{ config, pkgs, ... }: let domain = "git.ccnlc.eu"; in { systemd.tmpfiles.rules = let # Disallow crawlers from indexing this site. robots = pkgs.writeText "forgejo-robots-txt" '' User-agent: * Disallow: / ''; in [ "L+ ${config.services.forgejo.customDir}/public/robots.txt - - - - ${robots.outPath}" ]; networking.firewall.allowedTCPPorts = [ 2222 ]; services.nginx = { enable = true; recommendedProxySettings = true; recommendedTlsSettings = true; clientMaxBodySize = "50M"; virtualHosts.${domain} = { locations."/" = { proxyPass = "http://unix:/run/forgejo/forgejo.sock"; extraConfig = '' proxy_ssl_server_name on; proxy_pass_header Authorization; ''; }; forceSSL = true; enableACME = true; quic = true; }; }; services.forgejo = { enable = true; package = pkgs.forgejo; settings = { server = { SSH_PORT = 2222; SSH_LISTEN_PORT = 2222; START_SSH_SERVER = true; DOMAIN = domain; HTTP_PORT = 3000; ROOT_URL = "https://${domain}"; PROTOCOL = "http+unix"; LANDING_PAGE = "/explore"; }; migrations.ALLOWED_DOMAINS = "*"; service = { DISABLE_REGISTRATION = true; }; packages.ENABLED = false; log.LEVEL = "Debug"; session = { COOKIE_SECURE = true; SAME_SITE = "strict"; }; federation = { ENABLED = true; }; ui = { DEFAULT_THEME = "forgejo-dark"; SHOW_USER_EMAIL = false; }; security = { INSTALL_LOCK = true; MIN_PASSWORD_LENGTH = 30; PASSWORD_COMPLEXITY = "lower, upper, digit, spec"; PASSWORD_CHECK_PWN = true; }; repository = { DISABLE_STARS = true; PREFERRED_LICENSES = "MIT,GPL-3.0,GPL-2.0,LGPL-3.0,LGPL-2.1"; ENABLE_PUSH_CREATE_USER = true; DEFAULT_PRIVATE = "public"; DEFAULT_PRIVATE_PUSH_CREATE = true; DEFAULT_REPO_UNITS = "repo.code, repo.issues, repo.pulls, repo.actions"; }; actions = { ENABLED = true; DEFAULT_ACTIONS_URL = "https://code.forgejo.org"; }; }; }; }