nix-server/modules/forgejo.nix

{
  lib,
  pkgs,
  config,
  ...
}:
let
  forgejo_domain = "git.encryptionin.space";
in
{
  services.nginx = {
    virtualHosts = {
      ${forgejo_domain} = {
        forceSSL = true;
        enableACME = true;
        extraConfig = ''
          client_max_body_size 512M;
        '';
        locations."/".proxyPass = "http://localhost:3100";
      };
      "build.${forgejo_domain}" = {
        forceSSL = true;
        enableACME = true;
        locations."/".proxyPass = "http://localhost:8000";
      };
    };
  };

  services.forgejo = {
    enable = true;
    database.type = "postgres";
    # Enable support for Git Large File Storage
    lfs.enable = true;
    settings = {
      server = {
        DOMAIN = forgejo_domain;
        ROOT_URL = "https://${forgejo_domain}";
        HTTP_PORT = 3100;
      };
      service.DISABLE_REGISTRATION = true;
      webhook.ALLOWED_HOST_LIST = "external,loopback";
    };
  };

  services.woodpecker-server = {
    enable = true;
    environment = {
      WOODPECKER_HOST = "https://build.${forgejo_domain}";
      WOODPECKER_OPEN = "true";
      WOODPECKER_ADMIN = "hackerncoder";
      WOODPECKER_FORGEJO = "true";
      WOODPECKER_FORGEJO_URL = "https://${forgejo_domain}";
    };
    environmentFile = [ "/var/lib/secrets/woodpecker.env" ];
  };
  services.woodpecker-agents.agents."docker" = {
    enable = true;
    extraGroups = [ "podman" ];
    environment = {
      WOODPECKER_MAX_WORKFLOWS = "4";
      DOCKER_HOST = "unix:///run/podman/podman.sock";
      WOODPECKER_BACKEND = "docker";
    };
    environmentFile = [ "/var/lib/secrets/woodpecker.env" ];
  };

  virtualisation.podman = {
    enable = true;
    defaultNetwork.settings = {
      dns_enabled = true;
    };
  };
  # This is needed for podman to be able to talk over dns
  networking.firewall.interfaces."podman0" = {
    allowedUDPPorts = [ 53 ];
    allowedTCPPorts = [ 53 ];
  };
}
Add forgejo 2024-09-20 15:10:06 +00:00			`{`
			`lib,`
			`pkgs,`
			`config,`
			`...`
			`}:`
			`let`
			`forgejo_domain = "git.encryptionin.space";`
			`in`
			`{`
			`services.nginx = {`
			`virtualHosts = {`
			`${forgejo_domain} = {`
			`forceSSL = true;`
			`enableACME = true;`
			`extraConfig = ''`
			`client_max_body_size 512M;`
			`'';`
			`locations."/".proxyPass = "http://localhost:3100";`
			`};`
			`"build.${forgejo_domain}" = {`
			`forceSSL = true;`
			`enableACME = true;`
			`locations."/".proxyPass = "http://localhost:8000";`
			`};`
			`};`
			`};`

			`services.forgejo = {`
			`enable = true;`
			`database.type = "postgres";`
			`# Enable support for Git Large File Storage`
			`lfs.enable = true;`
			`settings = {`
			`server = {`
			`DOMAIN = forgejo_domain;`
			`ROOT_URL = "https://${forgejo_domain}";`
			`HTTP_PORT = 3100;`
			`};`
			`service.DISABLE_REGISTRATION = true;`
			`webhook.ALLOWED_HOST_LIST = "external,loopback";`
			`};`
			`};`

			`services.woodpecker-server = {`
			`enable = true;`
			`environment = {`
			`WOODPECKER_HOST = "https://build.${forgejo_domain}";`
			`WOODPECKER_OPEN = "true";`
			`WOODPECKER_ADMIN = "hackerncoder";`
			`WOODPECKER_FORGEJO = "true";`
			`WOODPECKER_FORGEJO_URL = "https://${forgejo_domain}";`
			`};`
			`environmentFile = [ "/var/lib/secrets/woodpecker.env" ];`
			`};`
			`services.woodpecker-agents.agents."docker" = {`
			`enable = true;`
			`extraGroups = [ "podman" ];`
			`environment = {`
			`WOODPECKER_MAX_WORKFLOWS = "4";`
			`DOCKER_HOST = "unix:///run/podman/podman.sock";`
			`WOODPECKER_BACKEND = "docker";`
			`};`
			`environmentFile = [ "/var/lib/secrets/woodpecker.env" ];`
			`};`

			`virtualisation.podman = {`
			`enable = true;`
			`defaultNetwork.settings = {`
			`dns_enabled = true;`
			`};`
			`};`
			`# This is needed for podman to be able to talk over dns`
			`networking.firewall.interfaces."podman0" = {`
			`allowedUDPPorts = [ 53 ];`
			`allowedTCPPorts = [ 53 ];`
			`};`
			`}`