2023-10-26 06:49:55 +07:00
|
|
|
{ config
|
|
|
|
, lib
|
|
|
|
, pkgs
|
|
|
|
, ... }:
|
|
|
|
|
|
|
|
let
|
|
|
|
cfg = config.server;
|
|
|
|
in {
|
|
|
|
services.nginx.virtualHosts."git.${cfg.domainName}" = let inherit (config.services.forgejo) settings; in {
|
|
|
|
quic = true;
|
|
|
|
enableACME = true;
|
|
|
|
forceSSL = true;
|
|
|
|
locations."/".proxyPass = "http://${lib.quoteListenAddr settings.server.HTTP_ADDR}:${toString settings.server.HTTP_PORT}";
|
2023-12-24 14:27:43 +07:00
|
|
|
locations."= /robots.txt".extraConfig = ''
|
|
|
|
return 200 ${builtins.toJSON ''
|
|
|
|
User-agent: *
|
|
|
|
Disallow: /mirrors/nixpkgs
|
|
|
|
Disallow: /chayleaf/nixpkgs
|
|
|
|
''};
|
|
|
|
'';
|
2023-10-26 06:49:55 +07:00
|
|
|
};
|
|
|
|
services.forgejo = {
|
|
|
|
enable = true;
|
|
|
|
database = {
|
|
|
|
createDatabase = false;
|
|
|
|
type = "postgres";
|
|
|
|
user = "gitea";
|
|
|
|
name = "gitea";
|
|
|
|
passwordFile = "/secrets/forgejo_db_password";
|
|
|
|
};
|
|
|
|
lfs.enable = true;
|
|
|
|
settings = {
|
|
|
|
federation.ENABLED = true;
|
|
|
|
"git.timeout" = {
|
|
|
|
DEFAULT = 6000;
|
|
|
|
MIGRATE = 60000;
|
|
|
|
MIRROR = 60000;
|
|
|
|
GC = 120;
|
|
|
|
};
|
|
|
|
mailer = {
|
|
|
|
ENABLED = true;
|
|
|
|
FROM = "Forgejo <noreply@${cfg.domainName}>";
|
|
|
|
PROTOCOL = "smtp";
|
|
|
|
SMTP_ADDR = "mail.${cfg.domainName}";
|
|
|
|
SMTP_PORT = 587;
|
|
|
|
USER = "noreply@${cfg.domainName}";
|
|
|
|
PASSWD = cfg.unhashedNoreplyPassword;
|
|
|
|
FORCE_TRUST_SERVER_CERT = true;
|
|
|
|
};
|
|
|
|
session = {
|
|
|
|
COOKIE_SECURE = true;
|
|
|
|
};
|
|
|
|
server = {
|
|
|
|
ROOT_URL = "https://git.${cfg.domainName}";
|
|
|
|
HTTP_ADDR = "::1";
|
|
|
|
HTTP_PORT = 3310;
|
|
|
|
DOMAIN = "git.${cfg.domainName}";
|
|
|
|
# START_SSH_SERVER = true;
|
|
|
|
# SSH_PORT = 2222;
|
|
|
|
};
|
|
|
|
service = {
|
|
|
|
DISABLE_REGISTRATION = true;
|
|
|
|
REGISTER_EMAIL_CONFIRM = true;
|
|
|
|
};
|
2024-08-23 10:48:53 +07:00
|
|
|
cache = {
|
|
|
|
ADAPTER = "redis";
|
|
|
|
HOST = "redis+socket://${config.services.redis.servers.forgejo.unixSocket}";
|
|
|
|
};
|
2023-10-26 06:49:55 +07:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2024-08-23 10:48:53 +07:00
|
|
|
systemd.services.forgejo = {
|
|
|
|
wants = [ "redis-forgejo.service" ];
|
|
|
|
after = [ "redis-forgejo.service" ];
|
|
|
|
};
|
|
|
|
|
|
|
|
users.users.forgejo.extraGroups = [ config.services.redis.servers.forgejo.user ];
|
|
|
|
|
|
|
|
services.redis.servers.forgejo = {
|
|
|
|
enable = true;
|
|
|
|
};
|
|
|
|
|
2023-10-26 06:49:55 +07:00
|
|
|
services.nginx.virtualHosts."cloud.${cfg.domainName}" = {
|
|
|
|
quic = true;
|
|
|
|
enableACME = true;
|
|
|
|
forceSSL = true;
|
|
|
|
};
|
|
|
|
services.nextcloud = {
|
|
|
|
enable = true;
|
2024-05-17 19:38:57 +07:00
|
|
|
package = pkgs.nextcloud29;
|
2023-10-26 06:49:55 +07:00
|
|
|
autoUpdateApps.enable = true;
|
|
|
|
# TODO: use socket auth and remove the next line
|
|
|
|
database.createLocally = false;
|
|
|
|
config = {
|
|
|
|
adminpassFile = "/var/lib/nextcloud/admin_password";
|
|
|
|
dbpassFile = "/var/lib/nextcloud/db_password";
|
|
|
|
dbtype = "pgsql";
|
|
|
|
dbhost = "/run/postgresql";
|
|
|
|
};
|
2024-08-23 10:48:53 +07:00
|
|
|
phpOptions."opcache.interned_strings_buffer" = "16";
|
2024-03-19 15:30:38 +07:00
|
|
|
settings.overwriteprotocol = "https";
|
2023-10-26 06:49:55 +07:00
|
|
|
hostName = "cloud.${cfg.domainName}";
|
|
|
|
https = true;
|
|
|
|
};
|
2023-11-29 01:50:24 +07:00
|
|
|
|
|
|
|
services.qbittorrent-nox.enable = true;
|
|
|
|
services.qbittorrent-nox.ui.port = 19642;
|
|
|
|
services.qbittorrent-nox.torrent.port = 45522;
|
|
|
|
|
2023-12-01 23:45:17 +07:00
|
|
|
services.jellyfin.enable = true;
|
2023-11-29 01:50:24 +07:00
|
|
|
|
2023-12-01 23:45:17 +07:00
|
|
|
services.nginx.virtualHosts."home.${cfg.domainName}".locations = {
|
|
|
|
"/torrent/" = {
|
|
|
|
extraConfig = ''
|
|
|
|
proxy_pass http://127.0.0.1:${toString config.services.qbittorrent-nox.ui.port}/;
|
|
|
|
proxy_http_version 1.1;
|
2023-11-29 01:50:24 +07:00
|
|
|
|
2023-12-01 23:45:17 +07:00
|
|
|
proxy_set_header Host 127.0.0.1:30000;
|
|
|
|
proxy_set_header X-Forwarded-Host $http_host;
|
|
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
|
|
proxy_cookie_path / "/; Secure";
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
"/jelly/" = {
|
|
|
|
proxyPass = "http://127.0.0.1:8096";
|
|
|
|
proxyWebsockets = true;
|
|
|
|
};
|
|
|
|
};
|
2023-10-26 06:49:55 +07:00
|
|
|
}
|