|
rm forgejo-dump-*
|
|
} >&2
|
|
echo /tmp/forgejo-backup
|
|
'';
|
|
})}";
|
|
}];
|
|
}
|