2023-12-30 11:58:26 -05:00
|
|
|
{
|
|
|
|
lib,
|
|
|
|
config,
|
|
|
|
...
|
2024-02-06 13:40:38 -05:00
|
|
|
}: let
|
|
|
|
sshPort = 2222;
|
|
|
|
dbHost = "192.168.1.211";
|
|
|
|
dbLogin = "forgejo";
|
|
|
|
in {
|
2023-12-30 11:58:26 -05:00
|
|
|
sops.secrets.smtp2go-pwd = {owner = "forgejo";};
|
2023-10-07 19:24:28 -04:00
|
|
|
networking.firewall.allowedTCPPorts = [2222];
|
2023-09-16 18:53:50 -04:00
|
|
|
services.forgejo = {
|
2023-05-28 22:00:50 -04:00
|
|
|
enable = true;
|
2023-06-18 17:35:31 -04:00
|
|
|
stateDir = "/var/lib/forgejo";
|
2023-05-28 22:00:50 -04:00
|
|
|
settings = {
|
2023-12-30 20:46:58 -05:00
|
|
|
service.DISABLE_REGISTRATION = true;
|
2023-09-16 18:53:50 -04:00
|
|
|
DEFAULT.APP_NAME = "forgejo";
|
2023-10-28 08:51:21 -04:00
|
|
|
log.LEVEL = "Debug";
|
2023-06-18 03:28:27 -04:00
|
|
|
ui = {
|
|
|
|
DEFAULT_THEME = "forgejo-dark";
|
2023-12-30 11:58:26 -05:00
|
|
|
SHOW_USER_EMAIL = true;
|
2023-06-18 03:28:27 -04:00
|
|
|
};
|
2023-06-06 00:09:09 -04:00
|
|
|
actions = {
|
2024-01-25 05:10:57 -05:00
|
|
|
ENABLED = false;
|
2023-10-05 14:45:45 -04:00
|
|
|
DEFAULT_ACTIONS_URL = "https://code.forgejo.org";
|
2023-06-06 00:09:09 -04:00
|
|
|
};
|
2023-05-28 22:00:50 -04:00
|
|
|
server = {
|
2023-06-11 07:48:54 -04:00
|
|
|
HTTP_PORT = 3200;
|
2023-10-06 23:28:31 -04:00
|
|
|
DOMAIN = "git.flake.sh";
|
2023-10-03 14:24:26 -04:00
|
|
|
ROOT_URL = "https://git.flake.sh";
|
2023-05-28 22:00:50 -04:00
|
|
|
LANDING_PAGE = "/explore/repos";
|
2023-10-06 23:28:31 -04:00
|
|
|
START_SSH_SERVER = true;
|
|
|
|
SSH_DOMAIN = "git.flake.sh";
|
2024-02-06 13:40:38 -05:00
|
|
|
SSH_PORT = sshPort;
|
|
|
|
SSH_LISTEN_PORT = sshPort;
|
2023-10-06 23:28:31 -04:00
|
|
|
SSH_LISTEN_HOST = "100.121.201.47";
|
2023-05-28 22:00:50 -04:00
|
|
|
};
|
2024-02-08 11:40:50 -05:00
|
|
|
"git.timeout" = {
|
|
|
|
DEFAULT = 3600;
|
|
|
|
MIGRATE = 3600;
|
|
|
|
MIRROR = 3600;
|
|
|
|
CLONE = 3600;
|
|
|
|
};
|
2023-12-30 13:38:40 -05:00
|
|
|
session = {
|
|
|
|
COOKIE_SECURE = true;
|
|
|
|
};
|
2023-12-30 20:46:58 -05:00
|
|
|
security = {
|
|
|
|
LOGIN_REMEMBER_DAYS = 14;
|
|
|
|
};
|
2023-06-18 17:35:31 -04:00
|
|
|
database = {
|
|
|
|
DB_TYPE = lib.mkForce "postgres";
|
2024-02-06 13:40:38 -05:00
|
|
|
HOST = "${dbHost}:5432";
|
|
|
|
NAME = dbLogin;
|
|
|
|
USER = dbLogin;
|
|
|
|
PASSWD = dbLogin;
|
2023-06-18 17:35:31 -04:00
|
|
|
};
|
2023-10-07 20:43:04 -04:00
|
|
|
cache = {
|
|
|
|
ENABLED = true;
|
|
|
|
ADAPTER = lib.mkForce "redis";
|
2024-02-06 13:40:38 -05:00
|
|
|
HOST = "redis://:forgejo@${dbHost}:6379";
|
2023-10-07 20:43:04 -04:00
|
|
|
};
|
2023-06-19 12:47:01 -04:00
|
|
|
metrics = {
|
|
|
|
ENABLED = true;
|
|
|
|
ENABLED_ISSUE_BY_REPOSITORY = true;
|
|
|
|
ENABLED_ISSUE_BY_LABEL = true;
|
|
|
|
};
|
2023-12-30 11:58:26 -05:00
|
|
|
mailer = {
|
|
|
|
ENABLED = true;
|
|
|
|
FROM = "forgejo@flake.sh";
|
|
|
|
PROTOCOL = "smtp+starttls";
|
|
|
|
SMTP_ADDR = "mail.smtp2go.com";
|
|
|
|
SMTP_PORT = 587;
|
|
|
|
USER = "forgejo-mailer";
|
|
|
|
};
|
2023-05-28 22:00:50 -04:00
|
|
|
};
|
2023-12-30 11:58:26 -05:00
|
|
|
mailerPasswordFile = config.sops.secrets.smtp2go-pwd.path;
|
2023-05-28 22:00:50 -04:00
|
|
|
};
|
2023-12-30 13:38:40 -05:00
|
|
|
services.fail2ban.jails.forgejo = {
|
|
|
|
settings = {
|
|
|
|
filter = "forgejo";
|
|
|
|
action = ''iptables-allports'';
|
|
|
|
mode = "aggressive";
|
|
|
|
maxretry = 3;
|
|
|
|
findtime = 3600;
|
|
|
|
bantime = 900;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
environment.etc = {
|
|
|
|
"fail2ban/filter.d/forgejo.conf".text = ''
|
|
|
|
[Definition]
|
|
|
|
failregex = ^.*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>$
|
|
|
|
journalmatch = _SYSTEMD_UNIT=forgejo.service
|
|
|
|
'';
|
|
|
|
};
|
2023-05-28 22:00:50 -04:00
|
|
|
}
|