{ config, pkgs, ... }:
let
domain = "git.ccnlc.eu";
in
{
systemd.tmpfiles.rules =
let
# Disallow crawlers from indexing this site.
robots = pkgs.writeText "forgejo-robots-txt" ''
User-agent: *
Disallow: /
'';
in
[
"L+ ${config.services.forgejo.customDir}/public/robots.txt - - - - ${robots.outPath}"
];
networking.firewall.allowedTCPPorts = [ 2222 ];
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
clientMaxBodySize = "50M";
virtualHosts.${domain} = {
locations."/" = {
proxyPass = "http://unix:/run/forgejo/forgejo.sock";
extraConfig = ''
proxy_ssl_server_name on;
proxy_pass_header Authorization;
'';
};
forceSSL = true;
enableACME = true;
quic = true;
};
};
services.forgejo = {
enable = true;
package = pkgs.forgejo;
settings = {
server = {
SSH_PORT = 2222;
SSH_LISTEN_PORT = 2222;
START_SSH_SERVER = true;
DOMAIN = domain;
HTTP_PORT = 3000;
ROOT_URL = "https://${domain}";
PROTOCOL = "http+unix";
LANDING_PAGE = "/explore";
};
migrations.ALLOWED_DOMAINS = "*";
service = {
DISABLE_REGISTRATION = true;
};
packages.ENABLED = false;
log.LEVEL = "Debug";
session = {
COOKIE_SECURE = true;
SAME_SITE = "strict";
};
federation = {
ENABLED = true;
};
ui = {
DEFAULT_THEME = "forgejo-dark";
SHOW_USER_EMAIL = false;
};
security = {
INSTALL_LOCK = true;
MIN_PASSWORD_LENGTH = 30;
PASSWORD_COMPLEXITY = "lower, upper, digit, spec";
PASSWORD_CHECK_PWN = true;
};
repository = {
DISABLE_STARS = true;
PREFERRED_LICENSES = "MIT,GPL-3.0,GPL-2.0,LGPL-3.0,LGPL-2.1";
ENABLE_PUSH_CREATE_USER = true;
DEFAULT_PRIVATE = "public";
DEFAULT_PRIVATE_PUSH_CREATE = true;
DEFAULT_REPO_UNITS = "repo.code, repo.issues, repo.pulls, repo.actions";
};
actions = {
ENABLED = true;
DEFAULT_ACTIONS_URL = "https://code.forgejo.org";
};
};
};
}